Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/05sp7PoW69zZsWAkEGwBJB6MWWk.roa
File:                     05sp7PoW69zZsWAkEGwBJB6MWWk.roa (raw, json)
Hash identifier:          KNDLSVd0QjixGYPVF/NFYufdsrOrv68NParumRRk6kM=
Subject key identifier:   D3:9B:29:EC:FA:16:EB:DC:D9:B1:60:24:10:6C:01:24:1E:8C:59:69
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       019425FDEEBA19882C0A9DB6AA1F038AFBB5
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/05sp7PoW69zZsWAkEGwBJB6MWWk.roa
Signing time:             Thu 02 Jan 2025 07:49:46 +0000
ROA not before:           Thu 02 Jan 2025 07:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214646
IP address blocks:        2a0a:79c0:400::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:ee:ba:19:88:2c:0a:9d:b6:aa:1f:03:8a:fb:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 07:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d39b29ecfa16ebdcd9b16024106c01241e8c5969
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ba:7d:92:df:2a:bf:7c:d7:92:2b:14:bb:97:
                    1c:e1:e1:06:c3:cd:ef:35:2f:fb:24:c7:a9:fd:db:
                    1d:0a:d7:b3:3a:29:2e:b9:30:ac:c7:62:23:e7:d0:
                    78:a1:e3:95:ad:6f:e8:72:77:3d:d9:a4:2b:ce:8f:
                    f2:25:35:e6:ae:0c:67:8e:4e:70:2a:34:6c:13:69:
                    fe:47:55:0a:ab:da:17:f1:a6:c3:fb:3f:08:5b:cb:
                    0d:c1:05:6d:4e:b4:f3:47:27:00:34:f0:89:35:29:
                    38:9c:06:ce:c2:97:e7:3e:86:c8:74:ca:77:87:47:
                    5b:61:13:9f:43:86:74:04:91:a0:b4:35:ce:dc:25:
                    70:46:6a:b0:c4:03:53:8a:6d:11:a3:80:be:4f:77:
                    c7:dd:4e:41:f3:17:f6:e8:25:cc:b6:cf:b0:41:22:
                    1a:c9:6c:69:9a:7c:b2:d7:79:80:a1:1d:a1:af:bc:
                    18:eb:5e:50:84:bc:a6:80:29:a8:94:67:d2:77:f1:
                    47:5d:f3:fe:92:bf:13:ca:11:d9:e4:b9:2d:00:66:
                    12:82:5f:1c:b8:15:0b:0e:98:66:db:b0:fe:74:08:
                    28:b8:13:d3:f8:c0:67:b8:21:47:5e:1d:28:1d:c7:
                    8c:8f:3e:b1:ea:99:fb:0e:c4:bb:d0:30:6c:86:5f:
                    e0:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:9B:29:EC:FA:16:EB:DC:D9:B1:60:24:10:6C:01:24:1E:8C:59:69
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/05sp7PoW69zZsWAkEGwBJB6MWWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:79c0:400::/44

    Signature Algorithm: sha256WithRSAEncryption
         da:41:08:fa:43:3a:bc:26:74:6e:65:67:68:a1:62:df:ef:e2:
         13:a1:d4:83:13:9a:36:78:2b:9a:8b:fc:e9:43:df:f4:37:b0:
         c9:21:18:b0:93:70:39:14:c4:6c:25:7c:de:06:86:78:62:11:
         8e:9d:df:bf:ea:2b:60:3a:b5:7d:97:57:21:bd:e3:b6:d2:c7:
         2d:da:10:ae:5f:ba:30:45:e7:08:f4:35:ed:5d:66:fa:c4:ca:
         bd:c8:9b:33:e1:66:a1:47:84:aa:df:ee:b8:9c:1b:ce:46:8b:
         20:24:69:2b:98:fa:8c:25:03:69:28:fc:29:93:b3:b2:05:aa:
         57:a1:c8:9d:0b:e9:41:b5:4c:e4:cb:8e:33:08:72:e7:11:14:
         61:6c:99:0d:6d:b2:b7:16:3a:16:83:83:e0:c3:76:ab:ab:47:
         e8:ce:c0:76:64:4e:d5:22:00:a1:4f:81:8e:b7:67:5f:58:42:
         f5:6e:93:c5:7c:a8:35:12:bd:85:e4:4c:b1:fa:bb:7d:6f:0e:
         a2:50:fa:d8:7a:43:c6:38:db:ca:1a:d6:48:1a:e9:00:30:39:
         45:33:7a:d4:5b:bc:65:12:b1:5f:20:5a:c5:6a:2f:8d:f4:d7:
         ed:19:d8:35:64:a6:32:4b:58:a8:b2:69:0c:1a:c3:7e:20:4c:
         2a:41:6a:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/e66GYgsCp22qh8Divu1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjUwMTAyMDc0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzliMjllY2ZhMTZlYmRjZDliMTYwMjQxMDZjMDEyNDFlOGM1OTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrp9kt8qv3zXkisUu5cc4eEGw83v
NS/7JMep/dsdCtezOikuuTCsx2Ij59B4oeOVrW/ocnc92aQrzo/yJTXmrgxnjk5w
KjRsE2n+R1UKq9oX8abD+z8IW8sNwQVtTrTzRycANPCJNSk4nAbOwpfnPobIdMp3
h0dbYROfQ4Z0BJGgtDXO3CVwRmqwxANTim0Ro4C+T3fH3U5B8xf26CXMts+wQSIa
yWxpmnyy13mAoR2hr7wY615QhLymgCmolGfSd/FHXfP+kr8TyhHZ5LktAGYSgl8c
uBULDphm27D+dAgouBPT+MBnuCFHXh0oHceMjz6x6pn7DsS70DBshl/g5QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNObKez6Fuvc2bFgJBBsASQejFlpMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvMDVzcDdQb1c2OXpac1dBa0VHd0JKQjZNV1drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgp5wAQA
MA0GCSqGSIb3DQEBCwUAA4IBAQDaQQj6Qzq8JnRuZWdooWLf7+ITodSDE5o2eCua
i/zpQ9/0N7DJIRiwk3A5FMRsJXzeBoZ4YhGOnd+/6itgOrV9l1chveO20sct2hCu
X7owRecI9DXtXWb6xMq9yJsz4WahR4Sq3+64nBvORosgJGkrmPqMJQNpKPwpk7Oy
BapXocidC+lBtUzky44zCHLnERRhbJkNbbK3FjoWg4Pgw3arq0fozsB2ZE7VIgCh
T4GOt2dfWEL1bpPFfKg1Er2F5Eyx+rt9bw6iUPrYekPGONvKGtZIGukAMDlFM3rU
W7xlErFfIFrFai+N9NftGdg1ZKYyS1iosmkMGsN+IEwqQWqy
-----END CERTIFICATE-----