Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/vDazkPOiPtoCYetZfRX-qpQ69j8.roa
File:                     vDazkPOiPtoCYetZfRX-qpQ69j8.roa (raw, json)
Hash identifier:          B0GK+5WaWwtXf0DhRaPxfP/Ak+Di2Wr89zC0Jym0UK4=
Subject key identifier:   BC:36:B3:90:F3:A2:3E:DA:02:61:EB:59:7D:15:FE:AA:94:3A:F6:3F
Certificate issuer:       /CN=3e7156abee6ba238b907315df9c552865adcdae8
Certificate serial:       01942068207E40C5C13019778FF112534D27
Authority key identifier: 3E:71:56:AB:EE:6B:A2:38:B9:07:31:5D:F9:C5:52:86:5A:DC:DA:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PnFWq-5roji5BzFd-cVShlrc2ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/vDazkPOiPtoCYetZfRX-qpQ69j8.roa
Signing time:             Wed 01 Jan 2025 05:48:02 +0000
ROA not before:           Wed 01 Jan 2025 05:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49775
IP address blocks:        2a0c:7d80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/PnFWq-5roji5BzFd-cVShlrc2ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/PnFWq-5roji5BzFd-cVShlrc2ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PnFWq-5roji5BzFd-cVShlrc2ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:20:7e:40:c5:c1:30:19:77:8f:f1:12:53:4d:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e7156abee6ba238b907315df9c552865adcdae8
        Validity
            Not Before: Jan  1 05:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc36b390f3a23eda0261eb597d15feaa943af63f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:0e:c5:6b:b3:d8:6a:6f:93:1a:b2:a2:8d:ef:
                    5d:c0:00:0d:35:30:25:cd:66:ac:b1:50:1b:0e:bf:
                    d2:d4:b9:f1:54:1a:9c:52:3f:1d:ae:dc:61:18:23:
                    f0:e6:3c:3b:eb:9c:6b:86:eb:39:d5:f3:58:ba:b6:
                    50:93:09:a9:b8:d2:45:9b:1d:e0:60:98:79:fe:5c:
                    04:8c:87:cd:81:90:22:98:c3:38:84:e7:c0:15:36:
                    33:d5:41:2d:79:92:b4:28:74:59:c9:28:11:e8:bb:
                    5e:34:0c:52:7d:e8:5c:fc:93:22:32:94:8c:89:60:
                    a6:46:65:33:38:b8:6f:5d:69:31:42:74:b2:bb:d8:
                    dc:f6:19:be:f5:f6:06:31:34:c5:eb:1b:eb:d9:79:
                    34:9c:be:e4:12:ee:91:27:35:c9:b7:f3:bc:08:08:
                    6e:4d:77:c3:8d:bc:c8:3f:2c:ed:11:4c:86:8a:e7:
                    49:5d:69:3d:55:9a:e7:8b:2e:34:c0:ae:5a:a0:05:
                    91:17:57:eb:fc:89:49:37:00:b7:51:1e:3f:e9:2e:
                    34:85:1a:5a:c6:94:91:27:9b:2b:70:11:f7:bf:57:
                    46:d0:8e:f0:f1:93:7b:ef:73:a1:bd:5a:ef:fe:e5:
                    f8:44:56:13:e6:b1:f7:77:c9:c3:1c:8d:de:bb:b0:
                    47:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:36:B3:90:F3:A2:3E:DA:02:61:EB:59:7D:15:FE:AA:94:3A:F6:3F
            X509v3 Authority Key Identifier:
