Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/Z82XkiOXgkgyHP_qUTQtV9ipAQI.roa
File:                     Z82XkiOXgkgyHP_qUTQtV9ipAQI.roa (raw, json)
Hash identifier:          Pcm+DnawQak47wg3O3tVgdWOq8t4gYDBeT6sBFXXJVE=
Subject key identifier:   67:CD:97:92:23:97:82:48:32:1C:FF:EA:51:34:2D:57:D8:A9:01:02
Certificate issuer:       /CN=929352a8d2dd70c91ffcec8e323fe69f1e9a4139
Certificate serial:       01942368FDA3CD18ED971025DEBB64056F1A
Authority key identifier: 92:93:52:A8:D2:DD:70:C9:1F:FC:EC:8E:32:3F:E6:9F:1E:9A:41:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/Z82XkiOXgkgyHP_qUTQtV9ipAQI.roa
Signing time:             Wed 01 Jan 2025 19:47:50 +0000
ROA not before:           Wed 01 Jan 2025 19:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206785
IP address blocks:        2a00:c40:8095::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/kpNSqNLdcMkf_OyOMj_mnx6aQTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/kpNSqNLdcMkf_OyOMj_mnx6aQTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:fd:a3:cd:18:ed:97:10:25:de:bb:64:05:6f:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=929352a8d2dd70c91ffcec8e323fe69f1e9a4139
        Validity
            Not Before: Jan  1 19:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67cd979223978248321cffea51342d57d8a90102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ca:cd:b0:57:c5:13:d9:da:d5:2b:28:ee:ed:
                    6d:a2:bc:65:83:cf:f9:ae:c9:ed:58:c2:35:a1:94:
                    78:4e:9b:e1:5d:34:a6:df:fe:ce:17:86:f2:5a:6e:
                    fb:15:06:4c:32:42:ce:c8:eb:ae:6d:d7:99:08:6c:
                    3e:e6:bd:a0:33:3b:31:ff:bb:87:30:c1:ac:2e:3e:
                    3c:25:12:53:5f:2f:56:49:d4:e6:ba:d6:bb:0e:b5:
                    e2:c9:7b:70:a1:15:41:43:a1:4d:a5:0f:a7:fe:b9:
                    5a:0b:a0:5d:80:04:43:e2:36:76:f0:e2:dd:0c:70:
                    fc:4b:dc:b7:96:ab:65:da:b6:80:ff:5b:b2:66:c7:
                    65:9b:2a:c6:da:21:6d:21:f9:f6:34:2e:2b:28:db:
                    fb:bc:29:6d:54:96:8c:b5:3f:a8:aa:28:4e:39:1b:
                    c5:0b:d9:e6:4d:ff:f8:0d:86:b5:77:95:9a:8e:1f:
                    5c:f6:d5:0a:43:31:61:35:26:50:99:01:5f:60:f8:
                    6f:f3:60:a2:d5:bd:08:18:f3:10:4f:27:64:99:4f:
                    07:a3:ad:0e:e8:57:ca:1b:17:79:59:01:44:17:d1:
                    bf:90:60:64:d9:9d:9c:af:ba:1c:73:b9:46:45:b0:
                    e1:90:67:6f:a3:64:01:00:d0:a2:9f:71:9a:3e:9d:
                    4a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:CD:97:92:23:97:82:48:32:1C:FF:EA:51:34:2D:57:D8:A9:01:02
            X509v3 Authority Key Identifier:
