Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/KNoplKbnalbBlNJ0HrGiOS5fwgk.roa
File:                     KNoplKbnalbBlNJ0HrGiOS5fwgk.roa (raw, json)
Hash identifier:          6g25L6YriR7F4NqmIjLUqgHXTaSIa9NMu6Z6ggsvzHE=
Subject key identifier:   28:DA:29:94:A6:E7:6A:56:C1:94:D2:74:1E:B1:A2:39:2E:5F:C2:09
Certificate issuer:       /CN=8aab4c0cf21c1a3d6ea41068cbe908be388e450a
Certificate serial:       019420684DF566FA2DD4244363B55C80A59A
Authority key identifier: 8A:AB:4C:0C:F2:1C:1A:3D:6E:A4:10:68:CB:E9:08:BE:38:8E:45:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iqtMDPIcGj1upBBoy-kIvjiORQo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/KNoplKbnalbBlNJ0HrGiOS5fwgk.roa
Signing time:             Wed 01 Jan 2025 05:48:14 +0000
ROA not before:           Wed 01 Jan 2025 05:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212374
IP address blocks:        2a07:7940:15::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/iqtMDPIcGj1upBBoy-kIvjiORQo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/iqtMDPIcGj1upBBoy-kIvjiORQo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iqtMDPIcGj1upBBoy-kIvjiORQo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:4d:f5:66:fa:2d:d4:24:43:63:b5:5c:80:a5:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8aab4c0cf21c1a3d6ea41068cbe908be388e450a
        Validity
            Not Before: Jan  1 05:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28da2994a6e76a56c194d2741eb1a2392e5fc209
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:97:4b:a9:03:7d:57:b3:b1:bf:7c:55:0c:11:
                    cc:46:38:8e:2e:28:35:f3:15:fc:c2:c3:49:32:93:
                    c9:a8:5d:07:2c:4b:a5:57:fd:cb:ae:6d:44:fc:0b:
                    e8:00:bf:b5:aa:f7:3e:fb:48:f8:10:d2:bb:5e:3c:
                    93:04:4e:09:93:9c:35:e6:f0:85:c3:42:1e:93:b5:
                    32:91:f5:89:88:bf:f8:2a:07:a3:e1:f7:87:e5:34:
                    50:0d:f9:92:1e:96:32:77:fd:26:5c:20:1a:75:78:
                    d2:36:50:c2:67:e1:20:e9:3c:f5:39:dc:36:2b:ce:
                    a8:0d:d3:e2:e2:dd:56:fb:fb:42:88:8e:42:eb:e5:
                    9a:93:51:77:3a:7f:44:54:ee:fc:2c:d9:0b:d8:13:
                    65:74:25:c0:06:3c:49:46:ed:00:57:76:94:72:28:
                    03:d4:0e:12:78:ab:76:97:21:7e:db:bb:e9:4b:05:
                    1f:c8:4e:a9:0a:d5:f3:d6:f2:76:66:03:d0:77:d5:
                    de:b9:e8:e7:dd:ea:03:5d:a4:54:61:be:47:96:b3:
                    73:d6:51:fc:50:72:fe:a7:39:35:f9:61:23:86:f4:
                    11:d1:77:09:fd:ec:a9:fb:27:95:1a:06:2d:a0:07:
                    d3:f0:6e:9e:d1:04:9c:cc:11:14:7f:0f:89:eb:1a:
                    6f:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:DA:29:94:A6:E7:6A:56:C1:94:D2:74:1E:B1:A2:39:2E:5F:C2:09
            X509v3 Authority Key Identifier:
