Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/7vSowqY3zLVHcKRQmKhaSah-tyY.roa
File:                     7vSowqY3zLVHcKRQmKhaSah-tyY.roa (raw, json)
Hash identifier:          GDJHFB+LVsf5zCvLRtIdAUjiaeVjh1VRpfPOoUeuJ3c=
Subject key identifier:   EE:F4:A8:C2:A6:37:CC:B5:47:70:A4:50:98:A8:5A:49:A8:7E:B7:26
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       019420D63207DC851C3F58DE3E3886AE8337
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/7vSowqY3zLVHcKRQmKhaSah-tyY.roa
Signing time:             Wed 01 Jan 2025 07:48:15 +0000
ROA not before:           Wed 01 Jan 2025 07:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213273
IP address blocks:        2a0d:f407:1006::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:32:07:dc:85:1c:3f:58:de:3e:38:86:ae:83:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  1 07:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eef4a8c2a637ccb54770a45098a85a49a87eb726
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:4b:ce:40:c4:1c:5f:dc:af:4c:37:af:9f:e7:
                    4a:4a:af:35:67:71:a5:48:a9:a1:3c:e9:3c:66:67:
                    3c:8f:2e:2b:90:fd:60:7c:90:b7:b5:db:90:7b:e7:
                    5f:75:0c:0f:7d:e7:6d:88:4e:bb:e3:ae:78:3f:2c:
                    aa:ff:5d:a1:ba:24:75:44:24:ae:b9:5d:b1:b5:6c:
                    a9:99:51:6d:48:5a:0e:77:15:2f:62:a1:3b:95:72:
                    8f:d3:24:3b:ab:95:ea:e7:5e:3d:19:5f:a8:e3:f6:
                    8e:b2:54:f5:c5:98:28:00:89:86:66:95:d7:48:98:
                    ae:22:5e:b4:15:30:a3:20:b5:91:2e:95:7a:96:75:
                    9d:2a:9f:2e:38:27:e9:75:d0:5c:91:5b:e6:93:aa:
                    02:b9:e4:a2:88:3b:d7:3e:81:0c:15:f4:24:1d:eb:
                    9d:e1:d8:3e:53:6c:ea:8f:59:40:74:b2:95:cf:e6:
                    85:5a:18:01:bd:15:11:86:47:98:44:a1:bf:5f:ec:
                    48:07:cd:6e:39:10:45:3c:f6:7b:ec:4e:74:5e:20:
                    24:59:4e:e9:37:53:53:74:70:fb:90:d4:2f:6f:4e:
                    5a:59:93:8f:89:fd:d4:5a:30:99:d2:49:fe:d1:5e:
                    0b:e2:ba:f9:cf:a6:9b:0d:7d:7a:8e:62:c3:97:b2:
                    69:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:F4:A8:C2:A6:37:CC:B5:47:70:A4:50:98:A8:5A:49:A8:7E:B7:26
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/7vSowqY3zLVHcKRQmKhaSah-tyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:f407:1006::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:c3:62:97:4c:6a:78:c8:e4:03:7e:43:bb:70:20:a7:a3:ab:
         5b:2d:05:9d:d2:31:b3:5b:a6:e5:33:02:9f:96:f9:13:b3:ef:
         17:bf:25:6e:26:40:74:8f:c4:62:60:6f:61:ac:2e:a9:7d:d6:
         68:ea:8b:83:ab:3b:62:1f:9b:d0:d8:8e:57:5a:c0:c0:45:3a:
         98:5d:da:70:8d:84:7b:a2:a2:a1:71:8c:0c:69:f0:a7:79:7f:
         f3:51:5e:08:97:0a:9e:de:2d:96:e3:7c:12:cf:37:54:3f:06:
         2a:eb:b4:c4:13:47:ba:21:a0:6a:dc:35:85:67:fe:ad:2d:78:
         13:0a:de:b7:7b:36:e4:92:d3:71:95:bd:9a:fe:e6:88:30:07:
         4e:d9:f6:45:cd:bc:e4:2f:8d:75:da:0e:5b:3b:b4:5c:ad:51:
         09:cb:c0:00:41:38:38:79:2d:c0:02:49:3d:e7:06:43:a0:bb:
         9d:33:c3:ac:b6:ce:bb:4b:a2:0f:89:dd:b2:6a:01:79:11:4e:
         d1:64:af:40:b6:0c:eb:5b:6e:41:db:e4:d6:3e:d5:2d:20:b8:
         ad:37:87:ad:4e:95:41:d1:16:a0:39:af:9b:0b:74:b2:55:3b:
         00:f0:36:8c:f4:5b:c5:48:07:db:44:82:ef:37:f7:57:13:a9:
         13:74:c7:6e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1jIH3IUcP1jePjiGroM3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjUwMTAxMDc0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWY0YThjMmE2MzdjY2I1NDc3MGE0NTA5OGE4NWE0OWE4N2ViNzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2EvOQMQcX9yvTDevn+dKSq81Z3Gl
SKmhPOk8Zmc8jy4rkP1gfJC3tduQe+dfdQwPfedtiE674654Pyyq/12huiR1RCSu
uV2xtWypmVFtSFoOdxUvYqE7lXKP0yQ7q5Xq5149GV+o4/aOslT1xZgoAImGZpXX
SJiuIl60FTCjILWRLpV6lnWdKp8uOCfpddBckVvmk6oCueSiiDvXPoEMFfQkHeud
4dg+U2zqj1lAdLKVz+aFWhgBvRURhkeYRKG/X+xIB81uORBFPPZ77E50XiAkWU7p
N1NTdHD7kNQvb05aWZOPif3UWjCZ0kn+0V4L4rr5z6abDX16jmLDl7Jp5wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO70qMKmN8y1R3CkUJioWkmofrcmMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvN3ZTb3dxWTN6TFZIY0tSUW1LaGFTYWgtdHlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg30BxAG
MA0GCSqGSIb3DQEBCwUAA4IBAQBow2KXTGp4yOQDfkO7cCCno6tbLQWd0jGzW6bl
MwKflvkTs+8XvyVuJkB0j8RiYG9hrC6pfdZo6ouDqztiH5vQ2I5XWsDARTqYXdpw
jYR7oqKhcYwMafCneX/zUV4Ilwqe3i2W43wSzzdUPwYq67TEE0e6IaBq3DWFZ/6t
LXgTCt63ezbkktNxlb2a/uaIMAdO2fZFzbzkL4112g5bO7RcrVEJy8AAQTg4eS3A
Akk95wZDoLudM8Osts67S6IPid2yagF5EU7RZK9AtgzrW25B2+TWPtUtILitN4et
TpVB0RagOa+bC3SyVTsA8DaM9FvFSAfbRILvN/dXE6kTdMdu
-----END CERTIFICATE-----