                keyid:92:93:52:A8:D2:DD:70:C9:1F:FC:EC:8E:32:3F:E6:9F:1E:9A:41:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/Z82XkiOXgkgyHP_qUTQtV9ipAQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/kpNSqNLdcMkf_OyOMj_mnx6aQTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:c40:8095::/48

    Signature Algorithm: sha256WithRSAEncryption
         bc:d6:33:9e:73:c4:4e:0b:bf:14:23:01:9e:4c:76:64:0e:af:
         60:06:69:5f:e6:36:fe:4a:ca:7f:1f:d5:8e:f1:eb:0b:69:2f:
         fc:f1:bc:64:d1:73:24:54:43:0b:56:c0:5f:db:ed:78:0f:5b:
         95:c0:12:a6:78:13:61:ba:f5:23:35:aa:65:6e:ed:26:a8:17:
         6b:1e:15:4b:8d:75:55:df:21:a8:3c:d1:3a:5d:17:52:97:84:
         de:4e:8b:ca:5a:d2:56:eb:28:1a:61:29:f1:d9:b7:91:79:98:
         8f:2e:ec:84:b5:8c:77:e3:05:61:71:0b:95:ea:39:8a:ba:b1:
         a5:21:c9:a0:e7:a0:8b:98:d2:ae:c5:30:e2:c3:86:8b:e8:8e:
         b1:36:91:11:a0:9e:2a:8b:ae:4c:8a:3f:18:d5:ec:d8:80:2f:
         65:55:ca:05:17:60:c3:d9:40:19:55:68:b6:3c:c1:3b:76:c5:
         a2:46:be:5d:68:f5:32:98:7d:75:4d:5e:6a:dc:52:25:07:76:
         b0:0d:71:44:8f:96:38:39:d6:d3:89:14:82:b9:a3:7c:bb:f1:
         a5:bb:21:b0:27:7c:e1:59:f9:a7:34:d1:30:f3:b9:0d:61:2d:
         64:2d:e2:35:78:44:24:85:5b:25:f7:fb:a3:76:fd:74:40:a4:
         29:96:46:8b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjaP2jzRjtlxAl3rtkBW8aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyOTM1MmE4ZDJkZDcwYzkxZmZjZWM4ZTMyM2ZlNjlmMWU5
YTQxMzkwHhcNMjUwMTAxMTk0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2NkOTc5MjIzOTc4MjQ4MzIxY2ZmZWE1MTM0MmQ1N2Q4YTkwMTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8rNsFfFE9na1Sso7u1torxlg8/5
rsntWMI1oZR4TpvhXTSm3/7OF4byWm77FQZMMkLOyOuubdeZCGw+5r2gMzsx/7uH
MMGsLj48JRJTXy9WSdTmuta7DrXiyXtwoRVBQ6FNpQ+n/rlaC6BdgARD4jZ28OLd
DHD8S9y3lqtl2raA/1uyZsdlmyrG2iFtIfn2NC4rKNv7vCltVJaMtT+oqihOORvF
C9nmTf/4DYa1d5Wajh9c9tUKQzFhNSZQmQFfYPhv82Ci1b0IGPMQTydkmU8Ho60O
6FfKGxd5WQFEF9G/kGBk2Z2cr7occ7lGRbDhkGdvo2QBANCin3GaPp1K+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGfNl5Ijl4JIMhz/6lE0LVfYqQECMB8GA1UdIwQY
MBaAFJKTUqjS3XDJH/zsjjI/5p8emkE5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3BOU3FOTGRjTWtmX095T01qX21ueDZhUVRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi83YjZlZGMtYWQyMy00ZDczLWFiNTYt
MGExYTM1ODk3ZjEwLzEvWjgyWGtpT1hna2d5SFBfcVVUUXRWOWlwQVFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi83YjZlZGMtYWQyMy00ZDczLWFiNTYtMGExYTM1ODk3ZjEw
LzEva3BOU3FOTGRjTWtmX095T01qX21ueDZhUVRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAMQICV
MA0GCSqGSIb3DQEBCwUAA4IBAQC81jOec8ROC78UIwGeTHZkDq9gBmlf5jb+Ssp/
H9WO8esLaS/88bxk0XMkVEMLVsBf2+14D1uVwBKmeBNhuvUjNaplbu0mqBdrHhVL
jXVV3yGoPNE6XRdSl4TeTovKWtJW6ygaYSnx2beReZiPLuyEtYx34wVhcQuV6jmK
urGlIcmg56CLmNKuxTDiw4aL6I6xNpERoJ4qi65Mij8Y1ezYgC9lVcoFF2DD2UAZ
VWi2PME7dsWiRr5daPUymH11TV5q3FIlB3awDXFEj5Y4OdbTiRSCuaN8u/GluyGw
J3zhWfmnNNEw87kNYS1kLeI1eEQkhVsl9/ujdv10QKQplkaL
-----END CERTIFICATE-----