Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/BxI-z_iKAoRv-KkoQfmyFBd2rBU.roa
File:                     BxI-z_iKAoRv-KkoQfmyFBd2rBU.roa (raw, json)
Hash identifier:          azqV4pSZAum5oUwc2nR9O4azmHBN9hS6/dWIvs6n6Yk=
Subject key identifier:   07:12:3E:CF:F8:8A:02:84:6F:F8:A9:28:41:F9:B2:14:17:76:AC:15
Certificate issuer:       /CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
Certificate serial:       019421B2081D3C7D4CEE711D940627325620
Authority key identifier: 36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/BxI-z_iKAoRv-KkoQfmyFBd2rBU.roa
Signing time:             Wed 01 Jan 2025 11:48:23 +0000
ROA not before:           Wed 01 Jan 2025 11:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29226
IP address blocks:        2a11:f840::/29 maxlen: 29
                          2a12:9c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:08:1d:3c:7d:4c:ee:71:1d:94:06:27:32:56:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
        Validity
            Not Before: Jan  1 11:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07123ecff88a02846ff8a92841f9b2141776ac15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:5d:54:13:23:ca:ee:0d:7a:45:ec:5c:3c:38:
                    78:f3:a5:b2:52:a9:ae:62:f2:af:e1:c9:92:27:db:
                    58:ed:63:31:97:c6:7e:3c:26:d0:c2:84:28:50:fe:
                    a9:d4:4e:0f:71:0f:b3:9c:cd:a1:70:91:21:a7:1f:
                    ed:f1:8c:52:38:e8:f9:58:97:8c:52:8a:8b:50:81:
                    4f:28:a1:24:3a:ae:dd:c3:ee:c7:2a:7d:9f:18:a1:
                    59:a9:11:c4:4a:d1:ab:ff:7b:cd:67:ba:45:f3:4b:
                    5d:d0:da:eb:21:4c:89:f5:40:33:c4:8c:8e:05:a8:
                    fa:29:2c:a2:f1:4f:19:be:35:8a:3d:ce:3e:36:c3:
                    7c:a8:6f:35:78:c0:6b:62:82:72:63:80:ca:d6:78:
                    d8:a5:c0:1f:43:49:db:0d:d4:d0:2d:96:18:4f:67:
                    26:67:01:05:86:32:34:b8:52:51:ba:54:20:4e:b0:
                    5e:bd:86:76:d5:79:20:e2:79:e0:88:b9:4f:36:fa:
                    f9:0e:85:2c:52:cc:36:a0:b3:7f:ea:4c:7e:0c:50:
                    cf:6e:19:d2:0a:dd:6e:f5:1b:32:24:92:68:21:98:
                    17:51:b2:c8:e8:15:f9:45:65:42:48:f0:b8:5e:68:
                    ad:3b:00:94:37:4c:75:29:89:d4:fb:32:2c:d4:25:
                    e5:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:12:3E:CF:F8:8A:02:84:6F:F8:A9:28:41:F9:B2:14:17:76:AC:15
            X509v3 Authority Key Identifier:
                keyid:36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/BxI-z_iKAoRv-KkoQfmyFBd2rBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:f840::/29
                  2a12:9c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:97:c7:af:24:6b:e9:61:76:28:7d:19:f7:af:da:6b:27:bd:
         5d:1f:62:56:cf:31:2e:4b:53:78:21:3d:06:8f:07:60:b0:10:
         76:90:4b:ca:66:bc:98:42:06:c0:60:29:8d:9c:92:c5:14:60:
         4b:16:98:ba:24:e4:af:4c:62:e9:36:04:64:17:67:23:ab:81:
         8a:71:b9:fc:3d:e5:2f:d2:50:6f:e0:3d:91:e8:24:58:17:aa:
         e4:af:51:7a:49:80:a2:25:e0:96:31:3f:2a:1e:ac:7e:03:86:
         78:bc:51:08:47:76:8b:c1:6d:22:b4:ea:45:29:c9:08:dd:95:
         d2:5b:38:3b:56:29:70:4a:1f:16:38:3b:4e:dc:f6:4f:c9:d7:
         f0:a7:f0:20:62:d8:9c:00:bf:5f:5b:d7:b3:22:1b:a2:c4:64:
         53:0f:73:89:b0:b4:8b:91:ed:a6:f1:d9:e2:d8:15:1b:ad:00:
         aa:90:49:c2:d6:df:e8:80:aa:d4:96:6e:fb:65:f9:e4:4a:7b:
         03:d5:25:0f:66:9b:88:f3:50:99:b7:fa:2f:e8:22:cc:56:3f:
         e1:f9:31:2d:46:91:f7:28:d0:f6:90:e7:1e:d5:eb:9a:f1:f8:
         7e:54:fd:c7:67:de:15:63:8f:cb:38:e6:8c:b5:7a:09:d4:c0:
         cd:30:97:c5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQhsggdPH1M7nEdlAYnMlYgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Mzc2OWY4NjQ0YTVhNzE4YWU2MmIwNThkZDFmYjYyY2I1
YTNjMjAwHhcNMjUwMTAxMTE0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzEyM2VjZmY4OGEwMjg0NmZmOGE5Mjg0MWY5YjIxNDE3NzZhYzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsl1UEyPK7g16RexcPDh486WyUqmu
YvKv4cmSJ9tY7WMxl8Z+PCbQwoQoUP6p1E4PcQ+znM2hcJEhpx/t8YxSOOj5WJeM
UoqLUIFPKKEkOq7dw+7HKn2fGKFZqRHEStGr/3vNZ7pF80td0NrrIUyJ9UAzxIyO
Baj6KSyi8U8ZvjWKPc4+NsN8qG81eMBrYoJyY4DK1njYpcAfQ0nbDdTQLZYYT2cm
ZwEFhjI0uFJRulQgTrBevYZ21Xkg4nngiLlPNvr5DoUsUsw2oLN/6kx+DFDPbhnS
Ct1u9RsyJJJoIZgXUbLI6BX5RWVCSPC4XmitOwCUN0x1KYnU+zIs1CXl1QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAcSPs/4igKEb/ipKEH5shQXdqwVMB8GA1UdIwQY
MBaAFDY3afhkSlpxiuYrBY3R+2LLWjwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYt
Mzk5ZmM5NjkzYjIyLzEvQnhJLXpfaUtBb1J2LUtrb1FmbXlGQmQyckJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYtMzk5ZmM5NjkzYjIy
LzEvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhH4QAMF
AyoSCcAwDQYJKoZIhvcNAQELBQADggEBACKXx68ka+lhdih9Gfev2msnvV0fYlbP
MS5LU3ghPQaPB2CwEHaQS8pmvJhCBsBgKY2cksUUYEsWmLok5K9MYuk2BGQXZyOr
gYpxufw95S/SUG/gPZHoJFgXquSvUXpJgKIl4JYxPyoerH4Dhni8UQhHdovBbSK0
6kUpyQjdldJbODtWKXBKHxY4O07c9k/J1/Cn8CBi2JwAv19b17MiG6LEZFMPc4mw
tIuR7abx2eLYFRutAKqQScLW3+iAqtSWbvtl+eRKewPVJQ9mm4jzUJm3+i/oIsxW
P+H5MS1Gkfco0PaQ5x7V65rx+H5U/cdn3hVjj8s45oy1egnUwM0wl8U=
-----END CERTIFICATE-----