Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/tk3p5E2XBBz_gCKcQbPuR2gwU6g.roa
File:                     tk3p5E2XBBz_gCKcQbPuR2gwU6g.roa (raw, json)
Hash identifier:          /uRgiUmwXV30g9CXl0HkFIaUTifbBZ9DvHMj/iIVKLM=
Subject key identifier:   B6:4D:E9:E4:4D:97:04:1C:FF:80:22:9C:41:B3:EE:47:68:30:53:A8
Certificate issuer:       /CN=8ad9281aafefc8375ad8b4b7e604899555952237
Certificate serial:       019425218AD2DAA8EBA52D802FA33662E1C9
Authority key identifier: 8A:D9:28:1A:AF:EF:C8:37:5A:D8:B4:B7:E6:04:89:95:55:95:22:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/tk3p5E2XBBz_gCKcQbPuR2gwU6g.roa
Signing time:             Thu 02 Jan 2025 03:49:02 +0000
ROA not before:           Thu 02 Jan 2025 03:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35365
IP address blocks:        2a07:bbc0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 15:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:8a:d2:da:a8:eb:a5:2d:80:2f:a3:36:62:e1:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ad9281aafefc8375ad8b4b7e604899555952237
        Validity
            Not Before: Jan  2 03:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b64de9e44d97041cff80229c41b3ee47683053a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:75:7a:47:f9:c5:bc:da:45:bb:18:de:0f:7d:
                    e9:a1:dd:b1:32:ee:bb:3a:ea:89:04:9a:c0:ce:11:
                    7b:78:cb:8a:e8:38:d1:aa:82:99:81:d3:20:c8:d1:
                    4e:8e:1a:2e:c1:ee:f6:09:07:5b:4d:17:90:7c:02:
                    9c:a1:2c:d3:ec:39:d2:e7:b5:9c:ec:b9:fa:3d:9b:
                    63:91:22:3b:fc:e1:1c:eb:ea:c1:a2:b1:b7:c0:eb:
                    2b:7a:35:a3:50:5e:f0:83:14:3f:42:31:25:b2:4b:
                    eb:c2:46:84:6b:23:75:90:81:ee:a3:84:83:10:8d:
                    dc:1d:31:6f:19:ed:39:f5:10:03:c5:20:2e:51:4b:
                    fe:b1:80:b0:5a:b6:e0:3d:2e:4d:da:85:49:e3:fc:
                    c2:5e:2d:1a:8f:2f:cd:0d:6e:23:f1:ef:74:aa:30:
                    14:3e:0f:02:11:34:f2:99:45:95:5b:80:c6:eb:f8:
                    ec:22:1c:ea:ca:a7:cc:c8:2c:2d:7d:83:ca:40:b0:
                    be:12:0f:7b:0c:11:d9:95:d7:6f:08:de:39:c5:e1:
                    b8:30:4c:d4:e0:3f:1e:12:bf:8d:db:db:bd:b4:ca:
                    f4:03:b5:50:83:03:ba:57:91:c9:6a:73:3b:76:44:
                    63:d2:25:31:0b:b4:92:0c:a1:61:ff:eb:78:83:7e:
                    75:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:4D:E9:E4:4D:97:04:1C:FF:80:22:9C:41:B3:EE:47:68:30:53:A8
            X509v3 Authority Key Identifier:
