Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/Hrw24NCuWIUCpkj_ixSA3ykRPr4.roa
File:                     Hrw24NCuWIUCpkj_ixSA3ykRPr4.roa (raw, json)
Hash identifier:          EL86DxycBZAbHkapsC+FVYde7DJDbg6IvsLrlIhK4Mg=
Subject key identifier:   1E:BC:36:E0:D0:AE:58:85:02:A6:48:FF:8B:14:80:DF:29:11:3E:BE
Certificate issuer:       /CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
Certificate serial:       019428255B0FC5CF5B40A9BBF302768904F9
Authority key identifier: B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/Hrw24NCuWIUCpkj_ixSA3ykRPr4.roa
Signing time:             Thu 02 Jan 2025 17:52:04 +0000
ROA not before:           Thu 02 Jan 2025 17:52:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33874
IP address blocks:        2a01:838::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:5b:0f:c5:cf:5b:40:a9:bb:f3:02:76:89:04:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
        Validity
            Not Before: Jan  2 17:52:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ebc36e0d0ae588502a648ff8b1480df29113ebe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e7:9e:bf:b8:d0:3f:b8:8a:9b:8e:76:c3:6b:
                    50:19:0d:95:f1:07:dd:e1:77:48:bd:9b:71:27:b9:
                    a3:19:48:87:9c:3d:58:1f:67:27:23:e6:ab:3e:25:
                    5e:fa:e4:be:5c:9c:4a:dd:24:76:1c:fe:27:56:4f:
                    38:1d:74:11:80:cd:e9:c4:20:3f:25:ea:14:5d:53:
                    9d:24:21:00:20:73:f2:ed:97:80:73:ab:c3:f0:75:
                    75:0d:c2:44:d3:4c:6c:47:4e:0f:64:03:98:8c:80:
                    a6:54:30:71:fc:8c:0f:bb:00:49:06:c2:04:cb:c2:
                    c4:80:43:30:af:d2:c2:82:61:6d:57:b5:cc:98:27:
                    9d:e9:2e:46:f1:bf:1d:44:de:02:f2:98:26:c7:1d:
                    fc:df:83:f7:73:6d:67:5b:82:b2:f7:ac:a5:84:e4:
                    ca:d8:cd:d1:14:bf:d7:7d:8f:10:ad:74:85:80:1b:
                    bb:bf:36:bb:0a:e0:84:e1:09:bf:66:bb:a4:60:1b:
                    be:3b:7c:63:b8:8b:c7:2c:b6:d5:7e:b3:a7:80:87:
                    ce:40:39:b0:70:18:87:6f:80:1c:c6:f4:9d:77:7e:
                    3d:89:c0:bd:67:08:eb:65:66:1e:98:31:49:e6:32:
                    7f:28:64:72:b9:4e:c8:d1:b1:df:9c:08:9a:1b:96:
                    ab:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:BC:36:E0:D0:AE:58:85:02:A6:48:FF:8B:14:80:DF:29:11:3E:BE
            X509v3 Authority Key Identifier:
                keyid:B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/Hrw24NCuWIUCpkj_ixSA3ykRPr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:838::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:05:67:c4:ae:43:aa:65:20:4b:d7:69:4a:90:25:cd:f7:9e:
         52:b3:57:aa:e5:f4:9d:bd:07:8c:d3:b9:51:ed:8c:3e:21:0b:
         91:fa:cb:97:02:32:67:9a:d8:40:db:d5:e5:d1:79:27:1a:9c:
         ec:4d:52:d9:7b:1c:58:f7:c1:ef:1d:0c:75:54:0d:f0:57:0b:
         f1:a8:c2:93:51:1b:cf:c1:e9:38:2e:96:53:b2:4b:e0:68:05:
         b9:57:f8:ef:22:0c:d4:51:af:9b:73:8e:dc:52:d6:b6:3c:ff:
         0b:fb:91:66:09:98:2b:29:74:3b:f6:93:20:05:24:db:41:c4:
         34:d5:a3:00:51:a4:38:ae:90:82:77:47:88:23:59:6e:9f:98:
         83:35:8c:bf:e9:a7:ed:bc:ae:fe:24:c3:0c:7f:dc:ac:d7:da:
         72:53:f2:09:ae:97:18:a0:49:2e:80:5e:4d:ab:30:59:76:2a:
         48:e2:36:5e:c1:e0:2c:2e:64:ae:0a:66:2d:f1:0f:09:ae:7e:
         a6:29:3d:88:2e:39:34:c2:94:16:1f:0a:bf:c9:9b:ee:97:31:
         9d:ba:1b:fa:98:60:48:82:b6:17:8e:a7:b1:39:92:dd:2c:e5:
         6b:d2:1f:9d:67:34:79:bf:a0:92:86:b3:79:7d:e7:ad:e2:44:
         9a:88:d6:8e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQoJVsPxc9bQKm78wJ2iQT5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYTVkOTk4NjNkYjJlNDliNDRmNmMzMjRlYjA0Mzg4ZmM3
NTE1ZDIwHhcNMjUwMTAyMTc1MjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWJjMzZlMGQwYWU1ODg1MDJhNjQ4ZmY4YjE0ODBkZjI5MTEzZWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwueev7jQP7iKm452w2tQGQ2V8Qfd
4XdIvZtxJ7mjGUiHnD1YH2cnI+arPiVe+uS+XJxK3SR2HP4nVk84HXQRgM3pxCA/
JeoUXVOdJCEAIHPy7ZeAc6vD8HV1DcJE00xsR04PZAOYjICmVDBx/IwPuwBJBsIE
y8LEgEMwr9LCgmFtV7XMmCed6S5G8b8dRN4C8pgmxx3834P3c21nW4Ky96ylhOTK
2M3RFL/XfY8QrXSFgBu7vza7CuCE4Qm/ZrukYBu+O3xjuIvHLLbVfrOngIfOQDmw
cBiHb4AcxvSdd349icC9ZwjrZWYemDFJ5jJ/KGRyuU7I0bHfnAiaG5ar6wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFB68NuDQrliFAqZI/4sUgN8pET6+MB8GA1UdIwQY
MBaAFLOl2Zhj2y5JtE9sMk6wQ4j8dRXSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAt
ZWVjNWQ1MGVmYTk0LzEvSHJ3MjROQ3VXSVVDcGtqX2l4U0EzeWtSUHI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAtZWVjNWQ1MGVmYTk0
LzEvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgEIODAN
BgkqhkiG9w0BAQsFAAOCAQEALQVnxK5DqmUgS9dpSpAlzfeeUrNXquX0nb0HjNO5
Ue2MPiELkfrLlwIyZ5rYQNvV5dF5Jxqc7E1S2XscWPfB7x0MdVQN8FcL8ajCk1Eb
z8HpOC6WU7JL4GgFuVf47yIM1FGvm3OO3FLWtjz/C/uRZgmYKyl0O/aTIAUk20HE
NNWjAFGkOK6QgndHiCNZbp+YgzWMv+mn7byu/iTDDH/crNfaclPyCa6XGKBJLoBe
TaswWXYqSOI2XsHgLC5krgpmLfEPCa5+pik9iC45NMKUFh8Kv8mb7pcxnbob+phg
SIK2F46nsTmS3Szla9IfnWc0eb+gkoazeX3nreJEmojWjg==
-----END CERTIFICATE-----