Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/rtmJ15QCyMu37KZSjTEhWQ0zmek.roa
File:                     rtmJ15QCyMu37KZSjTEhWQ0zmek.roa (raw, json)
Hash identifier:          Lz0OEHkJQ5eiVEeDAp2VWfKoDiv6W8z6xoQRzfJhjuk=
Subject key identifier:   AE:D9:89:D7:94:02:C8:CB:B7:EC:A6:52:8D:31:21:59:0D:33:99:E9
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       0194266B05CF62AFFA3DA2BB716313075405
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/rtmJ15QCyMu37KZSjTEhWQ0zmek.roa
Signing time:             Thu 02 Jan 2025 09:48:55 +0000
ROA not before:           Thu 02 Jan 2025 09:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31400
IP address blocks:        2a09:7900::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:05:cf:62:af:fa:3d:a2:bb:71:63:13:07:54:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Jan  2 09:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aed989d79402c8cbb7eca6528d3121590d3399e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:c8:10:08:0b:7a:f4:f8:c1:40:4f:b8:ea:6e:
                    d3:0b:a0:f2:d6:16:95:92:6a:5d:f9:e9:22:e8:48:
                    6e:32:8c:2f:d3:24:ef:74:9c:25:26:de:90:81:e9:
                    2d:7c:96:86:61:69:cd:7e:d0:39:36:87:e1:7a:f9:
                    3c:f9:a0:06:e1:33:4f:d2:7b:70:48:d9:1c:23:4a:
                    7d:1c:80:f0:9f:a2:2d:26:7e:53:dd:d6:94:92:ce:
                    00:bb:e5:13:b2:b8:93:73:fb:d1:28:87:97:81:34:
                    ad:fe:ce:79:e8:e9:d9:8f:57:4a:8b:38:cb:bd:61:
                    f4:9d:3b:44:75:6c:8b:3d:a1:b4:b9:12:6b:70:37:
                    be:a2:9a:0f:4a:23:0d:35:22:54:c6:06:54:b7:e1:
                    62:b4:22:77:11:99:8b:a1:2c:fb:ca:f2:d6:ce:2b:
                    78:17:a0:eb:a6:70:b2:c7:24:44:8f:e9:cd:5a:27:
                    d2:ed:98:67:e3:d7:b1:ad:d8:4b:a8:5a:50:f9:d8:
                    06:78:49:00:2c:7f:a7:9b:13:5f:f6:be:68:b4:65:
                    bc:5c:df:67:ee:3d:e8:1a:0e:78:a7:50:b0:46:01:
                    5a:fc:02:a3:c8:07:c1:c4:1c:06:a0:e3:d1:23:a3:
                    cd:d4:70:3d:0d:a7:49:89:42:73:1f:73:73:c8:d4:
                    b4:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:D9:89:D7:94:02:C8:CB:B7:EC:A6:52:8D:31:21:59:0D:33:99:E9
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/rtmJ15QCyMu37KZSjTEhWQ0zmek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:7900::/29

    Signature Algorithm: sha256WithRSAEncryption
         33:35:69:e7:e4:c4:2e:59:d8:13:d3:69:eb:48:9f:ac:f9:fc:
         c8:1e:9b:3a:39:83:66:82:6c:f2:d8:c2:d8:fc:37:f0:d4:e7:
         27:7f:27:f8:b0:aa:e1:71:89:3a:a6:f6:1c:2b:f2:01:14:30:
         3a:7f:fe:22:36:22:46:24:ef:49:81:cb:e2:e1:65:ad:12:09:
         9b:b8:7d:0c:e5:4c:80:d0:cb:e6:c1:f6:bd:ee:77:21:ae:f2:
         06:41:9e:d4:06:e5:2a:32:a1:07:e1:91:d9:16:ee:18:2b:50:
         b5:0b:86:4c:be:00:5f:18:0a:a3:64:cd:17:6e:db:d1:0c:4f:
         a0:fb:07:57:cc:e6:2c:9b:56:80:6b:de:d3:b1:8c:27:2f:53:
         6d:97:7a:a0:0b:37:db:fb:d3:d0:a4:ae:48:ba:c3:28:36:90:
         32:53:13:5b:b6:ca:48:b8:d3:87:06:4c:e8:9e:34:72:52:cd:
         fc:18:25:10:d9:87:e7:62:ec:ee:6e:1d:79:92:46:00:63:9d:
         5e:05:78:1c:a0:5b:dc:41:19:ae:df:1c:c3:64:b0:23:c3:48:
         4a:1e:47:c1:a0:35:10:d8:f9:e3:22:a8:6d:e9:1f:46:ce:55:
         eb:07:ef:15:7a:e3:25:49:a5:99:6c:78:48:33:45:84:e9:65:
         60:e7:15:41
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQmawXPYq/6PaK7cWMTB1QFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjUwMTAyMDk0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWQ5ODlkNzk0MDJjOGNiYjdlY2E2NTI4ZDMxMjE1OTBkMzM5OWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA18gQCAt69PjBQE+46m7TC6Dy1haV
kmpd+eki6EhuMowv0yTvdJwlJt6QgektfJaGYWnNftA5Nofhevk8+aAG4TNP0ntw
SNkcI0p9HIDwn6ItJn5T3daUks4Au+UTsriTc/vRKIeXgTSt/s556OnZj1dKizjL
vWH0nTtEdWyLPaG0uRJrcDe+opoPSiMNNSJUxgZUt+FitCJ3EZmLoSz7yvLWzit4
F6DrpnCyxyREj+nNWifS7Zhn49exrdhLqFpQ+dgGeEkALH+nmxNf9r5otGW8XN9n
7j3oGg54p1CwRgFa/AKjyAfBxBwGoOPRI6PN1HA9DadJiUJzH3NzyNS0IQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK7ZideUAsjLt+ymUo0xIVkNM5npMB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvcnRtSjE1UUN5TXUzN0taU2pURWhXUTB6bWVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgl5ADAN
BgkqhkiG9w0BAQsFAAOCAQEAMzVp5+TELlnYE9Np60ifrPn8yB6bOjmDZoJs8tjC
2Pw38NTnJ38n+LCq4XGJOqb2HCvyARQwOn/+IjYiRiTvSYHL4uFlrRIJm7h9DOVM
gNDL5sH2ve53Ia7yBkGe1AblKjKhB+GR2RbuGCtQtQuGTL4AXxgKo2TNF27b0QxP
oPsHV8zmLJtWgGve07GMJy9TbZd6oAs32/vT0KSuSLrDKDaQMlMTW7bKSLjThwZM
6J40clLN/BglENmH52Ls7m4deZJGAGOdXgV4HKBb3EEZrt8cw2SwI8NISh5HwaA1
ENj54yKobekfRs5V6wfvFXrjJUmlmWx4SDNFhOllYOcVQQ==
-----END CERTIFICATE-----