Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ROtzRTZU0d6Y2POMi40Y7R900Fc.roa
File:                     ROtzRTZU0d6Y2POMi40Y7R900Fc.roa (raw, json)
Hash identifier:          3iLb+G4j5AMGH6o7G6jyVfngdNr9t0TZgHGtXqTKHQc=
Subject key identifier:   44:EB:73:45:36:54:D1:DE:98:D8:F3:8C:8B:8D:18:ED:1F:74:D0:57
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019427481989FE05C86969204AF8421E8F0D
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ROtzRTZU0d6Y2POMi40Y7R900Fc.roa
Signing time:             Thu 02 Jan 2025 13:50:24 +0000
ROA not before:           Thu 02 Jan 2025 13:50:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21738
IP address blocks:        2a10:5200::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:19:89:fe:05:c8:69:69:20:4a:f8:42:1e:8f:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jan  2 13:50:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44eb73453654d1de98d8f38c8b8d18ed1f74d057
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:12:ce:2b:3d:88:33:25:04:55:bf:6b:66:1f:
                    7a:37:4e:c3:05:a5:9b:41:ae:26:76:14:27:7d:36:
                    cd:4d:cc:ec:48:d4:18:9f:c2:98:e9:63:d3:83:14:
                    3e:34:11:44:15:84:46:d0:dd:60:41:5f:c6:cb:a3:
                    f8:10:de:a9:35:44:2d:3c:43:13:0d:67:26:c1:4f:
                    66:ef:ca:e8:47:6c:7e:9c:a9:de:14:76:ae:0b:a2:
                    f6:21:a1:c5:a2:84:8b:06:5d:f1:9f:92:c6:fc:7c:
                    2a:e4:5f:c3:51:4e:c3:f7:4d:f0:75:f0:ab:e0:ae:
                    29:3a:7c:6a:46:d2:a3:45:f9:97:45:15:16:a1:fb:
                    a2:1c:86:7e:08:75:24:7e:e5:2d:af:e3:c6:af:ed:
                    8d:fe:d9:92:ba:14:c1:48:12:2f:5c:4b:39:fe:27:
                    55:1d:24:ad:38:2c:7a:5a:34:f7:96:38:96:60:b5:
                    0e:09:9e:3c:22:ea:0d:95:ba:4a:d1:17:7c:26:c8:
                    85:e4:ff:59:59:bb:12:87:f1:68:ee:8b:d1:5c:6c:
                    b4:2d:b6:7a:e9:34:e2:ce:a1:46:f2:c4:14:f1:34:
                    68:b8:7f:08:7f:02:6d:e3:33:ff:f3:66:cb:ad:8c:
                    20:5c:e6:2c:38:0b:10:9e:7d:be:0e:95:bb:12:62:
                    a5:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:EB:73:45:36:54:D1:DE:98:D8:F3:8C:8B:8D:18:ED:1F:74:D0:57
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ROtzRTZU0d6Y2POMi40Y7R900Fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:5200::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:ba:2e:a6:6c:89:be:18:c5:7b:61:2a:81:e2:5a:ef:0b:98:
         5a:8d:b3:f0:36:f6:02:f0:65:7b:71:81:76:0d:fb:48:5b:02:
         55:50:54:bf:18:04:50:3b:dd:1c:74:fc:ff:d0:e2:89:c4:f5:
         87:4d:b7:bf:4f:c2:cd:38:95:a9:65:4c:66:d7:3e:1f:ea:08:
         6d:82:24:c6:cc:3c:07:2e:33:1d:8a:06:65:62:ee:09:22:85:
         22:cb:41:46:e2:9e:fb:ee:7f:33:e4:30:07:d9:cc:49:3f:4e:
         15:1a:97:8e:eb:3f:58:6d:d5:0a:e2:33:4c:0a:20:1d:54:17:
         5b:34:24:68:63:49:a7:bc:40:d1:c2:77:e6:26:c0:77:49:19:
         42:16:e7:63:52:c3:fa:f5:a6:f1:eb:5b:4c:d9:e7:79:cc:8b:
         b8:36:1f:54:bf:05:c9:9d:04:10:01:35:94:3f:04:5f:69:e7:
         92:3b:6a:30:d1:ef:18:71:c4:aa:0e:cf:87:e2:b8:88:84:6a:
         49:dc:11:57:2f:7d:9c:50:78:3e:33:db:0f:5b:d1:7c:24:52:
         0a:29:98:43:67:a5:63:1b:09:3a:37:f8:b8:0c:e1:f5:91:60:
         48:a1:99:96:c6:ee:3f:27:2a:9e:65:51:5f:ef:69:21:c9:ae:
         fc:b8:25:05
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQnSBmJ/gXIaWkgSvhCHo8NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwMTAyMTM1MDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGViNzM0NTM2NTRkMWRlOThkOGYzOGM4YjhkMThlZDFmNzRkMDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixLOKz2IMyUEVb9rZh96N07DBaWb
Qa4mdhQnfTbNTczsSNQYn8KY6WPTgxQ+NBFEFYRG0N1gQV/Gy6P4EN6pNUQtPEMT
DWcmwU9m78roR2x+nKneFHauC6L2IaHFooSLBl3xn5LG/Hwq5F/DUU7D903wdfCr
4K4pOnxqRtKjRfmXRRUWofuiHIZ+CHUkfuUtr+PGr+2N/tmSuhTBSBIvXEs5/idV
HSStOCx6WjT3ljiWYLUOCZ48IuoNlbpK0Rd8JsiF5P9ZWbsSh/Fo7ovRXGy0LbZ6
6TTizqFG8sQU8TRouH8IfwJt4zP/82bLrYwgXOYsOAsQnn2+DpW7EmKlUwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFETrc0U2VNHemNjzjIuNGO0fdNBXMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvUk90elJUWlUwZDZZMlBPTWk0MFk3UjkwMEZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhBSADAN
BgkqhkiG9w0BAQsFAAOCAQEAmLoupmyJvhjFe2EqgeJa7wuYWo2z8Db2AvBle3GB
dg37SFsCVVBUvxgEUDvdHHT8/9DiicT1h023v0/CzTiVqWVMZtc+H+oIbYIkxsw8
By4zHYoGZWLuCSKFIstBRuKe++5/M+QwB9nMST9OFRqXjus/WG3VCuIzTAogHVQX
WzQkaGNJp7xA0cJ35ibAd0kZQhbnY1LD+vWm8etbTNnnecyLuDYfVL8FyZ0EEAE1
lD8EX2nnkjtqMNHvGHHEqg7Ph+K4iIRqSdwRVy99nFB4PjPbD1vRfCRSCimYQ2el
YxsJOjf4uAzh9ZFgSKGZlsbuPycqnmVRX+9pIcmu/LglBQ==
-----END CERTIFICATE-----