Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/gCqBeQcxeP4mgIeC8gxfXD2ihNA.roa
File:                     gCqBeQcxeP4mgIeC8gxfXD2ihNA.roa (raw, json)
Hash identifier:          M8yQO0ZHmNcXujVHcxJQENuFmwi7ywPsRmKiyTk43dA=
Subject key identifier:   80:2A:81:79:07:31:78:FE:26:80:87:82:F2:0C:5F:5C:3D:A2:84:D0
Certificate issuer:       /CN=6fa86d1c1676a59a46acf37336192e985cff0e5b
Certificate serial:       019427B50B96A6C2B3B0A14A3A7AA7CEC772
Authority key identifier: 6F:A8:6D:1C:16:76:A5:9A:46:AC:F3:73:36:19:2E:98:5C:FF:0E:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b6htHBZ2pZpGrPNzNhkumFz_Dls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/gCqBeQcxeP4mgIeC8gxfXD2ihNA.roa
Signing time:             Thu 02 Jan 2025 15:49:23 +0000
ROA not before:           Thu 02 Jan 2025 15:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210701
IP address blocks:        2a11:4e40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/b6htHBZ2pZpGrPNzNhkumFz_Dls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/b6htHBZ2pZpGrPNzNhkumFz_Dls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b6htHBZ2pZpGrPNzNhkumFz_Dls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:0b:96:a6:c2:b3:b0:a1:4a:3a:7a:a7:ce:c7:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fa86d1c1676a59a46acf37336192e985cff0e5b
        Validity
            Not Before: Jan  2 15:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=802a8179073178fe26808782f20c5f5c3da284d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:85:68:28:73:59:14:31:c1:fb:37:58:92:1f:
                    f7:57:53:44:c1:90:cf:d5:27:1e:0e:fd:c7:be:cd:
                    ae:e5:0b:ef:f6:e4:76:06:7f:fc:af:aa:03:92:37:
                    cf:40:f9:04:ba:09:68:16:54:a4:82:56:98:e8:73:
                    61:b6:b7:c8:97:c3:7d:6c:14:6d:39:a7:58:23:35:
                    d8:2b:a2:04:e9:a8:f3:6d:cb:25:1b:6f:f4:19:4b:
                    39:dc:66:ee:9e:41:78:4c:08:46:7b:51:7c:5e:3d:
                    7c:b2:1a:ec:a5:a1:07:3c:7e:06:b7:d7:2b:f3:49:
                    d8:34:0c:64:c9:fa:53:5e:ee:b2:e5:12:f4:f7:e8:
                    32:e0:12:03:c7:89:77:c0:0a:9a:99:a5:ea:9e:36:
                    d1:bb:c7:df:86:55:9d:f1:c0:8a:f3:a6:b9:4b:61:
                    81:51:e2:34:33:14:98:fd:70:2e:cf:fb:e9:f4:ee:
                    70:bd:87:0a:bb:15:5a:9e:b3:c7:05:89:8e:2b:2c:
                    2f:f7:ed:2c:ac:50:ca:11:fa:8e:58:0a:9c:c1:e2:
                    8f:a3:0d:19:cf:b6:9f:32:07:0b:a2:fe:14:fd:d7:
                    68:5c:b9:a2:94:e0:34:0f:67:09:e7:b2:7e:34:0c:
                    60:ec:49:33:93:fc:a0:cd:18:d3:74:9d:b5:7b:6b:
                    e2:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:2A:81:79:07:31:78:FE:26:80:87:82:F2:0C:5F:5C:3D:A2:84:D0
            X509v3 Authority Key Identifier:
                keyid:6F:A8:6D:1C:16:76:A5:9A:46:AC:F3:73:36:19:2E:98:5C:FF:0E:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6htHBZ2pZpGrPNzNhkumFz_Dls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/gCqBeQcxeP4mgIeC8gxfXD2ihNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/b6htHBZ2pZpGrPNzNhkumFz_Dls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:4e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:76:13:9a:a9:5c:cd:1e:2a:45:9d:2c:f0:7e:2f:e0:79:9a:
         0d:b2:d2:2e:35:42:a0:3a:12:be:c8:e3:ed:a4:0f:4e:63:e4:
         d2:3c:53:d5:5a:a8:e0:35:ed:b4:93:19:a9:ae:9b:5b:a2:6e:
         39:2f:6d:64:40:a0:15:a9:4b:88:94:01:ed:21:30:ed:f9:42:
         67:b3:ec:b4:c1:64:08:56:f9:84:78:a2:0e:a4:80:84:f7:d9:
         93:a8:8f:84:b0:ce:30:01:11:e3:da:b2:7e:ed:d9:7f:a1:7d:
         f8:d8:ff:1a:a8:b9:71:56:db:09:51:fd:ec:0c:d4:76:1e:2e:
         0c:6a:37:70:4e:af:1c:8c:da:b7:d9:d7:30:4d:48:06:ec:f7:
         be:ae:65:37:71:83:af:2f:18:b7:89:b5:c5:26:39:f8:27:26:
         f9:bf:be:f8:f8:17:92:a9:d5:50:47:b9:0e:45:e3:7c:7f:ec:
         5a:3a:f9:80:70:b1:5a:86:08:72:d9:3a:72:01:71:ed:2b:da:
         70:8e:df:92:83:ba:22:9f:85:13:4f:b5:3f:bf:cd:a6:36:f5:
         3b:d0:22:f9:e1:c8:63:40:92:c9:4b:f2:47:85:f3:ce:e0:28:
         b0:ab:1d:a3:a2:2b:db:01:18:76:61:e0:e0:4c:fc:2c:cf:6a:
         dc:aa:2f:b1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQntQuWpsKzsKFKOnqnzsdyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYTg2ZDFjMTY3NmE1OWE0NmFjZjM3MzM2MTkyZTk4NWNm
ZjBlNWIwHhcNMjUwMTAyMTU0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDJhODE3OTA3MzE3OGZlMjY4MDg3ODJmMjBjNWY1YzNkYTI4NGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIVoKHNZFDHB+zdYkh/3V1NEwZDP
1SceDv3Hvs2u5Qvv9uR2Bn/8r6oDkjfPQPkEugloFlSkglaY6HNhtrfIl8N9bBRt
OadYIzXYK6IE6ajzbcslG2/0GUs53GbunkF4TAhGe1F8Xj18shrspaEHPH4Gt9cr
80nYNAxkyfpTXu6y5RL09+gy4BIDx4l3wAqamaXqnjbRu8ffhlWd8cCK86a5S2GB
UeI0MxSY/XAuz/vp9O5wvYcKuxVanrPHBYmOKywv9+0srFDKEfqOWAqcweKPow0Z
z7afMgcLov4U/ddoXLmilOA0D2cJ57J+NAxg7Ekzk/ygzRjTdJ21e2vimwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIAqgXkHMXj+JoCHgvIMX1w9ooTQMB8GA1UdIwQY
MBaAFG+obRwWdqWaRqzzczYZLphc/w5bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjZodEhCWjJwWnBHclBOek5oa3VtRnpfRGxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hZmUzNzMtZTViYy00MDEwLThhZDYt
NmFhYjJiMWI5MjJjLzEvZ0NxQmVRY3hlUDRtZ0llQzhneGZYRDJpaE5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hZmUzNzMtZTViYy00MDEwLThhZDYtNmFhYjJiMWI5MjJj
LzEvYjZodEhCWjJwWnBHclBOek5oa3VtRnpfRGxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhFOQDAN
BgkqhkiG9w0BAQsFAAOCAQEAhnYTmqlczR4qRZ0s8H4v4HmaDbLSLjVCoDoSvsjj
7aQPTmPk0jxT1Vqo4DXttJMZqa6bW6JuOS9tZECgFalLiJQB7SEw7flCZ7PstMFk
CFb5hHiiDqSAhPfZk6iPhLDOMAER49qyfu3Zf6F9+Nj/Gqi5cVbbCVH97AzUdh4u
DGo3cE6vHIzat9nXME1IBuz3vq5lN3GDry8Yt4m1xSY5+Ccm+b+++PgXkqnVUEe5
DkXjfH/sWjr5gHCxWoYIctk6cgFx7SvacI7fkoO6Ip+FE0+1P7/Npjb1O9Ai+eHI
Y0CSyUvyR4XzzuAosKsdo6Ir2wEYdmHg4Ez8LM9q3KovsQ==
-----END CERTIFICATE-----