Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/df7d6a-4592-400b-ade4-0ec5235d4e9f/1/nbL7-TNKQqJ1-yJVoHEn9a5u6DU.roa
File:                     nbL7-TNKQqJ1-yJVoHEn9a5u6DU.roa (raw, json)
Hash identifier:          tfXwKToKmsCep/7a6KKpGiz+Hfu7rsnL13FXZOQiKEU=
Subject key identifier:   9D:B2:FB:F9:33:4A:42:A2:75:FB:22:55:A0:71:27:F5:AE:6E:E8:35
Certificate issuer:       /CN=21df245ead9980d2b39533782f65d7566d0462d1
Certificate serial:       01941FFA7A90C2ED4378E3AA2EAA380FC3EF
Authority key identifier: 21:DF:24:5E:AD:99:80:D2:B3:95:33:78:2F:65:D7:56:6D:04:62:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Id8kXq2ZgNKzlTN4L2XXVm0EYtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/df7d6a-4592-400b-ade4-0ec5235d4e9f/1/nbL7-TNKQqJ1-yJVoHEn9a5u6DU.roa
Signing time:             Wed 01 Jan 2025 03:48:16 +0000
ROA not before:           Wed 01 Jan 2025 03:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211368
IP address blocks:        2a10:f2c0:400::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/df7d6a-4592-400b-ade4-0ec5235d4e9f/1/Id8kXq2ZgNKzlTN4L2XXVm0EYtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/df7d6a-4592-400b-ade4-0ec5235d4e9f/1/Id8kXq2ZgNKzlTN4L2XXVm0EYtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Id8kXq2ZgNKzlTN4L2XXVm0EYtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:7a:90:c2:ed:43:78:e3:aa:2e:aa:38:0f:c3:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21df245ead9980d2b39533782f65d7566d0462d1
        Validity
            Not Before: Jan  1 03:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9db2fbf9334a42a275fb2255a07127f5ae6ee835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:df:f3:0f:bc:b3:80:99:ed:e7:10:11:56:6e:
                    13:59:40:da:0f:0d:6c:64:e5:b1:91:f5:36:5a:40:
                    cf:24:1b:d6:48:89:a7:fd:e8:88:b5:2c:84:b8:7f:
                    c5:07:fa:ba:bf:48:7a:55:fb:0c:3e:6c:87:50:f8:
                    f5:3a:aa:b0:b1:e3:92:21:40:68:fb:89:d9:f3:b6:
                    6d:8e:56:5d:0e:2f:dd:82:11:78:3d:60:6b:01:04:
                    ff:ee:75:2a:2d:49:66:58:ca:d3:bd:e1:5e:0f:4e:
                    a9:36:23:ff:09:6a:b8:22:7c:2a:8a:f6:65:c7:7e:
                    3c:ee:27:d9:49:8e:16:5e:c3:12:b9:22:c7:e5:96:
                    53:e7:dd:a9:33:6a:8f:d0:67:1d:ee:42:c1:b3:de:
                    fa:59:e5:0e:f7:33:01:15:98:ff:a5:a3:ec:6c:1a:
                    8c:74:4d:90:fe:d9:bb:8a:29:fb:7c:2e:0c:fb:db:
                    ff:e1:15:0c:b7:8f:43:19:93:0d:49:8a:ab:8c:60:
                    fb:c1:e8:ee:ca:75:79:5e:63:ad:e9:ee:c2:79:66:
                    02:d0:1d:2e:24:59:31:be:b7:9f:15:04:70:25:28:
                    58:37:1e:f8:47:73:d7:b0:f2:64:24:bf:c2:04:86:
                    85:e0:89:12:50:93:56:90:44:fe:f0:ea:94:fe:ae:
                    db:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:B2:FB:F9:33:4A:42:A2:75:FB:22:55:A0:71:27:F5:AE:6E:E8:35
            X509v3 Authority Key Identifier:
