Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/ONAb3aa9aLqBAH1nZ2X-0Z8C9Vk.roa
File:                     ONAb3aa9aLqBAH1nZ2X-0Z8C9Vk.roa (raw, json)
Hash identifier:          toxq5hd68ktpiB99iFz4dER/H0vTabk/sYSInN7166g=
Subject key identifier:   38:D0:1B:DD:A6:BD:68:BA:81:00:7D:67:67:65:FE:D1:9F:02:F5:59
Certificate issuer:       /CN=2793bde946ae936d3cacc136a5f3239edf2431f4
Certificate serial:       019428243BC67DAF5C625E71D8A598AE107F
Authority key identifier: 27:93:BD:E9:46:AE:93:6D:3C:AC:C1:36:A5:F3:23:9E:DF:24:31:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/ONAb3aa9aLqBAH1nZ2X-0Z8C9Vk.roa
Signing time:             Thu 02 Jan 2025 17:50:50 +0000
ROA not before:           Thu 02 Jan 2025 17:50:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202634
IP address blocks:        2a0b:8dc0::/29 maxlen: 29
                          2a0f:6840::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:3b:c6:7d:af:5c:62:5e:71:d8:a5:98:ae:10:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2793bde946ae936d3cacc136a5f3239edf2431f4
        Validity
            Not Before: Jan  2 17:50:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38d01bdda6bd68ba81007d676765fed19f02f559
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:2f:5c:dc:0b:84:a6:82:8d:3d:03:a1:95:b4:
                    80:a0:69:b8:fc:90:cd:55:b4:5b:89:41:d3:3b:08:
                    4a:f0:be:2b:98:18:05:c5:f7:8d:99:5d:da:6f:aa:
                    d2:c6:ba:4a:bc:10:6c:cd:27:d6:86:09:c1:dc:96:
                    19:43:c5:ce:b7:8e:c8:45:cb:ef:9b:83:5a:7a:e5:
                    f8:0d:cf:12:56:a7:a3:6d:85:b2:50:85:3a:eb:84:
                    1c:5d:d9:7e:a7:90:b9:60:62:66:78:2b:32:74:0d:
                    bd:34:b3:9d:4d:13:77:de:0c:39:19:2d:28:02:53:
                    07:9e:f5:f8:04:a9:cb:9a:33:4b:be:2d:29:47:e1:
                    97:d4:c8:11:4c:49:cd:0c:0e:1d:c2:33:1b:73:32:
                    a0:7f:29:7b:c1:95:c1:c2:cc:28:cd:ac:d5:e5:20:
                    d4:57:b2:5c:98:d4:1c:b6:74:54:ff:b8:a2:d2:78:
                    13:af:ec:ab:a1:cc:1b:aa:92:78:6f:20:5a:f6:b4:
                    b4:de:c8:8a:82:db:46:4b:59:ee:44:da:6b:d4:08:
                    2d:f1:34:ce:1b:55:cf:68:3d:4b:90:54:4a:55:4d:
                    b7:27:91:34:3a:46:fb:e6:33:a5:7d:92:6f:2f:9d:
                    a9:9a:1b:8a:b0:75:c1:bc:d1:4b:55:f7:36:63:53:
                    41:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:D0:1B:DD:A6:BD:68:BA:81:00:7D:67:67:65:FE:D1:9F:02:F5:59
            X509v3 Authority Key Identifier:
                keyid:27:93:BD:E9:46:AE:93:6D:3C:AC:C1:36:A5:F3:23:9E:DF:24:31:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/ONAb3aa9aLqBAH1nZ2X-0Z8C9Vk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:8dc0::/29
