Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/72a168-dc1c-46f4-b31c-4e659d2be654/1/fA_2P2jt8DuWvjRgi0qDLxLu8Uw.roa
File:                     fA_2P2jt8DuWvjRgi0qDLxLu8Uw.roa (raw, json)
Hash identifier:          SzZb8wCnKFHeHDxJHKqTuj/wLWWWWYz/mnokDgrqWtg=
Subject key identifier:   7C:0F:F6:3F:68:ED:F0:3B:96:BE:34:60:8B:4A:83:2F:12:EE:F1:4C
Certificate issuer:       /CN=eb7c85c442ccab75e2ce6de29db5fd00f326749d
Certificate serial:       019425FDB221B21E2E43110F438FE6C1E37C
Authority key identifier: EB:7C:85:C4:42:CC:AB:75:E2:CE:6D:E2:9D:B5:FD:00:F3:26:74:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/63yFxELMq3Xizm3inbX9APMmdJ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/72a168-dc1c-46f4-b31c-4e659d2be654/1/fA_2P2jt8DuWvjRgi0qDLxLu8Uw.roa
Signing time:             Thu 02 Jan 2025 07:49:30 +0000
ROA not before:           Thu 02 Jan 2025 07:49:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211383
IP address blocks:        2a10:7640::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/72a168-dc1c-46f4-b31c-4e659d2be654/1/63yFxELMq3Xizm3inbX9APMmdJ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/72a168-dc1c-46f4-b31c-4e659d2be654/1/63yFxELMq3Xizm3inbX9APMmdJ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/63yFxELMq3Xizm3inbX9APMmdJ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 22:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:b2:21:b2:1e:2e:43:11:0f:43:8f:e6:c1:e3:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb7c85c442ccab75e2ce6de29db5fd00f326749d
        Validity
            Not Before: Jan  2 07:49:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c0ff63f68edf03b96be34608b4a832f12eef14c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d3:60:01:cc:2d:fa:36:9b:25:ef:bd:c0:a0:
                    dd:4b:75:c0:b9:3c:38:46:21:30:72:70:1c:07:5b:
                    e4:0e:c9:c5:e6:e1:97:d0:15:8a:03:d1:1c:e5:92:
                    c3:76:bc:bf:98:7f:4b:ed:f8:7a:7a:5d:b8:9a:5c:
                    c1:67:48:66:6d:7a:da:72:62:c2:59:74:5f:14:d1:
                    6c:2b:99:c8:4c:6c:c8:78:4d:6d:69:8c:ed:54:61:
                    d8:55:14:ef:9d:da:04:3d:5f:cd:1c:73:29:62:42:
                    3b:c1:2b:75:18:4f:8c:aa:8c:20:c8:8a:f1:5f:0a:
                    90:1d:04:56:2f:55:60:8a:ba:7a:5a:a1:42:81:d8:
                    ce:c4:7e:fe:5b:22:aa:97:c4:74:03:19:dd:34:a3:
                    5b:2a:e9:f7:f4:e7:3c:5f:f2:13:6e:8a:6f:98:f5:
                    c4:1d:48:d4:a6:b6:07:c6:c0:bc:f4:5e:17:11:da:
                    7c:f1:7d:15:21:41:01:50:9e:c0:6b:a2:55:b2:46:
                    03:69:40:41:7d:1a:ba:ed:c4:1f:8a:ba:23:0f:1a:
                    1a:10:3f:69:df:44:39:9c:79:4f:b5:e6:d2:ba:09:
                    8b:fd:17:0f:c3:8c:de:e6:0f:40:82:20:f0:7e:8e:
                    ea:99:1f:8f:3c:18:d1:aa:d6:e0:98:e8:94:dc:c8:
                    39:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:0F:F6:3F:68:ED:F0:3B:96:BE:34:60:8B:4A:83:2F:12:EE:F1:4C
            X509v3 Authority Key Identifier:
