Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/Ia6V3oQfJDjO1qZ0unwCn8VGfRI.roa
File:                     Ia6V3oQfJDjO1qZ0unwCn8VGfRI.roa (raw, json)
Hash identifier:          YjJMnYScrGxfBSd345nAAnlIHFqBVMEk1HrKUwbMEtQ=
Subject key identifier:   21:AE:95:DE:84:1F:24:38:CE:D6:A6:74:BA:7C:02:9F:C5:46:7D:12
Certificate issuer:       /CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
Certificate serial:       01941F8C60E719156451D3975372F50284CA
Authority key identifier: EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/Ia6V3oQfJDjO1qZ0unwCn8VGfRI.roa
Signing time:             Wed 01 Jan 2025 01:48:01 +0000
ROA not before:           Wed 01 Jan 2025 01:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53667
IP address blocks:        2a11:2304::/37 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:60:e7:19:15:64:51:d3:97:53:72:f5:02:84:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
        Validity
            Not Before: Jan  1 01:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21ae95de841f2438ced6a674ba7c029fc5467d12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:76:d8:72:75:bd:e0:89:04:df:14:9a:4e:24:
                    64:e5:4f:a7:16:ff:fb:48:bd:9d:98:e8:e8:df:df:
                    13:e4:59:4c:83:63:2a:c2:f7:be:80:a9:35:de:e1:
                    7f:4b:e0:0c:37:7e:c0:43:2f:81:45:83:69:54:5d:
                    8e:2c:f4:88:e8:20:f0:6c:e5:f3:eb:44:ac:88:ee:
                    89:6d:fc:47:aa:06:5f:17:a3:79:5d:c5:67:8c:ca:
                    05:d8:7a:33:16:5a:e2:80:77:de:5f:d0:ac:2d:d3:
                    2c:31:07:fd:2c:07:92:fb:be:53:99:e0:bf:28:11:
                    a1:4c:66:71:63:ea:44:f8:42:4d:cc:79:f3:49:fb:
                    5e:d7:26:99:46:3a:65:0f:7c:e3:4b:ba:78:0b:36:
                    a7:df:0b:fc:9b:eb:3b:6a:5c:0e:ba:94:33:85:23:
                    97:86:b3:5c:5b:6b:a9:ad:32:1d:69:f0:40:f5:2d:
                    58:ea:ff:37:36:b8:40:76:e4:82:aa:a7:cb:7c:d2:
                    31:43:3a:8b:a4:04:24:cf:dc:2f:28:cd:e3:e3:da:
                    14:21:d1:e9:10:94:41:50:e5:c5:e5:23:8a:13:4e:
                    bb:df:37:ca:0d:0e:11:22:f4:7d:a1:f8:03:bf:c6:
                    d6:44:1d:ed:c8:d8:45:1c:be:c3:dc:f1:74:e5:fd:
                    e8:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:AE:95:DE:84:1F:24:38:CE:D6:A6:74:BA:7C:02:9F:C5:46:7D:12
            X509v3 Authority Key Identifier:
                keyid:EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/Ia6V3oQfJDjO1qZ0unwCn8VGfRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:2304::/37

    Signature Algorithm: sha256WithRSAEncryption
         6b:05:b9:3f:df:13:63:cf:81:48:7b:50:65:6e:ea:33:09:54:
         80:09:30:23:e1:c0:8e:da:69:88:8f:5c:9c:cf:55:39:b3:43:
         c0:39:8b:80:3e:81:64:44:d9:96:58:18:55:b5:61:7d:a9:bc:
         f4:45:ce:aa:55:da:83:10:80:62:d9:cc:64:db:53:2f:5b:1a:
         39:cb:fd:5c:e8:5d:e5:38:36:b4:6e:6d:77:67:0a:30:d2:eb:
         7b:53:eb:8d:eb:7d:5e:bf:2e:b8:bf:7f:ac:26:85:fe:5f:a1:
         3c:ef:f8:3b:7f:58:91:3a:05:28:bf:52:15:7f:0b:e9:3d:97:
         a3:d5:f8:d3:6c:4a:57:20:b5:b2:b9:a8:ce:29:27:07:d6:5e:
         20:a5:13:30:1b:c3:ad:9c:d3:4a:79:65:1a:29:fa:6e:04:aa:
         ed:b2:80:50:d2:e8:34:47:2a:42:fa:ce:fe:23:2e:88:16:8c:
         f7:35:52:82:ba:3c:37:b5:77:52:0d:0d:29:70:e6:72:f9:c7:
         07:95:6b:4e:8c:e2:bc:87:f5:54:5a:ef:96:dc:d4:3c:6c:1d:
         41:30:0b:f6:eb:7f:ec:7e:77:5b:96:8c:dd:09:57:42:b6:c8:
         09:6d:7f:77:e1:2f:0e:48:61:9d:53:78:1e:83:92:8a:4d:40:
         73:81:cd:c2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQfjGDnGRVkUdOXU3L1AoTKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYzJjMWFmZDRiZGVjOTgwNTA2ZmEwN2RmN2M4NjYyZDU1
NGZhNDYwHhcNMjUwMTAxMDE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWFlOTVkZTg0MWYyNDM4Y2VkNmE2NzRiYTdjMDI5ZmM1NDY3ZDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunbYcnW94IkE3xSaTiRk5U+nFv/7
SL2dmOjo398T5FlMg2Mqwve+gKk13uF/S+AMN37AQy+BRYNpVF2OLPSI6CDwbOXz
60SsiO6JbfxHqgZfF6N5XcVnjMoF2HozFlrigHfeX9CsLdMsMQf9LAeS+75TmeC/
KBGhTGZxY+pE+EJNzHnzSfte1yaZRjplD3zjS7p4Czan3wv8m+s7alwOupQzhSOX
hrNcW2uprTIdafBA9S1Y6v83NrhAduSCqqfLfNIxQzqLpAQkz9wvKM3j49oUIdHp
EJRBUOXF5SOKE0673zfKDQ4RIvR9ofgDv8bWRB3tyNhFHL7D3PF05f3oQwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCGuld6EHyQ4ztamdLp8Ap/FRn0SMB8GA1UdIwQY
MBaAFOrCwa/UveyYBQb6B998hmLVVPpGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMt
YzBjZWIwMzdhZDQyLzEvSWE2VjNvUWZKRGpPMXFaMHVud0NuOFZHZlJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMtYzBjZWIwMzdhZDQy
LzEvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYDKhEjBAAw
DQYJKoZIhvcNAQELBQADggEBAGsFuT/fE2PPgUh7UGVu6jMJVIAJMCPhwI7aaYiP
XJzPVTmzQ8A5i4A+gWRE2ZZYGFW1YX2pvPRFzqpV2oMQgGLZzGTbUy9bGjnL/Vzo
XeU4NrRubXdnCjDS63tT643rfV6/Lri/f6wmhf5foTzv+Dt/WJE6BSi/UhV/C+k9
l6PV+NNsSlcgtbK5qM4pJwfWXiClEzAbw62c00p5ZRop+m4Equ2ygFDS6DRHKkL6
zv4jLogWjPc1UoK6PDe1d1INDSlw5nL5xweVa06M4ryH9VRa75bc1DxsHUEwC/br
f+x+d1uWjN0JV0K2yAltf3fhLw5IYZ1TeB6DkopNQHOBzcI=
-----END CERTIFICATE-----