Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/I7WvLIen2Qt15jt5djzF4qVwAeA.roa
File:                     I7WvLIen2Qt15jt5djzF4qVwAeA.roa (raw, json)
Hash identifier:          TDT2LdFRYTW16jzLI/jmwBH74PERZ5uRk6SAxtSvBQc=
Subject key identifier:   23:B5:AF:2C:87:A7:D9:0B:75:E6:3B:79:76:3C:C5:E2:A5:70:01:E0
Certificate issuer:       /CN=3691d2950145dceac00c0ca4eb536d92867b38d3
Certificate serial:       01942444CDA81784E0CCFA33C6C1B8B87943
Authority key identifier: 36:91:D2:95:01:45:DC:EA:C0:0C:0C:A4:EB:53:6D:92:86:7B:38:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/I7WvLIen2Qt15jt5djzF4qVwAeA.roa
Signing time:             Wed 01 Jan 2025 23:47:56 +0000
ROA not before:           Wed 01 Jan 2025 23:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57483
IP address blocks:        2a0c:2f04:100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:cd:a8:17:84:e0:cc:fa:33:c6:c1:b8:b8:79:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3691d2950145dceac00c0ca4eb536d92867b38d3
        Validity
            Not Before: Jan  1 23:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23b5af2c87a7d90b75e63b79763cc5e2a57001e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d7:3d:00:9d:5e:c3:78:1c:d8:41:d4:df:9b:
                    3c:1a:fe:50:a1:b2:f3:d0:38:98:84:8a:9b:28:c8:
                    61:a4:2f:28:32:bb:5f:7b:fa:dd:04:35:d3:32:91:
                    c6:f7:6b:bc:4c:7f:b3:33:a2:4a:4c:99:18:88:54:
                    9e:40:d0:32:20:a8:c8:7c:90:e6:b5:94:41:5f:9f:
                    a4:be:af:79:84:ad:48:d7:8b:96:b2:e6:46:12:e5:
                    96:3b:7c:fc:00:11:19:a9:8d:2d:d0:3b:7c:f8:ee:
                    b8:34:0f:48:bb:fd:4d:5f:97:f3:b5:0f:f3:27:81:
                    25:2e:23:c6:c1:a7:9b:d0:d2:54:d8:c7:83:ad:59:
                    71:00:ce:78:9d:40:23:80:00:42:b2:bf:ed:5d:49:
                    a0:f9:e9:74:b0:ad:98:21:4f:73:a7:4e:e2:9d:b0:
                    9d:1c:c8:c2:44:c4:59:f5:6d:44:b8:d5:c6:5c:82:
                    36:de:85:41:c3:ce:aa:5d:44:a8:3a:dc:45:f2:db:
                    3d:8b:bc:99:e5:e7:32:e8:b5:51:63:d0:0b:56:4e:
                    da:8d:d2:2c:3e:4d:fc:2b:ac:b3:74:7b:d1:d3:cb:
                    96:25:95:35:0c:13:9a:9d:5d:2e:02:f7:a0:a3:dd:
                    4a:f0:1f:68:60:e3:37:15:47:89:0d:af:b6:c7:3d:
                    a2:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:B5:AF:2C:87:A7:D9:0B:75:E6:3B:79:76:3C:C5:E2:A5:70:01:E0
            X509v3 Authority Key Identifier:
                keyid:36:91:D2:95:01:45:DC:EA:C0:0C:0C:A4:EB:53:6D:92:86:7B:38:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/I7WvLIen2Qt15jt5djzF4qVwAeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:2f04:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         48:ec:9e:30:66:89:44:8f:0c:93:43:52:8a:dc:65:d1:da:6f:
