Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/cOOWg89RptAl4vUxibeKFJf171E.roa
File:                     cOOWg89RptAl4vUxibeKFJf171E.roa (raw, json)
Hash identifier:          5EzOvKup3W2ofTZRZLRvdO+YukZ07eUuuHetxZx8s4U=
Subject key identifier:   70:E3:96:83:CF:51:A6:D0:25:E2:F5:31:89:B7:8A:14:97:F5:EF:51
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       019424449AED0A2E4093D29F8D88B9F30A73
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/cOOWg89RptAl4vUxibeKFJf171E.roa
Signing time:             Wed 01 Jan 2025 23:47:43 +0000
ROA not before:           Wed 01 Jan 2025 23:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205758
IP address blocks:        2a09:7:2006::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:9a:ed:0a:2e:40:93:d2:9f:8d:88:b9:f3:0a:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  1 23:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70e39683cf51a6d025e2f53189b78a1497f5ef51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:85:44:2b:b6:5d:0c:52:aa:0a:2d:d7:c6:33:
                    7a:48:67:62:61:2a:69:b9:e7:26:5e:46:02:a7:28:
                    44:2c:7d:18:31:0f:43:5b:ad:a4:0c:bd:c1:02:1f:
                    15:c8:4f:2a:ba:2b:59:e7:05:96:9b:ed:09:28:34:
                    5a:82:14:00:19:0f:64:b1:8e:b0:79:76:38:53:6b:
                    69:21:04:25:b0:77:92:83:15:62:44:be:7f:d5:ce:
                    42:62:ff:f9:61:2d:c0:64:d1:d1:44:c9:b6:21:b2:
                    24:a8:0e:e4:c2:ea:b8:11:28:25:15:1f:b7:40:10:
                    ff:dc:07:3a:ff:70:b1:e6:d0:f4:4f:4a:f5:7d:dc:
                    e3:79:fa:6a:64:f7:43:c3:79:5c:d6:d5:d3:00:9d:
                    b1:93:55:36:6b:66:cc:7b:5b:1d:6e:71:1b:11:10:
                    61:9d:31:39:f1:72:7a:24:a6:f9:41:87:31:03:06:
                    96:f2:b2:9d:84:cd:f0:b1:d1:3b:b6:b3:93:09:80:
                    12:6d:c9:8b:36:d9:ee:b3:a6:e7:43:95:36:af:59:
                    8a:66:f8:6b:eb:12:81:78:2e:5a:18:18:dd:39:d0:
                    5a:f0:8e:2b:23:67:f0:8e:ac:b6:04:33:db:de:88:
                    b1:79:60:dd:b4:7e:e7:57:5e:fa:51:1e:fb:01:95:
                    7c:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:E3:96:83:CF:51:A6:D0:25:E2:F5:31:89:B7:8A:14:97:F5:EF:51
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/cOOWg89RptAl4vUxibeKFJf171E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:7:2006::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:c7:2d:2f:4b:31:4d:ad:1f:eb:0c:fe:38:db:f3:6d:65:27:
         20:1a:79:55:57:13:69:75:c3:0c:04:b4:3d:ac:14:44:56:cf:
         45:dd:05:d8:22:5d:bd:b7:57:86:bf:b0:67:6c:5a:65:d7:28:
         f6:8a:11:a3:2b:6e:95:c2:59:c3:63:3b:9f:fc:af:fb:21:8a:
         9e:0b:ea:7a:09:cd:c9:3e:75:33:9d:80:e4:42:4d:5c:82:1f:
         99:ce:a9:ae:8b:fa:6a:ba:8d:e1:ec:5e:db:7b:a5:80:b2:9c:
         a5:80:e3:54:0f:d1:42:e7:d0:d2:16:0d:57:af:37:ab:32:a0:
         70:4f:f5:bd:5d:78:1f:91:64:d9:1d:c2:ca:e1:cc:bc:9c:d7:
         5e:b4:30:9f:4c:a8:9a:9e:cc:03:8c:5e:17:af:6d:d8:ec:bd:
         4f:fe:2d:f3:0d:fc:bd:3e:5e:6f:96:a5:cd:ac:72:bd:7d:6c:
         3f:96:aa:6d:d0:64:57:c2:a2:17:39:b6:a1:50:be:cb:46:3e:
         f4:94:5a:e8:cb:68:ee:a7:37:16:50:0a:52:44:e4:cd:54:e8:
         55:43:21:92:ca:06:57:49:18:09:ab:b8:5a:89:1a:4e:c0:33:
         cc:d4:ad:85:d5:77:71:4e:2c:d4:cb:2e:78:99:b1:33:67:3b:
         cc:8d:64:5d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQkRJrtCi5Ak9KfjYi58wpzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjUwMTAxMjM0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGUzOTY4M2NmNTFhNmQwMjVlMmY1MzE4OWI3OGExNDk3ZjVlZjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4VEK7ZdDFKqCi3XxjN6SGdiYSpp
uecmXkYCpyhELH0YMQ9DW62kDL3BAh8VyE8quitZ5wWWm+0JKDRaghQAGQ9ksY6w
eXY4U2tpIQQlsHeSgxViRL5/1c5CYv/5YS3AZNHRRMm2IbIkqA7kwuq4ESglFR+3
QBD/3Ac6/3Cx5tD0T0r1fdzjefpqZPdDw3lc1tXTAJ2xk1U2a2bMe1sdbnEbERBh
nTE58XJ6JKb5QYcxAwaW8rKdhM3wsdE7trOTCYASbcmLNtnus6bnQ5U2r1mKZvhr
6xKBeC5aGBjdOdBa8I4rI2fwjqy2BDPb3oixeWDdtH7nV176UR77AZV8awIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHDjloPPUabQJeL1MYm3ihSX9e9RMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvY09PV2c4OVJwdEFsNHZVeGliZUtGSmYxNzFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgkAByAG
MA0GCSqGSIb3DQEBCwUAA4IBAQB7xy0vSzFNrR/rDP442/NtZScgGnlVVxNpdcMM
BLQ9rBREVs9F3QXYIl29t1eGv7BnbFpl1yj2ihGjK26VwlnDYzuf/K/7IYqeC+p6
Cc3JPnUznYDkQk1cgh+Zzqmui/pquo3h7F7be6WAspylgONUD9FC59DSFg1Xrzer
MqBwT/W9XXgfkWTZHcLK4cy8nNdetDCfTKianswDjF4Xr23Y7L1P/i3zDfy9Pl5v
lqXNrHK9fWw/lqpt0GRXwqIXObahUL7LRj70lFroy2jupzcWUApSROTNVOhVQyGS
ygZXSRgJq7haiRpOwDPM1K2F1XdxTizUyy54mbEzZzvMjWRd
-----END CERTIFICATE-----