Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/JRsS63OEIg-RDEt77cmLzheKteg.roa
File:                     JRsS63OEIg-RDEt77cmLzheKteg.roa (raw, json)
Hash identifier:          6PR4Cpk+9BkN+AncsoVUiTEwpS1IqPFK3JqRVNAKG/Q=
Subject key identifier:   25:1B:12:EB:73:84:22:0F:91:0C:4B:7B:ED:C9:8B:CE:17:8A:B5:E8
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       0194258F14F0EE1FB53A403F53D41B9680DA
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/JRsS63OEIg-RDEt77cmLzheKteg.roa
Signing time:             Thu 02 Jan 2025 05:48:41 +0000
ROA not before:           Thu 02 Jan 2025 05:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213861
IP address blocks:        2a0e:8085::/32 maxlen: 32
                          2a0f:c084::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:14:f0:ee:1f:b5:3a:40:3f:53:d4:1b:96:80:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  2 05:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=251b12eb7384220f910c4b7bedc98bce178ab5e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d7:28:b4:96:47:ca:22:61:33:a6:fe:3d:1d:
                    a7:9b:b4:a4:27:77:c2:61:e5:cb:80:0c:51:91:c9:
                    09:86:c0:55:65:0d:80:bc:74:4a:b7:25:86:36:e3:
                    ad:b0:99:65:a5:a6:87:10:99:14:03:13:47:9e:fd:
                    d5:fe:76:dc:e7:c1:69:b7:8f:49:a4:61:5e:55:98:
                    d1:95:52:82:b9:b9:f2:b0:f7:63:df:ad:31:25:68:
                    2a:03:5f:be:2a:88:23:47:33:e3:47:2a:8c:8e:f6:
                    c8:79:63:ef:ac:ce:9b:ad:7e:ae:99:17:6b:a5:96:
                    ff:a1:7f:8c:fe:4a:79:b0:2e:61:e0:35:63:c3:b0:
                    b5:78:a5:a6:6a:87:ef:83:8d:46:14:70:f0:3f:83:
                    9c:0f:40:16:8c:6c:b1:ed:dc:6d:48:93:b7:c6:ce:
                    b6:2f:ea:47:10:e9:cf:58:bc:47:21:e1:26:c7:34:
                    1e:e0:83:96:99:af:a4:60:f0:5f:1d:5b:b5:a7:2c:
                    28:63:76:ae:f0:a8:12:f0:21:e7:bc:51:b6:f3:cf:
                    fb:95:b4:77:a9:f2:7f:1a:dd:3b:26:55:f6:80:a6:
                    25:c2:0d:e0:e0:71:71:e5:a5:59:9d:81:21:76:de:
                    b6:91:9c:91:cc:c9:0f:7c:5e:f1:cc:b5:f5:84:42:
                    97:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:1B:12:EB:73:84:22:0F:91:0C:4B:7B:ED:C9:8B:CE:17:8A:B5:E8
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/JRsS63OEIg-RDEt77cmLzheKteg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8085::/32
                  2a0f:c084::/32

    Signature Algorithm: sha256WithRSAEncryption
         84:5b:5f:e4:21:b7:72:bf:e8:d5:f7:3f:8d:13:0a:89:21:b4:
         38:48:3d:bc:6d:06:9d:48:a2:78:04:70:eb:d7:cb:fb:ec:26:
         f8:93:6d:ff:6a:fe:0c:87:c7:2d:50:ed:46:a8:29:62:1f:bd:
         61:c1:27:78:d7:06:60:3d:00:dd:48:2c:8a:bc:b6:b0:b5:eb:
         7e:95:0f:44:08:d1:79:0d:82:ef:8e:1e:77:31:66:d4:4e:b0:
         9e:15:51:c9:bd:43:00:86:81:20:67:20:9e:8b:bb:ab:7f:c0:
         c5:9f:a0:a6:8e:c9:37:21:b7:6b:6b:92:be:3d:ec:7f:aa:0f:
         1a:f7:38:eb:4b:61:d4:04:a4:da:d6:87:f8:13:f0:d7:4a:fc:
         28:c4:86:d4:5e:c8:11:7f:22:7c:0b:26:de:98:b2:05:8e:ce:
         a7:b2:a2:eb:35:d9:0a:69:1f:29:8d:27:2f:b0:6d:aa:8e:c0:
         e6:2b:c9:c1:5d:11:39:52:4a:72:6c:c5:4c:f1:27:08:a0:a4:
         43:31:f0:5a:8f:12:26:63:e8:59:38:0d:23:77:f9:10:3b:59:
         5b:e9:4c:b0:34:fa:40:24:1b:12:6c:46:c8:36:ae:db:2c:10:
         37:a9:1f:bc:af:a6:ac:2b:40:dc:52:43:ac:b8:6b:04:9d:02:
         d3:c0:09:a6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQljxTw7h+1OkA/U9QbloDaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjUwMTAyMDU0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTFiMTJlYjczODQyMjBmOTEwYzRiN2JlZGM5OGJjZTE3OGFiNWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9cotJZHyiJhM6b+PR2nm7SkJ3fC
YeXLgAxRkckJhsBVZQ2AvHRKtyWGNuOtsJllpaaHEJkUAxNHnv3V/nbc58Fpt49J
pGFeVZjRlVKCubnysPdj360xJWgqA1++KogjRzPjRyqMjvbIeWPvrM6brX6umRdr
pZb/oX+M/kp5sC5h4DVjw7C1eKWmaofvg41GFHDwP4OcD0AWjGyx7dxtSJO3xs62
L+pHEOnPWLxHIeEmxzQe4IOWma+kYPBfHVu1pywoY3au8KgS8CHnvFG288/7lbR3
qfJ/Gt07JlX2gKYlwg3g4HFx5aVZnYEhdt62kZyRzMkPfF7xzLX1hEKX/wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCUbEutzhCIPkQxLe+3Ji84XirXoMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvSlJzUzYzT0VJZy1SREV0NzdjbUx6aGVLdGVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg6AhQMF
ACoPwIQwDQYJKoZIhvcNAQELBQADggEBAIRbX+Qht3K/6NX3P40TCokhtDhIPbxt
Bp1IongEcOvXy/vsJviTbf9q/gyHxy1Q7UaoKWIfvWHBJ3jXBmA9AN1ILIq8trC1
636VD0QI0XkNgu+OHncxZtROsJ4VUcm9QwCGgSBnIJ6Lu6t/wMWfoKaOyTcht2tr
kr497H+qDxr3OOtLYdQEpNrWh/gT8NdK/CjEhtReyBF/InwLJt6YsgWOzqeyous1
2QppHymNJy+wbaqOwOYrycFdETlSSnJsxUzxJwigpEMx8FqPEiZj6Fk4DSN3+RA7
WVvpTLA0+kAkGxJsRsg2rtssEDepH7yvpqwrQNxSQ6y4awSdAtPACaY=
-----END CERTIFICATE-----