Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/iSqhLAHx-OPTgee6HZU05Gn7mrg.roa
File:                     iSqhLAHx-OPTgee6HZU05Gn7mrg.roa (raw, json)
Hash identifier:          /LTwUnCBfctjGJbeDzhYKUgsItn5b+f1/FLcjg7y0VU=
Subject key identifier:   89:2A:A1:2C:01:F1:F8:E3:D3:81:E7:BA:1D:95:34:E4:69:FB:9A:B8
Certificate issuer:       /CN=73975d5da9da8a074b33fbcb5c09d503a3b443a1
Certificate serial:       0194221F8CC374292F4076671AD913ED263C
Authority key identifier: 73:97:5D:5D:A9:DA:8A:07:4B:33:FB:CB:5C:09:D5:03:A3:B4:43:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/iSqhLAHx-OPTgee6HZU05Gn7mrg.roa
Signing time:             Wed 01 Jan 2025 13:48:00 +0000
ROA not before:           Wed 01 Jan 2025 13:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41051
IP address blocks:        2a01:20e::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:8c:c3:74:29:2f:40:76:67:1a:d9:13:ed:26:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73975d5da9da8a074b33fbcb5c09d503a3b443a1
        Validity
            Not Before: Jan  1 13:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=892aa12c01f1f8e3d381e7ba1d9534e469fb9ab8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c4:0c:9f:f8:30:c0:06:52:11:5c:fd:e9:1a:
                    a5:01:98:26:00:22:78:2a:0c:15:73:90:5d:f0:a9:
                    da:9a:5d:4d:cd:c5:4e:1f:08:51:3a:31:38:e2:49:
                    76:e3:a2:0b:82:a7:8e:a4:2c:f6:7d:4b:a9:37:8d:
                    c3:e5:67:09:5d:54:75:eb:97:22:5b:45:44:52:58:
                    c5:c7:c3:b0:9a:fc:22:3c:6d:a4:49:90:ee:91:b2:
                    98:e0:08:5c:1b:fc:8f:0c:40:59:8f:34:a2:47:fe:
                    bc:bc:81:93:26:60:4e:e9:f7:c9:56:81:49:f2:88:
                    0a:18:59:5a:d2:2c:c8:df:fc:41:b3:f7:ad:64:da:
                    dd:92:62:13:f0:f5:58:2e:7e:98:18:a5:e6:fa:20:
                    70:f8:ba:97:5a:34:72:bf:11:1b:61:f8:0e:09:07:
                    47:f9:33:66:bf:72:df:67:5f:86:73:32:17:c6:89:
                    df:32:76:ef:b4:16:e0:92:c8:9f:29:80:6c:26:96:
                    b2:8d:bb:bc:00:2e:b7:7e:6a:ae:bd:ad:bb:7a:5f:
                    dd:6c:fb:06:68:c6:67:3d:df:b3:0e:da:c6:f9:cf:
                    39:a8:7d:33:8e:53:c2:c5:47:78:03:e0:de:e1:cc:
                    76:0e:38:51:8c:00:59:53:56:4f:cf:21:18:37:d0:
                    15:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:2A:A1:2C:01:F1:F8:E3:D3:81:E7:BA:1D:95:34:E4:69:FB:9A:B8
            X509v3 Authority Key Identifier:
                keyid:73:97:5D:5D:A9:DA:8A:07:4B:33:FB:CB:5C:09:D5:03:A3:B4:43:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/iSqhLAHx-OPTgee6HZU05Gn7mrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:20e::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:34:81:89:1a:ae:b1:93:2e:da:6d:57:43:47:55:b6:af:86:
         46:2b:f1:54:c3:82:4c:48:d4:3a:5b:ad:6d:d7:a1:2c:3c:9e:
         63:3a:df:81:5d:1c:a2:44:4a:29:e8:d5:d6:da:46:8c:21:2b:
         67:28:ae:58:b9:e0:08:60:d9:62:c2:b0:c4:7b:78:3a:88:d8:
         ae:bf:02:2f:fd:b7:6a:df:8a:36:87:e1:c3:68:7d:cb:f2:f5:
         b0:b4:85:70:92:fe:1e:bf:c4:75:1a:dd:e9:33:50:e2:90:0d:
         cd:05:00:c5:7a:bf:dc:97:1b:86:74:ed:ed:89:04:6e:cc:ec:
         26:f6:5b:49:a5:b3:10:19:e5:d0:fb:df:8d:44:79:ed:41:d6:
         14:88:20:29:38:67:01:fa:b8:9e:87:8e:b2:8d:05:ff:37:66:
         e5:12:ad:2c:e7:db:19:a6:0d:6d:4b:bb:db:a0:99:fc:9b:35:
         ed:6f:25:92:96:29:c8:8b:62:68:95:0b:e9:a5:bf:b1:63:83:
         f1:92:6e:5b:23:c6:49:56:ff:df:06:48:fc:52:74:96:3b:83:
         a3:92:d8:fd:0f:3d:92:0b:1a:e2:5b:ca:1c:ef:fa:a6:2e:db:
         5c:2e:71:71:51:bb:30:e2:6e:ec:69:c5:fd:1f:0a:26:3a:2b:
         c7:15:c9:43
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQiH4zDdCkvQHZnGtkT7SY8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczOTc1ZDVkYTlkYThhMDc0YjMzZmJjYjVjMDlkNTAzYTNi
NDQzYTEwHhcNMjUwMTAxMTM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTJhYTEyYzAxZjFmOGUzZDM4MWU3YmExZDk1MzRlNDY5ZmI5YWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscQMn/gwwAZSEVz96RqlAZgmACJ4
KgwVc5Bd8Knaml1NzcVOHwhROjE44kl246ILgqeOpCz2fUupN43D5WcJXVR165ci
W0VEUljFx8OwmvwiPG2kSZDukbKY4AhcG/yPDEBZjzSiR/68vIGTJmBO6ffJVoFJ
8ogKGFla0izI3/xBs/etZNrdkmIT8PVYLn6YGKXm+iBw+LqXWjRyvxEbYfgOCQdH
+TNmv3LfZ1+GczIXxonfMnbvtBbgksifKYBsJpayjbu8AC63fmquva27el/dbPsG
aMZnPd+zDtrG+c85qH0zjlPCxUd4A+De4cx2DjhRjABZU1ZPzyEYN9AVswIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIkqoSwB8fjj04Hnuh2VNORp+5q4MB8GA1UdIwQY
MBaAFHOXXV2p2ooHSzP7y1wJ1QOjtEOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzVkZFhhbmFpZ2RMTV92TFhBblZBNk8wUTZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9mMDE3MmUtNjljMi00MjJmLTgyOTYt
OWU4MGQwZDg3YzJkLzEvaVNxaExBSHgtT1BUZ2VlNkhaVTA1R243bXJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9mMDE3MmUtNjljMi00MjJmLTgyOTYtOWU4MGQwZDg3YzJk
LzEvYzVkZFhhbmFpZ2RMTV92TFhBblZBNk8wUTZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgECDjAN
BgkqhkiG9w0BAQsFAAOCAQEAbzSBiRqusZMu2m1XQ0dVtq+GRivxVMOCTEjUOlut
bdehLDyeYzrfgV0cokRKKejV1tpGjCErZyiuWLngCGDZYsKwxHt4OojYrr8CL/23
at+KNofhw2h9y/L1sLSFcJL+Hr/EdRrd6TNQ4pANzQUAxXq/3JcbhnTt7YkEbszs
JvZbSaWzEBnl0PvfjUR57UHWFIggKThnAfq4noeOso0F/zdm5RKtLOfbGaYNbUu7
26CZ/Js17W8lkpYpyItiaJUL6aW/sWOD8ZJuWyPGSVb/3wZI/FJ0ljuDo5LY/Q89
kgsa4lvKHO/6pi7bXC5xcVG7MOJu7GnF/R8KJjorxxXJQw==
-----END CERTIFICATE-----