Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/N0lDGVk0p7AcoRLY5EKnIKUZJ_I.roa
File:                     N0lDGVk0p7AcoRLY5EKnIKUZJ_I.roa (raw, json)
Hash identifier:          4jYpZBr+LgVTino1CNOAvWdIN+AhM6noIwU+uxMVojE=
Subject key identifier:   37:49:43:19:59:34:A7:B0:1C:A1:12:D8:E4:42:A7:20:A5:19:27:F2
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       01956BF086DCA977E4FE127AD0D6FB7BCE47
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/N0lDGVk0p7AcoRLY5EKnIKUZJ_I.roa
Signing time:             Thu 06 Mar 2025 14:51:20 +0000
ROA not before:           Thu 06 Mar 2025 14:51:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201341
IP address blocks:        2a11:1440::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6b:f0:86:dc:a9:77:e4:fe:12:7a:d0:d6:fb:7b:ce:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Mar  6 14:51:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=374943195934a7b01ca112d8e442a720a51927f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:0d:03:62:0e:7e:04:db:bd:b0:66:5b:a6:c8:
                    b7:d2:c0:e6:19:f2:2c:88:ef:68:95:d2:4e:22:c5:
                    76:f1:77:66:95:7c:2b:5d:ff:f7:d2:a6:b5:c4:63:
                    92:3e:b5:ac:e6:4e:82:fa:c7:17:2f:30:b1:95:35:
                    15:35:8d:16:79:7e:fc:2d:10:62:f9:ea:de:87:e9:
                    b7:13:de:84:8d:74:df:8b:25:98:6b:ac:2f:a5:ea:
                    2b:8f:9a:75:77:5e:4b:cd:cc:cd:c0:3f:93:c8:1d:
                    86:26:c9:8d:b1:0a:83:f1:e8:28:93:e3:10:ce:c6:
                    78:86:63:cd:4a:3b:45:06:93:23:f5:76:99:1a:ce:
                    c4:6c:83:86:b7:e6:c3:55:48:7c:83:a7:2f:c9:92:
                    25:97:a0:3e:fe:a5:0c:c9:0b:7b:bd:70:5e:72:0f:
                    4e:6e:b6:16:35:5e:cd:4b:bf:a6:df:80:a8:f9:b0:
                    98:a3:fe:28:d1:75:5f:b1:f6:eb:b5:09:bd:c6:44:
                    05:64:bc:61:d8:a2:de:47:20:6d:00:c4:43:a2:dc:
                    2c:07:0d:37:64:93:3f:bd:ac:e9:72:13:ba:08:e2:
                    80:94:65:64:bf:1b:ce:c1:93:7c:9d:f4:39:b1:38:
                    27:3e:d5:9c:61:f0:79:b5:50:69:64:71:ac:a0:c4:
                    77:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:49:43:19:59:34:A7:B0:1C:A1:12:D8:E4:42:A7:20:A5:19:27:F2
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/N0lDGVk0p7AcoRLY5EKnIKUZJ_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:1440::/29

    Signature Algorithm: sha256WithRSAEncryption
         4d:91:2a:75:7a:ef:e3:5f:13:48:c9:25:72:04:b2:00:49:c9:
         38:ac:08:ae:a9:e1:35:6f:2f:51:30:7b:13:bd:80:5d:e8:59:
         be:2d:f3:b0:57:05:da:7f:64:7e:fd:6c:a3:27:4b:18:e1:a1:
         8d:62:28:3c:2f:c6:db:a4:e1:8b:c0:fb:07:ae:a3:ea:2a:8e:
         41:14:c9:cb:4e:37:b6:c8:5b:f1:f7:c0:50:5d:ab:1a:a9:88:
         22:ad:c0:64:da:35:38:f3:65:36:43:ea:9e:75:eb:96:09:4d:
         a7:81:96:ca:93:1c:d2:c3:c0:83:e3:9e:90:05:c6:3f:96:dd:
         b1:b8:c9:ea:c3:6f:f7:be:7c:45:04:c8:8e:df:dd:e0:dc:72:
         7f:e2:e2:37:e5:63:51:9e:1f:f0:e7:b1:81:81:f1:6e:ff:d0:
         00:a2:29:1d:be:cf:f5:70:a0:36:43:0d:1b:37:1a:e1:2c:24:
         ce:3d:9a:a9:cc:2a:70:00:56:21:d8:0e:3d:a9:49:99:94:8b:
         9c:1a:7a:5f:4d:1e:65:58:3e:61:d3:f9:b2:a1:af:12:ec:52:
         0f:28:b2:a1:04:c0:3a:14:af:8a:01:30:9d:d3:2d:80:03:fc:
         98:4f:f4:d3:6a:4b:a2:23:6f:72:19:be:45:56:24:e2:a7:ec:
         12:6f:de:1a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZVr8IbcqXfk/hJ60Nb7e85HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwMzA2MTQ1MTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzQ5NDMxOTU5MzRhN2IwMWNhMTEyZDhlNDQyYTcyMGE1MTkyN2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQ0DYg5+BNu9sGZbpsi30sDmGfIs
iO9oldJOIsV28XdmlXwrXf/30qa1xGOSPrWs5k6C+scXLzCxlTUVNY0WeX78LRBi
+ereh+m3E96EjXTfiyWYa6wvpeorj5p1d15LzczNwD+TyB2GJsmNsQqD8egok+MQ
zsZ4hmPNSjtFBpMj9XaZGs7EbIOGt+bDVUh8g6cvyZIll6A+/qUMyQt7vXBecg9O
brYWNV7NS7+m34Co+bCYo/4o0XVfsfbrtQm9xkQFZLxh2KLeRyBtAMRDotwsBw03
ZJM/vazpchO6COKAlGVkvxvOwZN8nfQ5sTgnPtWcYfB5tVBpZHGsoMR3tQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDdJQxlZNKewHKES2ORCpyClGSfyMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvTjBsREdWazBwN0Fjb1JMWTVFS25JS1VaSl9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhEUQDAN
BgkqhkiG9w0BAQsFAAOCAQEATZEqdXrv418TSMklcgSyAEnJOKwIrqnhNW8vUTB7
E72AXehZvi3zsFcF2n9kfv1soydLGOGhjWIoPC/G26Thi8D7B66j6iqOQRTJy043
tshb8ffAUF2rGqmIIq3AZNo1OPNlNkPqnnXrlglNp4GWypMc0sPAg+OekAXGP5bd
sbjJ6sNv9758RQTIjt/d4Nxyf+LiN+VjUZ4f8OexgYHxbv/QAKIpHb7P9XCgNkMN
Gzca4Swkzj2aqcwqcABWIdgOPalJmZSLnBp6X00eZVg+YdP5sqGvEuxSDyiyoQTA
OhSvigEwndMtgAP8mE/002pLoiNvchm+RVYk4qfsEm/eGg==
-----END CERTIFICATE-----