Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/SQWlc0rZJj-IH4BVVpWf4gkYzTE.roa
File:                     SQWlc0rZJj-IH4BVVpWf4gkYzTE.roa (raw, json)
Hash identifier:          pKU0nvpLv8g9iORRQCN0Yo6/Mr7aoPJ/lOVaNu8h5Gk=
Subject key identifier:   49:05:A5:73:4A:D9:26:3F:88:1F:80:55:56:95:9F:E2:09:18:CD:31
Certificate issuer:       /CN=e56076f27e13d1800e77d16e4b60b23b6f58c820
Certificate serial:       0194258F742AF25D83F2EFA990D1307B0DAC
Authority key identifier: E5:60:76:F2:7E:13:D1:80:0E:77:D1:6E:4B:60:B2:3B:6F:58:C8:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/SQWlc0rZJj-IH4BVVpWf4gkYzTE.roa
Signing time:             Thu 02 Jan 2025 05:49:05 +0000
ROA not before:           Thu 02 Jan 2025 05:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204790
IP address blocks:        2a11:8900::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:74:2a:f2:5d:83:f2:ef:a9:90:d1:30:7b:0d:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e56076f27e13d1800e77d16e4b60b23b6f58c820
        Validity
            Not Before: Jan  2 05:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4905a5734ad9263f881f805556959fe20918cd31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:84:cb:9b:1a:8c:2e:4d:6d:c6:31:82:0b:69:
                    5a:5d:71:30:05:f9:b1:ec:b3:a4:b0:94:a1:e4:f0:
                    fe:52:4b:af:5d:25:e9:4c:37:fd:b5:65:6b:de:9c:
                    f3:dc:08:ee:b9:9c:66:52:02:0b:20:d4:46:10:33:
                    d7:15:b6:e2:46:91:d0:c1:14:5d:a0:9e:54:7b:f1:
                    2e:43:6a:35:04:a5:d5:de:21:18:35:80:bf:0e:96:
                    7b:36:0c:f0:32:be:fd:03:ac:51:c0:23:a0:48:95:
                    95:80:20:62:69:68:94:c4:b2:7b:1c:77:6d:cb:43:
                    a9:1d:73:b0:84:bd:06:76:2f:1e:90:bf:60:ad:a4:
                    f0:a7:57:36:57:da:d2:49:c0:a6:83:2d:bf:08:b1:
                    54:7c:0c:d8:9c:8c:28:1d:2e:ca:05:c7:a2:f3:4c:
                    9f:a4:45:09:aa:2b:f3:a0:35:0c:15:76:ec:c5:51:
                    e0:fa:27:ca:0c:49:f9:76:87:33:9b:09:46:bd:5f:
                    59:1b:18:46:a8:04:92:20:24:62:95:99:ac:fe:30:
                    54:df:dd:d9:8c:12:69:ff:40:7a:f4:90:2c:9d:ee:
                    37:1f:4b:0b:f3:f7:7e:e2:6b:e6:06:d7:62:b4:fa:
                    b5:ba:84:fd:cb:b9:af:bb:d7:9f:55:b9:d5:4d:85:
                    c7:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:05:A5:73:4A:D9:26:3F:88:1F:80:55:56:95:9F:E2:09:18:CD:31
            X509v3 Authority Key Identifier:
                keyid:E5:60:76:F2:7E:13:D1:80:0E:77:D1:6E:4B:60:B2:3B:6F:58:C8:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/SQWlc0rZJj-IH4BVVpWf4gkYzTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:8900::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:14:a1:78:6c:e8:58:56:f4:53:e4:b2:15:71:5e:6b:dd:75:
