Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/b3298b-9c5a-4e38-8131-4a68f235c388/1/avqINpYlzxCyV6gq20JtXLQyC4A.roa
File:                     avqINpYlzxCyV6gq20JtXLQyC4A.roa (raw, json)
Hash identifier:          0cl0vSjwJETExQIV/vHZXVhnvVc8V1ucpKa58O8zwHg=
Subject key identifier:   6A:FA:88:36:96:25:CF:10:B2:57:A8:2A:DB:42:6D:5C:B4:32:0B:80
Certificate issuer:       /CN=ecc8a1aad0205943a4572389bb74334e1ca28485
Certificate serial:       0194221FF0DD5D9B0E3AE01514BB1A754E2D
Authority key identifier: EC:C8:A1:AA:D0:20:59:43:A4:57:23:89:BB:74:33:4E:1C:A2:84:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7MihqtAgWUOkVyOJu3QzThyihIU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/b3298b-9c5a-4e38-8131-4a68f235c388/1/avqINpYlzxCyV6gq20JtXLQyC4A.roa
Signing time:             Wed 01 Jan 2025 13:48:26 +0000
ROA not before:           Wed 01 Jan 2025 13:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29442
IP address blocks:        2a02:cac0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/b3298b-9c5a-4e38-8131-4a68f235c388/1/7MihqtAgWUOkVyOJu3QzThyihIU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/b3298b-9c5a-4e38-8131-4a68f235c388/1/7MihqtAgWUOkVyOJu3QzThyihIU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7MihqtAgWUOkVyOJu3QzThyihIU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f0:dd:5d:9b:0e:3a:e0:15:14:bb:1a:75:4e:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecc8a1aad0205943a4572389bb74334e1ca28485
        Validity
            Not Before: Jan  1 13:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6afa88369625cf10b257a82adb426d5cb4320b80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:ec:5c:5c:98:d1:c2:3c:4f:32:8c:ff:3d:42:
                    8d:55:36:f6:0d:16:28:21:7b:1d:b4:53:7c:e1:79:
                    9d:0d:b0:55:ce:0e:82:70:ee:1f:cf:c5:1f:8a:f0:
                    6a:64:2d:d0:8c:3e:f7:1a:8e:fc:f4:e3:25:a9:33:
                    ea:96:1d:33:56:6f:d1:94:f3:e4:f2:28:81:e9:ae:
                    e9:35:d9:ea:45:e3:12:5b:2b:05:04:7c:f6:7b:19:
                    7e:6c:b5:66:1a:7e:cd:4f:ba:1b:18:9f:68:10:af:
                    5f:df:4b:22:e7:1a:27:f5:1b:5a:55:56:d9:ff:ad:
                    5a:63:8d:75:38:e5:07:7b:f1:d6:de:fd:9a:03:43:
                    f4:b9:d5:56:81:bd:94:70:ff:a7:4d:c2:98:10:18:
                    58:1d:0b:d0:60:03:02:f0:9f:a4:a7:9b:37:10:62:
                    6e:db:40:17:e9:fe:f0:c4:d0:16:38:50:b9:f9:66:
                    32:c3:96:eb:8d:e2:4d:a7:49:41:97:f8:39:fa:04:
                    b3:dd:b0:44:3b:81:d7:d3:1a:9c:87:a7:f5:33:c5:
                    75:f2:bc:89:96:8c:87:59:ef:a7:fd:b6:f4:b3:b9:
                    fd:d0:e8:99:92:b6:10:b8:a7:62:ce:15:74:64:b7:
                    ac:64:74:73:33:82:13:da:c4:a0:5f:c7:27:c4:ff:
                    1d:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:FA:88:36:96:25:CF:10:B2:57:A8:2A:DB:42:6D:5C:B4:32:0B:80
            X509v3 Authority Key Identifier:
                keyid:EC:C8:A1:AA:D0:20:59:43:A4:57:23:89:BB:74:33:4E:1C:A2:84:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7MihqtAgWUOkVyOJu3QzThyihIU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b3298b-9c5a-4e38-8131-4a68f235c388/1/avqINpYlzxCyV6gq20JtXLQyC4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b3298b-9c5a-4e38-8131-4a68f235c388/1/7MihqtAgWUOkVyOJu3QzThyihIU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:cac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:4f:f3:cd:8e:49:cb:e0:3b:d1:c5:a3:cf:74:71:74:58:df:
         da:92:a2:79:5e:55:65:48:72:d1:07:b7:fe:9c:63:bc:3b:92:
         b2:31:8a:80:df:cc:7f:05:ab:f8:65:b8:62:e3:85:e1:63:d3:
         fc:f6:67:59:49:58:e6:d7:91:d4:68:c7:e7:2d:30:08:da:06:
         3c:ce:7e:e9:8b:0c:4c:94:ea:cb:79:87:d1:01:65:bf:10:ef:
         72:61:cb:cc:04:bc:eb:6a:34:90:ac:f1:cd:f0:8b:23:11:56:
         4c:8f:ff:69:c2:3e:d1:51:b0:0d:4b:b8:6b:1a:24:68:81:22:
         39:b5:5c:1b:f9:dc:32:f9:c6:20:64:26:3f:38:d5:51:87:85:
         81:73:9a:a5:76:f7:c1:68:a7:53:5b:67:9f:a4:76:38:a7:90:
         82:87:66:32:2a:ff:a9:d0:f2:fd:42:1f:55:81:2f:b2:cc:9a:
         58:0d:3a:ca:ec:74:39:2e:58:42:c2:a3:08:99:9a:b5:e9:3d:
         f3:4c:02:3f:c2:27:f8:35:54:4b:7a:de:80:ac:01:74:4f:63:
         51:96:f0:94:38:dc:ce:a1:ed:05:2c:95:ae:ab:2c:75:93:e5:
         cc:73:75:a1:a5:21:b2:c1:6a:24:52:c9:c7:28:42:6e:e1:77:
         b0:a9:44:b2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQiH/DdXZsOOuAVFLsadU4tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjYzhhMWFhZDAyMDU5NDNhNDU3MjM4OWJiNzQzMzRlMWNh
Mjg0ODUwHhcNMjUwMTAxMTM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWZhODgzNjk2MjVjZjEwYjI1N2E4MmFkYjQyNmQ1Y2I0MzIwYjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4OxcXJjRwjxPMoz/PUKNVTb2DRYo
IXsdtFN84XmdDbBVzg6CcO4fz8UfivBqZC3QjD73Go789OMlqTPqlh0zVm/RlPPk
8iiB6a7pNdnqReMSWysFBHz2exl+bLVmGn7NT7obGJ9oEK9f30si5xon9RtaVVbZ
/61aY411OOUHe/HW3v2aA0P0udVWgb2UcP+nTcKYEBhYHQvQYAMC8J+kp5s3EGJu
20AX6f7wxNAWOFC5+WYyw5brjeJNp0lBl/g5+gSz3bBEO4HX0xqch6f1M8V18ryJ
loyHWe+n/bb0s7n90OiZkrYQuKdizhV0ZLesZHRzM4IT2sSgX8cnxP8dfQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGr6iDaWJc8QsleoKttCbVy0MguAMB8GA1UdIwQY
MBaAFOzIoarQIFlDpFcjibt0M04cooSFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN01paHF0QWdXVU9rVnlPSnUzUXpUaHlpaElVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9iMzI5OGItOWM1YS00ZTM4LTgxMzEt
NGE2OGYyMzVjMzg4LzEvYXZxSU5wWWx6eEN5VjZncTIwSnRYTFF5QzRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9iMzI5OGItOWM1YS00ZTM4LTgxMzEtNGE2OGYyMzVjMzg4
LzEvN01paHF0QWdXVU9rVnlPSnUzUXpUaHlpaElVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgLKwDAN
BgkqhkiG9w0BAQsFAAOCAQEAGU/zzY5Jy+A70cWjz3RxdFjf2pKieV5VZUhy0Qe3
/pxjvDuSsjGKgN/MfwWr+GW4YuOF4WPT/PZnWUlY5teR1GjH5y0wCNoGPM5+6YsM
TJTqy3mH0QFlvxDvcmHLzAS862o0kKzxzfCLIxFWTI//acI+0VGwDUu4axokaIEi
ObVcG/ncMvnGIGQmPzjVUYeFgXOapXb3wWinU1tnn6R2OKeQgodmMir/qdDy/UIf
VYEvssyaWA06yux0OS5YQsKjCJmatek980wCP8In+DVUS3regKwBdE9jUZbwlDjc
zqHtBSyVrqssdZPlzHN1oaUhssFqJFLJxyhCbuF3sKlEsg==
-----END CERTIFICATE-----