Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/k1o7H-5eEgCdvmr2Au7FXonmUIc.roa
File:                     k1o7H-5eEgCdvmr2Au7FXonmUIc.roa (raw, json)
Hash identifier:          cPZnlWd1NF/fLPFMgOLyjHXmXf8GfrHrU0SBnmHDHvY=
Subject key identifier:   93:5A:3B:1F:EE:5E:12:00:9D:BE:6A:F6:02:EE:C5:5E:89:E6:50:87
Certificate issuer:       /CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
Certificate serial:       0194228D3B48AAE2F568CBAF3AE296A397D4
Authority key identifier: AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/k1o7H-5eEgCdvmr2Au7FXonmUIc.roa
Signing time:             Wed 01 Jan 2025 15:47:48 +0000
ROA not before:           Wed 01 Jan 2025 15:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43067
IP address blocks:        2a04:a900:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 16:11:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:3b:48:aa:e2:f5:68:cb:af:3a:e2:96:a3:97:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
        Validity
            Not Before: Jan  1 15:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=935a3b1fee5e12009dbe6af602eec55e89e65087
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:e0:af:53:a2:0b:e7:4a:fc:63:8d:0a:7b:9b:
                    d7:aa:3c:87:08:53:ed:cb:1a:38:93:8b:8f:bf:76:
                    d2:f9:97:98:a3:be:12:d5:87:fd:ef:4a:b7:2f:f1:
                    8d:39:ef:1d:ee:cd:ca:68:d6:88:03:61:aa:e0:05:
                    1d:ab:e4:fb:6e:cf:9b:28:a8:4a:bf:40:97:f7:f2:
                    a0:ff:35:e0:4a:42:76:2b:10:82:fc:c7:5e:c9:ff:
                    f6:1e:56:d8:84:4b:c0:aa:51:aa:c1:d4:80:53:7f:
                    1c:f5:bf:83:64:b5:e4:65:f3:41:5c:07:5a:f5:8d:
                    86:97:a5:b0:25:ef:28:a4:31:0d:eb:e0:7c:8e:ab:
                    23:fb:49:4c:b7:b7:e7:70:59:eb:94:c0:4d:1f:21:
                    c6:c9:a3:2d:c3:91:61:af:77:3a:61:d0:81:33:3f:
                    5a:94:61:3f:96:ac:cb:18:4b:a7:2d:6f:ac:6f:4f:
                    44:39:12:72:8b:a6:61:68:b8:cf:2a:af:88:40:0e:
                    d2:4e:f0:6f:f2:09:ef:ab:87:dc:ed:73:bb:e6:6c:
                    42:13:c0:ce:3d:0c:23:79:9d:2b:24:e4:64:84:a7:
                    50:e9:1b:78:cd:b6:e7:78:a3:3d:59:68:67:43:fa:
                    99:52:76:1d:42:b6:49:4c:65:16:b1:14:c9:b8:f5:
                    87:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:5A:3B:1F:EE:5E:12:00:9D:BE:6A:F6:02:EE:C5:5E:89:E6:50:87
            X509v3 Authority Key Identifier:
                keyid:AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/k1o7H-5eEgCdvmr2Au7FXonmUIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:a900:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:1d:08:bc:c8:c9:4d:37:ee:95:80:8d:3d:bc:fd:e8:dc:ef:
         47:aa:a0:9f:c3:35:0e:0a:e4:bf:7a:cf:e8:c2:9b:7a:6c:33:
         22:eb:76:09:33:b2:9b:d2:fb:62:fd:4e:83:a7:68:b8:40:6a:
         22:6e:47:20:8b:cb:e7:95:15:99:a3:5e:86:b9:35:7f:35:45:
         f9:79:8f:f0:dc:8e:69:25:c1:41:98:af:d8:ee:5e:5c:bf:5a:
         6f:73:e1:79:5e:e3:e7:6e:d4:73:2e:a5:00:45:82:da:9f:7a:
         43:80:f7:b4:a3:d5:97:ef:5f:a4:ee:bb:b2:f8:8a:42:a6:42:
         fd:f7:a7:07:e0:bb:fd:3f:a4:ec:60:89:9b:bc:94:1b:cd:15:
         62:22:1b:b6:84:eb:25:9a:68:97:76:d8:5b:d4:98:b5:85:52:
         a0:9e:d0:95:9c:b6:b8:bd:1e:c1:a4:15:83:cf:19:8f:ce:87:
         d9:16:84:27:54:e9:1e:6d:42:56:b9:fd:79:e7:60:74:53:23:
         df:a4:bd:fe:a5:10:36:ad:6b:5b:99:01:e6:93:13:57:4f:76:
         a0:06:86:7e:76:18:75:42:ba:8f:95:96:de:84:da:1d:fa:bb:
         50:ad:de:28:aa:28:d9:60:38:b3:9e:77:be:c1:8e:89:ad:26:
         8b:01:99:94
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijTtIquL1aMuvOuKWo5fUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzhkYmU1MjA4M2FkMzM1YzlmMWZkZTYwMTZlYzhiNDky
OTMxNDAwHhcNMjUwMTAxMTU0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzVhM2IxZmVlNWUxMjAwOWRiZTZhZjYwMmVlYzU1ZTg5ZTY1MDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3eCvU6IL50r8Y40Ke5vXqjyHCFPt
yxo4k4uPv3bS+ZeYo74S1Yf970q3L/GNOe8d7s3KaNaIA2Gq4AUdq+T7bs+bKKhK
v0CX9/Kg/zXgSkJ2KxCC/Mdeyf/2HlbYhEvAqlGqwdSAU38c9b+DZLXkZfNBXAda
9Y2Gl6WwJe8opDEN6+B8jqsj+0lMt7fncFnrlMBNHyHGyaMtw5Fhr3c6YdCBMz9a
lGE/lqzLGEunLW+sb09EORJyi6ZhaLjPKq+IQA7STvBv8gnvq4fc7XO75mxCE8DO
PQwjeZ0rJORkhKdQ6Rt4zbbneKM9WWhnQ/qZUnYdQrZJTGUWsRTJuPWH/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJNaOx/uXhIAnb5q9gLuxV6J5lCHMB8GA1UdIwQY
MBaAFKvI2+Ugg60zXJ8f3mAW7ItJKTFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2Qt
MzA1NmFmOWEzMzVlLzEvazFvN0gtNWVFZ0Nkdm1yMkF1N0ZYb25tVUljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2QtMzA1NmFmOWEzMzVl
LzEvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgSpAAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCBHQi8yMlNN+6VgI09vP3o3O9HqqCfwzUOCuS/
es/owpt6bDMi63YJM7Kb0vti/U6Dp2i4QGoibkcgi8vnlRWZo16GuTV/NUX5eY/w
3I5pJcFBmK/Y7l5cv1pvc+F5XuPnbtRzLqUARYLan3pDgPe0o9WX71+k7ruy+IpC
pkL996cH4Lv9P6TsYImbvJQbzRViIhu2hOslmmiXdthb1Ji1hVKgntCVnLa4vR7B
pBWDzxmPzofZFoQnVOkebUJWuf1552B0UyPfpL3+pRA2rWtbmQHmkxNXT3agBoZ+
dhh1QrqPlZbehNod+rtQrd4oqijZYDiznne+wY6JrSaLAZmU
-----END CERTIFICATE-----