Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/a5980d-65f4-4573-9759-33415967c213/1/Btqp5Iqo4QdJgskBfDeTwX6Cjbk.roa
File:                     Btqp5Iqo4QdJgskBfDeTwX6Cjbk.roa (raw, json)
Hash identifier:          FeBcGNbxMg6sJSDgU1gDHb7DLmMxJl+RT147+5WOXvA=
Subject key identifier:   06:DA:A9:E4:8A:A8:E1:07:49:82:C9:01:7C:37:93:C1:7E:82:8D:B9
Certificate issuer:       /CN=2326eeeadd4c0ee55b3594a596e67220819c18d5
Certificate serial:       01942144057DE39AA429FD5568C813147239
Authority key identifier: 23:26:EE:EA:DD:4C:0E:E5:5B:35:94:A5:96:E6:72:20:81:9C:18:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iybu6t1MDuVbNZSlluZyIIGcGNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/a5980d-65f4-4573-9759-33415967c213/1/Btqp5Iqo4QdJgskBfDeTwX6Cjbk.roa
Signing time:             Wed 01 Jan 2025 09:48:13 +0000
ROA not before:           Wed 01 Jan 2025 09:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208478
IP address blocks:        2a0e:73c2:ffff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/a5980d-65f4-4573-9759-33415967c213/1/Iybu6t1MDuVbNZSlluZyIIGcGNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/a5980d-65f4-4573-9759-33415967c213/1/Iybu6t1MDuVbNZSlluZyIIGcGNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iybu6t1MDuVbNZSlluZyIIGcGNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:05:7d:e3:9a:a4:29:fd:55:68:c8:13:14:72:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2326eeeadd4c0ee55b3594a596e67220819c18d5
        Validity
            Not Before: Jan  1 09:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06daa9e48aa8e1074982c9017c3793c17e828db9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:87:30:02:37:68:bf:e0:07:84:05:00:52:dc:
                    dd:69:81:4f:52:cf:60:b1:0f:5f:9a:22:62:5f:19:
                    3e:13:1a:e1:7a:4c:70:39:0c:ce:06:de:05:8a:0f:
                    62:a7:f9:33:bf:9c:ac:3b:c5:ee:05:68:ff:b9:dd:
                    3e:71:68:c0:27:65:9d:05:a6:da:bc:ef:04:df:16:
                    3f:e5:9d:bd:7e:1d:0f:b3:59:0f:05:0d:a8:ca:1e:
                    32:7e:8e:05:45:01:c9:63:03:24:46:21:b0:ce:ea:
                    79:3d:72:7b:7b:11:39:15:8c:05:11:ce:2b:ce:7d:
                    c3:90:db:2c:8c:1a:08:4b:d2:9d:63:9e:fe:9d:0e:
                    fa:3c:72:94:b7:f1:9e:ed:3d:6d:70:a7:64:14:79:
                    aa:c8:30:9e:e7:f6:07:a9:f1:18:43:4f:51:3a:d3:
                    f1:2d:d0:95:14:a2:d4:8a:e6:56:44:a1:37:23:4b:
                    e8:ca:56:e8:c6:31:d9:50:6c:13:0c:fb:89:8e:57:
                    68:de:6b:44:af:cd:7a:4e:a2:ae:ef:dc:4d:84:51:
                    15:b0:23:df:5a:d8:45:fc:0d:4e:ef:dd:cb:89:a8:
                    71:2a:e2:13:ea:fb:c9:b8:53:78:02:4b:55:7f:1b:
                    4d:7d:5c:79:2b:b6:9e:12:dd:85:be:4e:28:0c:78:
                    db:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:DA:A9:E4:8A:A8:E1:07:49:82:C9:01:7C:37:93:C1:7E:82:8D:B9
            X509v3 Authority Key Identifier:
                keyid:23:26:EE:EA:DD:4C:0E:E5:5B:35:94:A5:96:E6:72:20:81:9C:18:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iybu6t1MDuVbNZSlluZyIIGcGNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/a5980d-65f4-4573-9759-33415967c213/1/Btqp5Iqo4QdJgskBfDeTwX6Cjbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/a5980d-65f4-4573-9759-33415967c213/1/Iybu6t1MDuVbNZSlluZyIIGcGNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:73c2:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         c4:03:d5:4d:24:86:3e:cb:23:28:85:86:f8:69:a5:6c:25:ea:
         1f:68:87:66:26:42:fa:35:b3:52:ef:f0:c7:39:eb:0a:00:dd:
         8c:6c:8c:98:1c:48:8f:dd:c0:f6:6f:e3:3f:b0:4a:1f:8d:44:
         7e:07:3f:ec:2a:d5:36:ac:a4:b3:cf:d4:b4:47:0b:ba:3a:ee:
         57:13:6a:b5:c1:52:2d:55:20:88:89:f1:1d:ee:d1:5d:52:23:
         c0:f9:bf:cc:9c:85:df:be:73:5c:8f:2b:17:f8:6f:30:81:65:
         6a:8c:56:e5:1d:51:5a:47:8f:a9:bb:68:54:29:18:a3:3c:79:
         e1:d7:bf:36:f0:4b:74:13:8b:ef:92:e4:6a:f7:78:4b:cf:36:
         18:ae:5b:33:32:a1:2c:81:21:1c:05:a0:6e:e4:86:3c:90:df:
         08:17:d2:7f:76:fe:0e:e2:37:20:02:b6:c1:55:83:b0:99:18:
         24:03:ae:ff:d5:1a:f5:5e:3d:61:9c:d8:76:dd:5b:49:28:a7:
         e9:fa:ed:af:69:1f:1d:50:a2:e3:55:59:ff:6b:d5:fe:d8:ec:
         b9:a3:9d:16:95:bb:ea:17:ee:ba:40:52:74:1b:d5:45:2d:07:
         93:cf:21:70:d3:ba:a5:cd:3a:14:20:b7:de:9c:e7:21:9f:95:
         93:1d:47:79
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhRAV945qkKf1VaMgTFHI5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMjZlZWVhZGQ0YzBlZTU1YjM1OTRhNTk2ZTY3MjIwODE5
YzE4ZDUwHhcNMjUwMTAxMDk0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmRhYTllNDhhYThlMTA3NDk4MmM5MDE3YzM3OTNjMTdlODI4ZGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIcwAjdov+AHhAUAUtzdaYFPUs9g
sQ9fmiJiXxk+ExrhekxwOQzOBt4Fig9ip/kzv5ysO8XuBWj/ud0+cWjAJ2WdBaba
vO8E3xY/5Z29fh0Ps1kPBQ2oyh4yfo4FRQHJYwMkRiGwzup5PXJ7exE5FYwFEc4r
zn3DkNssjBoIS9KdY57+nQ76PHKUt/Ge7T1tcKdkFHmqyDCe5/YHqfEYQ09ROtPx
LdCVFKLUiuZWRKE3I0voylboxjHZUGwTDPuJjldo3mtEr816TqKu79xNhFEVsCPf
WthF/A1O793LiahxKuIT6vvJuFN4AktVfxtNfVx5K7aeEt2Fvk4oDHjbiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAbaqeSKqOEHSYLJAXw3k8F+go25MB8GA1UdIwQY
MBaAFCMm7urdTA7lWzWUpZbmciCBnBjVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXlidTZ0MU1EdVZiTlpTbGx1WnlJSUdjR05VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9hNTk4MGQtNjVmNC00NTczLTk3NTkt
MzM0MTU5NjdjMjEzLzEvQnRxcDVJcW80UWRKZ3NrQmZEZVR3WDZDamJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9hNTk4MGQtNjVmNC00NTczLTk3NTktMzM0MTU5NjdjMjEz
LzEvSXlidTZ0MU1EdVZiTlpTbGx1WnlJSUdjR05VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg5zwv//
MA0GCSqGSIb3DQEBCwUAA4IBAQDEA9VNJIY+yyMohYb4aaVsJeofaIdmJkL6NbNS
7/DHOesKAN2MbIyYHEiP3cD2b+M/sEofjUR+Bz/sKtU2rKSzz9S0Rwu6Ou5XE2q1
wVItVSCIifEd7tFdUiPA+b/MnIXfvnNcjysX+G8wgWVqjFblHVFaR4+pu2hUKRij
PHnh17828Et0E4vvkuRq93hLzzYYrlszMqEsgSEcBaBu5IY8kN8IF9J/dv4O4jcg
ArbBVYOwmRgkA67/1Rr1Xj1hnNh23VtJKKfp+u2vaR8dUKLjVVn/a9X+2Oy5o50W
lbvqF+66QFJ0G9VFLQeTzyFw07qlzToUILfenOchn5WTHUd5
-----END CERTIFICATE-----