Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/zBMwGWWflzLxBSFNPzJ2aqEBgrE.roa
File:                     zBMwGWWflzLxBSFNPzJ2aqEBgrE.roa (raw, json)
Hash identifier:          Frie/26MAD4moXE2hcnRczEyt7GQngLuPdcorC2uOx4=
Subject key identifier:   CC:13:30:19:65:9F:97:32:F1:05:21:4D:3F:32:76:6A:A1:01:82:B1
Certificate issuer:       /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial:       019421B229C73D79C8281F68FBF2AF6CEF41
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/zBMwGWWflzLxBSFNPzJ2aqEBgrE.roa
Signing time:             Wed 01 Jan 2025 11:48:31 +0000
ROA not before:           Wed 01 Jan 2025 11:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52000
IP address blocks:        2a0e:9846::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:29:c7:3d:79:c8:28:1f:68:fb:f2:af:6c:ef:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
        Validity
            Not Before: Jan  1 11:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc133019659f9732f105214d3f32766aa10182b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:47:f4:ff:52:98:a7:82:97:a1:d5:8f:bc:32:
                    f6:d0:6f:5b:22:23:37:55:ab:34:2b:e6:52:37:31:
                    27:98:50:96:16:7c:e7:45:58:81:39:34:7c:1e:3b:
                    20:39:f4:49:72:6f:5c:10:f4:0f:dc:81:e7:df:6c:
                    5c:ba:19:09:27:c7:51:e5:e4:58:11:05:c0:2a:74:
                    23:f2:1c:0c:29:eb:f7:c4:a8:8a:a2:4a:7a:1b:7c:
                    dd:f1:3c:84:7c:4f:aa:88:fd:6a:f7:b4:53:15:7d:
                    47:fb:af:37:e8:ff:39:de:ff:e4:23:d3:6c:be:5b:
                    32:5d:43:bc:03:ac:40:81:a9:82:f7:30:63:e7:c9:
                    80:c2:a4:e5:b7:51:2b:1f:fb:77:b8:ad:a4:1e:72:
                    1c:29:12:b5:b8:fd:12:02:4b:01:b8:b1:d9:bc:92:
                    8a:a5:94:71:c5:b8:e7:2d:fa:fc:fc:4a:9c:2b:48:
                    16:60:71:b3:94:ae:09:b1:dc:cb:ce:e9:42:78:ca:
                    ed:0e:32:be:b3:42:11:59:0f:ab:24:0d:9f:ee:f8:
                    2e:a8:5f:dc:a1:a8:d5:8b:79:e0:5a:ed:bf:64:c1:
                    c5:c7:58:33:c6:78:2e:66:bd:4d:a5:fd:99:54:ab:
                    f5:37:fb:e1:1b:27:8c:07:03:99:57:fe:d5:61:f7:
                    c9:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:13:30:19:65:9F:97:32:F1:05:21:4D:3F:32:76:6A:A1:01:82:B1
            X509v3 Authority Key Identifier:
                keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/zBMwGWWflzLxBSFNPzJ2aqEBgrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:9846::/32

    Signature Algorithm: sha256WithRSAEncryption
         72:8e:a0:e8:70:cc:62:5e:fe:3a:06:e7:25:ac:b7:b1:a9:7b:
         18:35:f0:ce:09:dd:b2:ef:5c:28:40:f4:d8:ee:5a:53:76:aa:
         c2:44:b3:08:9c:b4:69:20:a9:b6:9e:c1:89:d7:23:4b:1b:ab:
         3f:a6:eb:6f:86:2d:3b:0b:7e:3b:ab:0c:4f:4b:5f:18:af:7e:
         dd:1d:12:53:11:4f:3f:50:b6:7b:e0:f1:e5:92:25:55:e3:e7:
         52:fa:fc:33:9c:ce:3a:fa:32:32:37:bf:a1:75:9f:58:75:73:
         cc:0b:fd:ed:67:e6:21:a0:e8:80:41:82:42:00:c3:7e:5e:6b:
         29:98:5a:a5:57:8b:b6:c8:dd:b1:1c:d4:02:8f:44:5e:d9:47:
         da:9e:45:45:69:ae:c4:c0:9b:97:ad:ac:5c:17:6c:aa:05:99:
         c2:91:43:91:a2:6b:1c:d5:50:8a:6f:94:2c:a4:d1:e9:fd:bd:
         2c:3b:bc:a6:84:a6:69:00:9d:2b:e3:37:64:e2:fd:72:2a:df:
         a6:c2:30:b5:e1:08:af:20:53:8e:23:97:9d:e9:ef:f6:50:47:
         83:00:34:a4:4c:46:e6:7f:b7:3b:cb:30:d9:e2:7d:22:64:07:
         16:8f:6b:82:a0:5a:71:d3:4c:31:49:fd:56:95:57:67:32:8b:
         cd:6c:4b:a1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQhsinHPXnIKB9o+/KvbO9BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjUwMTAxMTE0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzEzMzAxOTY1OWY5NzMyZjEwNTIxNGQzZjMyNzY2YWExMDE4MmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Ef0/1KYp4KXodWPvDL20G9bIiM3
Vas0K+ZSNzEnmFCWFnznRViBOTR8HjsgOfRJcm9cEPQP3IHn32xcuhkJJ8dR5eRY
EQXAKnQj8hwMKev3xKiKokp6G3zd8TyEfE+qiP1q97RTFX1H+6836P853v/kI9Ns
vlsyXUO8A6xAgamC9zBj58mAwqTlt1ErH/t3uK2kHnIcKRK1uP0SAksBuLHZvJKK
pZRxxbjnLfr8/EqcK0gWYHGzlK4JsdzLzulCeMrtDjK+s0IRWQ+rJA2f7vguqF/c
oajVi3ngWu2/ZMHFx1gzxnguZr1Npf2ZVKv1N/vhGyeMBwOZV/7VYffJiwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMwTMBlln5cy8QUhTT8ydmqhAYKxMB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvekJNd0dXV2Zsekx4QlNGTlB6SjJhcUVCZ3JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg6YRjAN
BgkqhkiG9w0BAQsFAAOCAQEAco6g6HDMYl7+OgbnJay3sal7GDXwzgndsu9cKED0
2O5aU3aqwkSzCJy0aSCptp7BidcjSxurP6brb4YtOwt+O6sMT0tfGK9+3R0SUxFP
P1C2e+Dx5ZIlVePnUvr8M5zOOvoyMje/oXWfWHVzzAv97WfmIaDogEGCQgDDfl5r
KZhapVeLtsjdsRzUAo9EXtlH2p5FRWmuxMCbl62sXBdsqgWZwpFDkaJrHNVQim+U
LKTR6f29LDu8poSmaQCdK+M3ZOL9cirfpsIwteEIryBTjiOXnenv9lBHgwA0pExG
5n+3O8sw2eJ9ImQHFo9rgqBacdNMMUn9VpVXZzKLzWxLoQ==
-----END CERTIFICATE-----