Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/9f63ac-b1e4-4dbd-9996-5a19afdb06a7/1/SCpEo2_kovwtJ7h461SY3LLkpsY.roa
File:                     SCpEo2_kovwtJ7h461SY3LLkpsY.roa (raw, json)
Hash identifier:          NtJ3kukozr/4572zznTzib4QwdfrhaOpAf0JjjBMM9U=
Subject key identifier:   48:2A:44:A3:6F:E4:A2:FC:2D:27:B8:78:EB:54:98:DC:B2:E4:A6:C6
Certificate issuer:       /CN=7365ec12014f911f7205eecbc2fc818b9b35723c
Certificate serial:       019426D9E823BD6D79E90CD7BFAC75B94D2C
Authority key identifier: 73:65:EC:12:01:4F:91:1F:72:05:EE:CB:C2:FC:81:8B:9B:35:72:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c2XsEgFPkR9yBe7LwvyBi5s1cjw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/9f63ac-b1e4-4dbd-9996-5a19afdb06a7/1/SCpEo2_kovwtJ7h461SY3LLkpsY.roa
Signing time:             Thu 02 Jan 2025 11:50:02 +0000
ROA not before:           Thu 02 Jan 2025 11:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216364
IP address blocks:        2001:3300::/29 maxlen: 29
                          2001:3300::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/9f63ac-b1e4-4dbd-9996-5a19afdb06a7/1/c2XsEgFPkR9yBe7LwvyBi5s1cjw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/9f63ac-b1e4-4dbd-9996-5a19afdb06a7/1/c2XsEgFPkR9yBe7LwvyBi5s1cjw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c2XsEgFPkR9yBe7LwvyBi5s1cjw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 22:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:e8:23:bd:6d:79:e9:0c:d7:bf:ac:75:b9:4d:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7365ec12014f911f7205eecbc2fc818b9b35723c
        Validity
            Not Before: Jan  2 11:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=482a44a36fe4a2fc2d27b878eb5498dcb2e4a6c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:18:dc:17:d4:8f:4f:ac:40:ec:04:b9:e9:67:
                    0e:db:da:b0:98:23:15:85:98:8b:c3:a2:ac:29:d2:
                    20:03:51:af:7b:7d:02:fa:2e:94:7f:aa:8b:1c:70:
                    e6:09:14:09:34:46:c8:ab:76:cb:51:2d:ce:a5:e3:
                    ac:b3:79:6b:da:b6:97:7e:e0:f3:45:2a:fe:1b:71:
                    2a:84:3f:34:68:dc:84:44:90:46:ad:24:c9:bc:52:
                    b6:38:e9:bf:28:56:8f:cc:b3:fe:48:01:e7:8c:50:
                    84:bb:3a:6b:24:be:94:16:06:95:36:d1:e6:67:a4:
                    35:ee:9d:d1:c1:fc:ac:42:5f:e4:07:a4:2d:b3:2b:
                    f5:dd:fc:f0:3b:04:41:63:5f:1a:64:ab:4a:d5:f8:
                    5c:c7:8d:f3:73:1e:0d:98:79:c0:1c:d7:3a:32:d4:
                    80:58:b1:f3:00:de:ce:c4:33:8e:5e:f1:46:9f:51:
                    ef:7c:37:cf:16:b2:77:5a:ce:d1:33:fd:bc:d3:76:
                    3b:a4:2b:74:67:d6:1e:79:0c:12:e8:50:84:94:b3:
                    3c:03:08:4d:63:e4:9c:a2:51:7b:41:ab:25:2c:2d:
                    dc:2f:0b:f0:32:5d:8b:3b:99:4a:c7:e3:18:ec:e7:
                    17:bf:e6:4d:5e:4c:ca:09:ad:2f:36:99:12:10:8a:
                    c0:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:2A:44:A3:6F:E4:A2:FC:2D:27:B8:78:EB:54:98:DC:B2:E4:A6:C6
            X509v3 Authority Key Identifier:
                keyid:73:65:EC:12:01:4F:91:1F:72:05:EE:CB:C2:FC:81:8B:9B:35:72:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2XsEgFPkR9yBe7LwvyBi5s1cjw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/9f63ac-b1e4-4dbd-9996-5a19afdb06a7/1/SCpEo2_kovwtJ7h461SY3LLkpsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/9f63ac-b1e4-4dbd-9996-5a19afdb06a7/1/c2XsEgFPkR9yBe7LwvyBi5s1cjw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3300::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:b9:69:23:fe:d8:7f:aa:aa:e1:b5:fd:db:e9:c1:c9:a8:f5:
         45:e3:29:05:bb:31:58:38:54:9d:ff:48:a2:68:8a:d6:d3:e6:
         39:42:5d:cc:0e:49:37:15:d0:60:ea:15:52:3c:87:87:f9:8b:
         f3:87:aa:d3:e9:f8:51:56:a4:13:e6:b6:14:08:67:e9:80:e0:
         f3:5b:8d:6d:a7:96:c7:4a:71:f7:20:2c:c8:0d:07:5b:c7:10:
         72:89:00:d8:0a:4e:8e:5c:cb:cc:c1:05:a5:c2:10:bb:22:88:
         54:d1:bd:34:c7:db:af:57:1a:77:aa:88:4f:b5:69:d8:1b:22:
         ca:f3:1e:22:2b:03:a3:7a:60:2d:eb:39:de:9e:d5:45:13:0d:
         3d:5e:2d:df:2e:93:b7:ee:38:19:83:7d:e4:37:38:fb:e1:99:
         54:65:b2:f8:e4:ef:8a:fb:0b:c8:06:be:37:84:33:3e:1e:77:
         00:f5:ec:2f:3b:3e:f4:03:4d:25:54:c4:84:e2:46:18:9e:01:
         f1:04:25:15:ee:8e:12:72:05:06:2a:31:4d:60:f8:79:7b:e9:
         92:b5:a9:10:36:57:7d:91:72:98:03:b5:04:39:77:82:d5:f5:
         ab:2c:f7:04:18:83:b1:dc:a2:ad:1f:54:90:4b:4a:2a:6f:3e:
         24:9d:d8:d4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQm2egjvW156QzXv6x1uU0sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczNjVlYzEyMDE0ZjkxMWY3MjA1ZWVjYmMyZmM4MThiOWIz
NTcyM2MwHhcNMjUwMTAyMTE1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODJhNDRhMzZmZTRhMmZjMmQyN2I4NzhlYjU0OThkY2IyZTRhNmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxjcF9SPT6xA7AS56WcO29qwmCMV
hZiLw6KsKdIgA1Gve30C+i6Uf6qLHHDmCRQJNEbIq3bLUS3OpeOss3lr2raXfuDz
RSr+G3EqhD80aNyERJBGrSTJvFK2OOm/KFaPzLP+SAHnjFCEuzprJL6UFgaVNtHm
Z6Q17p3RwfysQl/kB6Qtsyv13fzwOwRBY18aZKtK1fhcx43zcx4NmHnAHNc6MtSA
WLHzAN7OxDOOXvFGn1HvfDfPFrJ3Ws7RM/2803Y7pCt0Z9YeeQwS6FCElLM8AwhN
Y+ScolF7QaslLC3cLwvwMl2LO5lKx+MY7OcXv+ZNXkzKCa0vNpkSEIrA0QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEgqRKNv5KL8LSe4eOtUmNyy5KbGMB8GA1UdIwQY
MBaAFHNl7BIBT5EfcgXuy8L8gYubNXI8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzJYc0VnRlBrUjl5QmU3THd2eUJpNXMxY2p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS85ZjYzYWMtYjFlNC00ZGJkLTk5OTYt
NWExOWFmZGIwNmE3LzEvU0NwRW8yX2tvdnd0SjdoNDYxU1kzTExrcHNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS85ZjYzYWMtYjFlNC00ZGJkLTk5OTYtNWExOWFmZGIwNmE3
LzEvYzJYc0VnRlBrUjl5QmU3THd2eUJpNXMxY2p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDIAEzADAN
BgkqhkiG9w0BAQsFAAOCAQEAPLlpI/7Yf6qq4bX92+nByaj1ReMpBbsxWDhUnf9I
omiK1tPmOUJdzA5JNxXQYOoVUjyHh/mL84eq0+n4UVakE+a2FAhn6YDg81uNbaeW
x0px9yAsyA0HW8cQcokA2ApOjlzLzMEFpcIQuyKIVNG9NMfbr1cad6qIT7Vp2Bsi
yvMeIisDo3pgLes53p7VRRMNPV4t3y6Tt+44GYN95Dc4++GZVGWy+OTvivsLyAa+
N4QzPh53APXsLzs+9ANNJVTEhOJGGJ4B8QQlFe6OEnIFBioxTWD4eXvpkrWpEDZX
fZFymAO1BDl3gtX1qyz3BBiDsdyirR9UkEtKKm8+JJ3Y1A==
-----END CERTIFICATE-----