Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/wS-ZYWnE9Zk6DJUs3sCV5yBn3ak.roa
File:                     wS-ZYWnE9Zk6DJUs3sCV5yBn3ak.roa (raw, json)
Hash identifier:          4bRb80RRs/QoIhxBs4Ime6HGYShS2787nhwQD+lr7Xw=
Subject key identifier:   C1:2F:99:61:69:C4:F5:99:3A:0C:95:2C:DE:C0:95:E7:20:67:DD:A9
Certificate issuer:       /CN=20c5ee02d2e05861dd906fe06b3844f04d378c73
Certificate serial:       0194258F4441C8A6625B9D7D057E2557C5EC
Authority key identifier: 20:C5:EE:02:D2:E0:58:61:DD:90:6F:E0:6B:38:44:F0:4D:37:8C:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IMXuAtLgWGHdkG_gazhE8E03jHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/wS-ZYWnE9Zk6DJUs3sCV5yBn3ak.roa
Signing time:             Thu 02 Jan 2025 05:48:53 +0000
ROA not before:           Thu 02 Jan 2025 05:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35594
IP address blocks:        2a0a:7d80:3::/48 maxlen: 48
                          2a0a:7d80:9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/IMXuAtLgWGHdkG_gazhE8E03jHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/IMXuAtLgWGHdkG_gazhE8E03jHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IMXuAtLgWGHdkG_gazhE8E03jHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 11:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:44:41:c8:a6:62:5b:9d:7d:05:7e:25:57:c5:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20c5ee02d2e05861dd906fe06b3844f04d378c73
        Validity
            Not Before: Jan  2 05:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c12f996169c4f5993a0c952cdec095e72067dda9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:48:50:98:91:d0:24:0a:90:6a:e1:32:37:40:
                    39:c7:f9:7c:28:02:28:03:6a:21:6b:56:ac:e4:4b:
                    58:dd:e9:33:c3:74:73:b0:3d:89:d1:37:11:95:ce:
                    fe:20:5e:99:43:9f:c1:6f:8d:59:81:4f:73:77:96:
                    e1:88:7d:7a:aa:29:a9:f1:5f:2b:56:26:01:c0:dd:
                    8f:7f:7d:52:ca:39:50:51:25:5a:07:ec:68:50:85:
                    56:b6:86:3b:2b:1a:fc:cd:c2:2a:fc:9e:b4:4a:5b:
                    fe:58:80:84:55:0e:bc:0b:5e:32:7a:0e:6b:2b:e7:
                    d1:5b:84:22:7a:c7:96:18:33:35:54:c7:84:de:06:
                    b7:49:ce:7a:2c:22:76:a3:ca:ef:40:39:7a:2a:c3:
                    de:40:d0:e9:53:98:b0:1b:ab:3a:f4:02:7a:b0:fe:
                    83:ca:2c:9d:2d:91:96:41:00:47:17:af:bf:cf:82:
                    b9:13:06:e4:cb:7a:2c:f6:a5:88:93:85:fd:e6:c8:
                    fb:20:0b:76:61:64:82:77:fb:f6:ea:64:16:3f:a8:
                    63:91:e5:51:87:0b:c6:46:82:51:2c:e6:40:47:7b:
                    9b:56:a6:98:8d:f7:53:99:b3:df:d0:24:54:06:7d:
                    35:ad:90:ca:48:ad:dd:4d:ff:1e:ce:a9:97:f1:df:
                    69:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:2F:99:61:69:C4:F5:99:3A:0C:95:2C:DE:C0:95:E7:20:67:DD:A9
            X509v3 Authority Key Identifier:
                keyid:20:C5:EE:02:D2:E0:58:61:DD:90:6F:E0:6B:38:44:F0:4D:37:8C:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IMXuAtLgWGHdkG_gazhE8E03jHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/wS-ZYWnE9Zk6DJUs3sCV5yBn3ak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/IMXuAtLgWGHdkG_gazhE8E03jHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:7d80:3::/48
                  2a0a:7d80:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:c6:c0:02:ee:92:f6:e8:16:34:13:a4:d8:eb:5a:f2:3c:ec:
         0c:67:10:94:a6:c0:67:3d:f3:73:3b:b1:a4:d0:33:70:12:7f:
         7c:02:2a:ae:73:62:c2:b3:4b:5d:83:75:83:98:1f:e7:2f:c7:
         af:12:d3:01:b8:78:d2:ce:bb:b3:e9:a5:a2:56:9f:3d:e6:91:
         04:07:89:60:a6:78:61:84:16:41:36:ae:fc:c7:3a:9e:0f:4a:
         97:b2:79:52:40:65:24:25:7c:c0:03:ad:00:68:04:38:f5:9a:
         5f:21:56:92:da:22:08:60:98:6b:8b:61:b0:cd:87:ac:07:c6:
         1e:21:6c:da:b4:a9:c3:ca:cf:97:81:b7:79:88:74:54:e3:c1:
         28:e3:4b:8f:16:0e:94:43:ef:bc:c5:32:87:18:bc:26:aa:eb:
         df:44:09:4d:b4:d0:15:06:34:7e:11:47:4e:5d:b9:ba:dc:e9:
         08:44:8b:0b:58:91:90:1e:b6:d4:a1:78:e0:4f:9d:fc:ef:a7:
         a4:95:5a:b9:ca:17:10:46:de:d6:55:03:0e:1e:77:a4:3c:44:
         04:ff:29:82:40:99:0d:89:ff:8f:6f:bd:fa:ce:1e:a1:50:79:
         f2:62:9e:e9:a0:ff:db:e6:71:de:53:7c:bc:ee:a6:32:71:e3:
         95:d0:35:8a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlj0RByKZiW519BX4lV8XsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYzVlZTAyZDJlMDU4NjFkZDkwNmZlMDZiMzg0NGYwNGQz
NzhjNzMwHhcNMjUwMTAyMDU0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTJmOTk2MTY5YzRmNTk5M2EwYzk1MmNkZWMwOTVlNzIwNjdkZGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUhQmJHQJAqQauEyN0A5x/l8KAIo
A2oha1as5EtY3ekzw3RzsD2J0TcRlc7+IF6ZQ5/Bb41ZgU9zd5bhiH16qimp8V8r
ViYBwN2Pf31SyjlQUSVaB+xoUIVWtoY7Kxr8zcIq/J60Slv+WICEVQ68C14yeg5r
K+fRW4QieseWGDM1VMeE3ga3Sc56LCJ2o8rvQDl6KsPeQNDpU5iwG6s69AJ6sP6D
yiydLZGWQQBHF6+/z4K5Ewbky3os9qWIk4X95sj7IAt2YWSCd/v26mQWP6hjkeVR
hwvGRoJRLOZAR3ubVqaYjfdTmbPf0CRUBn01rZDKSK3dTf8ezqmX8d9pOwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMEvmWFpxPWZOgyVLN7AlecgZ92pMB8GA1UdIwQY
MBaAFCDF7gLS4Fhh3ZBv4Gs4RPBNN4xzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU1YdUF0TGdXR0hka0dfZ2F6aEU4RTAzakhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC85NzkyOTYtZWY3YS00YmFjLThjMTUt
Njc3NzEzNTlhMmIzLzEvd1MtWllXbkU5Wms2REpVczNzQ1Y1eUJuM2FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC85NzkyOTYtZWY3YS00YmFjLThjMTUtNjc3NzEzNTlhMmIz
LzEvSU1YdUF0TGdXR0hka0dfZ2F6aEU4RTAzakhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgp9gAAD
AwcAKgp9gAAJMA0GCSqGSIb3DQEBCwUAA4IBAQBmxsAC7pL26BY0E6TY61ryPOwM
ZxCUpsBnPfNzO7Gk0DNwEn98Aiquc2LCs0tdg3WDmB/nL8evEtMBuHjSzruz6aWi
Vp895pEEB4lgpnhhhBZBNq78xzqeD0qXsnlSQGUkJXzAA60AaAQ49ZpfIVaS2iII
YJhri2GwzYesB8YeIWzatKnDys+Xgbd5iHRU48Eo40uPFg6UQ++8xTKHGLwmquvf
RAlNtNAVBjR+EUdOXbm63OkIRIsLWJGQHrbUoXjgT53876eklVq5yhcQRt7WVQMO
HnekPEQE/ymCQJkNif+Pb736zh6hUHnyYp7poP/b5nHeU3y87qYyceOV0DWK
-----END CERTIFICATE-----