Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/2ANtTxYhC9doii2ZUg03hm4sdbA.roa
File:                     2ANtTxYhC9doii2ZUg03hm4sdbA.roa (raw, json)
Hash identifier:          z+xDfuoi1M8PZfat7ClShgNzShy9imRSBA53FNp3Yi4=
Subject key identifier:   D8:03:6D:4F:16:21:0B:D7:68:8A:2D:99:52:0D:37:86:6E:2C:75:B0
Certificate issuer:       /CN=ad1d2a562c7db21151b4a0926b8d6feeacef8857
Certificate serial:       0194221F5C9B1116862110B0B105E5D589EC
Authority key identifier: AD:1D:2A:56:2C:7D:B2:11:51:B4:A0:92:6B:8D:6F:EE:AC:EF:88:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rR0qVix9shFRtKCSa41v7qzviFc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/2ANtTxYhC9doii2ZUg03hm4sdbA.roa
Signing time:             Wed 01 Jan 2025 13:47:48 +0000
ROA not before:           Wed 01 Jan 2025 13:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21221
IP address blocks:        2a03:7e0::/32 maxlen: 48
                          2a04:d9c0::/32 maxlen: 48
                          2a05:a640::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/rR0qVix9shFRtKCSa41v7qzviFc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/rR0qVix9shFRtKCSa41v7qzviFc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rR0qVix9shFRtKCSa41v7qzviFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:5c:9b:11:16:86:21:10:b0:b1:05:e5:d5:89:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad1d2a562c7db21151b4a0926b8d6feeacef8857
        Validity
            Not Before: Jan  1 13:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8036d4f16210bd7688a2d99520d37866e2c75b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f5:96:47:07:b5:1d:93:e7:c3:c3:7f:6b:14:
                    50:e9:55:4e:1a:41:d0:a6:e4:08:b9:af:78:0b:b5:
                    74:5f:77:54:35:a3:90:f5:3e:c0:f0:53:5b:ad:e6:
                    88:57:7a:80:76:4f:70:9c:a5:af:f9:81:8b:8d:53:
                    1c:12:42:0b:07:ec:e8:a9:d4:4f:21:bb:ca:77:d7:
                    63:35:6b:37:67:16:3c:86:e4:55:5d:48:de:06:ce:
                    0e:11:bf:d0:2c:55:c1:ae:e9:8a:c1:9c:c4:45:90:
                    cb:41:8a:fe:57:6f:e3:7f:41:fd:48:ee:1c:d7:1e:
                    dd:26:5d:f4:93:33:8b:bf:9b:65:82:70:b3:f0:54:
                    41:09:e8:c2:42:b3:7a:d1:a3:62:70:56:fe:10:4e:
                    fd:44:60:f5:26:0b:2b:77:14:1b:36:eb:10:ff:d3:
                    0f:58:e9:80:a6:f0:70:41:b1:59:29:87:c4:09:f1:
                    9b:57:05:1b:1d:cb:50:36:8d:33:25:44:1a:4f:e2:
                    f7:44:b7:96:1f:30:83:ae:d5:0e:95:68:1e:73:fb:
                    96:a1:91:e6:2c:e7:9c:8f:44:af:45:66:94:10:36:
                    2f:bb:2e:28:a7:82:59:7e:6d:c1:31:08:3f:a4:4d:
                    ce:55:db:2a:f3:d2:9b:7d:66:d5:0b:18:82:17:bb:
                    57:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:03:6D:4F:16:21:0B:D7:68:8A:2D:99:52:0D:37:86:6E:2C:75:B0
            X509v3 Authority Key Identifier:
