Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/1dbd75-981d-46a3-b5c3-2592a1ea6138/1/z1aZ7-bmH6l6J7mLCP5moL6leU0.roa
File:                     z1aZ7-bmH6l6J7mLCP5moL6leU0.roa (raw, json)
Hash identifier:          yKL3bhklKR6G8Kxo3AuOxdxqmVoJuUJSKeF/iJ4ql/Q=
Subject key identifier:   CF:56:99:EF:E6:E6:1F:A9:7A:27:B9:8B:08:FE:66:A0:BE:A5:79:4D
Certificate issuer:       /CN=426b2d7440fb78844cf0135ec5182b3f6f783a86
Certificate serial:       019425FC0B9D82816BDF8100D2493A872373
Authority key identifier: 42:6B:2D:74:40:FB:78:84:4C:F0:13:5E:C5:18:2B:3F:6F:78:3A:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QmstdED7eIRM8BNexRgrP294OoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/1dbd75-981d-46a3-b5c3-2592a1ea6138/1/z1aZ7-bmH6l6J7mLCP5moL6leU0.roa
Signing time:             Thu 02 Jan 2025 07:47:42 +0000
ROA not before:           Thu 02 Jan 2025 07:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202360
IP address blocks:        2a10:fe40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/1dbd75-981d-46a3-b5c3-2592a1ea6138/1/QmstdED7eIRM8BNexRgrP294OoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/1dbd75-981d-46a3-b5c3-2592a1ea6138/1/QmstdED7eIRM8BNexRgrP294OoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QmstdED7eIRM8BNexRgrP294OoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:0b:9d:82:81:6b:df:81:00:d2:49:3a:87:23:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=426b2d7440fb78844cf0135ec5182b3f6f783a86
        Validity
            Not Before: Jan  2 07:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf5699efe6e61fa97a27b98b08fe66a0bea5794d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e0:55:99:65:3e:a8:80:f6:2a:bb:c7:a5:8e:
                    f1:01:70:3f:af:72:04:f0:0b:a0:bb:ac:49:c9:f5:
                    1d:5d:d1:37:a3:f4:79:7d:87:68:26:08:4b:20:4c:
                    5e:8f:36:0b:1f:87:fd:b5:4d:77:d4:f5:a2:a9:90:
                    4e:82:bc:7b:00:4a:ef:c2:23:ab:68:36:59:ce:77:
                    9d:37:54:af:bc:27:47:dc:89:09:07:36:76:8f:58:
                    c7:db:2e:0a:94:37:4b:6c:9b:be:1a:43:be:77:b9:
                    a6:c6:30:0c:04:21:42:5b:05:3c:b1:2c:6a:bd:b0:
                    e9:5b:5b:3b:76:f2:5d:12:e3:40:7e:38:39:67:f4:
                    7a:01:6f:1c:63:d0:42:92:da:0e:74:15:a1:0a:de:
                    ee:8e:a9:3c:07:2c:c7:eb:70:fb:c5:3f:4b:c8:15:
                    5a:19:cf:d4:b4:29:fe:fa:61:4b:0b:d3:03:2b:f0:
                    19:20:a5:30:23:79:f2:3b:eb:25:35:a0:db:79:d8:
                    46:51:a7:28:0b:16:d7:68:0f:d3:6b:2b:18:d6:5c:
                    6a:5c:c2:8e:86:8b:ad:e0:da:5a:0e:bc:d7:be:69:
                    fc:94:e4:0b:37:c5:0e:aa:9c:da:ef:d5:01:fb:4a:
                    b4:b2:dc:fd:bb:55:f5:22:3b:28:b9:1a:79:f8:99:
                    3c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:56:99:EF:E6:E6:1F:A9:7A:27:B9:8B:08:FE:66:A0:BE:A5:79:4D
            X509v3 Authority Key Identifier:
                keyid:42:6B:2D:74:40:FB:78:84:4C:F0:13:5E:C5:18:2B:3F:6F:78:3A:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QmstdED7eIRM8BNexRgrP294OoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/1dbd75-981d-46a3-b5c3-2592a1ea6138/1/z1aZ7-bmH6l6J7mLCP5moL6leU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/1dbd75-981d-46a3-b5c3-2592a1ea6138/1/QmstdED7eIRM8BNexRgrP294OoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:fe40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:6a:07:79:c9:3a:d6:aa:66:7e:2c:64:e6:b4:b0:b0:77:be:
         4d:3d:79:5d:10:dc:71:36:28:f2:19:7f:9d:75:00:b5:c8:cc:
         a6:56:d5:8e:e6:7d:1c:e1:af:44:ea:ba:b8:da:85:13:5e:e1:
         a8:d5:f0:1a:75:ab:4d:ca:7f:c6:f4:4d:fc:e7:aa:09:e3:b6:
         27:3b:9d:87:b2:78:d8:a4:97:28:b8:4f:0a:25:02:aa:86:11:
         0f:98:bb:31:03:4d:50:47:ca:ba:41:c3:3e:a4:8f:8d:37:4a:
         e3:a5:65:ca:ad:f1:a2:d1:a3:3a:82:7a:88:69:9c:5d:b6:a6:
         e9:30:6d:8b:76:c0:91:f2:af:d3:48:21:bd:1c:17:32:6a:b3:
         e6:4c:b7:12:dc:ef:02:f5:95:86:0e:0e:ff:89:5d:85:ff:20:
         0a:26:64:ed:17:d6:5f:55:45:40:99:d0:18:b4:24:67:bd:b8:
         4e:93:ac:73:e8:e5:b6:83:24:28:e5:84:c0:c7:c3:6f:65:a2:
         a0:90:11:51:b8:49:79:f7:21:ae:44:93:ff:81:d9:c5:c8:8e:
         03:e4:4e:21:39:d4:65:a7:b2:08:50:32:a2:e9:58:5a:96:67:
         33:b6:cf:dc:6c:35:81:c5:f9:be:01:f6:09:95:1e:03:07:34:
         56:18:1a:4b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQl/AudgoFr34EA0kk6hyNzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNmIyZDc0NDBmYjc4ODQ0Y2YwMTM1ZWM1MTgyYjNmNmY3
ODNhODYwHhcNMjUwMTAyMDc0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjU2OTllZmU2ZTYxZmE5N2EyN2I5OGIwOGZlNjZhMGJlYTU3OTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuBVmWU+qID2KrvHpY7xAXA/r3IE
8Augu6xJyfUdXdE3o/R5fYdoJghLIExejzYLH4f9tU131PWiqZBOgrx7AErvwiOr
aDZZznedN1SvvCdH3IkJBzZ2j1jH2y4KlDdLbJu+GkO+d7mmxjAMBCFCWwU8sSxq
vbDpW1s7dvJdEuNAfjg5Z/R6AW8cY9BCktoOdBWhCt7ujqk8ByzH63D7xT9LyBVa
Gc/UtCn++mFLC9MDK/AZIKUwI3nyO+slNaDbedhGUacoCxbXaA/TaysY1lxqXMKO
hout4NpaDrzXvmn8lOQLN8UOqpza79UB+0q0stz9u1X1IjsouRp5+Jk8gwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM9Wme/m5h+peie5iwj+ZqC+pXlNMB8GA1UdIwQY
MBaAFEJrLXRA+3iETPATXsUYKz9veDqGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUW1zdGRFRDdlSVJNOEJOZXhSZ3JQMjk0T29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy8xZGJkNzUtOTgxZC00NmEzLWI1YzMt
MjU5MmExZWE2MTM4LzEvejFhWjctYm1INmw2SjdtTENQNW1vTDZsZVUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy8xZGJkNzUtOTgxZC00NmEzLWI1YzMtMjU5MmExZWE2MTM4
LzEvUW1zdGRFRDdlSVJNOEJOZXhSZ3JQMjk0T29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhD+QDAN
BgkqhkiG9w0BAQsFAAOCAQEAC2oHeck61qpmfixk5rSwsHe+TT15XRDccTYo8hl/
nXUAtcjMplbVjuZ9HOGvROq6uNqFE17hqNXwGnWrTcp/xvRN/OeqCeO2Jzudh7J4
2KSXKLhPCiUCqoYRD5i7MQNNUEfKukHDPqSPjTdK46Vlyq3xotGjOoJ6iGmcXbam
6TBti3bAkfKv00ghvRwXMmqz5ky3EtzvAvWVhg4O/4ldhf8gCiZk7RfWX1VFQJnQ
GLQkZ724TpOsc+jltoMkKOWEwMfDb2WioJARUbhJefchrkST/4HZxciOA+ROITnU
ZaeyCFAyoulYWpZnM7bP3Gw1gcX5vgH2CZUeAwc0VhgaSw==
-----END CERTIFICATE-----