Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/rwC5IyQ7L2moRLMm96UMuV8rOeU.roa
File:                     rwC5IyQ7L2moRLMm96UMuV8rOeU.roa (raw, json)
Hash identifier:          5HiFQbEYMB/+Xa+cF4UzFEflp48FBEClBPDR5KMTE6A=
Subject key identifier:   AF:00:B9:23:24:3B:2F:69:A8:44:B3:26:F7:A5:0C:B9:5F:2B:39:E5
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       019422202F7E8165FD51699A848B0231C700
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/rwC5IyQ7L2moRLMm96UMuV8rOeU.roa
Signing time:             Wed 01 Jan 2025 13:48:42 +0000
ROA not before:           Wed 01 Jan 2025 13:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203472
IP address blocks:        2a0e:8f02:f046::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:2f:7e:81:65:fd:51:69:9a:84:8b:02:31:c7:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 13:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af00b923243b2f69a844b326f7a50cb95f2b39e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:d5:05:44:70:61:d5:2b:20:04:76:96:59:b6:
                    bb:12:2e:c0:15:4c:a2:b2:fe:48:6e:57:bd:65:b7:
                    c3:95:5f:35:96:d8:53:bd:4c:65:5b:13:7c:50:8e:
                    d5:b7:c1:55:cd:02:0a:62:35:7e:31:b8:4b:d5:05:
                    3f:f2:1e:ab:df:7d:78:56:8e:01:13:c8:ee:c7:c9:
                    64:69:60:2d:2a:94:3f:47:da:f1:28:cb:1a:a7:59:
                    db:50:1c:a7:0f:04:b0:54:23:a3:e2:60:db:7a:b1:
                    51:e5:fe:5d:77:27:06:62:1b:92:75:4a:23:f5:26:
                    b9:a8:09:52:8c:ac:dd:d5:7e:ea:91:5f:31:bd:2c:
                    4a:47:7c:60:c2:c0:15:2c:ec:87:5f:4b:25:98:eb:
                    75:29:31:80:ae:35:9e:6a:75:8d:45:d7:21:73:59:
                    d6:1e:11:43:9a:34:8a:42:b4:5d:a2:a0:50:c2:d3:
                    36:ad:e1:07:1a:e7:01:57:34:be:61:d7:06:19:02:
                    e0:3b:a7:c2:30:55:34:8c:fe:73:fb:41:7b:87:90:
                    f4:04:ad:68:44:61:f4:73:14:f4:d0:4c:4a:b8:2b:
                    da:51:90:2e:45:96:ed:e1:4f:99:30:46:b3:85:a5:
                    17:5d:ba:d9:47:a5:dc:a4:d7:68:d3:29:34:ff:5a:
                    a0:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:00:B9:23:24:3B:2F:69:A8:44:B3:26:F7:A5:0C:B9:5F:2B:39:E5
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/rwC5IyQ7L2moRLMm96UMuV8rOeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f046::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:dd:a1:4e:99:dc:36:bc:e9:d5:3c:61:b8:4c:bb:80:35:7e:
         90:91:62:d1:3a:5c:fc:4b:77:6f:d2:67:82:1a:6f:3a:2a:d6:
         fa:19:53:70:81:c0:dc:99:2f:65:05:2e:73:12:9e:b9:9a:fe:
         b9:49:4b:dd:e7:d3:8d:b8:18:ca:47:f9:46:8c:34:e0:c6:9a:
         3f:b9:c2:4c:6e:ef:07:e7:7b:bb:8b:31:90:ed:8a:e2:b3:f0:
         e5:be:69:27:54:6a:23:dd:e7:69:99:48:5f:89:3a:89:ae:d9:
         6d:dd:fc:ae:c6:cb:46:09:e5:10:7d:45:c8:9c:19:da:17:ef:
         cc:fa:55:a3:23:60:10:73:d0:0a:97:57:93:ea:ff:f8:a3:55:
         ea:f8:c0:c2:e3:d7:a8:9b:6a:7e:25:9a:e9:cb:27:1a:48:d7:
         87:24:06:57:9c:c5:79:6d:4f:c2:f0:d3:49:3c:9f:b8:26:5d:
         20:8d:06:4c:df:6e:51:81:25:86:f8:64:72:88:b2:d6:1b:d5:
         ed:ff:8a:27:4f:6c:ff:2b:81:3b:67:b3:c9:17:10:15:dc:e9:
         ba:bc:cd:27:8a:3c:f2:66:bc:33:79:d9:59:96:c2:f5:55:f5:
         3a:df:2f:d4:fe:a7:f2:07:da:4c:15:76:bc:65:9a:b6:b4:32:
         c1:5b:72:6f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiIC9+gWX9UWmahIsCMccAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwMTAxMTM0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjAwYjkyMzI0M2IyZjY5YTg0NGIzMjZmN2E1MGNiOTVmMmIzOWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dUFRHBh1SsgBHaWWba7Ei7AFUyi
sv5Ible9ZbfDlV81lthTvUxlWxN8UI7Vt8FVzQIKYjV+MbhL1QU/8h6r3314Vo4B
E8jux8lkaWAtKpQ/R9rxKMsap1nbUBynDwSwVCOj4mDberFR5f5ddycGYhuSdUoj
9Sa5qAlSjKzd1X7qkV8xvSxKR3xgwsAVLOyHX0slmOt1KTGArjWeanWNRdchc1nW
HhFDmjSKQrRdoqBQwtM2reEHGucBVzS+YdcGGQLgO6fCMFU0jP5z+0F7h5D0BK1o
RGH0cxT00ExKuCvaUZAuRZbt4U+ZMEazhaUXXbrZR6XcpNdo0yk0/1qgpQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK8AuSMkOy9pqESzJvelDLlfKznlMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvcndDNUl5UTdMMm1vUkxNbTk2VU11VjhyT2VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBG
MA0GCSqGSIb3DQEBCwUAA4IBAQBf3aFOmdw2vOnVPGG4TLuANX6QkWLROlz8S3dv
0meCGm86Ktb6GVNwgcDcmS9lBS5zEp65mv65SUvd59ONuBjKR/lGjDTgxpo/ucJM
bu8H53u7izGQ7Yris/DlvmknVGoj3edpmUhfiTqJrtlt3fyuxstGCeUQfUXInBna
F+/M+lWjI2AQc9AKl1eT6v/4o1Xq+MDC49eom2p+JZrpyycaSNeHJAZXnMV5bU/C
8NNJPJ+4Jl0gjQZM325RgSWG+GRyiLLWG9Xt/4onT2z/K4E7Z7PJFxAV3Om6vM0n
ijzyZrwzedlZlsL1VfU63y/U/qfyB9pMFXa8ZZq2tDLBW3Jv
-----END CERTIFICATE-----