                keyid:8A:AB:4C:0C:F2:1C:1A:3D:6E:A4:10:68:CB:E9:08:BE:38:8E:45:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iqtMDPIcGj1upBBoy-kIvjiORQo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/KNoplKbnalbBlNJ0HrGiOS5fwgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/iqtMDPIcGj1upBBoy-kIvjiORQo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:7940:15::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:a9:ce:62:b2:27:99:c3:99:e6:6b:e1:52:f0:de:41:54:42:
         57:77:36:0d:e5:4c:da:e4:71:bc:3c:15:34:5a:3f:9b:25:e7:
         96:ed:81:8e:03:bf:5d:5c:7c:ee:cb:ef:11:e9:76:96:e5:d9:
         18:7d:96:0a:7f:82:65:53:63:7b:86:a5:27:87:94:1b:9c:a6:
         97:20:45:1e:a8:58:a7:27:8a:9e:2e:b8:59:fa:e8:1a:72:fd:
         ec:04:36:25:bb:da:e9:ec:2c:39:c1:dd:49:35:2c:d3:d0:33:
         e3:e4:76:d5:7c:ff:6a:a8:8b:05:8d:49:f9:82:7f:bd:d5:53:
         06:3d:13:4d:ff:04:ee:7f:2a:5f:95:e9:0c:70:8d:69:83:3c:
         d7:36:a6:dc:d8:ef:69:54:d1:b3:2a:7e:f9:d4:4f:55:e8:dd:
         25:d6:0b:31:3c:37:11:9a:fd:b3:3d:47:df:34:33:c0:35:b5:
         43:98:45:f7:1b:3a:5a:80:67:d2:2b:63:40:ec:2f:a3:dd:ed:
         87:8f:0a:51:e1:ba:7f:92:e9:0a:d3:c0:a5:f0:e1:7b:7b:ce:
         93:07:c6:15:3a:cd:f1:6d:70:c4:ac:61:7b:2d:a2:23:78:01:
         73:ad:a4:cf:45:54:e9:39:2f:a9:14:d1:c2:53:1c:60:45:5a:
         f8:1b:f6:63
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQgaE31Zvot1CRDY7VcgKWaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYWI0YzBjZjIxYzFhM2Q2ZWE0MTA2OGNiZTkwOGJlMzg4
ZTQ1MGEwHhcNMjUwMTAxMDU0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGRhMjk5NGE2ZTc2YTU2YzE5NGQyNzQxZWIxYTIzOTJlNWZjMjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpdLqQN9V7Oxv3xVDBHMRjiOLig1
8xX8wsNJMpPJqF0HLEulV/3Lrm1E/AvoAL+1qvc++0j4ENK7XjyTBE4Jk5w15vCF
w0Iek7UykfWJiL/4Kgej4feH5TRQDfmSHpYyd/0mXCAadXjSNlDCZ+Eg6Tz1Odw2
K86oDdPi4t1W+/tCiI5C6+Wak1F3On9EVO78LNkL2BNldCXABjxJRu0AV3aUcigD
1A4SeKt2lyF+27vpSwUfyE6pCtXz1vJ2ZgPQd9Xeuejn3eoDXaRUYb5HlrNz1lH8
UHL+pzk1+WEjhvQR0XcJ/eyp+yeVGgYtoAfT8G6e0QSczBEUfw+J6xpvpwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCjaKZSm52pWwZTSdB6xojkuX8IJMB8GA1UdIwQY
MBaAFIqrTAzyHBo9bqQQaMvpCL44jkUKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXF0TURQSWNHajF1cEJCb3kta0l2amlPUlFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NDBjMWUtMWE0Yy00Y2EyLWJkNTMt
NTM3YjFiNDlkZmU3LzEvS05vcGxLYm5hbGJCbE5KMEhyR2lPUzVmd2drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NDBjMWUtMWE0Yy00Y2EyLWJkNTMtNTM3YjFiNDlkZmU3
LzEvaXF0TURQSWNHajF1cEJCb3kta0l2amlPUlFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgd5QAAV
MA0GCSqGSIb3DQEBCwUAA4IBAQAeqc5isieZw5nma+FS8N5BVEJXdzYN5Uza5HG8
PBU0Wj+bJeeW7YGOA79dXHzuy+8R6XaW5dkYfZYKf4JlU2N7hqUnh5QbnKaXIEUe
qFinJ4qeLrhZ+ugacv3sBDYlu9rp7Cw5wd1JNSzT0DPj5HbVfP9qqIsFjUn5gn+9
1VMGPRNN/wTufypflekMcI1pgzzXNqbc2O9pVNGzKn751E9V6N0l1gsxPDcRmv2z
PUffNDPANbVDmEX3GzpagGfSK2NA7C+j3e2HjwpR4bp/kukK08Cl8OF7e86TB8YV
Os3xbXDErGF7LaIjeAFzraTPRVTpOS+pFNHCUxxgRVr4G/Zj
-----END CERTIFICATE-----