Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/2a53e8-f236-4242-a13b-8f5f713b37aa/1/ea2Y-dwaT445EGlgfXN8R70YRos.roa
File:                     ea2Y-dwaT445EGlgfXN8R70YRos.roa (raw, json)
Hash identifier:          hFopTbVTP9tQkxA8ISdrfSlJKlSYxul+sHm5GKjmi5o=
Subject key identifier:   79:AD:98:F9:DC:1A:4F:8E:39:10:69:60:7D:73:7C:47:BD:18:46:8B
Certificate issuer:       /CN=aa907ae1977c23527aad6656a148c70372e9b256
Certificate serial:       019427B56D2E1ADB702759B8F81C7F1BE8FB
Authority key identifier: AA:90:7A:E1:97:7C:23:52:7A:AD:66:56:A1:48:C7:03:72:E9:B2:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qpB64Zd8I1J6rWZWoUjHA3LpslY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/2a53e8-f236-4242-a13b-8f5f713b37aa/1/ea2Y-dwaT445EGlgfXN8R70YRos.roa
Signing time:             Thu 02 Jan 2025 15:49:48 +0000
ROA not before:           Thu 02 Jan 2025 15:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2119
IP address blocks:        2001:67c:c60::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/2a53e8-f236-4242-a13b-8f5f713b37aa/1/qpB64Zd8I1J6rWZWoUjHA3LpslY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/2a53e8-f236-4242-a13b-8f5f713b37aa/1/qpB64Zd8I1J6rWZWoUjHA3LpslY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qpB64Zd8I1J6rWZWoUjHA3LpslY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:6d:2e:1a:db:70:27:59:b8:f8:1c:7f:1b:e8:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa907ae1977c23527aad6656a148c70372e9b256
        Validity
            Not Before: Jan  2 15:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79ad98f9dc1a4f8e391069607d737c47bd18468b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e2:32:8e:f2:fe:d4:03:3d:08:fb:1c:ec:2a:
                    95:f4:8d:63:d7:42:91:63:91:18:f5:b4:11:2b:96:
                    9a:a6:24:bf:56:60:1f:2a:e0:c5:b3:7d:2d:0b:3c:
                    30:ef:3f:b3:32:57:84:a3:9b:a6:a1:62:45:a8:08:
                    4b:63:23:f3:9d:33:6a:6c:bd:26:d4:3d:3e:e4:c3:
                    11:87:9b:08:f4:04:1f:36:a5:ff:f3:f6:4e:98:96:
                    fe:e7:b8:a9:fa:22:62:63:ac:5f:85:bb:4b:d5:f9:
                    8b:24:c5:d0:b8:a7:78:22:ce:bc:1e:89:09:21:eb:
                    df:0e:46:2c:4a:f7:27:fc:eb:f6:42:37:dd:c5:10:
                    c0:a9:00:8e:d3:93:65:1c:11:20:93:74:04:0d:3a:
                    d0:4f:ec:37:ab:9a:3f:27:ef:ab:ee:ec:b1:dc:6e:
                    ce:e3:2c:a2:0f:5c:6f:69:79:1e:c4:dd:ce:20:40:
                    b0:78:9c:1a:19:5a:0d:12:c6:76:5c:3f:bf:f3:74:
                    12:71:53:60:d6:72:d6:59:57:f2:66:67:86:7b:9f:
                    55:6d:b8:25:5e:bc:cd:c8:50:8b:a4:96:2c:66:ae:
                    20:68:c1:2d:2a:e0:92:b1:4f:e8:ad:de:15:88:67:
                    e8:a9:3f:94:66:64:60:96:22:94:1c:a7:ea:e9:c2:
                    d2:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:AD:98:F9:DC:1A:4F:8E:39:10:69:60:7D:73:7C:47:BD:18:46:8B
            X509v3 Authority Key Identifier:
                keyid:AA:90:7A:E1:97:7C:23:52:7A:AD:66:56:A1:48:C7:03:72:E9:B2:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qpB64Zd8I1J6rWZWoUjHA3LpslY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/2a53e8-f236-4242-a13b-8f5f713b37aa/1/ea2Y-dwaT445EGlgfXN8R70YRos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/2a53e8-f236-4242-a13b-8f5f713b37aa/1/qpB64Zd8I1J6rWZWoUjHA3LpslY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c60::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:e1:82:86:cd:f4:fd:7f:4f:b3:f5:c7:a1:d6:88:21:90:78:
         b3:de:70:a1:7f:11:f4:68:fd:bd:b2:72:b6:88:75:fc:74:24:
         40:b6:7e:a9:c0:fd:54:02:84:e0:31:9a:e6:96:05:a1:be:7c:
         24:b3:a9:b7:69:fc:1a:73:ec:f1:04:7b:fc:74:d3:d0:a4:7b:
         73:36:7b:b4:52:64:6c:31:95:d6:48:c2:3c:2e:1c:91:af:20:
         9c:d1:ab:07:ba:12:c0:dc:61:cb:72:01:79:5b:9f:fa:20:c5:
         30:9f:eb:cd:dd:ac:09:01:f2:f8:06:8c:4a:44:2b:5e:16:8a:
         23:30:aa:f5:b8:f6:67:15:e3:62:62:29:75:20:62:87:8e:b0:
         49:69:eb:b5:d2:44:52:27:a8:6e:49:01:89:ba:89:7f:f8:99:
         6b:8a:e7:89:ab:b0:e1:59:55:f3:a2:b2:96:40:f2:90:b6:b8:
         d1:b0:f7:78:86:c6:71:c7:1e:41:04:1a:6f:1b:6d:9d:07:09:
         29:38:a5:f7:0c:9c:13:49:f7:fc:db:9e:c9:c2:d0:c6:79:ab:
         23:ce:1d:3c:9b:d4:02:d5:f2:81:91:60:af:44:5d:54:a9:be:
         43:ba:a1:1f:c6:db:ed:85:af:5d:13:d5:02:9d:4d:fd:7b:1b:
         c9:a4:12:b1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntW0uGttwJ1m4+Bx/G+j7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhOTA3YWUxOTc3YzIzNTI3YWFkNjY1NmExNDhjNzAzNzJl
OWIyNTYwHhcNMjUwMTAyMTU0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWFkOThmOWRjMWE0ZjhlMzkxMDY5NjA3ZDczN2M0N2JkMTg0NjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOIyjvL+1AM9CPsc7CqV9I1j10KR
Y5EY9bQRK5aapiS/VmAfKuDFs30tCzww7z+zMleEo5umoWJFqAhLYyPznTNqbL0m
1D0+5MMRh5sI9AQfNqX/8/ZOmJb+57ip+iJiY6xfhbtL1fmLJMXQuKd4Is68HokJ
IevfDkYsSvcn/Ov2QjfdxRDAqQCO05NlHBEgk3QEDTrQT+w3q5o/J++r7uyx3G7O
4yyiD1xvaXkexN3OIECweJwaGVoNEsZ2XD+/83QScVNg1nLWWVfyZmeGe59Vbbgl
XrzNyFCLpJYsZq4gaMEtKuCSsU/ord4ViGfoqT+UZmRgliKUHKfq6cLSNwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHmtmPncGk+OORBpYH1zfEe9GEaLMB8GA1UdIwQY
MBaAFKqQeuGXfCNSeq1mVqFIxwNy6bJWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXBCNjRaZDhJMUo2cldaV29VakhBM0xwc2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8yYTUzZTgtZjIzNi00MjQyLWExM2It
OGY1ZjcxM2IzN2FhLzEvZWEyWS1kd2FUNDQ1RUdsZ2ZYTjhSNzBZUm9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS8yYTUzZTgtZjIzNi00MjQyLWExM2ItOGY1ZjcxM2IzN2Fh
LzEvcXBCNjRaZDhJMUo2cldaV29VakhBM0xwc2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAxg
MA0GCSqGSIb3DQEBCwUAA4IBAQAW4YKGzfT9f0+z9ceh1oghkHiz3nChfxH0aP29
snK2iHX8dCRAtn6pwP1UAoTgMZrmlgWhvnwks6m3afwac+zxBHv8dNPQpHtzNnu0
UmRsMZXWSMI8LhyRryCc0asHuhLA3GHLcgF5W5/6IMUwn+vN3awJAfL4BoxKRCte
FoojMKr1uPZnFeNiYil1IGKHjrBJaeu10kRSJ6huSQGJuol/+JlriueJq7DhWVXz
orKWQPKQtrjRsPd4hsZxxx5BBBpvG22dBwkpOKX3DJwTSff8257JwtDGeasjzh08
m9QC1fKBkWCvRF1Uqb5DuqEfxtvtha9dE9UCnU39exvJpBKx
-----END CERTIFICATE-----