                keyid:21:DF:24:5E:AD:99:80:D2:B3:95:33:78:2F:65:D7:56:6D:04:62:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Id8kXq2ZgNKzlTN4L2XXVm0EYtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/df7d6a-4592-400b-ade4-0ec5235d4e9f/1/nbL7-TNKQqJ1-yJVoHEn9a5u6DU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/df7d6a-4592-400b-ade4-0ec5235d4e9f/1/Id8kXq2ZgNKzlTN4L2XXVm0EYtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:f2c0:400::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:37:f3:eb:19:c9:f5:b7:a7:84:75:59:b2:c4:23:3d:6f:b7:
         e6:80:5e:e4:ca:5b:53:4b:b7:70:5c:c0:8b:82:27:6b:54:d9:
         1c:b0:c8:77:e2:d7:16:c8:ea:e2:4c:95:15:84:2c:ae:b9:7d:
         35:1b:c7:03:e2:05:41:a8:6b:90:a5:34:dd:35:ec:70:16:c9:
         50:21:a5:54:1f:a6:95:03:32:07:c2:b4:13:03:96:11:34:35:
         59:23:b8:03:3c:87:e6:91:d3:a5:d3:c2:89:ea:65:0d:f5:e5:
         78:84:4d:9e:c3:0b:55:47:8e:9a:7d:86:5d:35:60:1c:e6:c9:
         90:a5:95:1d:a2:6c:26:50:39:3b:0a:7a:f1:4c:4a:ba:8a:ba:
         01:38:f0:20:63:71:34:c1:15:6d:79:7c:e4:47:00:4d:9b:fb:
         69:7e:9f:28:8d:06:bc:70:95:6a:ce:fb:b1:f3:e4:1a:c9:1f:
         9f:5f:fa:86:b4:66:54:7e:e6:ec:5c:a3:ed:5f:6f:c2:9a:f5:
         4d:3d:4c:68:c0:4e:8d:b1:e3:35:db:3a:18:9f:e7:49:f7:a0:
         60:33:57:4d:1c:2e:3b:17:0b:e7:a0:bd:1b:c5:f5:2b:8e:85:
         fb:ca:f6:3b:49:46:b7:b4:b7:ef:e8:d1:5a:14:d0:44:f2:c7:
         ca:0a:1a:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+nqQwu1DeOOqLqo4D8PvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxZGYyNDVlYWQ5OTgwZDJiMzk1MzM3ODJmNjVkNzU2NmQw
NDYyZDEwHhcNMjUwMTAxMDM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGIyZmJmOTMzNGE0MmEyNzVmYjIyNTVhMDcxMjdmNWFlNmVlODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9/zD7yzgJnt5xARVm4TWUDaDw1s
ZOWxkfU2WkDPJBvWSImn/eiItSyEuH/FB/q6v0h6VfsMPmyHUPj1OqqwseOSIUBo
+4nZ87ZtjlZdDi/dghF4PWBrAQT/7nUqLUlmWMrTveFeD06pNiP/CWq4InwqivZl
x3487ifZSY4WXsMSuSLH5ZZT592pM2qP0Gcd7kLBs976WeUO9zMBFZj/paPsbBqM
dE2Q/tm7iin7fC4M+9v/4RUMt49DGZMNSYqrjGD7wejuynV5XmOt6e7CeWYC0B0u
JFkxvrefFQRwJShYNx74R3PXsPJkJL/CBIaF4IkSUJNWkET+8OqU/q7bgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ2y+/kzSkKidfsiVaBxJ/Wubug1MB8GA1UdIwQY
MBaAFCHfJF6tmYDSs5UzeC9l11ZtBGLRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWQ4a1hxMlpnTkt6bFRONEwyWFhWbTBFWXRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9kZjdkNmEtNDU5Mi00MDBiLWFkZTQt
MGVjNTIzNWQ0ZTlmLzEvbmJMNy1UTktRcUoxLXlKVm9IRW45YTV1NkRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9kZjdkNmEtNDU5Mi00MDBiLWFkZTQtMGVjNTIzNWQ0ZTlm
LzEvSWQ4a1hxMlpnTkt6bFRONEwyWFhWbTBFWXRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhDywAQA
MA0GCSqGSIb3DQEBCwUAA4IBAQA8N/PrGcn1t6eEdVmyxCM9b7fmgF7kyltTS7dw
XMCLgidrVNkcsMh34tcWyOriTJUVhCyuuX01G8cD4gVBqGuQpTTdNexwFslQIaVU
H6aVAzIHwrQTA5YRNDVZI7gDPIfmkdOl08KJ6mUN9eV4hE2ewwtVR46afYZdNWAc
5smQpZUdomwmUDk7CnrxTEq6iroBOPAgY3E0wRVteXzkRwBNm/tpfp8ojQa8cJVq
zvux8+QayR+fX/qGtGZUfubsXKPtX2/CmvVNPUxowE6NseM12zoYn+dJ96BgM1dN
HC47FwvnoL0bxfUrjoX7yvY7SUa3tLfv6NFaFNBE8sfKChoA
-----END CERTIFICATE-----