                keyid:3E:71:56:AB:EE:6B:A2:38:B9:07:31:5D:F9:C5:52:86:5A:DC:DA:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PnFWq-5roji5BzFd-cVShlrc2ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/vDazkPOiPtoCYetZfRX-qpQ69j8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/PnFWq-5roji5BzFd-cVShlrc2ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:7d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:5c:6e:0f:a4:7d:18:3a:b0:fd:33:69:96:b8:7a:da:e8:3f:
         4f:0a:19:27:a0:c5:da:bb:ca:71:b3:a9:e9:5e:23:9b:21:a1:
         28:f0:43:02:87:68:79:eb:ab:2f:36:14:8f:06:9d:07:b6:05:
         95:16:5c:28:81:10:5a:6b:88:ff:a7:4b:bc:84:4a:57:23:71:
         a3:ca:a7:2f:d9:e4:c7:74:3e:0f:48:3d:ec:f5:22:46:90:fd:
         09:50:35:3a:fb:ee:36:a3:85:3b:7c:3f:5a:7b:8c:af:35:08:
         c0:4b:4f:44:13:dd:22:02:a9:2e:36:75:27:e9:26:a7:bb:a4:
         52:8a:88:79:70:b9:6b:b2:e8:22:d3:f0:a4:cc:b9:fe:84:eb:
         9a:6c:49:02:c0:28:b0:44:7b:9e:3b:a5:14:a1:c5:32:41:39:
         d3:2d:1a:a8:58:f7:70:31:10:74:14:2f:b6:04:46:c1:a4:b7:
         2c:a1:dd:f3:21:ca:32:8c:3d:9f:99:4b:c9:e7:7c:2b:ef:3c:
         a3:5e:87:ae:e7:06:d2:61:be:b5:25:b1:5d:05:a7:16:fb:0d:
         94:c3:7a:a4:2e:a3:39:63:b8:c8:2b:4f:63:dd:e1:ba:dc:8e:
         cd:98:8a:ad:30:68:94:6d:cf:b3:19:3a:9b:19:2f:47:30:1f:
         7d:09:f0:40
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQgaCB+QMXBMBl3j/ESU00nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNzE1NmFiZWU2YmEyMzhiOTA3MzE1ZGY5YzU1Mjg2NWFk
Y2RhZTgwHhcNMjUwMTAxMDU0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzM2YjM5MGYzYTIzZWRhMDI2MWViNTk3ZDE1ZmVhYTk0M2FmNjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlw7Fa7PYam+TGrKije9dwAANNTAl
zWassVAbDr/S1LnxVBqcUj8drtxhGCPw5jw765xrhus51fNYurZQkwmpuNJFmx3g
YJh5/lwEjIfNgZAimMM4hOfAFTYz1UEteZK0KHRZySgR6LteNAxSfehc/JMiMpSM
iWCmRmUzOLhvXWkxQnSyu9jc9hm+9fYGMTTF6xvr2Xk0nL7kEu6RJzXJt/O8CAhu
TXfDjbzIPyztEUyGiudJXWk9VZrniy40wK5aoAWRF1fr/IlJNwC3UR4/6S40hRpa
xpSRJ5srcBH3v1dG0I7w8ZN773OhvVrv/uX4RFYT5rH3d8nDHI3eu7BHdQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLw2s5Dzoj7aAmHrWX0V/qqUOvY/MB8GA1UdIwQY
MBaAFD5xVqvua6I4uQcxXfnFUoZa3NroMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG5GV3EtNXJvamk1QnpGZC1jVlNobHJjMnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9hNGEwZjctN2RiZC00YjAzLWI3Zjkt
NThmMmQ0NGZmMjgxLzEvdkRhemtQT2lQdG9DWWV0WmZSWC1xcFE2OWo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9hNGEwZjctN2RiZC00YjAzLWI3ZjktNThmMmQ0NGZmMjgx
LzEvUG5GV3EtNXJvamk1QnpGZC1jVlNobHJjMnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgx9gDAN
BgkqhkiG9w0BAQsFAAOCAQEAbVxuD6R9GDqw/TNplrh62ug/TwoZJ6DF2rvKcbOp
6V4jmyGhKPBDAodoeeurLzYUjwadB7YFlRZcKIEQWmuI/6dLvIRKVyNxo8qnL9nk
x3Q+D0g97PUiRpD9CVA1OvvuNqOFO3w/WnuMrzUIwEtPRBPdIgKpLjZ1J+kmp7uk
UoqIeXC5a7LoItPwpMy5/oTrmmxJAsAosER7njulFKHFMkE50y0aqFj3cDEQdBQv
tgRGwaS3LKHd8yHKMow9n5lLyed8K+88o16HrucG0mG+tSWxXQWnFvsNlMN6pC6j
OWO4yCtPY93hutyOzZiKrTBolG3Psxk6mxkvRzAffQnwQA==
-----END CERTIFICATE-----