Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/WhRk9kZEyJiPe99DKK0ZIY2m2Yw.roa
File:                     WhRk9kZEyJiPe99DKK0ZIY2m2Yw.roa (raw, json)
Hash identifier:          dZkGuR4JSyQqOAbFZVSVkGM0gVjd0Muk/GHy9vCkvbU=
Subject key identifier:   5A:14:64:F6:46:44:C8:98:8F:7B:DF:43:28:AD:19:21:8D:A6:D9:8C
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       019420D63E09FBB3AE6E19B3B4EA1B1D927D
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/WhRk9kZEyJiPe99DKK0ZIY2m2Yw.roa
Signing time:             Wed 01 Jan 2025 07:48:18 +0000
ROA not before:           Wed 01 Jan 2025 07:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207740
IP address blocks:        2a07:22c1:ffe5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:3e:09:fb:b3:ae:6e:19:b3:b4:ea:1b:1d:92:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 07:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a1464f64644c8988f7bdf4328ad19218da6d98c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:43:9e:cd:71:97:79:8c:60:bb:f2:7d:e9:44:
                    87:d5:dc:d5:36:4e:d3:73:f2:8a:c7:90:b6:ae:c0:
                    67:f1:48:09:c2:0c:3e:84:67:52:a0:51:76:54:3c:
                    12:26:e5:07:6d:e0:0c:48:15:96:d9:11:1d:dd:b3:
                    0b:f0:b1:15:0c:a9:a2:5a:97:53:61:27:e8:17:ab:
                    38:19:61:1f:44:9f:c9:62:fb:ef:09:82:c4:d5:90:
                    6a:b4:1c:fa:f5:e2:69:24:19:73:6c:31:d1:39:63:
                    a3:1e:6c:58:9f:10:ac:9d:5a:22:3b:a0:92:b4:c9:
                    49:41:4f:00:e7:b3:da:cb:f9:4d:26:13:c9:a9:73:
                    32:e2:8a:45:7a:02:c5:4b:63:e1:2f:97:55:62:e5:
                    11:f4:85:55:95:b9:89:53:dc:71:c0:16:88:8f:f6:
                    0d:f2:53:eb:25:29:c1:45:c1:68:78:04:e3:36:3a:
                    31:63:20:a9:2e:17:c5:52:87:d2:3c:87:26:92:d9:
                    d7:65:fd:41:e9:dd:d8:00:c0:00:a2:61:0d:a4:c5:
                    bf:c9:8e:6b:79:38:52:a2:ae:57:f6:21:ee:08:7f:
                    80:21:af:8f:64:50:23:80:9c:b2:9a:26:b6:df:a9:
                    f2:48:7e:4f:62:8c:3f:c0:ab:b1:25:3d:ef:e4:c3:
                    48:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:14:64:F6:46:44:C8:98:8F:7B:DF:43:28:AD:19:21:8D:A6:D9:8C
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/WhRk9kZEyJiPe99DKK0ZIY2m2Yw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:22c1:ffe5::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:bd:c2:a4:96:d9:f8:e4:0c:8f:93:2d:ea:f8:82:f8:90:36:
         de:4e:c3:88:01:ee:b0:15:41:09:5d:79:09:08:54:51:32:44:
         80:71:e8:46:99:41:bc:74:7c:cb:41:00:3b:d8:6b:ee:3d:21:
         42:74:19:95:fe:cb:ad:c9:5b:76:35:84:8b:e2:bc:ef:c7:10:
         45:75:ce:6c:8e:7d:0c:da:05:45:02:4f:38:f7:13:6b:cc:fa:
         51:21:43:a0:9b:b5:e7:fa:64:91:83:76:bf:cb:c4:06:a8:8c:
         be:82:52:fa:5c:7c:b3:a3:f2:ea:99:21:58:18:09:52:8f:1d:
         ce:3b:14:fb:f0:e2:30:00:00:ae:89:85:37:f9:ed:52:8d:5c:
         f4:86:01:f9:94:59:37:8c:36:93:00:5a:3a:95:ed:ed:bb:65:
         a0:04:37:4e:0c:f8:1f:e9:d4:5b:8b:0b:06:fa:7f:0d:4d:79:
         c8:00:7f:6d:09:ce:e0:5c:1a:d3:f9:e7:6b:72:01:52:9c:91:
         33:3a:b1:6a:54:46:e1:68:e7:c4:69:2c:22:84:5f:bb:31:80:
         94:91:c8:95:83:a8:6e:88:46:f1:57:6c:4d:7b:df:12:d6:0e:
         79:b3:fd:ef:c3:7e:15:1a:e2:66:0d:dd:cf:2d:10:da:63:df:
         18:b2:9f:d5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1j4J+7OubhmztOobHZJ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYWI2YzExZDQxMTYyZGIwMzA2ODU4ZjgzZTVlNjUxMjEx
MzJhNmIwHhcNMjUwMTAxMDc0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTE0NjRmNjQ2NDRjODk4OGY3YmRmNDMyOGFkMTkyMThkYTZkOThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkOezXGXeYxgu/J96USH1dzVNk7T
c/KKx5C2rsBn8UgJwgw+hGdSoFF2VDwSJuUHbeAMSBWW2REd3bML8LEVDKmiWpdT
YSfoF6s4GWEfRJ/JYvvvCYLE1ZBqtBz69eJpJBlzbDHROWOjHmxYnxCsnVoiO6CS
tMlJQU8A57Pay/lNJhPJqXMy4opFegLFS2PhL5dVYuUR9IVVlbmJU9xxwBaIj/YN
8lPrJSnBRcFoeATjNjoxYyCpLhfFUofSPIcmktnXZf1B6d3YAMAAomENpMW/yY5r
eThSoq5X9iHuCH+AIa+PZFAjgJyymia236nySH5PYow/wKuxJT3v5MNIEQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFoUZPZGRMiYj3vfQyitGSGNptmMMB8GA1UdIwQY
MBaAFHurbBHUEWLbAwaFj4Pl5lEhEyprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAt
OWY1YmY3MzY3MjBlLzEvV2hSazlrWkV5SmlQZTk5REtLMFpJWTJtMll3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAtOWY1YmY3MzY3MjBl
LzEvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgciwf/l
MA0GCSqGSIb3DQEBCwUAA4IBAQAOvcKkltn45AyPky3q+IL4kDbeTsOIAe6wFUEJ
XXkJCFRRMkSAcehGmUG8dHzLQQA72GvuPSFCdBmV/sutyVt2NYSL4rzvxxBFdc5s
jn0M2gVFAk849xNrzPpRIUOgm7Xn+mSRg3a/y8QGqIy+glL6XHyzo/LqmSFYGAlS
jx3OOxT78OIwAACuiYU3+e1SjVz0hgH5lFk3jDaTAFo6le3tu2WgBDdODPgf6dRb
iwsG+n8NTXnIAH9tCc7gXBrT+edrcgFSnJEzOrFqVEbhaOfEaSwihF+7MYCUkciV
g6huiEbxV2xNe98S1g55s/3vw34VGuJmDd3PLRDaY98Ysp/V
-----END CERTIFICATE-----