Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/555221-000d-49f6-8335-4fd28c6619ae/1/wR0fHEzjCHCPZPB5JGzxge-3qdE.roa
File:                     wR0fHEzjCHCPZPB5JGzxge-3qdE.roa (raw, json)
Hash identifier:          Ll5NNx6rg9HE4x/GGGYOGCvVW3eD8cnr/rDcbdSk/qU=
Subject key identifier:   C1:1D:1F:1C:4C:E3:08:70:8F:64:F0:79:24:6C:F1:81:EF:B7:A9:D1
Certificate issuer:       /CN=a66246b806e89aba40e7e58888f3576513a3934a
Certificate serial:       019424B387180340538E78BF01678B58B628
Authority key identifier: A6:62:46:B8:06:E8:9A:BA:40:E7:E5:88:88:F3:57:65:13:A3:93:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pmJGuAbomrpA5-WIiPNXZROjk0o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/555221-000d-49f6-8335-4fd28c6619ae/1/wR0fHEzjCHCPZPB5JGzxge-3qdE.roa
Signing time:             Thu 02 Jan 2025 01:48:52 +0000
ROA not before:           Thu 02 Jan 2025 01:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202685
IP address blocks:        2a0e:8e80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/555221-000d-49f6-8335-4fd28c6619ae/1/pmJGuAbomrpA5-WIiPNXZROjk0o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/555221-000d-49f6-8335-4fd28c6619ae/1/pmJGuAbomrpA5-WIiPNXZROjk0o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pmJGuAbomrpA5-WIiPNXZROjk0o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 09:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:87:18:03:40:53:8e:78:bf:01:67:8b:58:b6:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a66246b806e89aba40e7e58888f3576513a3934a
        Validity
            Not Before: Jan  2 01:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c11d1f1c4ce308708f64f079246cf181efb7a9d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:bc:6b:4c:ec:18:df:71:ba:99:cb:7a:9b:09:
                    06:77:ce:b0:87:34:ec:3b:5a:01:9c:7a:11:0a:a0:
                    bb:b5:59:01:04:6e:b4:30:1b:4c:68:ee:df:44:67:
                    09:d7:8e:c4:e6:8e:8c:05:aa:81:5d:6c:52:05:a1:
                    7d:06:b8:4c:14:7f:e0:94:18:e8:7c:46:bc:c6:7e:
                    8a:85:23:f7:26:37:69:da:52:82:9c:09:58:7c:34:
                    00:0d:d9:e3:5d:cd:23:c6:8a:a0:a7:0c:b0:3c:a5:
                    e9:86:5d:bb:fb:3a:7c:66:6c:9a:89:5d:66:f0:d9:
                    d9:27:1c:90:d7:7b:95:8a:7d:91:95:59:44:cc:c0:
                    e4:a0:e1:89:4c:0a:96:48:cb:7a:92:37:60:6c:aa:
                    bf:fb:83:b4:ca:14:08:53:9a:c7:2c:a0:89:82:c4:
                    8d:c9:ef:51:24:42:1d:7e:be:3d:04:94:3a:d2:18:
                    9b:c6:44:8d:16:e0:d0:a0:a4:41:e7:d1:dc:3a:ad:
                    bd:09:9f:ad:c9:e3:aa:4a:2d:62:93:88:57:4c:bc:
                    98:5d:36:86:2d:0c:d8:20:44:70:b2:35:af:3f:e2:
                    84:7e:0d:16:ac:b1:04:0d:9e:93:b6:2c:17:a9:5a:
                    6b:a8:ef:8f:2c:e5:ed:99:c6:24:8d:a9:32:82:7e:
                    84:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:1D:1F:1C:4C:E3:08:70:8F:64:F0:79:24:6C:F1:81:EF:B7:A9:D1
            X509v3 Authority Key Identifier:
