Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/8eddf2-7d7c-44a3-b0fd-110b768bf4c0/1/tcw5kSwgCsyK7wU_KlBpjuCfh_w.roa
File:                     tcw5kSwgCsyK7wU_KlBpjuCfh_w.roa (raw, json)
Hash identifier:          IkNsXEM5r0B1nHPPxQlYpu689+V6gLtheirq0sa61gk=
Subject key identifier:   B5:CC:39:91:2C:20:0A:CC:8A:EF:05:3F:2A:50:69:8E:E0:9F:87:FC
Certificate issuer:       /CN=9a26657e6b25449425b748645e7420c76ac2b3a4
Certificate serial:       0194CBD08063664E3F911E3441A56371727C
Authority key identifier: 9A:26:65:7E:6B:25:44:94:25:B7:48:64:5E:74:20:C7:6A:C2:B3:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/miZlfmslRJQlt0hkXnQgx2rCs6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/8eddf2-7d7c-44a3-b0fd-110b768bf4c0/1/tcw5kSwgCsyK7wU_KlBpjuCfh_w.roa
Signing time:             Mon 03 Feb 2025 12:37:06 +0000
ROA not before:           Mon 03 Feb 2025 12:37:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205820
IP address blocks:        2a07:f600:4010::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/8eddf2-7d7c-44a3-b0fd-110b768bf4c0/1/miZlfmslRJQlt0hkXnQgx2rCs6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/8eddf2-7d7c-44a3-b0fd-110b768bf4c0/1/miZlfmslRJQlt0hkXnQgx2rCs6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/miZlfmslRJQlt0hkXnQgx2rCs6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:cb:d0:80:63:66:4e:3f:91:1e:34:41:a5:63:71:72:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a26657e6b25449425b748645e7420c76ac2b3a4
        Validity
            Not Before: Feb  3 12:37:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5cc39912c200acc8aef053f2a50698ee09f87fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:1d:dd:5e:92:36:c6:fb:6b:c7:4a:8d:e3:da:
                    47:f8:68:a6:22:e8:4d:e7:18:12:1a:f1:4a:10:7f:
                    5f:be:f1:d9:5e:d1:42:17:26:d1:2d:ee:70:03:a8:
                    06:1d:c8:d7:2b:0a:05:bd:e1:cb:50:24:cb:61:ec:
                    22:3f:df:c7:8a:a6:ca:f2:6d:c3:c1:d2:b6:0b:d3:
                    ba:d1:97:e9:8b:41:c2:a2:bd:37:27:df:fa:b1:85:
                    3c:fe:79:49:cb:06:07:0d:fe:93:4e:fe:8b:f6:3f:
                    54:27:60:aa:26:ca:1d:53:8a:95:b4:41:7f:a3:5a:
                    df:6e:90:d3:86:58:98:d5:70:7e:23:7a:da:fb:cc:
                    9f:e4:29:e8:b0:37:c5:9f:73:40:00:2d:a5:58:fe:
                    5f:a8:f1:63:9f:67:dd:f4:38:b2:c7:e4:cb:a4:58:
                    ad:41:3e:33:42:a3:c4:3c:bc:6f:7f:c8:4a:44:e0:
                    54:b5:0b:56:40:37:66:2b:a3:6b:41:d7:7f:42:b5:
                    3f:65:6b:f8:4e:d0:26:55:32:e2:36:30:0f:24:17:
                    1a:19:29:73:dd:8d:f1:b1:44:60:fc:a6:a0:49:43:
                    dc:6e:f0:6c:c2:39:3f:5d:35:cf:9f:dc:51:0a:5b:
                    11:57:ec:f8:a1:bb:d6:78:66:a9:df:9d:64:b9:ad:
                    e4:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:CC:39:91:2C:20:0A:CC:8A:EF:05:3F:2A:50:69:8E:E0:9F:87:FC
            X509v3 Authority Key Identifier:
                keyid:9A:26:65:7E:6B:25:44:94:25:B7:48:64:5E:74:20:C7:6A:C2:B3:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/miZlfmslRJQlt0hkXnQgx2rCs6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/8eddf2-7d7c-44a3-b0fd-110b768bf4c0/1/tcw5kSwgCsyK7wU_KlBpjuCfh_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/8eddf2-7d7c-44a3-b0fd-110b768bf4c0/1/miZlfmslRJQlt0hkXnQgx2rCs6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:f600:4010::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:0b:d7:f0:9e:55:1d:c2:fb:66:5b:7a:bc:28:e4:3f:0e:e9:
         3b:46:b6:a2:d0:b2:d2:6b:ef:10:f9:37:27:dc:55:b9:9b:f7:
         53:fa:86:95:21:33:3a:78:9e:46:57:be:bf:e2:ed:10:49:9e:
         41:80:1c:26:60:d1:ad:14:66:d8:c8:c9:c7:f8:6d:ed:9d:77:
         c6:b4:f3:d8:21:6a:f5:2a:4e:64:41:94:28:5e:02:fb:df:9f:
         1f:af:b2:2e:12:cd:56:a1:18:21:5b:7d:b6:55:e2:65:2a:0d:
         86:79:53:f0:46:03:bb:93:27:71:9e:41:05:35:c9:89:57:e0:
         a1:05:74:b5:80:c9:dd:ff:b2:c8:d9:27:87:5a:88:c9:d0:32:
         12:62:07:2f:39:7d:69:c7:0c:05:d8:d0:00:da:94:e4:51:8f:
         de:68:a6:f2:36:48:e6:80:9d:1e:1f:b4:0a:61:3a:dd:51:bc:
         1c:c2:f1:2a:74:d0:ff:9c:b7:3e:1c:50:e3:cc:dd:b3:d5:8d:
         3b:15:07:bb:34:ad:46:59:4b:2f:b8:58:e4:d8:60:00:a8:b0:
         e2:8b:36:46:70:a0:17:2b:df:f0:60:49:aa:fe:23:f9:50:d6:
         bb:f2:30:5e:c2:71:22:2f:ba:19:ec:2e:07:ea:24:d9:4b:70:
         f0:e3:2b:86
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZTL0IBjZk4/kR40QaVjcXJ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMjY2NTdlNmIyNTQ0OTQyNWI3NDg2NDVlNzQyMGM3NmFj
MmIzYTQwHhcNMjUwMjAzMTIzNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWNjMzk5MTJjMjAwYWNjOGFlZjA1M2YyYTUwNjk4ZWUwOWY4N2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxx3dXpI2xvtrx0qN49pH+GimIuhN
5xgSGvFKEH9fvvHZXtFCFybRLe5wA6gGHcjXKwoFveHLUCTLYewiP9/HiqbK8m3D
wdK2C9O60Zfpi0HCor03J9/6sYU8/nlJywYHDf6TTv6L9j9UJ2CqJsodU4qVtEF/
o1rfbpDThliY1XB+I3ra+8yf5CnosDfFn3NAAC2lWP5fqPFjn2fd9Diyx+TLpFit
QT4zQqPEPLxvf8hKROBUtQtWQDdmK6NrQdd/QrU/ZWv4TtAmVTLiNjAPJBcaGSlz
3Y3xsURg/KagSUPcbvBswjk/XTXPn9xRClsRV+z4obvWeGap351kua3kewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLXMOZEsIArMiu8FPypQaY7gn4f8MB8GA1UdIwQY
MBaAFJomZX5rJUSUJbdIZF50IMdqwrOkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWlabGZtc2xSSlFsdDBoa1huUWd4MnJDczZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi84ZWRkZjItN2Q3Yy00NGEzLWIwZmQt
MTEwYjc2OGJmNGMwLzEvdGN3NWtTd2dDc3lLN3dVX0tsQnBqdUNmaF93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi84ZWRkZjItN2Q3Yy00NGEzLWIwZmQtMTEwYjc2OGJmNGMw
LzEvbWlabGZtc2xSSlFsdDBoa1huUWd4MnJDczZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgf2AEAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB+C9fwnlUdwvtmW3q8KOQ/Duk7Rrai0LLSa+8Q
+Tcn3FW5m/dT+oaVITM6eJ5GV76/4u0QSZ5BgBwmYNGtFGbYyMnH+G3tnXfGtPPY
IWr1Kk5kQZQoXgL7358fr7IuEs1WoRghW322VeJlKg2GeVPwRgO7kydxnkEFNcmJ
V+ChBXS1gMnd/7LI2SeHWojJ0DISYgcvOX1pxwwF2NAA2pTkUY/eaKbyNkjmgJ0e
H7QKYTrdUbwcwvEqdND/nLc+HFDjzN2z1Y07FQe7NK1GWUsvuFjk2GAAqLDiizZG
cKAXK9/wYEmq/iP5UNa78jBewnEiL7oZ7C4H6iTZS3Dw4yuG
-----END CERTIFICATE-----