Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/z66BxiEQL0BxufLoLDXOhArJEGw.roa
File:                     z66BxiEQL0BxufLoLDXOhArJEGw.roa (raw, json)
Hash identifier:          OuXUQRv18RqUvhnxvSqnbR495dW95DdgeGXdgneZzqQ=
Subject key identifier:   CF:AE:81:C6:21:10:2F:40:71:B9:F2:E8:2C:35:CE:84:0A:C9:10:6C
Certificate issuer:       /CN=b3b6d9026372cfce8fde823c3ef9c9f790aae14f
Certificate serial:       01942521C14359200A53B1DFAAC48E3BB426
Authority key identifier: B3:B6:D9:02:63:72:CF:CE:8F:DE:82:3C:3E:F9:C9:F7:90:AA:E1:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s7bZAmNyz86P3oI8PvnJ95Cq4U8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/z66BxiEQL0BxufLoLDXOhArJEGw.roa
Signing time:             Thu 02 Jan 2025 03:49:16 +0000
ROA not before:           Thu 02 Jan 2025 03:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209253
IP address blocks:        2a09:d1c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/s7bZAmNyz86P3oI8PvnJ95Cq4U8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/s7bZAmNyz86P3oI8PvnJ95Cq4U8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s7bZAmNyz86P3oI8PvnJ95Cq4U8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 20:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:c1:43:59:20:0a:53:b1:df:aa:c4:8e:3b:b4:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3b6d9026372cfce8fde823c3ef9c9f790aae14f
        Validity
            Not Before: Jan  2 03:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cfae81c621102f4071b9f2e82c35ce840ac9106c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:21:c4:1a:c1:e6:be:42:3d:cc:27:45:19:06:
                    b2:be:84:45:07:a5:14:36:2a:e2:5c:7e:73:12:68:
                    d8:10:38:46:a5:32:44:1a:75:cb:ae:0b:03:e0:86:
                    3b:f3:d7:8f:f7:e6:af:19:be:45:30:a8:31:2f:8a:
                    fd:8a:b9:ee:e5:54:15:56:78:9d:2b:9d:8d:ea:77:
                    98:94:ab:68:6c:47:ed:18:6f:75:d3:8d:f0:77:c8:
                    c2:99:19:70:bc:b9:45:15:e4:31:4c:22:24:f1:63:
                    92:b2:84:6f:6f:4d:01:15:29:84:72:ac:25:e2:0a:
                    a4:8d:10:33:72:2d:3a:11:61:a4:55:2c:22:c4:1a:
                    c8:f8:05:e2:1d:13:21:4a:af:38:36:5d:92:b0:89:
                    db:04:88:7a:98:d3:52:14:0b:8f:78:d0:1e:2e:8c:
                    9e:1e:65:1b:cd:c8:e3:bd:ef:15:d1:f0:99:8a:59:
                    6a:89:1d:c0:0b:eb:c9:f3:76:f6:07:4b:83:d1:3a:
                    c9:5f:69:ec:b7:5c:31:c9:91:c0:1d:e9:58:96:6b:
                    1e:cd:f8:23:4f:96:ba:68:77:e0:b9:a1:65:cc:48:
                    e4:06:0a:c8:33:4a:0d:20:93:66:41:90:dd:ea:e7:
                    d2:62:5a:89:38:98:d8:ad:04:0a:a6:49:7b:b9:c4:
                    a6:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:AE:81:C6:21:10:2F:40:71:B9:F2:E8:2C:35:CE:84:0A:C9:10:6C
            X509v3 Authority Key Identifier:
                keyid:B3:B6:D9:02:63:72:CF:CE:8F:DE:82:3C:3E:F9:C9:F7:90:AA:E1:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s7bZAmNyz86P3oI8PvnJ95Cq4U8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/z66BxiEQL0BxufLoLDXOhArJEGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/s7bZAmNyz86P3oI8PvnJ95Cq4U8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:d1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         02:c2:3e:df:b2:32:40:8e:8d:51:ea:cc:2a:75:0d:c2:24:e1:
         89:2c:10:f9:2a:2b:b4:1b:0a:dd:dc:d9:0f:bf:16:95:e5:7a:
         cf:87:84:c2:56:c7:a7:1a:62:ad:3d:1b:13:8a:46:96:66:ba:
         98:7f:1c:a6:a5:ca:46:72:fb:0a:e3:81:32:1b:39:83:fc:cd:
         9d:ef:9b:94:cc:3a:c3:8b:c7:0c:ee:92:77:51:8e:98:bc:b9:
         ec:50:90:57:e4:32:23:ff:e8:33:d8:c8:fc:9f:e5:8b:d9:99:
         05:d3:4b:85:bb:8f:6d:8c:bd:34:4a:4f:fd:9c:bc:b0:23:a7:
         b6:80:b4:6e:10:8b:31:b6:f1:52:3e:7e:10:3d:8e:85:a2:c4:
         7e:09:83:2e:ac:59:a5:98:ed:5b:e1:e2:6e:4c:45:ea:4a:86:
         3f:36:1f:f4:eb:e2:e4:2a:69:b3:da:51:45:3e:cf:2d:21:72:
         c7:65:cf:38:da:e3:6a:5a:65:75:e0:df:93:80:02:9d:e3:07:
         1f:62:49:7a:31:e9:1e:49:c0:43:dc:d2:4f:eb:df:4b:f1:4a:
         28:11:d0:c4:fb:37:da:f2:0e:61:c8:ac:8e:40:95:a6:9b:f3:
         62:4f:6e:2b:1a:37:35:57:09:1b:66:4a:94:06:df:a4:d6:2a:
         b8:d1:67:e1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQlIcFDWSAKU7HfqsSOO7QmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYjZkOTAyNjM3MmNmY2U4ZmRlODIzYzNlZjljOWY3OTBh
YWUxNGYwHhcNMjUwMTAyMDM0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmFlODFjNjIxMTAyZjQwNzFiOWYyZTgyYzM1Y2U4NDBhYzkxMDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkyHEGsHmvkI9zCdFGQayvoRFB6UU
NiriXH5zEmjYEDhGpTJEGnXLrgsD4IY789eP9+avGb5FMKgxL4r9irnu5VQVVnid
K52N6neYlKtobEftGG91043wd8jCmRlwvLlFFeQxTCIk8WOSsoRvb00BFSmEcqwl
4gqkjRAzci06EWGkVSwixBrI+AXiHRMhSq84Nl2SsInbBIh6mNNSFAuPeNAeLoye
HmUbzcjjve8V0fCZillqiR3AC+vJ83b2B0uD0TrJX2nst1wxyZHAHelYlmsezfgj
T5a6aHfguaFlzEjkBgrIM0oNIJNmQZDd6ufSYlqJOJjYrQQKpkl7ucSmCwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM+ugcYhEC9Acbny6Cw1zoQKyRBsMB8GA1UdIwQY
MBaAFLO22QJjcs/Oj96CPD75yfeQquFPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczdiWkFtTnl6ODZQM29JOFB2bko5NUNxNFU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy84MzFkNTMtMDRlMC00NTczLWFjZjct
ZDRmMTJiMzdhMzE4LzEvejY2QnhpRVFMMEJ4dWZMb0xEWE9oQXJKRUd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy84MzFkNTMtMDRlMC00NTczLWFjZjctZDRmMTJiMzdhMzE4
LzEvczdiWkFtTnl6ODZQM29JOFB2bko5NUNxNFU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgnRwDAN
BgkqhkiG9w0BAQsFAAOCAQEAAsI+37IyQI6NUerMKnUNwiThiSwQ+SortBsK3dzZ
D78WleV6z4eEwlbHpxpirT0bE4pGlma6mH8cpqXKRnL7CuOBMhs5g/zNne+blMw6
w4vHDO6Sd1GOmLy57FCQV+QyI//oM9jI/J/li9mZBdNLhbuPbYy9NEpP/Zy8sCOn
toC0bhCLMbbxUj5+ED2OhaLEfgmDLqxZpZjtW+HibkxF6kqGPzYf9Ovi5Cpps9pR
RT7PLSFyx2XPONrjalpldeDfk4ACneMHH2JJejHpHknAQ9zST+vfS/FKKBHQxPs3
2vIOYcisjkCVppvzYk9uKxo3NVcJG2ZKlAbfpNYquNFn4Q==
-----END CERTIFICATE-----