                keyid:A6:62:46:B8:06:E8:9A:BA:40:E7:E5:88:88:F3:57:65:13:A3:93:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pmJGuAbomrpA5-WIiPNXZROjk0o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/555221-000d-49f6-8335-4fd28c6619ae/1/wR0fHEzjCHCPZPB5JGzxge-3qdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/555221-000d-49f6-8335-4fd28c6619ae/1/pmJGuAbomrpA5-WIiPNXZROjk0o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         58:97:c9:57:4f:e3:78:33:57:1f:d6:a1:c7:53:16:1b:ce:4d:
         4e:97:4f:d9:6f:e5:da:7e:c5:56:01:4c:14:93:09:85:f3:64:
         fc:0e:49:c7:5d:c0:59:4b:b4:69:5e:cc:a9:6a:78:9c:dd:18:
         42:36:90:f1:e2:f8:40:a2:6e:71:71:e4:fe:53:6f:64:70:26:
         a7:22:05:e3:45:e8:6f:77:42:5b:80:49:ba:03:85:7d:58:e5:
         b7:e7:04:15:b5:e7:9e:9b:1f:af:ba:95:11:1c:cd:ea:32:0c:
         0f:d8:06:39:5d:79:02:e0:3c:85:dd:ce:40:eb:d9:0d:53:c0:
         4e:25:95:ce:84:d7:d5:ff:cc:67:e7:ca:7c:1e:b5:17:d9:b3:
         e0:a7:bf:a2:54:38:03:e4:53:dc:ee:60:f8:5a:a3:b6:fd:a0:
         38:9c:11:56:8d:e9:73:0d:c7:60:ef:9e:56:4c:7f:0d:e4:b9:
         7a:55:ff:87:4f:8a:7b:89:cc:d7:8b:20:e8:d9:02:22:fd:63:
         55:36:30:fc:11:2d:81:b8:e3:6f:d9:64:f3:f4:f2:43:62:ad:
         3a:bf:dc:c3:c6:ed:5f:67:a2:78:90:7c:96:64:53:44:78:fd:
         8d:16:6e:ea:e4:7b:bb:71:c7:3a:f1:1f:2a:5b:5e:b9:4c:a7:
         ad:1e:77:00
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQks4cYA0BTjni/AWeLWLYoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NjI0NmI4MDZlODlhYmE0MGU3ZTU4ODg4ZjM1NzY1MTNh
MzkzNGEwHhcNMjUwMTAyMDE0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTFkMWYxYzRjZTMwODcwOGY2NGYwNzkyNDZjZjE4MWVmYjdhOWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7xrTOwY33G6mct6mwkGd86whzTs
O1oBnHoRCqC7tVkBBG60MBtMaO7fRGcJ147E5o6MBaqBXWxSBaF9BrhMFH/glBjo
fEa8xn6KhSP3Jjdp2lKCnAlYfDQADdnjXc0jxoqgpwywPKXphl27+zp8ZmyaiV1m
8NnZJxyQ13uVin2RlVlEzMDkoOGJTAqWSMt6kjdgbKq/+4O0yhQIU5rHLKCJgsSN
ye9RJEIdfr49BJQ60hibxkSNFuDQoKRB59HcOq29CZ+tyeOqSi1ik4hXTLyYXTaG
LQzYIERwsjWvP+KEfg0WrLEEDZ6TtiwXqVprqO+PLOXtmcYkjakygn6EmQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMEdHxxM4whwj2TweSRs8YHvt6nRMB8GA1UdIwQY
MBaAFKZiRrgG6Jq6QOfliIjzV2UTo5NKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG1KR3VBYm9tcnBBNS1XSWlQTlhaUk9qazBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81NTUyMjEtMDAwZC00OWY2LTgzMzUt
NGZkMjhjNjYxOWFlLzEvd1IwZkhFempDSENQWlBCNUpHenhnZS0zcWRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81NTUyMjEtMDAwZC00OWY2LTgzMzUtNGZkMjhjNjYxOWFl
LzEvcG1KR3VBYm9tcnBBNS1XSWlQTlhaUk9qazBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg6OgDAN
BgkqhkiG9w0BAQsFAAOCAQEAWJfJV0/jeDNXH9ahx1MWG85NTpdP2W/l2n7FVgFM
FJMJhfNk/A5Jx13AWUu0aV7MqWp4nN0YQjaQ8eL4QKJucXHk/lNvZHAmpyIF40Xo
b3dCW4BJugOFfVjlt+cEFbXnnpsfr7qVERzN6jIMD9gGOV15AuA8hd3OQOvZDVPA
TiWVzoTX1f/MZ+fKfB61F9mz4Ke/olQ4A+RT3O5g+Fqjtv2gOJwRVo3pcw3HYO+e
Vkx/DeS5elX/h0+Ke4nM14sg6NkCIv1jVTYw/BEtgbjjb9lk8/TyQ2KtOr/cw8bt
X2eieJB8lmRTRHj9jRZu6uR7u3HHOvEfKlteuUynrR53AA==
-----END CERTIFICATE-----