Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/aNywjk-hRURwFzlW2WgXo-tyI7k.roa
File:                     aNywjk-hRURwFzlW2WgXo-tyI7k.roa (raw, json)
Hash identifier:          7GvPvCBbcDqco5BuG4uUSLpM+i4KeC8ZMy4qhRktBZ8=
Subject key identifier:   68:DC:B0:8E:4F:A1:45:44:70:17:39:56:D9:68:17:A3:EB:72:23:B9
Certificate issuer:       /CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Certificate serial:       0194266B5FB62A58B37A10FFEC4D916661B3
Authority key identifier: 35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/aNywjk-hRURwFzlW2WgXo-tyI7k.roa
Signing time:             Thu 02 Jan 2025 09:49:18 +0000
ROA not before:           Thu 02 Jan 2025 09:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196782
IP address blocks:        2a03:2a80::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:5f:b6:2a:58:b3:7a:10:ff:ec:4d:91:66:61:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359f0f5ff620e0db5311f64736909973ac60f6f3
        Validity
            Not Before: Jan  2 09:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68dcb08e4fa1454470173956d96817a3eb7223b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:47:bc:6d:d2:14:85:d8:8a:ec:47:86:ee:38:
                    4b:c2:46:86:10:69:0e:9a:34:cd:f9:fb:1a:d3:d1:
                    b7:64:40:18:20:b0:af:f4:bd:a4:5b:95:89:31:0d:
                    e7:85:63:40:1c:79:69:d7:c4:69:70:2b:c1:94:33:
                    5f:16:57:d0:28:cc:d5:db:f9:6d:53:34:e3:72:f8:
                    00:09:04:3d:19:47:6a:71:ba:51:0e:01:e1:c5:7b:
                    8b:3c:16:b7:b8:78:6e:ca:89:73:e4:01:76:df:d3:
                    6b:dc:b7:96:2e:54:1b:30:22:d3:0d:75:25:ed:a3:
                    d7:2b:7f:9f:4a:c8:c7:52:c4:e1:b6:ba:5b:53:48:
                    9b:3e:cc:2a:af:52:10:24:41:b6:ea:80:ed:7b:e8:
                    1a:9a:38:40:ea:54:bf:ba:b3:f4:f7:40:a0:b6:c5:
                    a5:19:44:c3:eb:2f:47:0c:f2:a8:52:5f:8a:10:e5:
                    c0:d3:d1:44:5c:a9:e3:92:45:0a:11:11:8f:34:fc:
                    ac:cf:2f:3c:2b:5a:47:63:7b:63:69:6f:4d:5a:ce:
                    54:fc:04:3b:c6:bc:97:49:28:8a:3b:b8:bf:5d:55:
                    d9:39:ad:ff:c2:8e:3f:7c:18:5d:82:08:33:f5:89:
                    61:b6:53:f1:ae:8f:4f:e5:15:ee:d5:df:98:a6:4c:
                    77:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:DC:B0:8E:4F:A1:45:44:70:17:39:56:D9:68:17:A3:EB:72:23:B9
            X509v3 Authority Key Identifier:
                keyid:35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/aNywjk-hRURwFzlW2WgXo-tyI7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:2a80::/32

    Signature Algorithm: sha256WithRSAEncryption
         0d:79:1e:18:84:93:3b:95:05:47:08:76:69:9d:0e:2e:3a:80:
         77:ad:87:19:c6:6c:e3:9f:02:94:87:08:5a:09:b3:e3:f3:ee:
         e4:d2:4c:28:d7:a1:50:df:d3:06:76:1d:d0:bb:98:d0:60:8e:
         52:f9:13:16:02:74:65:43:8f:fb:dc:39:3e:eb:bf:98:c5:c3:
         3f:72:6d:44:a7:41:ac:33:ef:88:af:0b:fc:da:3c:60:91:2a:
         41:01:07:83:24:5d:8a:75:97:2c:e7:32:5a:21:22:32:69:e1:
         53:f6:97:95:81:34:4c:25:c2:63:f1:b7:56:14:c4:07:e1:5c:
         df:e2:06:5e:21:bb:f1:9b:6c:09:78:e4:05:d9:b2:ce:2c:0d:
         dd:74:80:35:4e:c8:0d:d2:43:04:ce:c9:17:3a:55:f8:7a:ec:
         05:9b:25:0e:9c:7f:3d:20:1e:19:ff:da:dc:d8:18:40:88:9f:
         ac:99:e1:ad:b1:e7:f7:1d:5c:a9:e8:9b:e7:cf:38:e2:ac:25:
         f7:bf:eb:94:80:4b:90:91:5d:86:0d:eb:68:66:a1:ce:6d:56:
         9b:2c:14:c9:0c:bb:53:b0:5c:55:de:0a:fc:28:c2:b5:fb:e7:
         85:3d:94:a3:75:83:9d:e7:81:7c:e7:48:b3:9c:d9:14:a8:62:
         af:f3:76:e7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQma1+2KlizehD/7E2RZmGzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWYwZjVmZjYyMGUwZGI1MzExZjY0NzM2OTA5OTczYWM2
MGY2ZjMwHhcNMjUwMTAyMDk0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGRjYjA4ZTRmYTE0NTQ0NzAxNzM5NTZkOTY4MTdhM2ViNzIyM2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUe8bdIUhdiK7EeG7jhLwkaGEGkO
mjTN+fsa09G3ZEAYILCv9L2kW5WJMQ3nhWNAHHlp18RpcCvBlDNfFlfQKMzV2/lt
UzTjcvgACQQ9GUdqcbpRDgHhxXuLPBa3uHhuyolz5AF239Nr3LeWLlQbMCLTDXUl
7aPXK3+fSsjHUsThtrpbU0ibPswqr1IQJEG26oDte+gamjhA6lS/urP090CgtsWl
GUTD6y9HDPKoUl+KEOXA09FEXKnjkkUKERGPNPyszy88K1pHY3tjaW9NWs5U/AQ7
xryXSSiKO7i/XVXZOa3/wo4/fBhdgggz9YlhtlPxro9P5RXu1d+Ypkx3jQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGjcsI5PoUVEcBc5VtloF6PrciO5MB8GA1UdIwQY
MBaAFDWfD1/2IODbUxH2RzaQmXOsYPbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2It
ZDFhYmY0ZWUzMmNiLzEvYU55d2prLWhSVVJ3RnpsVzJXZ1hvLXR5STdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2ItZDFhYmY0ZWUzMmNi
LzEvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgMqgDAN
BgkqhkiG9w0BAQsFAAOCAQEADXkeGISTO5UFRwh2aZ0OLjqAd62HGcZs458ClIcI
Wgmz4/Pu5NJMKNehUN/TBnYd0LuY0GCOUvkTFgJ0ZUOP+9w5Puu/mMXDP3JtRKdB
rDPviK8L/No8YJEqQQEHgyRdinWXLOcyWiEiMmnhU/aXlYE0TCXCY/G3VhTEB+Fc
3+IGXiG78ZtsCXjkBdmyziwN3XSANU7IDdJDBM7JFzpV+HrsBZslDpx/PSAeGf/a
3NgYQIifrJnhrbHn9x1cqeib58844qwl97/rlIBLkJFdhg3raGahzm1WmywUyQy7
U7BcVd4K/CjCtfvnhT2Uo3WDneeBfOdIs5zZFKhir/N25w==
-----END CERTIFICATE-----