Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/7ca61a-ce3d-4bac-9110-c0f3bad99a40/1/2xCnagkEcPCh3EPzn3LDmjvPSCg.roa
File:                     2xCnagkEcPCh3EPzn3LDmjvPSCg.roa (raw, json)
Hash identifier:          +Ac7Lrh1tuyundor/xB13IJ+b+si7RG8jo65MCfiYFc=
Subject key identifier:   DB:10:A7:6A:09:04:70:F0:A1:DC:43:F3:9F:72:C3:9A:3B:CF:48:28
Certificate issuer:       /CN=b689299bc49584a645940c1dd87df0afc8aaa0fd
Certificate serial:       01942826039E92C51A4481B24030F7311A7A
Authority key identifier: B6:89:29:9B:C4:95:84:A6:45:94:0C:1D:D8:7D:F0:AF:C8:AA:A0:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tokpm8SVhKZFlAwd2H3wr8iqoP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/7ca61a-ce3d-4bac-9110-c0f3bad99a40/1/2xCnagkEcPCh3EPzn3LDmjvPSCg.roa
Signing time:             Thu 02 Jan 2025 17:52:47 +0000
ROA not before:           Thu 02 Jan 2025 17:52:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7922
IP address blocks:        2a0c:93c0:8000::/48 maxlen: 48
                          2a0c:93c0:8002::/48 maxlen: 48
                          2a0c:93c0:c002::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/7ca61a-ce3d-4bac-9110-c0f3bad99a40/1/tokpm8SVhKZFlAwd2H3wr8iqoP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/7ca61a-ce3d-4bac-9110-c0f3bad99a40/1/tokpm8SVhKZFlAwd2H3wr8iqoP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tokpm8SVhKZFlAwd2H3wr8iqoP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:03:9e:92:c5:1a:44:81:b2:40:30:f7:31:1a:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b689299bc49584a645940c1dd87df0afc8aaa0fd
        Validity
            Not Before: Jan  2 17:52:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db10a76a090470f0a1dc43f39f72c39a3bcf4828
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:03:60:c5:e0:0a:b2:84:80:9b:4b:a4:cf:69:
                    02:da:a5:3b:d6:77:64:2f:d1:cf:9d:36:c7:76:91:
                    38:da:66:05:7b:c5:e7:e9:e5:89:ac:8e:c1:1b:04:
                    8b:30:da:25:0a:51:5e:4a:fd:4a:08:55:0a:1a:9c:
                    4a:ee:00:73:2a:a5:92:b9:96:cf:36:2a:96:7a:27:
                    d9:8c:eb:8f:28:ef:80:e9:7c:dd:d3:8f:25:0c:e3:
                    6d:3c:11:6c:bf:f6:41:82:26:3b:e8:59:29:73:86:
                    76:fb:bc:b9:90:70:21:b8:a2:c8:f7:ea:0e:be:fc:
                    ef:7f:52:c1:c3:2f:b1:af:19:5e:d9:3c:55:4a:c4:
                    a4:59:9c:9d:79:77:e1:cf:ce:a8:0a:60:c0:1e:40:
                    80:c4:7b:2c:60:eb:e4:43:7c:51:f5:be:8d:d2:73:
                    2d:32:5d:d9:7a:23:54:e1:fa:2c:c3:9c:db:65:32:
                    aa:93:c3:6f:29:93:b0:8b:47:f2:64:47:16:33:08:
                    e0:f1:f4:15:ac:a8:3d:a5:4c:02:20:72:4f:bc:0e:
                    ef:8d:73:0e:60:c9:1f:fb:48:c6:6b:cc:af:cd:f2:
                    11:43:2c:67:76:12:44:36:81:e6:9b:6d:17:13:07:
                    35:e5:1a:90:46:52:93:3b:36:ad:b6:88:4b:c9:85:
                    50:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:10:A7:6A:09:04:70:F0:A1:DC:43:F3:9F:72:C3:9A:3B:CF:48:28
            X509v3 Authority Key Identifier:
                keyid:B6:89:29:9B:C4:95:84:A6:45:94:0C:1D:D8:7D:F0:AF:C8:AA:A0:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tokpm8SVhKZFlAwd2H3wr8iqoP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/7ca61a-ce3d-4bac-9110-c0f3bad99a40/1/2xCnagkEcPCh3EPzn3LDmjvPSCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/7ca61a-ce3d-4bac-9110-c0f3bad99a40/1/tokpm8SVhKZFlAwd2H3wr8iqoP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:93c0:8000::/48
                  2a0c:93c0:8002::/48
                  2a0c:93c0:c002::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:09:5c:27:52:e3:4f:b7:df:3d:2c:00:13:02:02:6a:8c:6d:
         de:4d:ed:e1:ad:b0:3d:2d:9a:37:91:db:db:a3:4b:64:d2:6c:
         39:04:9b:be:88:02:58:7b:1b:63:2c:c4:5e:fa:4c:61:58:2a:
         0c:d0:15:a7:83:b2:5f:6f:2b:2a:5c:24:3b:3e:94:18:a3:db:
         e0:25:44:97:12:2b:70:27:3c:1c:49:5e:a1:0e:64:26:3f:29:
         04:84:c1:f7:c6:f2:98:32:51:7b:28:7f:84:61:bc:12:b2:2b:
         a5:3e:aa:79:ce:96:54:26:ce:fa:1d:1f:a6:6b:7a:26:52:c5:
         84:a7:15:ea:08:06:55:b1:f6:1f:0e:88:8a:1d:e2:ac:20:18:
         cf:b0:0b:59:eb:b1:8f:47:4f:55:84:fd:22:ef:a8:a5:7b:71:
         87:3c:e4:7a:58:4a:b9:e7:02:7e:6e:51:8a:d7:2a:59:de:f5:
         4a:16:76:ef:a7:8d:e5:a0:de:b1:0c:f3:32:84:43:8c:47:ad:
         a7:5a:0f:65:51:11:7d:87:c3:fa:02:15:a1:a9:f2:31:bd:4a:
         14:8a:c4:44:8a:ab:02:c0:23:e3:37:e0:8f:16:c1:82:4d:b0:
         3b:3e:91:6c:52:bc:62:49:46:bb:cf:2f:be:17:09:6a:a4:37:
         e6:06:eb:38
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQoJgOeksUaRIGyQDD3MRp6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ODkyOTliYzQ5NTg0YTY0NTk0MGMxZGQ4N2RmMGFmYzhh
YWEwZmQwHhcNMjUwMTAyMTc1MjQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjEwYTc2YTA5MDQ3MGYwYTFkYzQzZjM5ZjcyYzM5YTNiY2Y0ODI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswNgxeAKsoSAm0ukz2kC2qU71ndk
L9HPnTbHdpE42mYFe8Xn6eWJrI7BGwSLMNolClFeSv1KCFUKGpxK7gBzKqWSuZbP
NiqWeifZjOuPKO+A6Xzd048lDONtPBFsv/ZBgiY76Fkpc4Z2+7y5kHAhuKLI9+oO
vvzvf1LBwy+xrxle2TxVSsSkWZydeXfhz86oCmDAHkCAxHssYOvkQ3xR9b6N0nMt
Ml3ZeiNU4fosw5zbZTKqk8NvKZOwi0fyZEcWMwjg8fQVrKg9pUwCIHJPvA7vjXMO
YMkf+0jGa8yvzfIRQyxndhJENoHmm20XEwc15RqQRlKTOzattohLyYVQzQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNsQp2oJBHDwodxD859yw5o7z0goMB8GA1UdIwQY
MBaAFLaJKZvElYSmRZQMHdh98K/IqqD9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdG9rcG04U1ZoS1pGbEF3ZDJIM3dyOGlxb1AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy83Y2E2MWEtY2UzZC00YmFjLTkxMTAt
YzBmM2JhZDk5YTQwLzEvMnhDbmFna0VjUENoM0VQem4zTERtanZQU0NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy83Y2E2MWEtY2UzZC00YmFjLTkxMTAtYzBmM2JhZDk5YTQw
LzEvdG9rcG04U1ZoS1pGbEF3ZDJIM3dyOGlxb1AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKgyTwIAA
AwcAKgyTwIACAwcAKgyTwMACMA0GCSqGSIb3DQEBCwUAA4IBAQApCVwnUuNPt989
LAATAgJqjG3eTe3hrbA9LZo3kdvbo0tk0mw5BJu+iAJYextjLMRe+kxhWCoM0BWn
g7JfbysqXCQ7PpQYo9vgJUSXEitwJzwcSV6hDmQmPykEhMH3xvKYMlF7KH+EYbwS
siulPqp5zpZUJs76HR+ma3omUsWEpxXqCAZVsfYfDoiKHeKsIBjPsAtZ67GPR09V
hP0i76ile3GHPOR6WEq55wJ+blGK1ypZ3vVKFnbvp43loN6xDPMyhEOMR62nWg9l
URF9h8P6AhWhqfIxvUoUisREiqsCwCPjN+CPFsGCTbA7PpFsUrxiSUa7zy++Fwlq
pDfmBus4
-----END CERTIFICATE-----