Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/c755cc-5f90-47f5-adec-905f24c258ee/1/JaWvot76MTHHQ4kBFw9C82j2y4o.roa
File:                     JaWvot76MTHHQ4kBFw9C82j2y4o.roa (raw, json)
Hash identifier:          ixhJz3sDrdmmh9ldkvtB24V24cIIJCj92AgCDmIoozM=
Subject key identifier:   25:A5:AF:A2:DE:FA:31:31:C7:43:89:01:17:0F:42:F3:68:F6:CB:8A
Certificate issuer:       /CN=0ecbefe20e18866b8a490c95ee45992643bed69d
Certificate serial:       019421B205E5E040E4B50941B45A217EC5F0
Authority key identifier: 0E:CB:EF:E2:0E:18:86:6B:8A:49:0C:95:EE:45:99:26:43:BE:D6:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dsvv4g4YhmuKSQyV7kWZJkO-1p0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/c755cc-5f90-47f5-adec-905f24c258ee/1/JaWvot76MTHHQ4kBFw9C82j2y4o.roa
Signing time:             Wed 01 Jan 2025 11:48:21 +0000
ROA not before:           Wed 01 Jan 2025 11:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213268
IP address blocks:        2a09:3c00:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/c755cc-5f90-47f5-adec-905f24c258ee/1/Dsvv4g4YhmuKSQyV7kWZJkO-1p0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/c755cc-5f90-47f5-adec-905f24c258ee/1/Dsvv4g4YhmuKSQyV7kWZJkO-1p0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dsvv4g4YhmuKSQyV7kWZJkO-1p0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 20:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:05:e5:e0:40:e4:b5:09:41:b4:5a:21:7e:c5:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ecbefe20e18866b8a490c95ee45992643bed69d
        Validity
            Not Before: Jan  1 11:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=25a5afa2defa3131c7438901170f42f368f6cb8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:bf:cb:29:f4:bf:3e:5f:d4:7b:bc:48:6a:a6:
                    45:26:2d:91:20:7d:ff:aa:92:09:7b:b5:d2:03:88:
                    53:18:28:f6:8d:12:6f:9d:c6:07:26:b6:36:be:79:
                    11:f3:d6:7b:67:27:23:d3:cb:3d:67:ce:f8:34:4c:
                    d0:7a:8f:69:64:87:cc:2e:a9:90:70:e2:43:8e:e7:
                    c2:06:d9:44:c9:06:b8:1b:d6:8b:73:0c:d0:38:db:
                    dd:2d:38:76:0e:4e:fb:cf:22:fd:b4:0a:b9:ef:59:
                    f4:26:5a:ea:76:29:cc:78:db:14:0d:96:01:a8:78:
                    0a:f3:92:78:ff:9d:3a:e1:89:3e:6c:24:f0:da:61:
                    f0:26:4d:3d:3a:32:81:de:8f:0c:e0:a8:b4:a9:ce:
                    49:2c:72:f5:73:07:df:bb:85:72:fb:b5:52:2a:35:
                    87:40:f9:61:fd:c6:7d:a7:01:9e:53:e7:36:83:88:
                    e9:60:8d:74:5d:13:e6:75:89:a9:1d:35:78:ea:47:
                    63:03:2f:9d:f8:20:58:7c:dd:02:1e:cf:eb:ca:3a:
                    0f:a9:e6:2c:a3:bf:ae:16:ab:f3:68:67:d2:12:e9:
                    3e:57:0a:ad:15:f7:96:0a:49:b5:90:bd:35:10:0e:
                    9e:df:64:d5:29:1a:93:c2:b5:59:0a:87:53:09:d7:
                    32:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:A5:AF:A2:DE:FA:31:31:C7:43:89:01:17:0F:42:F3:68:F6:CB:8A
            X509v3 Authority Key Identifier:
                keyid:0E:CB:EF:E2:0E:18:86:6B:8A:49:0C:95:EE:45:99:26:43:BE:D6:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dsvv4g4YhmuKSQyV7kWZJkO-1p0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/c755cc-5f90-47f5-adec-905f24c258ee/1/JaWvot76MTHHQ4kBFw9C82j2y4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/c755cc-5f90-47f5-adec-905f24c258ee/1/Dsvv4g4YhmuKSQyV7kWZJkO-1p0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:3c00:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:6a:ee:e0:c5:df:01:76:72:4e:d7:4e:82:4b:79:d7:f3:8e:
         76:d0:59:34:67:b2:55:bb:14:aa:67:95:3f:a6:5d:6c:14:b9:
         8b:8f:c1:4b:9b:04:c6:7e:90:58:3e:41:ab:21:6d:74:6a:3f:
         b1:d4:66:45:ed:00:48:f3:8d:e9:de:4f:89:4a:e4:28:63:07:
         6d:5b:40:2d:ca:13:da:05:1e:1e:19:f9:73:c6:11:b5:f0:6e:
         5a:e3:48:56:26:5a:7a:4f:36:5c:d2:42:43:0e:a3:12:6c:7c:
         1f:6b:68:94:38:54:9b:9e:89:5e:89:28:fe:9f:61:da:2e:ed:
         30:8b:fb:56:2f:cf:80:b1:18:fc:6a:0e:ea:ad:83:86:c3:e1:
         d3:61:20:5b:d0:03:75:84:5e:be:29:3d:35:a9:b3:1b:92:94:
         0e:55:b2:21:26:02:a9:f1:71:a0:ca:85:2a:61:d5:e2:58:c4:
         d1:70:1a:09:be:39:aa:93:42:69:20:f9:b0:ea:56:1c:61:dc:
         ee:1a:50:45:e5:ef:02:a1:e1:0d:cd:1c:83:5b:e2:27:c8:1e:
         d6:2f:62:27:6f:60:10:4b:15:28:3a:3d:4a:4b:17:c9:84:3a:
         c9:ae:2b:1d:bd:c9:b4:55:60:71:cd:14:95:1f:b6:bd:98:bb:
         17:4e:2e:2b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhsgXl4EDktQlBtFohfsXwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlY2JlZmUyMGUxODg2NmI4YTQ5MGM5NWVlNDU5OTI2NDNi
ZWQ2OWQwHhcNMjUwMTAxMTE0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWE1YWZhMmRlZmEzMTMxYzc0Mzg5MDExNzBmNDJmMzY4ZjZjYjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqb/LKfS/Pl/Ue7xIaqZFJi2RIH3/
qpIJe7XSA4hTGCj2jRJvncYHJrY2vnkR89Z7Zycj08s9Z874NEzQeo9pZIfMLqmQ
cOJDjufCBtlEyQa4G9aLcwzQONvdLTh2Dk77zyL9tAq571n0JlrqdinMeNsUDZYB
qHgK85J4/5064Yk+bCTw2mHwJk09OjKB3o8M4Ki0qc5JLHL1cwffu4Vy+7VSKjWH
QPlh/cZ9pwGeU+c2g4jpYI10XRPmdYmpHTV46kdjAy+d+CBYfN0CHs/ryjoPqeYs
o7+uFqvzaGfSEuk+VwqtFfeWCkm1kL01EA6e32TVKRqTwrVZCodTCdcyLwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCWlr6Le+jExx0OJARcPQvNo9suKMB8GA1UdIwQY
MBaAFA7L7+IOGIZrikkMle5FmSZDvtadMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHN2djRnNFlobXVLU1F5VjdrV1pKa08tMXAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9jNzU1Y2MtNWY5MC00N2Y1LWFkZWMt
OTA1ZjI0YzI1OGVlLzEvSmFXdm90NzZNVEhIUTRrQkZ3OUM4MmoyeTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9jNzU1Y2MtNWY5MC00N2Y1LWFkZWMtOTA1ZjI0YzI1OGVl
LzEvRHN2djRnNFlobXVLU1F5VjdrV1pKa08tMXAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgk8AAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQACau7gxd8BdnJO106CS3nX84520Fk0Z7JVuxSq
Z5U/pl1sFLmLj8FLmwTGfpBYPkGrIW10aj+x1GZF7QBI843p3k+JSuQoYwdtW0At
yhPaBR4eGflzxhG18G5a40hWJlp6TzZc0kJDDqMSbHwfa2iUOFSbnoleiSj+n2Ha
Lu0wi/tWL8+AsRj8ag7qrYOGw+HTYSBb0AN1hF6+KT01qbMbkpQOVbIhJgKp8XGg
yoUqYdXiWMTRcBoJvjmqk0JpIPmw6lYcYdzuGlBF5e8CoeENzRyDW+InyB7WL2In
b2AQSxUoOj1KSxfJhDrJrisdvcm0VWBxzRSVH7a9mLsXTi4r
-----END CERTIFICATE-----