Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/2jBpGTk2ogY4V-pzJnCImL6EwNA.roa
File:                     2jBpGTk2ogY4V-pzJnCImL6EwNA.roa (raw, json)
Hash identifier:          YyHHsV3O+5v5axtSYHO7phMGXdaESVAHbKKQJf3jg5c=
Subject key identifier:   DA:30:69:19:39:36:A2:06:38:57:EA:73:26:70:88:98:BE:84:C0:D0
Certificate issuer:       /CN=8a28ff310da7df8309cfab4dcf9a235842b60872
Certificate serial:       019425FD4876F8C63EF0F0A43FE47F363112
Authority key identifier: 8A:28:FF:31:0D:A7:DF:83:09:CF:AB:4D:CF:9A:23:58:42:B6:08:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iij_MQ2n34MJz6tNz5ojWEK2CHI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/2jBpGTk2ogY4V-pzJnCImL6EwNA.roa
Signing time:             Thu 02 Jan 2025 07:49:03 +0000
ROA not before:           Thu 02 Jan 2025 07:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214569
IP address blocks:        2a06:b700::/48 maxlen: 48
                          2a06:b700:1::/48 maxlen: 48
                          2a06:b700:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/iij_MQ2n34MJz6tNz5ojWEK2CHI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/iij_MQ2n34MJz6tNz5ojWEK2CHI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iij_MQ2n34MJz6tNz5ojWEK2CHI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:48:76:f8:c6:3e:f0:f0:a4:3f:e4:7f:36:31:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a28ff310da7df8309cfab4dcf9a235842b60872
        Validity
            Not Before: Jan  2 07:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da3069193936a2063857ea7326708898be84c0d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:6d:d7:e0:09:b9:60:9a:fa:e7:68:a1:58:36:
                    d4:d1:0a:e6:83:dd:75:fc:26:d4:f8:b9:c5:fc:98:
                    1f:27:09:9b:a9:a0:53:46:b3:4e:ce:3c:80:b7:0e:
                    bc:f9:ee:f1:29:19:ed:d0:1a:a9:73:36:c1:69:cc:
                    9c:83:8d:84:ae:e7:ba:52:6f:9e:86:f6:7a:ba:39:
                    45:5f:df:9f:10:99:0c:eb:4d:bc:69:b7:76:e2:3f:
                    80:25:af:27:53:d3:65:eb:3a:6d:51:4b:72:fc:29:
                    f2:8d:55:39:61:93:a3:e4:87:ee:da:57:c7:d7:a0:
                    55:44:87:b1:53:07:ba:d1:e6:51:0a:d6:7a:d8:d3:
                    c9:5a:b6:d8:05:ea:79:c6:e8:59:6a:b6:01:c9:8e:
                    0f:80:b9:90:ff:a9:e3:ba:c1:d2:99:dd:49:77:87:
                    7f:97:9d:8b:b5:cb:88:e1:ed:44:e8:b7:19:dd:2b:
                    b9:2a:00:8f:df:64:e7:11:94:a3:07:54:b1:f5:75:
                    c7:7d:96:27:4e:d6:be:e2:aa:bf:20:54:02:23:60:
                    ef:79:3f:99:e2:c1:7b:64:8d:20:3d:9c:f1:ef:5f:
                    ad:2e:cc:6f:d7:e3:d1:6e:0f:1f:58:d7:11:20:00:
                    7b:52:6a:80:a1:67:0c:e4:f4:b4:79:05:9c:36:7e:
                    99:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:30:69:19:39:36:A2:06:38:57:EA:73:26:70:88:98:BE:84:C0:D0
            X509v3 Authority Key Identifier:
                keyid:8A:28:FF:31:0D:A7:DF:83:09:CF:AB:4D:CF:9A:23:58:42:B6:08:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iij_MQ2n34MJz6tNz5ojWEK2CHI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/2jBpGTk2ogY4V-pzJnCImL6EwNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/iij_MQ2n34MJz6tNz5ojWEK2CHI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:b700::-2a06:b700:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         1d:04:15:5f:23:d6:3f:68:06:1f:da:34:5a:88:b8:eb:01:d6:
         98:ae:24:fd:81:46:39:08:db:71:ab:4a:2f:19:6e:3e:c0:06:
         fe:d6:c2:a5:e3:49:99:6a:8b:26:04:1e:e8:8e:b6:46:70:32:
         5a:09:64:2f:6a:7c:16:37:69:0a:6f:1c:de:b7:cc:63:60:2c:
         4d:98:41:99:4e:89:59:0b:dd:2e:fb:a3:90:38:df:f1:16:c0:
         4f:c8:cb:14:ef:92:9e:40:0b:93:b7:b4:a3:eb:78:ec:54:7c:
         5a:c1:3d:b5:4a:c2:84:d8:4d:d2:4b:ef:a7:1e:33:ba:cb:0f:
         ca:33:07:b8:1d:a2:d6:ab:6e:c1:01:a5:c6:ad:ae:58:6d:51:
         d8:a1:d0:ad:21:2b:47:92:db:65:0f:11:34:da:86:8b:ea:59:
         7e:70:8a:f9:05:cf:29:78:c7:fe:4e:4d:db:d1:2e:20:2e:1d:
         ac:f5:40:42:55:ec:e1:e4:f4:f2:32:0b:9c:58:11:57:be:00:
         5f:b4:60:6f:5d:97:33:2a:39:8f:72:b0:75:9a:db:87:19:cd:
         fc:47:dd:b8:43:be:ce:2f:5d:6e:58:cc:20:cc:c3:b7:e1:d0:
         e3:41:5b:f9:de:fc:22:35:f1:23:7b:6d:a5:94:a4:18:e7:d8:
         20:b8:37:76
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZQl/Uh2+MY+8PCkP+R/NjESMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMjhmZjMxMGRhN2RmODMwOWNmYWI0ZGNmOWEyMzU4NDJi
NjA4NzIwHhcNMjUwMTAyMDc0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTMwNjkxOTM5MzZhMjA2Mzg1N2VhNzMyNjcwODg5OGJlODRjMGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzW3X4Am5YJr652ihWDbU0Qrmg911
/CbU+LnF/JgfJwmbqaBTRrNOzjyAtw68+e7xKRnt0BqpczbBacycg42Erue6Um+e
hvZ6ujlFX9+fEJkM6028abd24j+AJa8nU9Nl6zptUUty/CnyjVU5YZOj5Ifu2lfH
16BVRIexUwe60eZRCtZ62NPJWrbYBep5xuhZarYByY4PgLmQ/6njusHSmd1Jd4d/
l52LtcuI4e1E6LcZ3Su5KgCP32TnEZSjB1Sx9XXHfZYnTta+4qq/IFQCI2DveT+Z
4sF7ZI0gPZzx71+tLsxv1+PRbg8fWNcRIAB7UmqAoWcM5PS0eQWcNn6Z9QIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFNowaRk5NqIGOFfqcyZwiJi+hMDQMB8GA1UdIwQY
MBaAFIoo/zENp9+DCc+rTc+aI1hCtghyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWlqX01RMm4zNE1KejZ0Tno1b2pXRUsyQ0hJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9hNWQyODYtODY3MC00N2U0LTk3YjQt
MjRjZjhhNjFkN2U4LzEvMmpCcEdUazJvZ1k0Vi1wekpuQ0ltTDZFd05BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9hNWQyODYtODY3MC00N2U0LTk3YjQtMjRjZjhhNjFkN2U4
LzEvaWlqX01RMm4zNE1KejZ0Tno1b2pXRUsyQ0hJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARMA8DBAAqBrcD
BwAqBrcAAAIwDQYJKoZIhvcNAQELBQADggEBAB0EFV8j1j9oBh/aNFqIuOsB1piu
JP2BRjkI23GrSi8Zbj7ABv7WwqXjSZlqiyYEHuiOtkZwMloJZC9qfBY3aQpvHN63
zGNgLE2YQZlOiVkL3S77o5A43/EWwE/IyxTvkp5AC5O3tKPreOxUfFrBPbVKwoTY
TdJL76ceM7rLD8ozB7gdotarbsEBpcatrlhtUdih0K0hK0eS22UPETTahovqWX5w
ivkFzyl4x/5OTdvRLiAuHaz1QEJV7OHk9PIyC5xYEVe+AF+0YG9dlzMqOY9ysHWa
24cZzfxH3bhDvs4vXW5YzCDMw7fh0ONBW/ne/CI18SN7baWUpBjn2CC4N3Y=
-----END CERTIFICATE-----