Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/eapLNVKWkPJvIKSSw8FvjnbqKM4.roa
File:                     eapLNVKWkPJvIKSSw8FvjnbqKM4.roa (raw, json)
Hash identifier:          lQyg7ma6RsIJVyHbW0BuPsXW31hRi/B1a2UZgfzLbWY=
Subject key identifier:   79:AA:4B:35:52:96:90:F2:6F:20:A4:92:C3:C1:6F:8E:76:EA:28:CE
Certificate issuer:       /CN=38203463eb944b25c65135ca47bdbdab646f3984
Certificate serial:       019420684017D9D9EB0205FCDA1B9BD9047E
Authority key identifier: 38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/eapLNVKWkPJvIKSSw8FvjnbqKM4.roa
Signing time:             Wed 01 Jan 2025 05:48:10 +0000
ROA not before:           Wed 01 Jan 2025 05:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208136
IP address blocks:        2a00:8860:d00::/40 maxlen: 64
                          2a00:8861:d00::/40 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:40:17:d9:d9:eb:02:05:fc:da:1b:9b:d9:04:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38203463eb944b25c65135ca47bdbdab646f3984
        Validity
            Not Before: Jan  1 05:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79aa4b35529690f26f20a492c3c16f8e76ea28ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b4:f8:91:35:27:56:f6:c6:ad:94:6f:22:f2:
                    59:de:e0:c0:2c:8d:3f:c8:52:e8:da:98:6d:a9:9e:
                    8c:e1:4f:40:14:0c:8b:ea:a9:bf:77:97:d7:88:a3:
                    aa:38:9c:9e:73:b6:4b:d9:b2:aa:93:a2:0e:dc:56:
                    7a:ff:c6:0a:8e:a3:af:69:c9:5f:20:59:59:68:d6:
                    a5:d0:72:e6:4a:ac:cf:8a:21:d9:7a:50:84:ef:1b:
                    5e:b3:08:d2:8d:1d:84:c6:f8:ad:67:1b:d1:1a:23:
                    34:4e:67:06:3e:34:db:14:9b:51:d1:08:36:e2:88:
                    c1:0d:fd:c6:36:bb:ec:ab:54:66:fa:e9:4d:5f:f1:
                    18:3d:d3:77:80:5c:7e:32:ac:6e:03:66:d9:d1:3f:
                    f4:ec:51:f6:72:12:a6:b5:0b:7f:5d:03:d3:83:cd:
                    16:c4:d4:c0:e5:de:0a:d0:6a:44:d8:db:56:21:06:
                    f4:dd:ff:24:b9:19:6f:e7:e0:a7:87:01:a0:a9:fa:
                    be:e2:5c:1f:76:aa:d2:29:9d:ab:14:70:81:4d:17:
                    da:9b:bc:ee:7f:7c:fe:c6:32:2f:40:4c:10:ea:37:
                    e7:b4:4e:55:bf:3d:2b:8b:54:18:89:75:37:ad:b9:
                    98:eb:eb:04:fc:b7:21:1e:fc:76:b1:b6:20:23:ff:
                    03:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:AA:4B:35:52:96:90:F2:6F:20:A4:92:C3:C1:6F:8E:76:EA:28:CE
            X509v3 Authority Key Identifier:
                keyid:38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/eapLNVKWkPJvIKSSw8FvjnbqKM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:8860:d00::/40
