Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e4ZdNT0b2vxOvlJIV_lJM64Zyro.roa
File:                     e4ZdNT0b2vxOvlJIV_lJM64Zyro.roa (raw, json)
Hash identifier:          7puUfcu0W3Urnah55eUUcVEFPOq9IEAVasFR/gSe8IQ=
Subject key identifier:   7B:86:5D:35:3D:1B:DA:FC:4E:BE:52:48:57:F9:49:33:AE:19:CA:BA
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       019420D6424C30F3D65C98E602FDFF4CAFCE
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e4ZdNT0b2vxOvlJIV_lJM64Zyro.roa
Signing time:             Wed 01 Jan 2025 07:48:19 +0000
ROA not before:           Wed 01 Jan 2025 07:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213021
IP address blocks:        2a07:22c1:c100::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 19:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:42:4c:30:f3:d6:5c:98:e6:02:fd:ff:4c:af:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 07:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b865d353d1bdafc4ebe524857f94933ae19caba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:80:b8:74:a4:6f:82:54:6c:e2:43:67:9e:c7:
                    8d:a3:46:5c:5f:47:ae:8e:8c:94:4a:9f:4d:b0:d2:
                    9c:f0:c2:24:02:9a:ff:d0:05:c3:24:73:8a:ca:55:
                    19:c3:64:c6:ae:79:f0:b1:99:bc:a9:76:6f:31:7c:
                    c5:5a:43:e2:98:79:55:3d:a5:c5:02:07:71:78:7d:
                    dd:d4:23:ee:80:ee:0b:63:8d:1c:a1:8a:5c:bb:64:
                    1c:fe:c9:fb:86:f6:9d:be:76:82:f5:d5:de:2b:35:
                    52:10:c2:0d:ca:cc:b5:bf:fa:b4:b8:0f:a1:a1:75:
                    69:cd:57:66:c6:f9:17:1c:5f:99:85:67:4b:67:e0:
                    73:31:81:93:39:bc:e5:bd:32:4a:c0:07:e1:1d:cb:
                    d8:5d:8d:1f:83:5a:f2:60:5b:fc:bc:ef:ae:78:13:
                    f4:57:44:a9:8a:31:1b:61:38:7c:2c:82:56:63:37:
                    d8:d4:20:38:5a:81:b4:49:7f:47:33:d3:4d:42:63:
                    5f:9d:dd:40:9f:c3:33:91:22:96:44:46:bf:1f:1f:
                    50:c9:07:e9:57:e8:28:be:09:0c:fe:5d:80:b9:dd:
                    ef:2a:5c:38:da:44:fc:c6:71:76:7a:f2:09:f2:2d:
                    ad:d0:de:83:2a:20:31:14:22:5f:eb:39:2e:23:7e:
                    7e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:86:5D:35:3D:1B:DA:FC:4E:BE:52:48:57:F9:49:33:AE:19:CA:BA
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e4ZdNT0b2vxOvlJIV_lJM64Zyro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:22c1:c100::/40

    Signature Algorithm: sha256WithRSAEncryption
         27:d5:a5:d8:22:bc:37:9c:6e:a8:bf:0e:68:e6:e6:a9:36:b3:
         e8:e2:e4:23:16:a1:b9:b9:5d:2a:c2:08:14:79:c0:7f:a6:24:
         71:db:ae:63:1c:d3:66:bc:b0:e4:28:11:df:48:6f:24:95:38:
         3b:08:10:2c:0c:18:07:a5:2a:19:0e:7b:ad:f4:1a:02:02:28:
         fc:5d:6d:ec:85:df:0c:7a:fc:9a:16:88:bd:9d:47:ec:22:2c:
         3c:28:5f:53:3b:63:7b:d9:64:db:ad:ae:2a:80:41:03:b5:7c:
         91:fd:af:8f:35:0c:62:b0:74:ce:52:5a:4e:b8:84:eb:63:0b:
         0a:90:22:49:9a:33:ec:a0:16:4b:a5:43:25:09:8b:30:42:d6:
         d1:79:47:41:6a:51:57:ad:b4:30:4e:9c:7b:6d:56:8d:77:5a:
         3c:f2:4e:83:c0:be:da:51:a6:3d:5e:fe:1b:28:47:26:6d:06:
         c4:84:cd:82:dd:52:c9:38:19:82:18:21:26:f8:c8:ed:fb:f1:
         c4:05:47:c3:e3:17:1b:47:14:55:45:1f:a8:62:2f:a4:21:cb:
         e4:d3:71:54:13:21:71:9c:ac:b5:ad:d7:b4:da:d6:3e:7f:f5:
         99:11:dc:c3:3d:78:70:69:76:7f:29:aa:73:ef:b7:45:b7:13:
         5b:f8:bb:c0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQg1kJMMPPWXJjmAv3/TK/OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYWI2YzExZDQxMTYyZGIwMzA2ODU4ZjgzZTVlNjUxMjEx
MzJhNmIwHhcNMjUwMTAxMDc0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yjg2NWQzNTNkMWJkYWZjNGViZTUyNDg1N2Y5NDkzM2FlMTljYWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmoC4dKRvglRs4kNnnseNo0ZcX0eu
joyUSp9NsNKc8MIkApr/0AXDJHOKylUZw2TGrnnwsZm8qXZvMXzFWkPimHlVPaXF
AgdxeH3d1CPugO4LY40coYpcu2Qc/sn7hvadvnaC9dXeKzVSEMINysy1v/q0uA+h
oXVpzVdmxvkXHF+ZhWdLZ+BzMYGTObzlvTJKwAfhHcvYXY0fg1ryYFv8vO+ueBP0
V0SpijEbYTh8LIJWYzfY1CA4WoG0SX9HM9NNQmNfnd1An8MzkSKWREa/Hx9QyQfp
V+govgkM/l2Aud3vKlw42kT8xnF2evIJ8i2t0N6DKiAxFCJf6zkuI35+hQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHuGXTU9G9r8Tr5SSFf5STOuGcq6MB8GA1UdIwQY
MBaAFHurbBHUEWLbAwaFj4Pl5lEhEyprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAt
OWY1YmY3MzY3MjBlLzEvZTRaZE5UMGIydnhPdmxKSVZfbEpNNjRaeXJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAtOWY1YmY3MzY3MjBl
LzEvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgciwcEw
DQYJKoZIhvcNAQELBQADggEBACfVpdgivDecbqi/Dmjm5qk2s+ji5CMWobm5XSrC
CBR5wH+mJHHbrmMc02a8sOQoEd9IbySVODsIECwMGAelKhkOe630GgICKPxdbeyF
3wx6/JoWiL2dR+wiLDwoX1M7Y3vZZNutriqAQQO1fJH9r481DGKwdM5SWk64hOtj
CwqQIkmaM+ygFkulQyUJizBC1tF5R0FqUVettDBOnHttVo13WjzyToPAvtpRpj1e
/hsoRyZtBsSEzYLdUsk4GYIYISb4yO378cQFR8PjFxtHFFVFH6hiL6Qhy+TTcVQT
IXGcrLWt17Ta1j5/9ZkR3MM9eHBpdn8pqnPvt0W3E1v4u8A=
-----END CERTIFICATE-----