Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/w4BFMIHTNaFjHcRjMoBiDbI7zmk.roa
File:                     w4BFMIHTNaFjHcRjMoBiDbI7zmk.roa (raw, json)
Hash identifier:          vJoeMgJNOYp1THBJib5QAyACrsySmDjtx1d5b0MPo9k=
Subject key identifier:   C3:80:45:30:81:D3:35:A1:63:1D:C4:63:32:80:62:0D:B2:3B:CE:69
Certificate issuer:       /CN=8817aafec61c3a6b024b6a9f54ffb764ca3df922
Certificate serial:       019428257F20245F11BAB766B4FA0F380079
Authority key identifier: 88:17:AA:FE:C6:1C:3A:6B:02:4B:6A:9F:54:FF:B7:64:CA:3D:F9:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/w4BFMIHTNaFjHcRjMoBiDbI7zmk.roa
Signing time:             Thu 02 Jan 2025 17:52:13 +0000
ROA not before:           Thu 02 Jan 2025 17:52:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2a13:27c0:10::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:7f:20:24:5f:11:ba:b7:66:b4:fa:0f:38:00:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8817aafec61c3a6b024b6a9f54ffb764ca3df922
        Validity
            Not Before: Jan  2 17:52:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c380453081d335a1631dc4633280620db23bce69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:eb:6e:48:be:c1:a8:b4:66:80:50:d6:b5:19:
                    ae:f3:d8:e5:1e:82:cb:b7:e9:dc:e6:cf:9e:21:0b:
                    dd:69:3d:ff:71:4f:e1:e9:66:23:ec:05:97:9d:cd:
                    37:38:d3:4f:b2:58:5f:23:22:cc:9b:0f:6b:16:36:
                    34:13:8d:b9:66:28:7c:24:02:0c:24:68:d2:f9:fe:
                    07:dd:08:bd:d5:f8:47:5e:d3:10:e0:f9:29:6c:9b:
                    16:37:6a:0d:56:ce:c4:99:78:22:87:4f:5d:b0:ee:
                    05:18:cb:17:60:da:ee:34:54:1a:64:d1:76:65:cc:
                    74:61:a5:6c:90:6d:9c:4a:5f:31:14:8d:ba:44:24:
                    bd:7e:10:8f:0a:b6:9c:c3:60:e4:43:71:23:76:77:
                    ee:4d:d1:32:e5:dd:1c:de:be:11:0f:a1:cc:7b:cc:
                    f0:cc:6a:f6:91:bf:73:f2:70:4b:9b:05:0b:85:11:
                    5f:89:6f:df:03:ae:e8:34:4b:fb:7b:af:e6:12:18:
                    ac:9d:4b:0c:31:85:63:1c:21:31:58:15:cf:16:17:
                    13:c9:7e:58:6d:57:f2:71:00:12:99:c1:9e:a0:b5:
                    46:93:eb:6b:94:d6:44:ea:3f:0e:5f:9a:6e:05:a4:
                    90:f5:96:77:b9:9e:f6:c8:49:8e:ce:4d:f7:90:06:
                    51:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:80:45:30:81:D3:35:A1:63:1D:C4:63:32:80:62:0D:B2:3B:CE:69
            X509v3 Authority Key Identifier:
                keyid:88:17:AA:FE:C6:1C:3A:6B:02:4B:6A:9F:54:FF:B7:64:CA:3D:F9:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/w4BFMIHTNaFjHcRjMoBiDbI7zmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:27c0:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         37:74:ab:bc:ae:fb:a1:e7:f3:7b:4f:95:56:8f:87:92:1f:52:
         cd:76:00:33:65:7d:c9:4d:ab:09:28:5b:f2:e7:9b:32:5e:c5:
         19:8f:08:fc:b7:76:56:c9:ef:f6:71:aa:8d:7f:3f:33:48:38:
         0e:75:e0:65:44:78:4c:ae:19:d6:c1:fa:e5:99:62:bc:d0:61:
         4c:f7:58:47:13:06:5e:93:ed:52:7a:ec:d0:2b:84:20:f7:70:
         f3:c4:07:4f:d8:6a:3a:f8:40:a6:5b:dc:15:b5:0e:38:16:36:
         3c:11:1d:a5:53:d0:09:34:d3:dc:70:79:cd:7c:0a:2e:1a:cb:
         89:fc:6d:9e:04:8b:d2:0e:a9:84:de:74:76:9c:2d:4e:71:53:
         81:48:a8:10:4d:5f:9e:71:14:fc:ec:1c:2b:53:59:a3:20:08:
         cc:08:95:64:86:ea:f8:a6:78:51:70:a1:50:58:b1:32:69:18:
         74:ca:36:07:0d:ad:38:dc:1f:a5:91:60:9c:9e:c2:b4:99:b3:
         c0:35:5d:d0:d3:d4:82:01:cd:11:9b:00:f6:e4:74:c0:03:f9:
         5b:59:c3:c9:85:be:88:dc:b7:1c:8f:09:8d:d8:79:51:ae:bc:
         85:4f:0f:34:1e:f1:80:d3:cb:99:7b:39:3c:33:d8:aa:98:20:
         70:a0:51:18
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQoJX8gJF8RurdmtPoPOAB5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MTdhYWZlYzYxYzNhNmIwMjRiNmE5ZjU0ZmZiNzY0Y2Ez
ZGY5MjIwHhcNMjUwMTAyMTc1MjEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzgwNDUzMDgxZDMzNWExNjMxZGM0NjMzMjgwNjIwZGIyM2JjZTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApetuSL7BqLRmgFDWtRmu89jlHoLL
t+nc5s+eIQvdaT3/cU/h6WYj7AWXnc03ONNPslhfIyLMmw9rFjY0E425Zih8JAIM
JGjS+f4H3Qi91fhHXtMQ4PkpbJsWN2oNVs7EmXgih09dsO4FGMsXYNruNFQaZNF2
Zcx0YaVskG2cSl8xFI26RCS9fhCPCracw2DkQ3EjdnfuTdEy5d0c3r4RD6HMe8zw
zGr2kb9z8nBLmwULhRFfiW/fA67oNEv7e6/mEhisnUsMMYVjHCExWBXPFhcTyX5Y
bVfycQASmcGeoLVGk+trlNZE6j8OX5puBaSQ9ZZ3uZ72yEmOzk33kAZRewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMOARTCB0zWhYx3EYzKAYg2yO85pMB8GA1UdIwQY
MBaAFIgXqv7GHDprAktqn1T/t2TKPfkiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUJlcV9zWWNPbXNDUzJxZlZQLTNaTW85LVNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9mZTJkNzItYzJkZC00NmMxLTk0Mjkt
ZTY2MzY5NjQ5NDExLzEvdzRCRk1JSFROYUZqSGNSak1vQmlEYkk3em1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9mZTJkNzItYzJkZC00NmMxLTk0MjktZTY2MzY5NjQ5NDEx
LzEvaUJlcV9zWWNPbXNDUzJxZlZQLTNaTW85LVNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhMnwAAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA3dKu8rvuh5/N7T5VWj4eSH1LNdgAzZX3JTasJ
KFvy55syXsUZjwj8t3ZWye/2caqNfz8zSDgOdeBlRHhMrhnWwfrlmWK80GFM91hH
EwZek+1SeuzQK4Qg93DzxAdP2Go6+ECmW9wVtQ44FjY8ER2lU9AJNNPccHnNfAou
GsuJ/G2eBIvSDqmE3nR2nC1OcVOBSKgQTV+ecRT87BwrU1mjIAjMCJVkhur4pnhR
cKFQWLEyaRh0yjYHDa043B+lkWCcnsK0mbPANV3Q09SCAc0RmwD25HTAA/lbWcPJ
hb6I3LccjwmN2HlRrryFTw80HvGA08uZezk8M9iqmCBwoFEY
-----END CERTIFICATE-----