Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/oT2LDF85PY5HdbBLwhoxl8tjz8s.roa
File:                     oT2LDF85PY5HdbBLwhoxl8tjz8s.roa (raw, json)
Hash identifier:          1EymL80SjeM7RupyG8pGED+B/g9jGLElUsA1V765L5Y=
Subject key identifier:   A1:3D:8B:0C:5F:39:3D:8E:47:75:B0:4B:C2:1A:31:97:CB:63:CF:CB
Certificate issuer:       /CN=d3abf8f4cdf8963a182da0cdf908c38447fa7a09
Certificate serial:       019422FB0874087C393A41EFBE96A31FD543
Authority key identifier: D3:AB:F8:F4:CD:F8:96:3A:18:2D:A0:CD:F9:08:C3:84:47:FA:7A:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/06v49M34ljoYLaDN-QjDhEf6egk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/oT2LDF85PY5HdbBLwhoxl8tjz8s.roa
Signing time:             Wed 01 Jan 2025 17:47:44 +0000
ROA not before:           Wed 01 Jan 2025 17:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211895
IP address blocks:        2a07:52c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/06v49M34ljoYLaDN-QjDhEf6egk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/06v49M34ljoYLaDN-QjDhEf6egk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/06v49M34ljoYLaDN-QjDhEf6egk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:08:74:08:7c:39:3a:41:ef:be:96:a3:1f:d5:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3abf8f4cdf8963a182da0cdf908c38447fa7a09
        Validity
            Not Before: Jan  1 17:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a13d8b0c5f393d8e4775b04bc21a3197cb63cfcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:97:40:29:a5:80:bc:e0:26:25:d1:ec:6a:a6:
                    e5:00:e4:ea:d4:f2:e4:04:66:bb:e4:a6:4a:46:be:
                    67:59:25:4c:28:92:ab:2e:cd:d1:1a:fb:55:2c:0f:
                    00:10:43:d2:cc:bb:db:8d:4f:0a:03:73:b5:0c:aa:
                    03:5e:8f:da:a8:a9:c1:78:ec:03:36:79:28:ac:28:
                    f1:0d:d2:fa:05:0c:4e:9b:6b:ad:20:01:39:f1:b3:
                    41:28:42:eb:e1:8d:06:12:ee:89:c5:b0:e1:ec:ab:
                    07:d3:48:6f:81:4e:fd:06:ff:a3:46:da:41:bb:38:
                    8b:22:58:d6:63:fc:95:21:b9:06:65:8c:f7:40:3d:
                    93:e5:8b:7f:19:4c:9e:96:2f:6b:67:56:54:a2:f9:
                    1b:6f:49:6e:52:b5:70:c8:ea:b6:bd:03:4e:5e:65:
                    c7:46:7e:7c:2c:bf:da:b4:0c:e5:86:8b:b5:7e:f1:
                    2b:f5:79:06:0d:cc:b7:b6:14:13:e9:5c:c9:70:5f:
                    25:1b:40:72:4e:c1:22:96:03:58:b5:c9:9f:74:7d:
                    66:43:f5:83:58:7b:38:8c:aa:fb:03:6f:fb:69:bc:
                    8f:15:f0:2a:9d:31:6f:0c:a0:8a:9b:3b:4e:97:4e:
                    56:1e:6b:e0:83:3a:21:57:fc:44:71:67:d4:b4:1e:
                    31:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:3D:8B:0C:5F:39:3D:8E:47:75:B0:4B:C2:1A:31:97:CB:63:CF:CB
            X509v3 Authority Key Identifier:
