Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/NA2ltT3Sfb3V_iisdx5vwEvFMeE.roa
File:                     NA2ltT3Sfb3V_iisdx5vwEvFMeE.roa (raw, json)
Hash identifier:          vazWrh+R+LWtlS3ZJjQYp6mVJnmrGyyhkAQ7rsXsUf8=
Subject key identifier:   34:0D:A5:B5:3D:D2:7D:BD:D5:FE:28:AC:77:1E:6F:C0:4B:C5:31:E1
Certificate issuer:       /CN=2a1e65f8083c859bcd0d2c52a1e061eb5131f5f1
Certificate serial:       019424B3E6FE0675C068E0F756FEFF9F6AE1
Authority key identifier: 2A:1E:65:F8:08:3C:85:9B:CD:0D:2C:52:A1:E0:61:EB:51:31:F5:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/NA2ltT3Sfb3V_iisdx5vwEvFMeE.roa
Signing time:             Thu 02 Jan 2025 01:49:17 +0000
ROA not before:           Thu 02 Jan 2025 01:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210972
IP address blocks:        2a03:302:ffff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:e6:fe:06:75:c0:68:e0:f7:56:fe:ff:9f:6a:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a1e65f8083c859bcd0d2c52a1e061eb5131f5f1
        Validity
            Not Before: Jan  2 01:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=340da5b53dd27dbdd5fe28ac771e6fc04bc531e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f4:a3:6c:27:3e:1c:97:f2:d4:b0:49:1d:45:
                    9e:77:27:85:93:20:94:7b:c2:ea:c6:96:11:59:b4:
                    4c:0d:bd:80:dc:44:42:75:ba:28:82:d3:e1:08:42:
                    8f:c4:0a:38:ad:fb:ed:43:33:dd:da:5a:93:1e:09:
                    ac:71:f8:a2:4d:ea:45:ad:2d:df:9d:03:00:20:c0:
                    21:37:14:29:1c:fc:96:2f:d8:bb:31:8f:9b:30:54:
                    02:4c:66:99:52:99:c4:ed:37:38:c3:b7:f2:57:b5:
                    6a:87:93:51:68:a2:b5:62:c4:8e:29:71:1d:5c:e3:
                    ad:d8:05:10:37:79:63:7c:34:d0:66:4c:3b:d1:3d:
                    5c:4f:e8:88:e7:10:01:56:a7:a0:39:39:fa:7f:54:
                    c9:98:ac:9b:f9:76:d1:55:0f:24:ff:28:ab:47:b8:
                    b9:1e:ca:db:50:a5:d0:4f:29:c0:a4:27:9b:65:db:
                    da:2f:50:26:33:65:f1:0c:40:87:ea:1f:6f:3f:27:
                    08:09:54:dc:c7:90:74:09:e6:98:1e:52:4b:49:56:
                    21:25:71:ac:81:40:a1:09:5e:df:52:75:fc:33:78:
                    8a:5b:69:ff:8c:01:86:27:95:d1:b7:19:e6:69:d0:
                    4b:e4:02:3d:ac:7c:4f:b8:77:82:c4:98:e1:8f:e4:
                    b0:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:0D:A5:B5:3D:D2:7D:BD:D5:FE:28:AC:77:1E:6F:C0:4B:C5:31:E1
            X509v3 Authority Key Identifier:
                keyid:2A:1E:65:F8:08:3C:85:9B:CD:0D:2C:52:A1:E0:61:EB:51:31:F5:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/NA2ltT3Sfb3V_iisdx5vwEvFMeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:302:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:ee:25:a5:cb:c6:ca:ae:06:63:f4:a0:78:8c:2d:8d:4e:74:
