Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/25e660-4056-42cc-a8b0-d0517db26dad/1/xmOvbRNpbfTNvGRi0NGmoChwF8k.roa
File:                     xmOvbRNpbfTNvGRi0NGmoChwF8k.roa (raw, json)
Hash identifier:          7oU4y3FJaTZ6zlZMUwxbLqzJR9lqEVzJSwfHVW5xI4s=
Subject key identifier:   C6:63:AF:6D:13:69:6D:F4:CD:BC:64:62:D0:D1:A6:A0:28:70:17:C9
Certificate issuer:       /CN=c9a9484ca708ab771eb1db90bafc8a114c2c3d79
Certificate serial:       019423D74595FF121F75C487AB48FFFD984B
Authority key identifier: C9:A9:48:4C:A7:08:AB:77:1E:B1:DB:90:BA:FC:8A:11:4C:2C:3D:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yalITKcIq3cesduQuvyKEUwsPXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/25e660-4056-42cc-a8b0-d0517db26dad/1/xmOvbRNpbfTNvGRi0NGmoChwF8k.roa
Signing time:             Wed 01 Jan 2025 21:48:18 +0000
ROA not before:           Wed 01 Jan 2025 21:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62425
IP address blocks:        2a05:600::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/25e660-4056-42cc-a8b0-d0517db26dad/1/yalITKcIq3cesduQuvyKEUwsPXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/25e660-4056-42cc-a8b0-d0517db26dad/1/yalITKcIq3cesduQuvyKEUwsPXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yalITKcIq3cesduQuvyKEUwsPXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:45:95:ff:12:1f:75:c4:87:ab:48:ff:fd:98:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9a9484ca708ab771eb1db90bafc8a114c2c3d79
        Validity
            Not Before: Jan  1 21:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c663af6d13696df4cdbc6462d0d1a6a0287017c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:65:3f:c0:01:64:39:3f:2b:81:fc:b2:b6:17:
                    84:03:38:fd:1c:bd:50:e2:05:8f:21:5a:69:f6:f6:
                    5c:43:4e:fb:d8:92:02:7f:28:dd:7e:99:ab:90:f3:
                    13:80:3f:7b:dc:88:70:bf:a9:77:9e:4a:88:aa:2f:
                    52:c6:1d:fd:71:4e:d0:7c:33:0a:fa:19:ba:54:2e:
                    3d:e4:a7:83:31:6a:55:a5:28:ca:fc:71:2c:04:d3:
                    da:b0:4c:32:ab:3b:8d:e6:8f:9a:5b:9d:12:7b:16:
                    a5:ea:af:cc:c3:51:9e:87:e3:9f:04:14:4c:33:a2:
                    43:01:7e:2f:7f:b6:4f:ce:59:ce:a9:f3:0a:75:06:
                    fc:5d:3f:cd:53:2f:c7:2e:14:c9:56:35:56:76:f6:
                    54:f2:79:86:bc:85:ac:85:55:fb:c2:d1:63:d9:25:
                    2a:0a:21:3b:38:a6:1c:d8:fa:7e:80:f8:86:9f:59:
                    e8:a9:8f:a1:a8:d3:01:57:25:43:ca:20:8a:f1:f7:
                    35:3c:0d:83:6c:9c:7e:08:e1:d7:2a:2a:f2:c3:70:
                    da:6a:2c:84:47:c8:f7:cc:5c:6a:86:bb:67:61:0e:
                    49:9c:93:1f:23:5d:b2:0d:c1:b6:a0:ae:43:7e:84:
                    91:5a:3e:b3:87:a1:fa:c3:44:da:b1:7b:96:17:06:
                    61:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:63:AF:6D:13:69:6D:F4:CD:BC:64:62:D0:D1:A6:A0:28:70:17:C9
            X509v3 Authority Key Identifier:
                keyid:C9:A9:48:4C:A7:08:AB:77:1E:B1:DB:90:BA:FC:8A:11:4C:2C:3D:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yalITKcIq3cesduQuvyKEUwsPXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/25e660-4056-42cc-a8b0-d0517db26dad/1/xmOvbRNpbfTNvGRi0NGmoChwF8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/25e660-4056-42cc-a8b0-d0517db26dad/1/yalITKcIq3cesduQuvyKEUwsPXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:600::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:f8:aa:d6:b0:ee:b3:dd:2f:5e:6f:e7:f9:11:b4:0b:02:4c:
         22:49:05:f1:a1:d0:6b:2a:1f:d9:ea:44:84:8c:16:6d:dc:e8:
         d8:78:87:cf:cf:71:53:a2:b5:72:5f:17:ee:f5:91:86:7d:b3:
         49:fb:6c:9e:11:a9:f0:e4:df:b3:70:a7:c3:b0:32:f2:91:65:
         d3:c1:85:9c:36:a8:73:0c:f7:70:9d:b9:fe:53:39:98:0b:90:
         7b:24:50:b1:c4:0f:43:15:9f:87:bb:c3:ea:29:80:b6:3f:a5:
         f5:bb:bb:a4:cf:7f:36:bd:e1:51:22:a1:7f:a3:b4:5a:64:5e:
         b9:92:45:61:e6:a4:3a:41:e7:e9:52:ec:13:bc:ce:fe:a4:88:
         66:33:35:0a:d1:28:09:7a:5f:c3:0f:3a:88:c7:62:d1:63:a0:
         1d:d5:57:99:72:3a:43:17:c7:54:1d:a3:7b:68:23:a2:a8:59:
         73:2b:21:7e:50:1c:38:f4:0d:5b:37:23:7f:e1:6c:3a:10:da:
         98:1b:87:a6:4a:ba:6b:24:41:78:63:32:1c:e0:af:08:5e:05:
         4a:bf:b1:a5:11:09:ca:2c:47:3d:22:26:3a:52:e0:1a:fc:c1:
         9b:5e:aa:61:1c:70:e0:f4:72:60:77:f8:d9:47:8c:5d:97:37:
         9d:fa:83:7c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQj10WV/xIfdcSHq0j//ZhLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5YTk0ODRjYTcwOGFiNzcxZWIxZGI5MGJhZmM4YTExNGMy
YzNkNzkwHhcNMjUwMTAxMjE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjYzYWY2ZDEzNjk2ZGY0Y2RiYzY0NjJkMGQxYTZhMDI4NzAxN2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWU/wAFkOT8rgfyytheEAzj9HL1Q
4gWPIVpp9vZcQ0772JICfyjdfpmrkPMTgD973Ihwv6l3nkqIqi9Sxh39cU7QfDMK
+hm6VC495KeDMWpVpSjK/HEsBNPasEwyqzuN5o+aW50Sexal6q/Mw1Geh+OfBBRM
M6JDAX4vf7ZPzlnOqfMKdQb8XT/NUy/HLhTJVjVWdvZU8nmGvIWshVX7wtFj2SUq
CiE7OKYc2Pp+gPiGn1noqY+hqNMBVyVDyiCK8fc1PA2DbJx+COHXKiryw3DaaiyE
R8j3zFxqhrtnYQ5JnJMfI12yDcG2oK5DfoSRWj6zh6H6w0TasXuWFwZhLQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMZjr20TaW30zbxkYtDRpqAocBfJMB8GA1UdIwQY
MBaAFMmpSEynCKt3HrHbkLr8ihFMLD15MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWFsSVRLY0lxM2Nlc2R1UXV2eUtFVXdzUFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8yNWU2NjAtNDA1Ni00MmNjLWE4YjAt
ZDA1MTdkYjI2ZGFkLzEveG1PdmJSTnBiZlROdkdSaTBOR21vQ2h3RjhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8yNWU2NjAtNDA1Ni00MmNjLWE4YjAtZDA1MTdkYjI2ZGFk
LzEveWFsSVRLY0lxM2Nlc2R1UXV2eUtFVXdzUFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgUGADAN
BgkqhkiG9w0BAQsFAAOCAQEAePiq1rDus90vXm/n+RG0CwJMIkkF8aHQayof2epE
hIwWbdzo2HiHz89xU6K1cl8X7vWRhn2zSftsnhGp8OTfs3Cnw7Ay8pFl08GFnDao
cwz3cJ25/lM5mAuQeyRQscQPQxWfh7vD6imAtj+l9bu7pM9/Nr3hUSKhf6O0WmRe
uZJFYeakOkHn6VLsE7zO/qSIZjM1CtEoCXpfww86iMdi0WOgHdVXmXI6QxfHVB2j
e2gjoqhZcyshflAcOPQNWzcjf+FsOhDamBuHpkq6ayRBeGMyHOCvCF4FSr+xpREJ
yixHPSImOlLgGvzBm16qYRxw4PRyYHf42UeMXZc3nfqDfA==
-----END CERTIFICATE-----