                  2a00:8861:d00::/40

    Signature Algorithm: sha256WithRSAEncryption
         6d:22:f5:7a:05:15:db:62:cd:f9:2a:59:48:3e:52:e0:a6:24:
         22:e0:0a:75:82:08:40:a1:62:f0:f3:2d:45:a8:0d:5a:a7:90:
         f1:a1:b7:d2:74:b7:5e:e2:12:28:b5:cd:f8:6f:88:c3:c4:5a:
         bd:95:a5:ef:cc:79:c0:67:2b:70:de:82:31:e9:9e:ae:da:9a:
         87:08:ac:23:93:41:ca:fd:ef:bb:85:8f:bc:26:ac:96:42:55:
         0c:e2:82:aa:6f:90:ce:64:28:a4:9b:0b:6b:5a:e4:8a:d1:ad:
         fc:0c:97:ae:65:b5:50:8f:70:18:c9:32:28:c4:da:1d:d3:c2:
         c7:9f:89:99:bb:4b:42:27:44:a0:26:3a:c5:8c:64:01:0d:9f:
         ac:62:35:19:05:f1:d3:8a:a5:7d:05:9b:31:41:37:21:e0:21:
         77:9b:ef:7d:95:d4:3f:08:8a:11:b9:fd:e0:b5:bc:20:52:0f:
         13:5e:ec:ea:ea:00:2a:6e:78:36:55:6f:e6:84:ef:96:99:77:
         bb:f0:b8:d7:2d:d0:15:ab:48:a9:f9:56:7f:0f:28:e0:3f:1e:
         55:4d:49:06:84:6e:79:68:dd:25:23:37:71:6b:e3:14:5b:ad:
         65:10:13:e7:65:d3:86:71:98:54:49:b5:a6:79:c0:30:fe:9d:
         1f:6d:c4:42
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZQgaEAX2dnrAgX82hub2QR+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MjAzNDYzZWI5NDRiMjVjNjUxMzVjYTQ3YmRiZGFiNjQ2
ZjM5ODQwHhcNMjUwMTAxMDU0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWFhNGIzNTUyOTY5MGYyNmYyMGE0OTJjM2MxNmY4ZTc2ZWEyOGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbT4kTUnVvbGrZRvIvJZ3uDALI0/
yFLo2phtqZ6M4U9AFAyL6qm/d5fXiKOqOJyec7ZL2bKqk6IO3FZ6/8YKjqOvaclf
IFlZaNal0HLmSqzPiiHZelCE7xteswjSjR2ExvitZxvRGiM0TmcGPjTbFJtR0Qg2
4ojBDf3GNrvsq1Rm+ulNX/EYPdN3gFx+MqxuA2bZ0T/07FH2chKmtQt/XQPTg80W
xNTA5d4K0GpE2NtWIQb03f8kuRlv5+CnhwGgqfq+4lwfdqrSKZ2rFHCBTRfam7zu
f3z+xjIvQEwQ6jfntE5Vvz0ri1QYiXU3rbmY6+sE/LchHvx2sbYgI/8D2wIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFHmqSzVSlpDybyCkksPBb4526ijOMB8GA1UdIwQY
MBaAFDggNGPrlEslxlE1yke9vatkbzmEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1Nzgt
NTg5MzUxNzliOTg1LzEvZWFwTE5WS1drUEp2SUtTU3c4RnZqbmJxS000LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1NzgtNTg5MzUxNzliOTg1
LzEvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKgCIYA0D
BgAqAIhhDTANBgkqhkiG9w0BAQsFAAOCAQEAbSL1egUV22LN+SpZSD5S4KYkIuAK
dYIIQKFi8PMtRagNWqeQ8aG30nS3XuISKLXN+G+Iw8RavZWl78x5wGcrcN6CMeme
rtqahwisI5NByv3vu4WPvCaslkJVDOKCqm+QzmQopJsLa1rkitGt/AyXrmW1UI9w
GMkyKMTaHdPCx5+JmbtLQidEoCY6xYxkAQ2frGI1GQXx04qlfQWbMUE3IeAhd5vv
fZXUPwiKEbn94LW8IFIPE17s6uoAKm54NlVv5oTvlpl3u/C41y3QFatIqflWfw8o
4D8eVU1JBoRueWjdJSM3cWvjFFutZRAT52XThnGYVEm1pnnAMP6dH23EQg==
-----END CERTIFICATE-----