Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/jVXUQviaC_f_ddRG0Qgui4T-xS4.roa
File:                     jVXUQviaC_f_ddRG0Qgui4T-xS4.roa (raw, json)
Hash identifier:          cbA4Ak2tht6J94lTmPI+9F6PHexx/ovz0Boaggisu3M=
Subject key identifier:   8D:55:D4:42:F8:9A:0B:F7:FF:75:D4:46:D1:08:2E:8B:84:FE:C5:2E
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01942369DDDE518207539E167859F4DF0651
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/jVXUQviaC_f_ddRG0Qgui4T-xS4.roa
Signing time:             Wed 01 Jan 2025 19:48:48 +0000
ROA not before:           Wed 01 Jan 2025 19:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215158
IP address blocks:        2a11:c0c0::/29 maxlen: 29
                          2a11:d900::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:dd:de:51:82:07:53:9e:16:78:59:f4:df:06:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 19:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d55d442f89a0bf7ff75d446d1082e8b84fec52e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a4:97:6d:0d:4b:c9:0d:5b:c5:35:1d:3d:9c:
                    f1:90:53:36:66:ea:da:f6:f8:00:cf:29:db:5f:85:
                    af:5f:bb:0f:b4:2d:f7:0c:1c:98:9d:ac:a5:d0:fb:
                    25:d7:aa:6c:18:b4:36:a5:e8:eb:ab:34:c9:32:7f:
                    ea:7c:ea:df:90:a5:73:0f:f4:f7:6f:65:7e:29:e3:
                    30:e5:c9:6f:82:2c:b6:62:20:7d:a2:4d:9d:d4:3f:
                    1f:63:37:61:0d:30:6f:51:73:2b:0f:0d:ff:ed:33:
                    97:ba:a2:98:44:67:1d:f0:d1:b0:b5:ab:d1:3d:91:
                    74:2f:fa:cc:9c:f6:29:42:6b:6b:0f:9d:6c:55:3e:
                    93:77:9f:fb:4f:2a:b9:b3:25:c7:cc:ca:71:db:50:
                    94:2a:42:38:10:f0:ae:7c:c0:64:98:f6:89:2d:64:
                    40:52:23:f5:14:4f:84:28:b3:32:d6:d1:05:84:3b:
                    9f:6b:4a:05:91:4f:47:ba:4f:92:a6:cd:0b:8c:c3:
                    e5:a7:6f:4e:37:eb:6c:f8:1a:07:71:d7:d5:7a:04:
                    01:36:cb:ee:44:0f:97:ec:29:cb:07:c7:fc:31:8c:
                    2d:a1:34:4b:4b:90:19:db:91:b5:c6:3c:c6:11:c6:
                    58:cb:e3:07:b1:4c:3b:99:a0:17:4d:d7:fb:67:2d:
                    cd:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:55:D4:42:F8:9A:0B:F7:FF:75:D4:46:D1:08:2E:8B:84:FE:C5:2E
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/jVXUQviaC_f_ddRG0Qgui4T-xS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:c0c0::/29
                  2a11:d900::/29

    Signature Algorithm: sha256WithRSAEncryption
         32:4e:2d:7a:c4:fa:82:9c:ae:12:43:11:e9:7b:99:4e:b0:9d:
         3c:11:31:09:04:ac:71:96:2a:c2:0b:30:09:24:06:79:c4:4d:
         ed:4a:5a:f4:d9:da:1b:91:4d:36:01:46:60:9a:2f:9c:c4:84:
         af:9d:42:c6:10:f1:f4:62:3a:5c:bf:31:1c:3e:26:b1:33:f1:
         69:6c:ea:eb:e3:ef:de:82:78:c6:72:a5:9c:6b:65:ca:5c:72:
         08:f6:5c:84:2d:ac:63:d2:52:6d:47:cc:4d:7a:e8:db:9a:b6:
         b2:01:4a:02:a2:ab:58:30:fd:a3:da:8d:0e:f0:f1:81:b1:7d:
         25:34:86:2d:c5:12:ff:c4:f2:54:62:08:52:d8:2d:07:55:ef:
         ae:9a:f7:e8:60:fb:73:83:71:d8:ce:7d:04:38:b3:6f:09:c7:
         d3:9a:c1:1f:f1:23:c2:68:ac:ab:d3:77:14:41:a0:8c:30:0a:
         e6:11:12:7e:b5:56:a0:45:9f:12:21:4a:14:1b:a4:69:08:c8:
         e7:9d:96:6d:9b:ac:c2:f6:cc:71:a1:94:72:bc:f4:5a:89:15:
         bb:34:06:28:b5:5a:d9:33:4e:1d:02:02:60:cd:d0:84:ae:bd:
         68:8d:aa:9a:05:4d:44:fb:dc:82:12:f1:5f:e3:af:f6:f8:c9:
         ad:35:a3:89
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQjad3eUYIHU54WeFn03wZRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMTAxMTk0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDU1ZDQ0MmY4OWEwYmY3ZmY3NWQ0NDZkMTA4MmU4Yjg0ZmVjNTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqSXbQ1LyQ1bxTUdPZzxkFM2Zura
9vgAzynbX4WvX7sPtC33DByYnayl0Psl16psGLQ2pejrqzTJMn/qfOrfkKVzD/T3
b2V+KeMw5clvgiy2YiB9ok2d1D8fYzdhDTBvUXMrDw3/7TOXuqKYRGcd8NGwtavR
PZF0L/rMnPYpQmtrD51sVT6Td5/7Tyq5syXHzMpx21CUKkI4EPCufMBkmPaJLWRA
UiP1FE+EKLMy1tEFhDufa0oFkU9Huk+Sps0LjMPlp29ON+ts+BoHcdfVegQBNsvu
RA+X7CnLB8f8MYwtoTRLS5AZ25G1xjzGEcZYy+MHsUw7maAXTdf7Zy3NrwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFI1V1EL4mgv3/3XURtEILouE/sUuMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvalZYVVF2aWFDX2ZfZGRSRzBRZ3VpNFQteFM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhHAwAMF
AyoR2QAwDQYJKoZIhvcNAQELBQADggEBADJOLXrE+oKcrhJDEel7mU6wnTwRMQkE
rHGWKsILMAkkBnnETe1KWvTZ2huRTTYBRmCaL5zEhK+dQsYQ8fRiOly/MRw+JrEz
8Wls6uvj796CeMZypZxrZcpccgj2XIQtrGPSUm1HzE166NuatrIBSgKiq1gw/aPa
jQ7w8YGxfSU0hi3FEv/E8lRiCFLYLQdV766a9+hg+3ODcdjOfQQ4s28Jx9OawR/x
I8JorKvTdxRBoIwwCuYREn61VqBFnxIhShQbpGkIyOedlm2brML2zHGhlHK89FqJ
Fbs0Bii1WtkzTh0CAmDN0ISuvWiNqpoFTUT73IIS8V/jr/b4ya01o4k=
-----END CERTIFICATE-----