                  2a0f:6840::/29

    Signature Algorithm: sha256WithRSAEncryption
         b5:da:b6:d8:cc:74:5f:6a:7e:05:9f:57:2a:f4:ee:b5:49:82:
         c2:28:bc:76:fe:52:d0:4a:95:69:88:20:ec:d6:73:07:de:46:
         3b:01:81:89:b6:6d:a2:9f:7a:ec:14:13:00:47:74:f0:ce:18:
         a6:2c:28:9c:73:0f:76:a6:8b:45:c3:e4:16:3a:4b:4e:a8:82:
         2d:8e:20:a6:f0:4f:0c:8f:db:dc:e0:b8:35:86:ca:da:df:70:
         62:96:0f:68:d0:06:d6:eb:91:87:3b:50:23:5c:59:85:3c:70:
         d1:10:4b:0a:71:2e:95:0a:6c:b2:22:0b:d3:ff:5c:5c:ee:2b:
         50:49:35:4b:44:8a:2e:1b:3d:90:c7:86:8a:a0:48:64:1c:6c:
         f4:a2:d3:da:ca:6a:95:27:20:32:da:3d:88:55:7a:4c:ca:71:
         bd:ea:8f:be:9e:42:6a:ae:0c:54:6f:2f:c3:9f:f1:23:9a:97:
         39:6a:6f:d1:df:2f:5b:78:e1:f0:45:62:b1:50:b7:ce:97:05:
         9b:93:ab:7d:38:3b:40:d9:3f:4f:ac:ce:cd:3b:9b:ea:cc:b7:
         a9:48:b5:f4:c1:fd:ed:65:92:25:55:84:68:d3:f9:07:46:ed:
         06:7e:2b:7f:87:ba:4c:76:06:dd:4c:e9:45:fe:51:e6:e4:d0:
         8f:3f:e9:36
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQoJDvGfa9cYl5x2KWYrhB/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTNiZGU5NDZhZTkzNmQzY2FjYzEzNmE1ZjMyMzllZGYy
NDMxZjQwHhcNMjUwMTAyMTc1MDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGQwMWJkZGE2YmQ2OGJhODEwMDdkNjc2NzY1ZmVkMTlmMDJmNTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwy9c3AuEpoKNPQOhlbSAoGm4/JDN
VbRbiUHTOwhK8L4rmBgFxfeNmV3ab6rSxrpKvBBszSfWhgnB3JYZQ8XOt47IRcvv
m4NaeuX4Dc8SVqejbYWyUIU664QcXdl+p5C5YGJmeCsydA29NLOdTRN33gw5GS0o
AlMHnvX4BKnLmjNLvi0pR+GX1MgRTEnNDA4dwjMbczKgfyl7wZXBwswozazV5SDU
V7JcmNQctnRU/7ii0ngTr+yrocwbqpJ4byBa9rS03siKgttGS1nuRNpr1Agt8TTO
G1XPaD1LkFRKVU23J5E0Okb75jOlfZJvL52pmhuKsHXBvNFLVfc2Y1NBvQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDjQG92mvWi6gQB9Z2dl/tGfAvVZMB8GA1UdIwQY
MBaAFCeTvelGrpNtPKzBNqXzI57fJDH0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVPOTZVYXVrMjA4ck1FMnBmTWpudDhrTWZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9iZjU4ZGEtYTlkMi00MjFhLWI0M2Et
OTJjM2JmNzRhOTdiLzEvT05BYjNhYTlhTHFCQUgxbloyWC0wWjhDOVZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9iZjU4ZGEtYTlkMi00MjFhLWI0M2EtOTJjM2JmNzRhOTdi
LzEvSjVPOTZVYXVrMjA4ck1FMnBmTWpudDhrTWZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKguNwAMF
AyoPaEAwDQYJKoZIhvcNAQELBQADggEBALXattjMdF9qfgWfVyr07rVJgsIovHb+
UtBKlWmIIOzWcwfeRjsBgYm2baKfeuwUEwBHdPDOGKYsKJxzD3ami0XD5BY6S06o
gi2OIKbwTwyP29zguDWGytrfcGKWD2jQBtbrkYc7UCNcWYU8cNEQSwpxLpUKbLIi
C9P/XFzuK1BJNUtEii4bPZDHhoqgSGQcbPSi09rKapUnIDLaPYhVekzKcb3qj76e
QmquDFRvL8Of8SOalzlqb9HfL1t44fBFYrFQt86XBZuTq304O0DZP0+szs07m+rM
t6lItfTB/e1lkiVVhGjT+QdG7QZ+K3+Hukx2Bt1M6UX+Uebk0I8/6TY=
-----END CERTIFICATE-----