Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/00d45d-5e48-458d-92f7-ae52e156b77e/1/2JOqb_FcM3JCaikWzh1QzLM3NNs.roa
File:                     2JOqb_FcM3JCaikWzh1QzLM3NNs.roa (raw, json)
Hash identifier:          isQtSQoVI4VnIJhK4p6fvX5w7lFtKPVqkwJW/rfKCwA=
Subject key identifier:   D8:93:AA:6F:F1:5C:33:72:42:6A:29:16:CE:1D:50:CC:B3:37:34:DB
Certificate issuer:       /CN=88e719f426793b1e9063771460abd311a3dff116
Certificate serial:       019423D717E90E2AA3194B8514B42C585EB4
Authority key identifier: 88:E7:19:F4:26:79:3B:1E:90:63:77:14:60:AB:D3:11:A3:DF:F1:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iOcZ9CZ5Ox6QY3cUYKvTEaPf8RY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/00d45d-5e48-458d-92f7-ae52e156b77e/1/2JOqb_FcM3JCaikWzh1QzLM3NNs.roa
Signing time:             Wed 01 Jan 2025 21:48:06 +0000
ROA not before:           Wed 01 Jan 2025 21:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25623
IP address blocks:        2a06:ee05::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/00d45d-5e48-458d-92f7-ae52e156b77e/1/iOcZ9CZ5Ox6QY3cUYKvTEaPf8RY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/00d45d-5e48-458d-92f7-ae52e156b77e/1/iOcZ9CZ5Ox6QY3cUYKvTEaPf8RY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iOcZ9CZ5Ox6QY3cUYKvTEaPf8RY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:17:e9:0e:2a:a3:19:4b:85:14:b4:2c:58:5e:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88e719f426793b1e9063771460abd311a3dff116
        Validity
            Not Before: Jan  1 21:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d893aa6ff15c3372426a2916ce1d50ccb33734db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e3:03:28:96:99:c1:27:5d:0e:f4:63:e8:40:
                    1f:7b:04:1c:38:7a:6c:5e:83:17:67:98:eb:7a:00:
                    0e:c8:65:68:46:ce:35:4f:f9:f9:8c:db:82:e8:b5:
                    e5:95:eb:2e:f0:36:b9:ca:d9:26:df:3e:ef:34:83:
                    4f:b8:99:1f:30:c9:81:3c:bb:7c:b0:88:06:8a:ce:
                    a4:d8:9d:d4:0f:f9:3a:c0:7d:73:e8:c4:6f:b0:19:
                    4a:64:b8:b1:f7:01:c6:f8:f3:9d:61:6a:c5:fc:32:
                    fc:86:35:fc:2a:d7:4a:7c:5c:d9:7e:96:fb:79:12:
                    3e:6e:0f:ac:1d:73:d1:c4:38:3e:f8:c3:0b:3f:e2:
                    21:be:12:c0:df:cc:f5:5d:ad:b0:bd:16:a6:fd:a9:
                    d3:08:f6:82:d8:69:9b:cf:ee:85:38:ab:d9:87:bf:
                    41:72:6d:d6:6c:d3:38:31:5e:1d:66:d9:a7:27:f7:
                    d4:b9:13:5c:e1:d4:e5:26:d3:8c:fc:21:d9:5f:01:
                    23:f3:ab:35:78:a0:3f:ff:d3:d1:76:86:05:b5:d4:
                    f0:1c:b7:99:e5:e0:0a:70:34:b8:b3:ca:56:39:d6:
                    9e:a3:eb:38:e8:6f:af:91:ae:4c:cf:29:87:ac:50:
                    b1:2d:cb:29:e0:5b:2a:71:23:14:69:7d:90:e1:20:
                    1c:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:93:AA:6F:F1:5C:33:72:42:6A:29:16:CE:1D:50:CC:B3:37:34:DB
            X509v3 Authority Key Identifier:
                keyid:88:E7:19:F4:26:79:3B:1E:90:63:77:14:60:AB:D3:11:A3:DF:F1:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iOcZ9CZ5Ox6QY3cUYKvTEaPf8RY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/00d45d-5e48-458d-92f7-ae52e156b77e/1/2JOqb_FcM3JCaikWzh1QzLM3NNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/00d45d-5e48-458d-92f7-ae52e156b77e/1/iOcZ9CZ5Ox6QY3cUYKvTEaPf8RY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:ee05::/32

    Signature Algorithm: sha256WithRSAEncryption
         74:e5:91:8d:1f:9d:62:32:f8:f9:28:9c:22:3d:81:27:bf:27:
         ed:e6:00:65:ed:cd:eb:92:2d:1f:93:8a:8d:ea:95:3d:6c:60:
         14:ea:b4:19:d3:c6:6f:c6:87:77:aa:3a:d0:d3:ab:76:80:37:
         54:d0:6a:ec:ef:93:95:07:d9:fe:4d:87:0c:d0:9f:0c:91:34:
         cd:28:6b:f2:6e:7f:bd:ec:1e:21:61:ef:2b:1c:32:8f:64:f1:
         4f:4d:9b:e7:a6:4d:bd:8c:2b:c1:82:c9:5b:52:cb:0f:15:ce:
         3a:6e:03:18:fd:8a:6a:ee:46:8e:61:67:d0:5c:34:37:1a:63:
         94:8f:dc:df:16:9f:43:40:83:5c:56:f9:34:bb:92:05:90:c8:
         05:ab:e0:fc:29:c7:0d:db:17:19:ec:8f:46:6f:7c:c2:02:c3:
         63:0e:e7:bd:e0:89:ea:27:60:4b:d7:38:c9:09:43:79:1b:8a:
         6a:53:c3:df:46:a0:68:a3:9e:45:ab:60:d0:e4:61:cb:c5:bd:
         6b:55:34:db:02:ed:1c:55:63:18:bf:7d:8b:5c:27:25:ee:c7:
         7e:fa:a4:ed:d0:f1:7c:ab:4f:71:3d:2f:c7:aa:44:54:88:d3:
         b0:dd:73:72:09:ab:00:f6:df:33:29:ab:4d:ee:9b:97:f6:a5:
         1a:cf:b5:33
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQj1xfpDiqjGUuFFLQsWF60MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZTcxOWY0MjY3OTNiMWU5MDYzNzcxNDYwYWJkMzExYTNk
ZmYxMTYwHhcNMjUwMTAxMjE0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODkzYWE2ZmYxNWMzMzcyNDI2YTI5MTZjZTFkNTBjY2IzMzczNGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+MDKJaZwSddDvRj6EAfewQcOHps
XoMXZ5jregAOyGVoRs41T/n5jNuC6LXllesu8Da5ytkm3z7vNINPuJkfMMmBPLt8
sIgGis6k2J3UD/k6wH1z6MRvsBlKZLix9wHG+POdYWrF/DL8hjX8KtdKfFzZfpb7
eRI+bg+sHXPRxDg++MMLP+IhvhLA38z1Xa2wvRam/anTCPaC2Gmbz+6FOKvZh79B
cm3WbNM4MV4dZtmnJ/fUuRNc4dTlJtOM/CHZXwEj86s1eKA//9PRdoYFtdTwHLeZ
5eAKcDS4s8pWOdaeo+s46G+vka5MzymHrFCxLcsp4FsqcSMUaX2Q4SAcGQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNiTqm/xXDNyQmopFs4dUMyzNzTbMB8GA1UdIwQY
MBaAFIjnGfQmeTsekGN3FGCr0xGj3/EWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaU9jWjlDWjVPeDZRWTNjVVlLdlRFYVBmOFJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8wMGQ0NWQtNWU0OC00NThkLTkyZjct
YWU1MmUxNTZiNzdlLzEvMkpPcWJfRmNNM0pDYWlrV3poMVF6TE0zTk5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8wMGQ0NWQtNWU0OC00NThkLTkyZjctYWU1MmUxNTZiNzdl
LzEvaU9jWjlDWjVPeDZRWTNjVVlLdlRFYVBmOFJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgbuBTAN
BgkqhkiG9w0BAQsFAAOCAQEAdOWRjR+dYjL4+SicIj2BJ78n7eYAZe3N65ItH5OK
jeqVPWxgFOq0GdPGb8aHd6o60NOrdoA3VNBq7O+TlQfZ/k2HDNCfDJE0zShr8m5/
veweIWHvKxwyj2TxT02b56ZNvYwrwYLJW1LLDxXOOm4DGP2Kau5GjmFn0Fw0Nxpj
lI/c3xafQ0CDXFb5NLuSBZDIBavg/CnHDdsXGeyPRm98wgLDYw7nveCJ6idgS9c4
yQlDeRuKalPD30agaKOeRatg0ORhy8W9a1U02wLtHFVjGL99i1wnJe7Hfvqk7dDx
fKtPcT0vx6pEVIjTsN1zcgmrAPbfMymrTe6bl/alGs+1Mw==
-----END CERTIFICATE-----