Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/RE5hObodnlVzPY2NC9fBqxqamSo.roa
File:                     RE5hObodnlVzPY2NC9fBqxqamSo.roa (raw, json)
Hash identifier:          vt4HA66geUCnP70MZ/cuIbrc9l462uvO+5uycK2tf/g=
Subject key identifier:   44:4E:61:39:BA:1D:9E:55:73:3D:8D:8D:0B:D7:C1:AB:1A:9A:99:2A
Certificate issuer:       /CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
Certificate serial:       0194272BA479A1E99CE70C16A7A2FBD420A7
Authority key identifier: C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/RE5hObodnlVzPY2NC9fBqxqamSo.roa
Signing time:             Thu 02 Jan 2025 13:19:19 +0000
ROA not before:           Thu 02 Jan 2025 13:19:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215849
IP address blocks:        2a07:2486:e000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 22:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:2b:a4:79:a1:e9:9c:e7:0c:16:a7:a2:fb:d4:20:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
        Validity
            Not Before: Jan  2 13:19:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=444e6139ba1d9e55733d8d8d0bd7c1ab1a9a992a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c0:22:86:1c:48:c8:f9:f7:08:20:97:89:47:
                    d9:72:2f:4f:7f:5c:a9:2d:13:4f:55:8b:29:b9:cb:
                    3d:b7:d8:a1:47:d1:4f:f7:1c:46:f3:fc:15:5f:3e:
                    5c:1e:09:1b:bf:97:05:9b:07:78:8f:f9:0f:c8:83:
                    89:c2:aa:04:c1:29:33:0d:dd:dc:cb:bb:15:c2:f0:
                    bf:ad:70:9b:51:c8:32:9c:fd:63:14:60:f8:62:f1:
                    4f:79:43:54:ff:2e:fe:ca:a9:4c:27:61:d4:e9:14:
                    41:c9:a2:f7:e1:e7:0f:b3:48:bf:6a:53:b8:95:f8:
                    dc:0c:ea:b0:07:ce:89:51:b3:c4:a2:ad:1a:94:7f:
                    19:47:f9:14:f4:5e:3d:15:c5:52:18:68:dd:f9:ce:
                    14:3b:a1:fe:77:42:44:71:20:66:a6:29:96:b8:c7:
                    58:b3:a0:1c:45:12:ed:3d:de:9f:58:09:f0:b6:45:
                    21:4e:47:46:a7:3b:3f:a1:3c:51:9b:b4:ea:a2:74:
                    33:38:db:84:17:d9:20:bf:0f:cd:9d:ac:6a:8f:cf:
                    59:6a:3f:7b:2c:13:52:4a:96:4d:1d:3a:5e:93:6a:
                    4c:2d:5e:dd:19:4e:b5:bd:ec:e3:20:32:9c:ca:10:
                    a5:1f:8b:79:25:dc:09:42:78:59:e2:34:10:a3:10:
                    34:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:4E:61:39:BA:1D:9E:55:73:3D:8D:8D:0B:D7:C1:AB:1A:9A:99:2A
            X509v3 Authority Key Identifier:
                keyid:C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/RE5hObodnlVzPY2NC9fBqxqamSo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2486:e000::/36

    Signature Algorithm: sha256WithRSAEncryption
         3e:b5:45:02:67:26:81:7d:6f:93:f3:cf:52:8b:bd:e8:66:ee:
         05:c8:d6:d7:1e:11:b2:e5:d7:ac:b2:90:08:ae:51:ac:ae:20:
         12:11:4e:5b:52:5a:2e:00:36:3c:c9:c6:1c:6d:d5:e7:3d:64:
         a0:43:67:b2:b1:78:2e:43:f2:4f:7d:7e:1e:bf:3f:78:3f:3a:
         19:b2:57:54:6a:81:bb:3b:bf:cf:24:53:26:3b:33:c4:a1:48:
         3a:96:21:35:7a:3e:8e:9e:7c:bb:f0:d6:39:dc:ca:a4:67:dc:
         65:a4:fb:4b:c7:8a:1e:83:24:88:b4:b9:28:9d:e7:ad:c7:43:
         48:85:65:be:15:f4:93:bf:b4:31:d3:e7:27:dc:a9:23:a5:23:
         ec:1d:7a:b0:4b:0c:41:c1:4e:4e:2e:de:a2:2e:4a:b3:4e:ac:
         78:5f:06:9a:dd:e6:d9:60:9c:ea:11:5b:b3:7b:d8:a1:0a:63:
         61:af:3a:45:b8:4c:dd:be:c1:ae:e2:1e:0c:96:91:1a:ea:d2:
         40:cf:a8:cd:40:25:06:69:15:a9:0c:7b:ac:f4:55:fe:19:14:
         6c:90:37:ef:c0:5d:b6:09:e8:3e:db:ef:eb:3a:c6:0e:e3:f9:
         2e:61:ac:7c:b9:b6:9c:18:43:f2:6e:0f:8a:b2:8c:1d:8b:1f:
         f5:4f:f7:0b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQnK6R5oemc5wwWp6L71CCnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMzZlOGMyMTZmMDVhOWQ5ZTAzMjdmMTIyMmJmMTIxOThh
YmE1ZGEwHhcNMjUwMTAyMTMxOTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDRlNjEzOWJhMWQ5ZTU1NzMzZDhkOGQwYmQ3YzFhYjFhOWE5OTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcAihhxIyPn3CCCXiUfZci9Pf1yp
LRNPVYspucs9t9ihR9FP9xxG8/wVXz5cHgkbv5cFmwd4j/kPyIOJwqoEwSkzDd3c
y7sVwvC/rXCbUcgynP1jFGD4YvFPeUNU/y7+yqlMJ2HU6RRByaL34ecPs0i/alO4
lfjcDOqwB86JUbPEoq0alH8ZR/kU9F49FcVSGGjd+c4UO6H+d0JEcSBmpimWuMdY
s6AcRRLtPd6fWAnwtkUhTkdGpzs/oTxRm7TqonQzONuEF9kgvw/Nnaxqj89Zaj97
LBNSSpZNHTpek2pMLV7dGU61vezjIDKcyhClH4t5JdwJQnhZ4jQQoxA0CQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEROYTm6HZ5Vcz2NjQvXwasampkqMB8GA1UdIwQY
MBaAFMI26MIW8FqdngMn8SIr8SGYq6XaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgt
Mzg0ZmZjZTc3ZjUyLzEvUkU1aE9ib2RubFZ6UFkyTkM5ZkJxeHFhbVNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgtMzg0ZmZjZTc3ZjUy
LzEvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgckhuAw
DQYJKoZIhvcNAQELBQADggEBAD61RQJnJoF9b5Pzz1KLvehm7gXI1tceEbLl16yy
kAiuUayuIBIRTltSWi4ANjzJxhxt1ec9ZKBDZ7KxeC5D8k99fh6/P3g/OhmyV1Rq
gbs7v88kUyY7M8ShSDqWITV6Po6efLvw1jncyqRn3GWk+0vHih6DJIi0uSid563H
Q0iFZb4V9JO/tDHT5yfcqSOlI+wderBLDEHBTk4u3qIuSrNOrHhfBprd5tlgnOoR
W7N72KEKY2GvOkW4TN2+wa7iHgyWkRrq0kDPqM1AJQZpFakMe6z0Vf4ZFGyQN+/A
XbYJ6D7b7+s6xg7j+S5hrHy5tpwYQ/JuD4qyjB2LH/VP9ws=
-----END CERTIFICATE-----