         7d:ae:c9:16:ed:b1:ae:43:7a:52:6e:4f:9e:c2:2a:89:35:e4:
         fb:2d:b3:3e:02:cb:ff:d8:8d:96:33:29:03:64:ce:37:5f:f8:
         de:7d:a4:91:97:c1:c4:23:0b:62:a9:ef:45:71:5c:ad:e8:9b:
         83:ef:3f:30:41:2b:50:3f:78:d2:10:90:25:13:3d:36:57:1a:
         ac:f3:bc:64:ab:81:81:bd:a1:2f:2e:00:35:91:1c:d1:88:17:
         c8:23:25:bb:a9:f7:e6:ef:fe:18:71:ce:06:13:5a:1d:0a:eb:
         bd:9e:67:89:ae:ca:42:a8:f0:fd:71:f3:31:1c:70:9e:72:c3:
         30:3c:ef:c0:e1:bf:6c:aa:bc:b8:84:4f:c7:f1:28:06:c0:a5:
         70:c6:e5:f7:fa:91:74:03:df:e2:2a:0f:ab:6b:a4:33:2a:4a:
         1b:aa:3c:fb:ed:33:d2:bf:5b:c3:36:d9:01:69:f2:41:fa:8f:
         dc:de:67:a0:9a:c4:cc:47:d3:22:17:62:c0:9e:fc:bc:8e:35:
         18:33:30:92:6b:3c:04:49:d9:fb:08:22:ee:51:30:d8:82:12:
         04:ad:37:04:b3:1f:ab:d8:37:a7:37:bb:17:89:2d:f2:bc:68:
         fd:01:9a:e3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQkRM2oF4TgzPozxsG4uHlDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OTFkMjk1MDE0NWRjZWFjMDBjMGNhNGViNTM2ZDkyODY3
YjM4ZDMwHhcNMjUwMTAxMjM0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2I1YWYyYzg3YTdkOTBiNzVlNjNiNzk3NjNjYzVlMmE1NzAwMWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9c9AJ1ew3gc2EHU35s8Gv5QobLz
0DiYhIqbKMhhpC8oMrtfe/rdBDXTMpHG92u8TH+zM6JKTJkYiFSeQNAyIKjIfJDm
tZRBX5+kvq95hK1I14uWsuZGEuWWO3z8ABEZqY0t0Dt8+O64NA9Iu/1NX5fztQ/z
J4ElLiPGwaeb0NJU2MeDrVlxAM54nUAjgABCsr/tXUmg+el0sK2YIU9zp07inbCd
HMjCRMRZ9W1EuNXGXII23oVBw86qXUSoOtxF8ts9i7yZ5ecy6LVRY9ALVk7ajdIs
Pk38K6yzdHvR08uWJZU1DBOanV0uAvego91K8B9oYOM3FUeJDa+2xz2i0wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCO1ryyHp9kLdeY7eXY8xeKlcAHgMB8GA1UdIwQY
MBaAFDaR0pUBRdzqwAwMpOtTbZKGezjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnBIU2xRRkYzT3JBREF5azYxTnRrb1o3T05NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yYTk0MmEtZjFiZi00M2UyLWI5MmEt
MWRlYzQwNTg0ODA2LzEvSTdXdkxJZW4yUXQxNWp0NWRqekY0cVZ3QWVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yYTk0MmEtZjFiZi00M2UyLWI5MmEtMWRlYzQwNTg0ODA2
LzEvTnBIU2xRRkYzT3JBREF5azYxTnRrb1o3T05NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgwvBAEw
DQYJKoZIhvcNAQELBQADggEBAEjsnjBmiUSPDJNDUorcZdHab32uyRbtsa5DelJu
T57CKok15Pstsz4Cy//YjZYzKQNkzjdf+N59pJGXwcQjC2Kp70VxXK3om4PvPzBB
K1A/eNIQkCUTPTZXGqzzvGSrgYG9oS8uADWRHNGIF8gjJbup9+bv/hhxzgYTWh0K
672eZ4muykKo8P1x8zEccJ5ywzA878Dhv2yqvLiET8fxKAbApXDG5ff6kXQD3+Iq
D6trpDMqShuqPPvtM9K/W8M22QFp8kH6j9zeZ6CaxMxH0yIXYsCe/LyONRgzMJJr
PARJ2fsIIu5RMNiCEgStNwSzH6vYN6c3uxeJLfK8aP0BmuM=
-----END CERTIFICATE-----