Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/3nej7O_5-sZXCWeuqPyGbja9XnQ.roa
File:                     3nej7O_5-sZXCWeuqPyGbja9XnQ.roa (raw, json)
Hash identifier:          p+MNFJ74eHqjwkPNS5+3QDf8dfQpJUlMjkJWwIsIN5s=
Subject key identifier:   DE:77:A3:EC:EF:F9:FA:C6:57:09:67:AE:A8:FC:86:6E:36:BD:5E:74
Certificate issuer:       /CN=38203463eb944b25c65135ca47bdbdab646f3984
Certificate serial:       019420683D099E8E50CD1FF7BE03DF9AB807
Authority key identifier: 38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/3nej7O_5-sZXCWeuqPyGbja9XnQ.roa
Signing time:             Wed 01 Jan 2025 05:48:09 +0000
ROA not before:           Wed 01 Jan 2025 05:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a00:8860::/29 maxlen: 29
                          2a00:8861::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 17:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:3d:09:9e:8e:50:cd:1f:f7:be:03:df:9a:b8:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38203463eb944b25c65135ca47bdbdab646f3984
        Validity
            Not Before: Jan  1 05:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de77a3eceff9fac6570967aea8fc866e36bd5e74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f5:b7:1a:6d:d8:d1:eb:ad:f0:18:94:c5:fb:
                    47:b7:fb:d3:9f:ea:93:de:3d:3c:d8:e7:6f:d7:6d:
                    31:07:5d:0f:8c:ec:a5:a3:d9:a2:e9:ce:50:8b:4e:
                    e9:88:67:a8:43:9a:a9:67:c8:a1:6f:8a:93:10:ca:
                    62:34:51:d5:70:0f:75:9c:2b:4b:cc:e9:4c:f0:ed:
                    bb:d7:5f:ef:5b:32:f0:52:6a:f4:1d:4c:86:e2:3b:
                    91:a1:83:b0:39:e3:b3:7b:59:8f:fb:de:f2:5e:af:
                    a9:39:4a:9a:f0:4d:56:ff:53:70:ac:3c:7a:e9:77:
                    8b:ee:e6:32:6c:a3:dd:85:a4:97:c0:ff:e7:6b:9a:
                    5e:b3:b1:9a:60:53:52:9f:bf:2d:c4:f4:49:b2:56:
                    73:6e:ac:78:0f:00:81:13:4e:3e:c1:5a:69:fb:51:
                    61:9b:2e:c9:2e:24:c0:fb:86:c6:ae:77:e7:41:d3:
                    66:c8:92:19:d8:13:ca:7b:66:42:7b:90:87:47:06:
                    e3:9f:7d:01:bf:92:2f:25:43:18:ee:2f:86:9e:b5:
                    b6:60:89:d5:d8:d8:1d:b9:46:00:bc:38:91:c1:ae:
                    c6:3b:99:fd:f4:36:f4:26:cc:7a:b2:5f:a7:67:dc:
                    e4:0d:04:6f:3a:53:cd:61:da:23:01:9f:f8:3c:da:
                    91:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:77:A3:EC:EF:F9:FA:C6:57:09:67:AE:A8:FC:86:6E:36:BD:5E:74
            X509v3 Authority Key Identifier:
                keyid:38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/3nej7O_5-sZXCWeuqPyGbja9XnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:8860::/29

    Signature Algorithm: sha256WithRSAEncryption
         18:74:e9:bb:b1:a6:4b:61:88:70:77:7f:c6:19:4e:c4:a4:ab:
         ed:9e:c8:d1:19:99:be:1b:0a:6e:2b:ca:03:c3:1f:82:a6:13:
         e7:ba:ee:ab:bf:d1:e2:f9:e4:79:4c:0d:6b:de:7a:96:99:dd:
         f6:41:43:98:87:e8:fc:ad:ee:70:8c:e8:99:63:d9:0c:4e:68:
         14:6f:8a:f5:24:96:14:d8:50:8a:ee:2d:b8:f9:d2:53:1d:46:
         6a:d5:bb:c9:d7:1e:e5:2d:5d:62:20:31:15:14:bd:34:e2:2b:
         07:22:2e:1a:58:69:41:ad:b2:e2:25:b8:cf:70:6f:89:e8:8d:
         7e:51:8f:cd:0d:c5:d0:cf:58:48:18:f2:cf:d0:b4:30:ed:3d:
         d3:77:54:1c:01:cf:2c:54:6f:22:f5:30:99:ff:c2:2d:7f:2e:
         a3:43:ae:cf:aa:72:aa:08:23:fa:4a:6f:75:8e:1b:ae:cc:09:
         b6:00:8a:7e:ea:90:ef:24:85:22:2b:43:37:6c:6a:f8:d1:c0:
         13:dd:8f:ab:2e:f2:8e:87:36:d4:ef:60:a1:7d:1f:99:e8:05:
         70:46:54:1f:43:5d:4c:9c:7d:cb:46:92:b3:bd:11:8b:32:57:
         bf:8f:d2:69:46:eb:95:f1:56:44:bb:16:6a:3e:43:ba:63:4f:
         ae:8e:92:bf
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQgaD0Jno5QzR/3vgPfmrgHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MjAzNDYzZWI5NDRiMjVjNjUxMzVjYTQ3YmRiZGFiNjQ2
ZjM5ODQwHhcNMjUwMTAxMDU0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTc3YTNlY2VmZjlmYWM2NTcwOTY3YWVhOGZjODY2ZTM2YmQ1ZTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPW3Gm3Y0eut8BiUxftHt/vTn+qT
3j082Odv120xB10PjOylo9mi6c5Qi07piGeoQ5qpZ8ihb4qTEMpiNFHVcA91nCtL
zOlM8O2711/vWzLwUmr0HUyG4juRoYOwOeOze1mP+97yXq+pOUqa8E1W/1NwrDx6
6XeL7uYybKPdhaSXwP/na5pes7GaYFNSn78txPRJslZzbqx4DwCBE04+wVpp+1Fh
my7JLiTA+4bGrnfnQdNmyJIZ2BPKe2ZCe5CHRwbjn30Bv5IvJUMY7i+GnrW2YInV
2NgduUYAvDiRwa7GO5n99Db0Jsx6sl+nZ9zkDQRvOlPNYdojAZ/4PNqRRQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFN53o+zv+frGVwlnrqj8hm42vV50MB8GA1UdIwQY
MBaAFDggNGPrlEslxlE1yke9vatkbzmEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1Nzgt
NTg5MzUxNzliOTg1LzEvM25lajdPXzUtc1pYQ1dldXFQeUdiamE5WG5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1NzgtNTg5MzUxNzliOTg1
LzEvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgCIYDAN
BgkqhkiG9w0BAQsFAAOCAQEAGHTpu7GmS2GIcHd/xhlOxKSr7Z7I0RmZvhsKbivK
A8MfgqYT57ruq7/R4vnkeUwNa956lpnd9kFDmIfo/K3ucIzomWPZDE5oFG+K9SSW
FNhQiu4tuPnSUx1GatW7ydce5S1dYiAxFRS9NOIrByIuGlhpQa2y4iW4z3BvieiN
flGPzQ3F0M9YSBjyz9C0MO0903dUHAHPLFRvIvUwmf/CLX8uo0Ouz6pyqggj+kpv
dY4brswJtgCKfuqQ7ySFIitDN2xq+NHAE92Pqy7yjoc21O9goX0fmegFcEZUH0Nd
TJx9y0aSs70RizJXv4/SaUbrlfFWRLsWaj5DumNPro6Svw==
-----END CERTIFICATE-----