Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/wA2XLJnWir-xhEejxYSzMP9qWmg.roa
File:                     wA2XLJnWir-xhEejxYSzMP9qWmg.roa (raw, json)
Hash identifier:          7HGxPptCKAAqslm+SxKWMqwkiI+tWIhHAB0zH2awj2w=
Subject key identifier:   C0:0D:97:2C:99:D6:8A:BF:B1:84:47:A3:C5:84:B3:30:FF:6A:5A:68
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       019425FDF042FF78087399A52DEF7AD3EB63
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/wA2XLJnWir-xhEejxYSzMP9qWmg.roa
Signing time:             Thu 02 Jan 2025 07:49:46 +0000
ROA not before:           Thu 02 Jan 2025 07:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214999
IP address blocks:        2a0a:79c7:fdf0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:f0:42:ff:78:08:73:99:a5:2d:ef:7a:d3:eb:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 07:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c00d972c99d68abfb18447a3c584b330ff6a5a68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ce:f8:52:2e:ce:e2:c3:f7:8d:84:75:84:b2:
                    ef:74:e7:a6:7f:18:5e:1e:12:ef:3f:19:34:eb:77:
                    71:cb:e2:65:38:41:8a:84:6b:4d:98:80:c7:5a:6f:
                    4c:d6:92:2d:8e:31:4d:ba:4f:18:44:a4:1f:a1:9f:
                    11:3f:7e:07:26:6e:5d:77:e3:dd:bf:7f:de:9b:a2:
                    e1:d2:2f:22:a0:87:82:92:b4:93:54:a9:8a:88:a7:
                    ff:92:1b:32:8e:77:18:ab:b6:5d:91:4b:b2:1d:74:
                    06:70:76:ec:f5:a4:a8:3c:51:6b:d7:92:fd:9a:e2:
                    38:53:ca:3d:e0:0c:cc:e1:26:16:03:a4:af:d3:62:
                    31:aa:ca:fb:ae:66:2f:31:7d:5b:42:0f:f6:e1:ce:
                    c5:08:29:83:63:28:61:88:8d:cc:39:9a:db:d8:27:
                    ca:ca:0b:ef:07:da:5a:42:ca:f0:fa:97:8c:ab:ba:
                    ad:85:8a:a6:ef:e3:ff:c6:06:b1:ed:ce:f3:35:69:
                    2b:e6:2e:c6:c6:0c:29:0d:5c:9d:9e:d5:20:b3:4f:
                    45:4b:36:d1:18:0d:29:ec:af:9c:f4:07:b5:52:27:
                    ef:19:bd:81:9a:52:4a:41:02:f7:9a:29:f8:38:b6:
                    45:e2:d8:aa:7c:12:09:74:58:8f:c3:ef:09:c4:a6:
                    33:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:0D:97:2C:99:D6:8A:BF:B1:84:47:A3:C5:84:B3:30:FF:6A:5A:68
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/wA2XLJnWir-xhEejxYSzMP9qWmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:79c7:fdf0::/44

    Signature Algorithm: sha256WithRSAEncryption
         27:fa:73:9e:46:39:85:5d:76:e2:d0:94:b4:72:09:ec:61:e4:
         be:00:02:00:bf:6b:54:7b:fd:d5:5b:7e:be:78:4e:00:11:b5:
         17:ea:2d:9f:c4:10:a3:85:ad:f1:79:b8:8f:35:52:2b:3e:c3:
         73:1c:25:ad:40:05:b2:70:8f:a7:67:26:a6:54:80:76:e5:a7:
         1c:7e:cc:3d:9c:2a:37:0d:bc:60:48:d6:9a:2c:2a:49:7c:1b:
         7f:67:92:59:e1:04:0c:6f:c8:b3:d1:24:08:40:7a:8a:9b:5d:
         6d:3e:3e:6e:93:09:de:72:98:28:a7:04:a2:e9:ea:41:a1:45:
         77:44:84:79:71:ab:92:cb:29:13:1d:e7:0b:f9:a3:6a:6d:47:
         0a:eb:57:9f:58:12:03:32:d7:25:34:f2:31:29:d1:69:de:f8:
         5c:2e:17:c5:da:34:7b:de:ec:56:da:4f:52:97:d9:12:e8:5d:
         c2:4c:44:8e:b9:d0:c3:0c:45:b4:56:df:9a:60:9f:7b:c4:20:
         3d:49:c6:ba:7a:bc:39:cb:09:44:dc:6b:1c:75:31:d3:07:ad:
         53:c0:97:ba:96:ca:52:4a:89:6f:18:25:64:e7:35:aa:78:d6:
         c5:6f:7e:87:f3:1a:0a:24:76:21:30:94:cb:d5:24:03:4f:6b:
         44:4e:22:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/fBC/3gIc5mlLe960+tjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjUwMTAyMDc0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDBkOTcyYzk5ZDY4YWJmYjE4NDQ3YTNjNTg0YjMzMGZmNmE1YTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuc74Ui7O4sP3jYR1hLLvdOemfxhe
HhLvPxk063dxy+JlOEGKhGtNmIDHWm9M1pItjjFNuk8YRKQfoZ8RP34HJm5dd+Pd
v3/em6Lh0i8ioIeCkrSTVKmKiKf/khsyjncYq7ZdkUuyHXQGcHbs9aSoPFFr15L9
muI4U8o94AzM4SYWA6Sv02Ixqsr7rmYvMX1bQg/24c7FCCmDYyhhiI3MOZrb2CfK
ygvvB9paQsrw+peMq7qthYqm7+P/xgax7c7zNWkr5i7GxgwpDVydntUgs09FSzbR
GA0p7K+c9Ae1UifvGb2BmlJKQQL3min4OLZF4tiqfBIJdFiPw+8JxKYznQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMANlyyZ1oq/sYRHo8WEszD/alpoMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvd0EyWExKbldpci14aEVlanhZU3pNUDlxV21nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgp5x/3w
MA0GCSqGSIb3DQEBCwUAA4IBAQAn+nOeRjmFXXbi0JS0cgnsYeS+AAIAv2tUe/3V
W36+eE4AEbUX6i2fxBCjha3xebiPNVIrPsNzHCWtQAWycI+nZyamVIB25accfsw9
nCo3DbxgSNaaLCpJfBt/Z5JZ4QQMb8iz0SQIQHqKm11tPj5ukwnecpgopwSi6epB
oUV3RIR5cauSyykTHecL+aNqbUcK61efWBIDMtclNPIxKdFp3vhcLhfF2jR73uxW
2k9Sl9kS6F3CTESOudDDDEW0Vt+aYJ97xCA9Sca6erw5ywlE3GscdTHTB61TwJe6
lspSSolvGCVk5zWqeNbFb36H8xoKJHYhMJTL1SQDT2tETiJy
-----END CERTIFICATE-----