Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/0a1b83-86ba-401a-a543-bfdec0c112e3/1/LA-cz5sVCzNk_tA4a42FeutMowQ.roa
File:                     LA-cz5sVCzNk_tA4a42FeutMowQ.roa (raw, json)
Hash identifier:          uiKIsaEo4/vDsaJKzBGvYmUH1yNN4/rpS3B9ab7S0rw=
Subject key identifier:   2C:0F:9C:CF:9B:15:0B:33:64:FE:D0:38:6B:8D:85:7A:EB:4C:A3:04
Certificate issuer:       /CN=41a59b0960ea65d6b92393ee0347a1a832f9b984
Certificate serial:       019422200EF69937FE931B7BDF21C79C97EB
Authority key identifier: 41:A5:9B:09:60:EA:65:D6:B9:23:93:EE:03:47:A1:A8:32:F9:B9:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QaWbCWDqZda5I5PuA0ehqDL5uYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/0a1b83-86ba-401a-a543-bfdec0c112e3/1/LA-cz5sVCzNk_tA4a42FeutMowQ.roa
Signing time:             Wed 01 Jan 2025 13:48:33 +0000
ROA not before:           Wed 01 Jan 2025 13:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29668
IP address blocks:        2a01:90:200::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/0a1b83-86ba-401a-a543-bfdec0c112e3/1/QaWbCWDqZda5I5PuA0ehqDL5uYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/0a1b83-86ba-401a-a543-bfdec0c112e3/1/QaWbCWDqZda5I5PuA0ehqDL5uYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QaWbCWDqZda5I5PuA0ehqDL5uYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:0e:f6:99:37:fe:93:1b:7b:df:21:c7:9c:97:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41a59b0960ea65d6b92393ee0347a1a832f9b984
        Validity
            Not Before: Jan  1 13:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c0f9ccf9b150b3364fed0386b8d857aeb4ca304
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:ee:24:28:32:b7:58:e4:06:96:a0:4d:5e:83:
                    7c:7a:a6:e3:13:77:da:46:cf:05:e7:a7:ee:d6:09:
                    8d:ec:7d:b4:2a:4a:16:27:fe:03:1a:a2:0f:3a:01:
                    bb:c8:5b:33:71:c5:d8:2c:06:b1:99:e6:2e:95:3a:
                    b0:1d:2d:c9:c8:a8:8d:2d:3c:5d:10:15:dc:2a:12:
                    e1:48:20:40:31:ff:6a:62:ce:74:1b:c6:d6:ac:a4:
                    c7:21:60:09:18:62:c8:9a:ee:9c:a0:e5:d3:01:b5:
                    e9:58:fc:16:5c:e6:37:9e:47:5f:f1:a3:03:95:0f:
                    c9:23:cd:3f:58:5d:07:0f:79:48:0b:6e:e3:de:7d:
                    be:ce:78:ff:43:78:3c:69:57:5b:6f:dc:cb:c8:c6:
                    6a:01:55:c0:f5:de:eb:8d:84:3d:1f:61:6b:a8:7a:
                    13:a0:b5:00:4e:0b:52:80:36:eb:8b:62:18:ec:e2:
                    0a:ce:2e:a3:73:27:77:f4:f8:fe:27:e6:77:b4:cf:
                    0e:88:17:62:79:5e:aa:fd:11:16:f3:8e:53:8e:72:
                    ec:b3:23:a2:3e:25:a5:81:dd:51:13:d8:d0:28:16:
                    8b:42:69:f8:ef:e7:aa:81:72:8a:ae:48:0b:b4:ab:
                    13:71:0f:ef:ec:05:f1:f4:3c:35:0a:f6:9d:6d:de:
                    09:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:0F:9C:CF:9B:15:0B:33:64:FE:D0:38:6B:8D:85:7A:EB:4C:A3:04
            X509v3 Authority Key Identifier:
