Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/aa4497-0952-4618-9372-f42cd46d04ec/1/2x7OqnJPBLrGZL2rttYvcbQz8Tw.roa
File:                     2x7OqnJPBLrGZL2rttYvcbQz8Tw.roa (raw, json)
Hash identifier:          WNGnFlqIRITx+enQw6qGHRhLudWi7SmIAW5VCe5iYGY=
Subject key identifier:   DB:1E:CE:AA:72:4F:04:BA:C6:64:BD:AB:B6:D6:2F:71:B4:33:F1:3C
Certificate issuer:       /CN=c3e88be5c0afab3d1dbe12dc79310c4499e127ad
Certificate serial:       0195843BB333830BF5B96D6AFFC543CF9A92
Authority key identifier: C3:E8:8B:E5:C0:AF:AB:3D:1D:BE:12:DC:79:31:0C:44:99:E1:27:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w-iL5cCvqz0dvhLceTEMRJnhJ60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/aa4497-0952-4618-9372-f42cd46d04ec/1/2x7OqnJPBLrGZL2rttYvcbQz8Tw.roa
Signing time:             Tue 11 Mar 2025 08:04:19 +0000
ROA not before:           Tue 11 Mar 2025 08:04:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21430
IP address blocks:        96.9.126.0/24 maxlen: 24
                          2a14:a480::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/aa4497-0952-4618-9372-f42cd46d04ec/1/w-iL5cCvqz0dvhLceTEMRJnhJ60.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/aa4497-0952-4618-9372-f42cd46d04ec/1/w-iL5cCvqz0dvhLceTEMRJnhJ60.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w-iL5cCvqz0dvhLceTEMRJnhJ60.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:84:3b:b3:33:83:0b:f5:b9:6d:6a:ff:c5:43:cf:9a:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3e88be5c0afab3d1dbe12dc79310c4499e127ad
        Validity
            Not Before: Mar 11 08:04:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db1eceaa724f04bac664bdabb6d62f71b433f13c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:6f:75:92:5f:fa:27:9b:5c:1b:9c:34:49:aa:
                    b6:0e:92:b9:d2:f9:48:3d:05:79:9c:5a:3c:07:20:
                    e8:8c:7c:3d:c7:bd:c2:f5:b5:11:cc:3b:dd:b7:01:
                    95:b4:64:36:3d:9c:27:8e:21:78:fa:f5:34:a1:49:
                    50:b9:44:c3:02:af:c9:f8:f2:2d:a7:1b:2a:16:4b:
                    58:0c:7a:7e:4e:95:88:a0:d8:0b:82:b9:fc:06:4b:
                    97:db:4b:7c:35:2c:f3:6d:a9:20:63:dc:02:af:a2:
                    a8:58:58:83:f4:ab:ac:d0:52:8c:64:10:db:35:7c:
                    5a:67:1a:2e:78:b7:21:2c:6c:1f:0f:ec:9b:a6:39:
                    1d:bb:c8:2f:cd:b6:d9:9d:d8:d9:1b:5c:e1:d0:b2:
                    8c:86:99:4b:39:a9:43:26:b3:ef:04:4a:a1:0c:39:
                    21:f7:f3:cc:63:85:01:0e:a1:31:28:1b:0d:9e:da:
                    d5:71:f0:01:44:45:5a:2d:92:1c:46:0d:96:0e:08:
                    de:11:15:06:74:2b:ac:04:a2:e7:46:a2:92:04:b9:
                    5f:63:60:59:f1:f8:da:6d:5c:8e:96:04:d3:22:be:
                    1c:49:a1:ae:da:0d:af:7d:b2:59:7a:cc:10:f4:9e:
                    58:b2:48:a9:bd:6d:e0:72:55:64:ab:70:94:ee:8d:
                    c1:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:1E:CE:AA:72:4F:04:BA:C6:64:BD:AB:B6:D6:2F:71:B4:33:F1:3C
            X509v3 Authority Key Identifier:
                keyid:C3:E8:8B:E5:C0:AF:AB:3D:1D:BE:12:DC:79:31:0C:44:99:E1:27:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w-iL5cCvqz0dvhLceTEMRJnhJ60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aa4497-0952-4618-9372-f42cd46d04ec/1/2x7OqnJPBLrGZL2rttYvcbQz8Tw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aa4497-0952-4618-9372-f42cd46d04ec/1/w-iL5cCvqz0dvhLceTEMRJnhJ60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.9.126.0/24
                IPv6:
                  2a14:a480::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:91:8e:b1:84:f5:c8:7c:d1:72:e0:7f:62:7c:d6:68:31:39:
         70:ec:24:34:75:d5:10:54:bd:69:a0:bc:23:57:11:a9:a6:a4:
         f1:0b:fb:9a:7f:73:68:c2:81:4f:0b:28:e3:3a:e4:a9:f2:79:
         fe:14:60:1a:f8:c5:34:a9:c9:5f:f5:7c:22:d2:43:65:eb:be:
         f4:76:d2:31:22:31:88:db:2a:2a:1d:96:e4:5b:52:8e:05:f9:
         d7:38:85:00:de:fb:df:f4:03:9c:be:de:ab:ae:bf:bf:5b:6d:
         02:49:e3:62:a7:f0:19:6a:96:16:6b:7e:af:78:a7:a3:6b:90:
         bd:16:65:f8:c3:2d:12:11:27:81:c8:f1:04:fa:d3:93:49:fd:
         77:c6:58:c3:36:19:4c:50:3f:09:dd:5a:0c:53:92:08:93:1d:
         60:7e:97:ea:5f:35:14:ac:93:88:35:6d:37:85:b8:7f:35:51:
         4b:80:e3:f0:b1:b5:3f:10:33:46:79:18:74:45:27:6a:cb:58:
         3e:ba:42:7f:c8:48:2a:fa:eb:55:6c:f6:05:97:58:06:05:90:
         0d:e3:93:89:b3:c2:be:da:0d:37:e8:da:7e:00:3a:83:b8:60:
         bf:16:2a:54:af:f6:41:19:0a:2e:5f:0e:6d:72:5d:f9:af:5a:
         f4:33:a3:6b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZWEO7Mzgwv1uW1q/8VDz5qSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzZTg4YmU1YzBhZmFiM2QxZGJlMTJkYzc5MzEwYzQ0OTll
MTI3YWQwHhcNMjUwMzExMDgwNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjFlY2VhYTcyNGYwNGJhYzY2NGJkYWJiNmQ2MmY3MWI0MzNmMTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwW91kl/6J5tcG5w0Saq2DpK50vlI
PQV5nFo8ByDojHw9x73C9bURzDvdtwGVtGQ2PZwnjiF4+vU0oUlQuUTDAq/J+PIt
pxsqFktYDHp+TpWIoNgLgrn8BkuX20t8NSzzbakgY9wCr6KoWFiD9Kus0FKMZBDb
NXxaZxoueLchLGwfD+ybpjkdu8gvzbbZndjZG1zh0LKMhplLOalDJrPvBEqhDDkh
9/PMY4UBDqExKBsNntrVcfABREVaLZIcRg2WDgjeERUGdCusBKLnRqKSBLlfY2BZ
8fjabVyOlgTTIr4cSaGu2g2vfbJZeswQ9J5YskipvW3gclVkq3CU7o3BnwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNsezqpyTwS6xmS9q7bWL3G0M/E8MB8GA1UdIwQY
MBaAFMPoi+XAr6s9Hb4S3HkxDESZ4SetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdy1pTDVjQ3ZxejBkdmhMY2VURU1SSm5oSjYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hYTQ0OTctMDk1Mi00NjE4LTkzNzIt
ZjQyY2Q0NmQwNGVjLzEvMng3T3FuSlBCTHJHWkwycnR0WXZjYlF6OFR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hYTQ0OTctMDk1Mi00NjE4LTkzNzItZjQyY2Q0NmQwNGVj
LzEvdy1pTDVjQ3ZxejBkdmhMY2VURU1SSm5oSjYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAYAl+MA8E
AgACMAkDBwAqFKSAAAAwDQYJKoZIhvcNAQELBQADggEBAKCRjrGE9ch80XLgf2J8
1mgxOXDsJDR11RBUvWmgvCNXEammpPEL+5p/c2jCgU8LKOM65Knyef4UYBr4xTSp
yV/1fCLSQ2XrvvR20jEiMYjbKiodluRbUo4F+dc4hQDe+9/0A5y+3quuv79bbQJJ
42Kn8BlqlhZrfq94p6NrkL0WZfjDLRIRJ4HI8QT605NJ/XfGWMM2GUxQPwndWgxT
kgiTHWB+l+pfNRSsk4g1bTeFuH81UUuA4/CxtT8QM0Z5GHRFJ2rLWD66Qn/ISCr6
61Vs9gWXWAYFkA3jk4mzwr7aDTfo2n4AOoO4YL8WKlSv9kEZCi5fDm1yXfmvWvQz
o2s=
-----END CERTIFICATE-----