                keyid:8A:D9:28:1A:AF:EF:C8:37:5A:D8:B4:B7:E6:04:89:95:55:95:22:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/tk3p5E2XBBz_gCKcQbPuR2gwU6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:bbc0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:0f:70:5d:a8:fc:82:78:e2:13:ac:ab:9b:66:37:05:b8:20:
         47:f1:6a:b4:c0:df:3e:71:2b:37:6b:4a:11:84:a9:fe:93:3f:
         25:4f:3f:26:34:a4:cb:78:38:c4:df:7f:10:8a:e2:fe:d7:fb:
         b4:51:df:48:11:c7:21:51:f8:e9:7a:46:cb:ce:bb:0e:f9:a4:
         a4:3f:24:3b:4c:cc:d8:48:a1:3b:89:db:f2:2d:70:02:ee:8a:
         51:19:93:4c:61:cd:19:62:48:25:aa:ac:78:d4:59:12:4b:88:
         67:84:42:4f:51:73:49:54:b5:47:37:b7:74:8f:64:17:10:75:
         dc:b4:7c:a3:09:49:28:f7:4b:a8:bf:1c:76:f9:c9:9e:ac:c8:
         94:de:b1:88:6f:4f:e5:48:e4:87:a1:e8:fe:97:ff:c2:72:fc:
         7a:d7:6a:0f:b4:24:9f:93:92:5d:6c:ab:54:08:05:74:83:8c:
         44:a3:b3:97:27:89:4c:83:c8:88:18:0f:3e:8a:0d:f0:3c:95:
         de:c5:51:63:53:c4:c6:1f:8c:60:28:04:3c:0c:27:0a:e9:9a:
         98:aa:bf:31:6d:84:fa:44:b9:b5:04:b7:32:ba:01:8d:39:a8:
         dd:92:0e:f0:37:b7:45:39:59:47:7e:3e:f8:ab:94:55:66:42:
         dc:ea:ec:92
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIYrS2qjrpS2AL6M2YuHJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZDkyODFhYWZlZmM4Mzc1YWQ4YjRiN2U2MDQ4OTk1NTU5
NTIyMzcwHhcNMjUwMTAyMDM0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjRkZTllNDRkOTcwNDFjZmY4MDIyOWM0MWIzZWU0NzY4MzA1M2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5XV6R/nFvNpFuxjeD33pod2xMu67
OuqJBJrAzhF7eMuK6DjRqoKZgdMgyNFOjhouwe72CQdbTReQfAKcoSzT7DnS57Wc
7Ln6PZtjkSI7/OEc6+rBorG3wOsrejWjUF7wgxQ/QjElskvrwkaEayN1kIHuo4SD
EI3cHTFvGe059RADxSAuUUv+sYCwWrbgPS5N2oVJ4/zCXi0ajy/NDW4j8e90qjAU
Pg8CETTymUWVW4DG6/jsIhzqyqfMyCwtfYPKQLC+Eg97DBHZlddvCN45xeG4MEzU
4D8eEr+N29u9tMr0A7VQgwO6V5HJanM7dkRj0iUxC7SSDKFh/+t4g351iQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLZN6eRNlwQc/4AinEGz7kdoMFOoMB8GA1UdIwQY
MBaAFIrZKBqv78g3Wti0t+YEiZVVlSI3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXRrb0dxX3Z5RGRhMkxTMzVnU0psVldWSWpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8wNTg1MDktMmZlNy00ODZiLWI0YWQt
OGM3NGY5ZGQ2N2ZjLzEvdGszcDVFMlhCQnpfZ0NLY1FiUHVSMmd3VTZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8wNTg1MDktMmZlNy00ODZiLWI0YWQtOGM3NGY5ZGQ2N2Zj
LzEvaXRrb0dxX3Z5RGRhMkxTMzVnU0psVldWSWpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKge7wAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQAID3BdqPyCeOITrKubZjcFuCBH8Wq0wN8+cSs3
a0oRhKn+kz8lTz8mNKTLeDjE338QiuL+1/u0Ud9IEcchUfjpekbLzrsO+aSkPyQ7
TMzYSKE7idvyLXAC7opRGZNMYc0ZYkglqqx41FkSS4hnhEJPUXNJVLVHN7d0j2QX
EHXctHyjCUko90uovxx2+cmerMiU3rGIb0/lSOSHoej+l//Ccvx612oPtCSfk5Jd
bKtUCAV0g4xEo7OXJ4lMg8iIGA8+ig3wPJXexVFjU8TGH4xgKAQ8DCcK6ZqYqr8x
bYT6RLm1BLcyugGNOajdkg7wN7dFOVlHfj74q5RVZkLc6uyS
-----END CERTIFICATE-----