                keyid:41:A5:9B:09:60:EA:65:D6:B9:23:93:EE:03:47:A1:A8:32:F9:B9:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QaWbCWDqZda5I5PuA0ehqDL5uYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/0a1b83-86ba-401a-a543-bfdec0c112e3/1/LA-cz5sVCzNk_tA4a42FeutMowQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/0a1b83-86ba-401a-a543-bfdec0c112e3/1/QaWbCWDqZda5I5PuA0ehqDL5uYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:90:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         2a:ac:71:c8:ed:6d:06:d1:a0:f4:30:8c:7c:d1:01:f1:e1:5d:
         c5:3a:0f:82:ab:0d:d4:d3:f4:c1:a4:b9:35:9d:56:30:dd:9f:
         60:e4:d6:4b:0c:0f:81:1f:06:3a:b1:d5:d1:98:00:2b:72:b9:
         5b:1b:91:87:87:90:e6:df:8c:ff:0c:ad:06:44:09:ed:e0:3e:
         a5:75:12:82:55:63:36:12:be:e1:be:5e:16:4e:bf:6d:37:5d:
         0f:8c:6a:b3:e7:24:1c:3b:ca:5c:6a:d9:20:59:27:0b:56:5b:
         a3:0f:00:e5:89:28:a7:42:f7:7b:13:80:3a:44:34:e4:75:7b:
         fa:52:7c:9b:74:5f:b4:b4:6c:06:92:8e:ed:5d:df:b9:c7:7b:
         e2:8b:4a:b2:e3:be:6d:b0:07:88:b4:97:5b:c7:a3:4b:55:8c:
         58:bf:a7:de:23:17:2b:38:4a:75:d2:a3:ae:fd:0b:c1:c0:4b:
         0a:d9:96:2d:ce:f5:e9:3f:7c:83:33:6a:7f:54:2f:f5:0c:be:
         22:05:6a:f5:dc:bb:17:91:36:d2:ba:d3:e4:f8:82:31:dc:16:
         ca:6c:0c:97:f0:89:fc:20:4c:1c:22:ef:62:6a:56:ee:0d:56:
         41:b2:54:ba:08:c7:42:43:6a:a5:db:ab:92:e5:57:69:c5:10:
         5e:51:8e:af
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQiIA72mTf+kxt73yHHnJfrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxYTU5YjA5NjBlYTY1ZDZiOTIzOTNlZTAzNDdhMWE4MzJm
OWI5ODQwHhcNMjUwMTAxMTM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzBmOWNjZjliMTUwYjMzNjRmZWQwMzg2YjhkODU3YWViNGNhMzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3O4kKDK3WOQGlqBNXoN8eqbjE3fa
Rs8F56fu1gmN7H20KkoWJ/4DGqIPOgG7yFszccXYLAaxmeYulTqwHS3JyKiNLTxd
EBXcKhLhSCBAMf9qYs50G8bWrKTHIWAJGGLImu6coOXTAbXpWPwWXOY3nkdf8aMD
lQ/JI80/WF0HD3lIC27j3n2+znj/Q3g8aVdbb9zLyMZqAVXA9d7rjYQ9H2FrqHoT
oLUATgtSgDbri2IY7OIKzi6jcyd39Pj+J+Z3tM8OiBdieV6q/REW845TjnLssyOi
PiWlgd1RE9jQKBaLQmn47+eqgXKKrkgLtKsTcQ/v7AXx9Dw1Cvadbd4JCQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCwPnM+bFQszZP7QOGuNhXrrTKMEMB8GA1UdIwQY
MBaAFEGlmwlg6mXWuSOT7gNHoagy+bmEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWFXYkNXRHFaZGE1STVQdUEwZWhxREw1dVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8wYTFiODMtODZiYS00MDFhLWE1NDMt
YmZkZWMwYzExMmUzLzEvTEEtY3o1c1ZDek5rX3RBNGE0MkZldXRNb3dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8wYTFiODMtODZiYS00MDFhLWE1NDMtYmZkZWMwYzExMmUz
LzEvUWFXYkNXRHFaZGE1STVQdUEwZWhxREw1dVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgEAkAIw
DQYJKoZIhvcNAQELBQADggEBACqsccjtbQbRoPQwjHzRAfHhXcU6D4KrDdTT9MGk
uTWdVjDdn2Dk1ksMD4EfBjqx1dGYACtyuVsbkYeHkObfjP8MrQZECe3gPqV1EoJV
YzYSvuG+XhZOv203XQ+MarPnJBw7ylxq2SBZJwtWW6MPAOWJKKdC93sTgDpENOR1
e/pSfJt0X7S0bAaSju1d37nHe+KLSrLjvm2wB4i0l1vHo0tVjFi/p94jFys4SnXS
o679C8HASwrZli3O9ek/fIMzan9UL/UMviIFavXcuxeRNtK60+T4gjHcFspsDJfw
ifwgTBwi72JqVu4NVkGyVLoIx0JDaqXbq5LlV2nFEF5Rjq8=
-----END CERTIFICATE-----