         5b:f9:d7:6e:bf:ca:7e:54:25:6d:ad:56:4b:3c:bb:3a:d7:08:
         15:df:8f:4b:75:7f:18:17:d7:ee:00:7a:bd:56:9a:ba:fd:05:
         14:1a:e1:0a:ee:dd:62:c1:66:bb:51:51:0a:1a:1b:8d:f5:e1:
         d6:62:6a:a0:8b:c5:b2:b1:46:4d:81:f8:fe:1d:9d:c7:fe:8f:
         4f:4b:55:9c:34:51:de:35:51:a3:17:8d:31:b3:af:17:50:d8:
         eb:1f:1c:e9:0a:4e:f4:ed:b7:e7:66:d7:ca:0e:42:e7:1d:09:
         5f:a4:a3:62:e2:cc:e0:14:b6:19:6c:19:0e:7c:88:11:96:1a:
         c0:9b:ad:d2:05:77:fa:99:a2:2c:0f:c2:e9:4a:fc:87:45:a9:
         a8:42:5b:b0:c2:cd:c3:5e:e1:51:70:9f:5e:5c:e9:f5:11:04:
         ea:b4:62:70:d5:8a:76:7c:ef:d0:b1:5b:c4:a7:f5:60:dd:e2:
         34:19:96:2c:7a:13:ea:75:45:38:74:c1:b7:ed:41:5f:67:6f:
         9a:a5:9f:13:0f:18:1f:37:8c:a2:81:4d:92:bd:82:f4:15:a5:
         7f:76:83:60:84:bc:2d:5f:08:19:27:9a:13:9a:a3:32:9d:f2:
         8e:07:ee:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQks+b+BnXAaOD3Vv7/n2rhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhMWU2NWY4MDgzYzg1OWJjZDBkMmM1MmExZTA2MWViNTEz
MWY1ZjEwHhcNMjUwMTAyMDE0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDBkYTViNTNkZDI3ZGJkZDVmZTI4YWM3NzFlNmZjMDRiYzUzMWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/SjbCc+HJfy1LBJHUWedyeFkyCU
e8LqxpYRWbRMDb2A3ERCdboogtPhCEKPxAo4rfvtQzPd2lqTHgmscfiiTepFrS3f
nQMAIMAhNxQpHPyWL9i7MY+bMFQCTGaZUpnE7Tc4w7fyV7Vqh5NRaKK1YsSOKXEd
XOOt2AUQN3ljfDTQZkw70T1cT+iI5xABVqegOTn6f1TJmKyb+XbRVQ8k/yirR7i5
HsrbUKXQTynApCebZdvaL1AmM2XxDECH6h9vPycICVTcx5B0CeaYHlJLSVYhJXGs
gUChCV7fUnX8M3iKW2n/jAGGJ5XRtxnmadBL5AI9rHxPuHeCxJjhj+SwJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDQNpbU90n291f4orHceb8BLxTHhMB8GA1UdIwQY
MBaAFCoeZfgIPIWbzQ0sUqHgYetRMfXxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2g1bC1BZzhoWnZORFN4U29lQmg2MUV4OWZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9kMDk3YmYtYjBmNS00M2UxLTg2YTIt
Y2ZiOGRhNTQ5MDY3LzEvTkEybHRUM1NmYjNWX2lpc2R4NXZ3RXZGTWVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9kMDk3YmYtYjBmNS00M2UxLTg2YTItY2ZiOGRhNTQ5MDY3
LzEvS2g1bC1BZzhoWnZORFN4U29lQmg2MUV4OWZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgMDAv//
MA0GCSqGSIb3DQEBCwUAA4IBAQCQ7iWly8bKrgZj9KB4jC2NTnRb+dduv8p+VCVt
rVZLPLs61wgV349LdX8YF9fuAHq9Vpq6/QUUGuEK7t1iwWa7UVEKGhuN9eHWYmqg
i8WysUZNgfj+HZ3H/o9PS1WcNFHeNVGjF40xs68XUNjrHxzpCk707bfnZtfKDkLn
HQlfpKNi4szgFLYZbBkOfIgRlhrAm63SBXf6maIsD8LpSvyHRamoQluwws3DXuFR
cJ9eXOn1EQTqtGJw1Yp2fO/QsVvEp/Vg3eI0GZYsehPqdUU4dMG37UFfZ2+apZ8T
DxgfN4yigU2SvYL0FaV/doNghLwtXwgZJ5oTmqMynfKOB+6Y
-----END CERTIFICATE-----