                keyid:D3:AB:F8:F4:CD:F8:96:3A:18:2D:A0:CD:F9:08:C3:84:47:FA:7A:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/06v49M34ljoYLaDN-QjDhEf6egk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/oT2LDF85PY5HdbBLwhoxl8tjz8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/06v49M34ljoYLaDN-QjDhEf6egk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:52c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6e:60:96:7d:03:c4:0c:d2:4d:af:e0:3d:59:e8:dd:e3:3b:fc:
         95:fe:82:af:15:e1:17:5d:aa:50:e6:6a:4b:e8:03:85:e1:cf:
         f7:ef:23:7b:08:af:6b:3a:67:6d:bd:00:fd:16:e1:fc:f0:52:
         ad:21:9a:d4:d0:f4:ea:5a:a5:a7:90:84:fc:84:57:f4:df:95:
         33:e4:07:99:66:92:49:73:8f:65:1d:4c:65:22:a0:3e:93:96:
         9c:76:e6:1d:ae:7a:76:c0:99:17:f8:b0:62:e8:69:bc:d0:d4:
         76:3a:5d:2d:f9:76:7a:37:c0:17:06:d9:c6:b9:91:b3:68:ca:
         48:92:75:43:a3:e4:f1:5a:af:f5:c9:64:4e:bf:35:22:83:cd:
         12:42:6b:fb:8d:6a:25:7d:99:7f:e0:01:67:5b:40:c5:25:2e:
         61:d5:9e:8a:1e:c7:4c:67:89:6d:49:df:34:80:71:e7:69:d1:
         a2:2b:0b:a7:6c:4f:7a:7c:4a:39:8b:9c:8b:da:93:a3:e7:4f:
         d1:86:ff:df:97:07:ba:a5:aa:ae:67:5f:62:9a:c9:27:9a:c3:
         29:7a:d1:9d:da:40:aa:13:ff:aa:4f:20:65:cb:a5:ac:c7:2e:
         2d:82:71:a9:53:fa:ee:e4:3c:54:58:e1:da:3c:9e:eb:a0:58:
         67:9d:55:a8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQi+wh0CHw5OkHvvpajH9VDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYWJmOGY0Y2RmODk2M2ExODJkYTBjZGY5MDhjMzg0NDdm
YTdhMDkwHhcNMjUwMTAxMTc0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTNkOGIwYzVmMzkzZDhlNDc3NWIwNGJjMjFhMzE5N2NiNjNjZmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA15dAKaWAvOAmJdHsaqblAOTq1PLk
BGa75KZKRr5nWSVMKJKrLs3RGvtVLA8AEEPSzLvbjU8KA3O1DKoDXo/aqKnBeOwD
NnkorCjxDdL6BQxOm2utIAE58bNBKELr4Y0GEu6JxbDh7KsH00hvgU79Bv+jRtpB
uziLIljWY/yVIbkGZYz3QD2T5Yt/GUyeli9rZ1ZUovkbb0luUrVwyOq2vQNOXmXH
Rn58LL/atAzlhou1fvEr9XkGDcy3thQT6VzJcF8lG0ByTsEilgNYtcmfdH1mQ/WD
WHs4jKr7A2/7abyPFfAqnTFvDKCKmztOl05WHmvggzohV/xEcWfUtB4x+QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKE9iwxfOT2OR3WwS8IaMZfLY8/LMB8GA1UdIwQY
MBaAFNOr+PTN+JY6GC2gzfkIw4RH+noJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDZ2NDlNMzRsam9ZTGFETi1RakRoRWY2ZWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8yNmQxOTMtNDBjMi00MTdiLWJkNTIt
NWMxMGJkYjg2NmUwLzEvb1QyTERGODVQWTVIZGJCTHdob3hsOHRqejhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8yNmQxOTMtNDBjMi00MTdiLWJkNTItNWMxMGJkYjg2NmUw
LzEvMDZ2NDlNMzRsam9ZTGFETi1RakRoRWY2ZWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgdSwDAN
BgkqhkiG9w0BAQsFAAOCAQEAbmCWfQPEDNJNr+A9Wejd4zv8lf6CrxXhF12qUOZq
S+gDheHP9+8jewivazpnbb0A/Rbh/PBSrSGa1ND06lqlp5CE/IRX9N+VM+QHmWaS
SXOPZR1MZSKgPpOWnHbmHa56dsCZF/iwYuhpvNDUdjpdLfl2ejfAFwbZxrmRs2jK
SJJ1Q6Pk8Vqv9clkTr81IoPNEkJr+41qJX2Zf+ABZ1tAxSUuYdWeih7HTGeJbUnf
NIBx52nRoisLp2xPenxKOYuci9qTo+dP0Yb/35cHuqWqrmdfYprJJ5rDKXrRndpA
qhP/qk8gZculrMcuLYJxqVP67uQ8VFjh2jye66BYZ51VqA==
-----END CERTIFICATE-----