         4d:9b:c6:b4:c6:f1:fc:7d:d8:01:97:b5:88:88:9b:ed:31:d4:
         4d:c0:1d:3a:80:09:43:98:c8:bf:da:87:8b:75:e9:a0:98:c7:
         37:50:f7:7b:89:bd:9c:69:6a:ad:29:54:46:d1:04:f5:21:0f:
         aa:fd:ac:e7:db:dd:93:0f:33:0d:04:bc:7c:25:68:34:26:68:
         73:37:fc:1a:37:86:20:a3:2f:07:ee:16:0a:57:f3:de:b0:c2:
         83:b2:46:22:00:fe:de:47:ff:35:e1:a4:c3:8c:05:7e:04:31:
         d2:ea:e3:dd:80:68:e6:46:41:c0:56:92:33:ef:50:a3:4a:5e:
         40:5f:0b:69:94:d1:32:1e:46:f7:ff:a9:9a:ee:79:c8:d3:36:
         41:6e:c0:bf:b6:66:6a:24:fc:14:d0:48:25:4f:3a:c8:be:23:
         58:ab:5d:07:a7:f9:ce:de:22:bf:5c:02:45:36:9e:98:fc:34:
         20:e3:79:a3:35:a6:4b:67:37:8e:cd:f4:55:77:24:bd:50:f3:
         38:29:9a:e5:f4:f4:0d:9a:b8:46:dd:d6:55:76:b8:ef:5c:43:
         ac:ac:c2:e8:f5:a3:a2:78:34:e1:ef:51:44:7f:0a:99:9a:7e:
         5d:df:33:42
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQlj3Qq8l2D8u+pkNEwew2sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NjA3NmYyN2UxM2QxODAwZTc3ZDE2ZTRiNjBiMjNiNmY1
OGM4MjAwHhcNMjUwMTAyMDU0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTA1YTU3MzRhZDkyNjNmODgxZjgwNTU1Njk1OWZlMjA5MThjZDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoTLmxqMLk1txjGCC2laXXEwBfmx
7LOksJSh5PD+UkuvXSXpTDf9tWVr3pzz3AjuuZxmUgILINRGEDPXFbbiRpHQwRRd
oJ5Ue/EuQ2o1BKXV3iEYNYC/DpZ7NgzwMr79A6xRwCOgSJWVgCBiaWiUxLJ7HHdt
y0OpHXOwhL0Gdi8ekL9graTwp1c2V9rSScCmgy2/CLFUfAzYnIwoHS7KBcei80yf
pEUJqivzoDUMFXbsxVHg+ifKDEn5doczmwlGvV9ZGxhGqASSICRilZms/jBU393Z
jBJp/0B69JAsne43H0sL8/d+4mvmBtditPq1uoT9y7mvu9efVbnVTYXH7QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEkFpXNK2SY/iB+AVVaVn+IJGM0xMB8GA1UdIwQY
MBaAFOVgdvJ+E9GADnfRbktgsjtvWMggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVdCMjhuNFQwWUFPZDlGdVMyQ3lPMjlZeUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8wYWM0NGQtYjNiZS00Mjc3LTgwZjgt
NThjZjg5ODg4ZTJhLzEvU1FXbGMwclpKai1JSDRCVlZwV2Y0Z2tZelRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8wYWM0NGQtYjNiZS00Mjc3LTgwZjgtNThjZjg5ODg4ZTJh
LzEvNVdCMjhuNFQwWUFPZDlGdVMyQ3lPMjlZeUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhGJADAN
BgkqhkiG9w0BAQsFAAOCAQEAZxSheGzoWFb0U+SyFXFea911TZvGtMbx/H3YAZe1
iIib7THUTcAdOoAJQ5jIv9qHi3XpoJjHN1D3e4m9nGlqrSlURtEE9SEPqv2s59vd
kw8zDQS8fCVoNCZoczf8GjeGIKMvB+4WClfz3rDCg7JGIgD+3kf/NeGkw4wFfgQx
0urj3YBo5kZBwFaSM+9Qo0peQF8LaZTRMh5G9/+pmu55yNM2QW7Av7ZmaiT8FNBI
JU86yL4jWKtdB6f5zt4iv1wCRTaemPw0ION5ozWmS2c3js30VXckvVDzOCma5fT0
DZq4Rt3WVXa471xDrKzC6PWjong04e9RRH8KmZp+Xd8zQg==
-----END CERTIFICATE-----