                keyid:EB:7C:85:C4:42:CC:AB:75:E2:CE:6D:E2:9D:B5:FD:00:F3:26:74:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/63yFxELMq3Xizm3inbX9APMmdJ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/72a168-dc1c-46f4-b31c-4e659d2be654/1/fA_2P2jt8DuWvjRgi0qDLxLu8Uw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/72a168-dc1c-46f4-b31c-4e659d2be654/1/63yFxELMq3Xizm3inbX9APMmdJ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:7640::/29

    Signature Algorithm: sha256WithRSAEncryption
         d1:0a:42:bb:05:55:4c:66:2b:44:97:40:9a:a7:02:3b:b5:db:
         39:f4:99:ba:79:4a:3e:33:3f:72:32:35:99:1f:5d:c2:19:3e:
         77:e0:16:3a:e5:e6:03:09:ca:af:78:58:0c:fc:50:31:f5:b3:
         5a:16:a1:43:d3:bc:13:1e:a9:d1:7b:42:29:fe:31:a6:3b:85:
         50:80:ab:e1:d4:e0:94:2a:b8:ca:68:67:00:9c:a8:1f:08:2e:
         4d:e0:2d:df:ae:c0:11:c6:de:4e:f4:dc:46:53:78:1b:18:58:
         a9:ee:fd:74:4c:3a:48:50:d5:2e:e3:c2:81:1f:de:2e:f1:ba:
         06:90:c2:52:7f:a4:7d:d1:86:0d:66:e8:e0:78:b3:85:0a:b9:
         e8:6a:81:55:f5:08:c3:7c:c5:52:5d:bb:8f:06:4d:87:11:7b:
         17:f5:07:08:bb:88:98:8a:e8:fa:bc:c3:c3:f5:22:a7:47:cd:
         b1:53:2e:2b:e3:a4:44:5a:14:cb:eb:e5:2d:73:a5:56:e7:47:
         ee:b0:0f:73:0c:99:69:59:f6:ee:61:47:d8:02:62:36:5b:aa:
         e8:6b:46:09:32:d5:73:65:28:68:b5:1e:f4:e6:d9:97:ce:a9:
         92:40:76:75:6f:e0:a3:85:3e:e2:e3:b5:96:83:61:2d:dd:ba:
         8f:c6:70:64
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQl/bIhsh4uQxEPQ4/mweN8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViN2M4NWM0NDJjY2FiNzVlMmNlNmRlMjlkYjVmZDAwZjMy
Njc0OWQwHhcNMjUwMTAyMDc0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzBmZjYzZjY4ZWRmMDNiOTZiZTM0NjA4YjRhODMyZjEyZWVmMTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNNgAcwt+jabJe+9wKDdS3XAuTw4
RiEwcnAcB1vkDsnF5uGX0BWKA9Ec5ZLDdry/mH9L7fh6el24mlzBZ0hmbXracmLC
WXRfFNFsK5nITGzIeE1taYztVGHYVRTvndoEPV/NHHMpYkI7wSt1GE+MqowgyIrx
XwqQHQRWL1Vgirp6WqFCgdjOxH7+WyKql8R0AxndNKNbKun39Oc8X/ITbopvmPXE
HUjUprYHxsC89F4XEdp88X0VIUEBUJ7Aa6JVskYDaUBBfRq67cQfirojDxoaED9p
30Q5nHlPtebSugmL/RcPw4ze5g9AgiDwfo7qmR+PPBjRqtbgmOiU3Mg5fQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHwP9j9o7fA7lr40YItKgy8S7vFMMB8GA1UdIwQY
MBaAFOt8hcRCzKt14s5t4p21/QDzJnSdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjN5RnhFTE1xM1hpem0zaW5iWDlBUE1tZEowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy83MmExNjgtZGMxYy00NmY0LWIzMWMt
NGU2NTlkMmJlNjU0LzEvZkFfMlAyanQ4RHVXdmpSZ2kwcURMeEx1OFV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy83MmExNjgtZGMxYy00NmY0LWIzMWMtNGU2NTlkMmJlNjU0
LzEvNjN5RnhFTE1xM1hpem0zaW5iWDlBUE1tZEowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhB2QDAN
BgkqhkiG9w0BAQsFAAOCAQEA0QpCuwVVTGYrRJdAmqcCO7XbOfSZunlKPjM/cjI1
mR9dwhk+d+AWOuXmAwnKr3hYDPxQMfWzWhahQ9O8Ex6p0XtCKf4xpjuFUICr4dTg
lCq4ymhnAJyoHwguTeAt367AEcbeTvTcRlN4GxhYqe79dEw6SFDVLuPCgR/eLvG6
BpDCUn+kfdGGDWbo4HizhQq56GqBVfUIw3zFUl27jwZNhxF7F/UHCLuImIro+rzD
w/Uip0fNsVMuK+OkRFoUy+vlLXOlVudH7rAPcwyZaVn27mFH2AJiNluq6GtGCTLV
c2UoaLUe9ObZl86pkkB2dW/go4U+4uO1loNhLd26j8ZwZA==
-----END CERTIFICATE-----