                keyid:AD:1D:2A:56:2C:7D:B2:11:51:B4:A0:92:6B:8D:6F:EE:AC:EF:88:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rR0qVix9shFRtKCSa41v7qzviFc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/2ANtTxYhC9doii2ZUg03hm4sdbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/rR0qVix9shFRtKCSa41v7qzviFc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:7e0::/32
                  2a04:d9c0::/32
                  2a05:a640::/29

    Signature Algorithm: sha256WithRSAEncryption
         03:40:98:47:d5:15:ef:95:fd:bc:1b:aa:4d:58:19:c4:16:4d:
         ad:6d:d6:14:bb:4d:45:3c:16:3c:c8:8c:7c:12:af:80:be:79:
         f3:40:f9:9c:a6:39:ef:bd:8f:4b:45:b1:21:74:dd:8c:b5:a2:
         9a:f7:ce:0b:d6:15:55:21:c6:d4:e3:48:2c:47:0b:2f:e8:ed:
         7f:6b:a1:2a:36:8c:f3:49:fc:7c:c2:13:66:82:21:90:20:db:
         fd:79:c4:2c:3c:15:f1:c2:f7:50:8f:23:c8:1a:9d:a3:a9:d1:
         d7:b8:38:80:a4:64:de:01:f6:94:b4:0b:9d:aa:46:bc:a3:73:
         2a:56:01:76:5c:df:8a:09:27:59:16:31:dd:95:c9:6c:8f:6a:
         aa:46:70:99:f3:e4:82:b6:5b:0b:ab:72:3d:70:ec:4f:94:ab:
         5c:0f:eb:5b:7a:fc:ec:35:03:e4:ce:86:1a:dd:c1:5d:c9:e5:
         97:08:2f:46:9e:3d:37:ef:b8:d4:1c:86:44:7b:e1:f3:91:f5:
         7e:85:5b:34:3d:37:fe:05:73:ad:ac:8e:df:8f:97:1f:b0:7a:
         83:cf:7d:75:7d:6c:37:9e:d0:50:9f:d3:1c:28:ef:86:19:35:
         41:4a:a7:59:a9:37:67:f5:83:78:8e:86:0b:67:ee:a6:ef:a0:
         ec:8e:79:2b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiH1ybERaGIRCwsQXl1YnsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMWQyYTU2MmM3ZGIyMTE1MWI0YTA5MjZiOGQ2ZmVlYWNl
Zjg4NTcwHhcNMjUwMTAxMTM0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODAzNmQ0ZjE2MjEwYmQ3Njg4YTJkOTk1MjBkMzc4NjZlMmM3NWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfWWRwe1HZPnw8N/axRQ6VVOGkHQ
puQIua94C7V0X3dUNaOQ9T7A8FNbreaIV3qAdk9wnKWv+YGLjVMcEkILB+zoqdRP
IbvKd9djNWs3ZxY8huRVXUjeBs4OEb/QLFXBrumKwZzERZDLQYr+V2/jf0H9SO4c
1x7dJl30kzOLv5tlgnCz8FRBCejCQrN60aNicFb+EE79RGD1JgsrdxQbNusQ/9MP
WOmApvBwQbFZKYfECfGbVwUbHctQNo0zJUQaT+L3RLeWHzCDrtUOlWgec/uWoZHm
LOecj0SvRWaUEDYvuy4op4JZfm3BMQg/pE3OVdsq89KbfWbVCxiCF7tXfQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNgDbU8WIQvXaIotmVINN4ZuLHWwMB8GA1UdIwQY
MBaAFK0dKlYsfbIRUbSgkmuNb+6s74hXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclIwcVZpeDlzaEZSdEtDU2E0MXY3cXp2aUZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS84M2FjZDctNWUxYS00OWY5LWI0MDkt
MzI5MzZjM2E0YTlkLzEvMkFOdFR4WWhDOWRvaWkyWlVnMDNobTRzZGJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS84M2FjZDctNWUxYS00OWY5LWI0MDktMzI5MzZjM2E0YTlk
LzEvclIwcVZpeDlzaEZSdEtDU2E0MXY3cXp2aUZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKgMH4AMF
ACoE2cADBQMqBaZAMA0GCSqGSIb3DQEBCwUAA4IBAQADQJhH1RXvlf28G6pNWBnE
Fk2tbdYUu01FPBY8yIx8Eq+AvnnzQPmcpjnvvY9LRbEhdN2MtaKa984L1hVVIcbU
40gsRwsv6O1/a6EqNozzSfx8whNmgiGQINv9ecQsPBXxwvdQjyPIGp2jqdHXuDiA
pGTeAfaUtAudqka8o3MqVgF2XN+KCSdZFjHdlclsj2qqRnCZ8+SCtlsLq3I9cOxP
lKtcD+tbevzsNQPkzoYa3cFdyeWXCC9Gnj0377jUHIZEe+HzkfV+hVs0PTf+BXOt
rI7fj5cfsHqDz311fWw3ntBQn9McKO+GGTVBSqdZqTdn9YN4joYLZ+6m76Dsjnkr
-----END CERTIFICATE-----