Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/k5Aqa-da4KH0XLB24n43hX_ycfY.roa
File:                     k5Aqa-da4KH0XLB24n43hX_ycfY.roa (raw, json)
Hash identifier:          W7GIeml4QidNLEYcrSPcEhMsiifqshzVO/aRAhmqOJQ=
Subject key identifier:   93:90:2A:6B:E7:5A:E0:A1:F4:5C:B0:76:E2:7E:37:85:7F:F2:71:F6
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       019538C2274B8DCD503D044B09EDD45579E1
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/k5Aqa-da4KH0XLB24n43hX_ycfY.roa
Signing time:             Mon 24 Feb 2025 16:20:02 +0000
ROA not before:           Mon 24 Feb 2025 16:20:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24845
IP address blocks:        2a02:102e::/32 maxlen: 32
                          2a02:102e:e::/48 maxlen: 48
                          2a02:102e:f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:38:c2:27:4b:8d:cd:50:3d:04:4b:09:ed:d4:55:79:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: Feb 24 16:20:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=93902a6be75ae0a1f45cb076e27e37857ff271f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:c4:77:9c:27:0e:04:42:de:69:e9:4d:b5:28:
                    40:6d:ee:af:17:06:af:0c:fa:94:90:8d:1d:15:66:
                    2b:0a:90:5b:0b:76:38:bf:56:44:62:34:b6:82:d2:
                    81:1e:ee:32:ae:38:5f:65:bf:07:c4:45:a2:b6:eb:
                    de:79:85:cf:0a:72:9c:b2:3e:38:ca:f9:5e:b9:09:
                    5e:45:cb:63:59:86:7b:c4:e6:97:31:50:5e:f6:ad:
                    04:2b:0a:3c:e8:5c:05:bc:4c:d2:85:88:4f:34:98:
                    21:71:43:5e:82:05:8d:e8:f6:ff:ee:90:c0:ff:19:
                    fd:f0:7e:65:b0:fc:3f:ba:94:72:23:8c:9b:95:d0:
                    1a:73:42:a5:5b:f8:66:97:c1:8a:93:0a:8e:69:cf:
                    9d:7c:80:24:78:e1:df:27:53:d5:c8:0c:34:8d:d0:
                    18:3a:cb:e6:4f:fa:ec:d1:9c:e0:81:70:7e:0e:5c:
                    eb:1f:ec:f5:a6:14:b5:dd:df:12:84:73:00:6c:12:
                    88:16:e5:46:87:2f:24:21:ef:9f:ec:62:63:be:c6:
                    1b:24:f3:c9:dc:21:12:03:67:a8:7a:8e:83:93:42:
                    07:f2:c9:62:c7:83:c5:8d:54:7a:0e:4f:53:48:80:
                    38:8f:51:8f:c5:d4:14:78:5a:be:53:73:33:b1:97:
                    0c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:90:2A:6B:E7:5A:E0:A1:F4:5C:B0:76:E2:7E:37:85:7F:F2:71:F6
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/k5Aqa-da4KH0XLB24n43hX_ycfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:102e::/32

    Signature Algorithm: sha256WithRSAEncryption
         54:37:b2:11:01:d1:eb:3a:97:d8:31:1e:9d:1c:4b:f4:f3:5c:
         23:4a:70:4d:a1:91:3f:ad:42:6f:3f:10:03:a3:7d:38:01:52:
         8c:00:ac:eb:26:b7:b7:2d:1b:aa:e7:53:4f:cd:ec:4d:ae:96:
         cd:e3:8f:04:27:f7:a9:35:2a:4b:2f:d6:6a:d6:0f:53:85:d6:
         3a:e2:67:4d:e7:ab:7a:c2:e4:18:b1:7f:a3:ae:6d:3f:53:cc:
         2d:df:07:bd:f8:88:56:f1:cc:02:a0:8c:2a:3a:40:38:c3:82:
         41:c6:17:6a:63:37:ad:5c:56:b1:9b:86:c7:bc:1e:0c:63:33:
         23:ff:91:2d:4d:58:99:67:7a:bf:c9:66:6d:31:02:f6:55:08:
         a8:21:6a:5c:9b:dd:70:85:78:86:7d:93:51:07:b0:38:d7:77:
         74:34:67:6c:0d:06:83:90:ca:87:de:2c:58:cf:89:32:f4:a3:
         2d:87:0e:91:bc:a3:86:de:f5:2c:5d:0b:86:ea:d2:c7:b3:be:
         27:ea:65:30:7e:b9:59:6f:c2:76:b9:05:2f:08:63:83:b3:81:
         fe:f0:23:3d:de:34:97:8f:19:cd:c3:71:c7:23:9b:10:36:a3:
         b2:36:09:c4:eb:5b:81:3b:c1:9a:3d:d8:1c:6d:81:34:f0:39:
         73:92:bf:2f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZU4widLjc1QPQRLCe3UVXnhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjUwMjI0MTYyMDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzkwMmE2YmU3NWFlMGExZjQ1Y2IwNzZlMjdlMzc4NTdmZjI3MWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cR3nCcOBELeaelNtShAbe6vFwav
DPqUkI0dFWYrCpBbC3Y4v1ZEYjS2gtKBHu4yrjhfZb8HxEWituveeYXPCnKcsj44
yvleuQleRctjWYZ7xOaXMVBe9q0EKwo86FwFvEzShYhPNJghcUNeggWN6Pb/7pDA
/xn98H5lsPw/upRyI4ybldAac0KlW/hml8GKkwqOac+dfIAkeOHfJ1PVyAw0jdAY
OsvmT/rs0ZzggXB+DlzrH+z1phS13d8ShHMAbBKIFuVGhy8kIe+f7GJjvsYbJPPJ
3CESA2eoeo6Dk0IH8slix4PFjVR6Dk9TSIA4j1GPxdQUeFq+U3MzsZcMMwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJOQKmvnWuCh9FywduJ+N4V/8nH2MB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvazVBcWEtZGE0S0gwWExCMjRuNDNoWF95Y2ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYtYTk2YzYyNjZhYmRi
LzEvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgIQLjAN
BgkqhkiG9w0BAQsFAAOCAQEAVDeyEQHR6zqX2DEenRxL9PNcI0pwTaGRP61Cbz8Q
A6N9OAFSjACs6ya3ty0bqudTT83sTa6WzeOPBCf3qTUqSy/WatYPU4XWOuJnTeer
esLkGLF/o65tP1PMLd8HvfiIVvHMAqCMKjpAOMOCQcYXamM3rVxWsZuGx7weDGMz
I/+RLU1YmWd6v8lmbTEC9lUIqCFqXJvdcIV4hn2TUQewONd3dDRnbA0Gg5DKh94s
WM+JMvSjLYcOkbyjht71LF0LhurSx7O+J+plMH65WW/CdrkFLwhjg7OB/vAjPd40
l48ZzcNxxyObEDajsjYJxOtbgTvBmj3YHG2BNPA5c5K/Lw==
-----END CERTIFICATE-----