Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/tkuxtWzbusmwWQub2z4rjkdwXdc.roa
File:                     tkuxtWzbusmwWQub2z4rjkdwXdc.roa (raw, json)
Hash identifier:          JTVZbUmozTnvdMYKVuksSNIaPHfDAOZ4PEG/FbAO7wg=
Subject key identifier:   B6:4B:B1:B5:6C:DB:BA:C9:B0:59:0B:9B:DB:3E:2B:8E:47:70:5D:D7
Certificate issuer:       /CN=57130f799f8a8985502a2ea3356037674085cfca
Certificate serial:       0194221FA53ADB8E77B123B515B1C5CC29E2
Authority key identifier: 57:13:0F:79:9F:8A:89:85:50:2A:2E:A3:35:60:37:67:40:85:CF:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/tkuxtWzbusmwWQub2z4rjkdwXdc.roa
Signing time:             Wed 01 Jan 2025 13:48:06 +0000
ROA not before:           Wed 01 Jan 2025 13:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209527
IP address blocks:        2a0c:d041::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:a5:3a:db:8e:77:b1:23:b5:15:b1:c5:cc:29:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57130f799f8a8985502a2ea3356037674085cfca
        Validity
            Not Before: Jan  1 13:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b64bb1b56cdbbac9b0590b9bdb3e2b8e47705dd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:32:65:fa:c1:10:20:a9:82:00:98:a0:77:2b:
                    c7:08:6c:6e:9f:a6:b4:96:56:b7:22:fa:76:7f:1b:
                    03:0b:30:bb:87:ff:74:d9:fd:2a:0b:43:76:b4:16:
                    f7:65:1f:81:c3:36:fe:fb:fb:14:b9:3d:c6:b4:09:
                    b7:9b:06:98:ae:b7:4f:ad:40:34:2d:a7:0c:30:5a:
                    04:e3:0c:1a:0b:0d:02:c5:d9:6c:e4:17:54:9d:11:
                    53:fa:34:ea:b5:01:a6:0e:74:d9:0e:d1:5b:d1:52:
                    0e:50:5b:fb:3d:b2:c0:99:8a:46:98:8e:3c:ef:5c:
                    24:5d:4a:bf:dc:3d:b7:94:9e:c7:9b:d6:53:ec:b8:
                    b1:8f:20:be:87:db:9b:70:95:4f:e6:8d:1b:49:95:
                    80:d8:34:2e:90:a4:d4:5b:1c:ad:ff:dd:c6:aa:e1:
                    43:2b:12:3a:55:19:59:01:77:ea:83:9e:61:35:0e:
                    c4:b5:d5:4d:05:ef:31:40:e1:d6:91:61:b7:ce:c2:
                    8d:5a:1b:b5:e8:16:a3:ed:d0:87:ee:11:af:65:e7:
                    ec:23:8c:93:2e:e7:44:69:17:7a:a2:d2:0e:63:45:
                    a9:eb:93:03:c3:da:e0:20:56:ff:e4:7d:0b:3b:e7:
                    fd:19:7c:45:51:35:ff:a5:a8:62:0f:2f:25:d6:1b:
                    82:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:4B:B1:B5:6C:DB:BA:C9:B0:59:0B:9B:DB:3E:2B:8E:47:70:5D:D7
            X509v3 Authority Key Identifier:
                keyid:57:13:0F:79:9F:8A:89:85:50:2A:2E:A3:35:60:37:67:40:85:CF:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/tkuxtWzbusmwWQub2z4rjkdwXdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:d041::/32

    Signature Algorithm: sha256WithRSAEncryption
         02:12:0b:ef:94:4f:20:52:80:d9:9c:6d:93:23:ce:da:88:6f:
         29:00:bb:83:f7:ba:81:24:a2:42:b3:ef:3b:50:46:e4:9d:24:
         d4:26:5d:d1:b2:67:95:84:a7:f0:4a:b1:80:93:2d:a6:03:48:
         ec:fd:c9:70:f4:63:a0:5d:23:11:fd:c0:a4:2a:8f:3f:89:1c:
         59:8a:fd:55:4d:de:03:f0:b1:29:0c:a6:c7:94:b0:5e:96:b5:
         d3:e5:59:f8:3c:d0:1f:2b:a8:c8:21:58:9a:25:44:a3:cf:b0:
         96:92:0a:bb:f6:48:84:23:c9:c9:6d:f0:a0:03:1c:37:3b:a4:
         d4:93:10:ef:5d:77:c9:db:3d:ac:fe:d5:ea:d0:5d:1d:ff:70:
         a0:93:e1:eb:60:0b:18:bb:5d:3e:59:bf:a4:bd:c8:38:61:9e:
         2c:76:12:b0:12:ea:85:aa:c6:20:d5:5d:0c:06:a9:b3:aa:54:
         79:df:a2:a4:7f:f8:09:7d:18:0d:16:2c:ae:b6:50:ed:0b:84:
         6b:a4:0b:73:86:9e:84:d3:e6:b6:cd:f6:4d:60:8f:9b:dc:53:
         c3:bd:40:cc:1c:a0:45:69:09:0b:cd:a2:41:ac:bb:9c:84:bd:
         02:a9:5e:4b:3b:99:ff:e4:0d:34:0d:38:11:27:0c:09:4b:0b:
         2e:48:4c:27
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQiH6U62453sSO1FbHFzCniMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTMwZjc5OWY4YTg5ODU1MDJhMmVhMzM1NjAzNzY3NDA4
NWNmY2EwHhcNMjUwMTAxMTM0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjRiYjFiNTZjZGJiYWM5YjA1OTBiOWJkYjNlMmI4ZTQ3NzA1ZGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3TJl+sEQIKmCAJigdyvHCGxun6a0
lla3Ivp2fxsDCzC7h/902f0qC0N2tBb3ZR+Bwzb++/sUuT3GtAm3mwaYrrdPrUA0
LacMMFoE4wwaCw0Cxdls5BdUnRFT+jTqtQGmDnTZDtFb0VIOUFv7PbLAmYpGmI48
71wkXUq/3D23lJ7Hm9ZT7LixjyC+h9ubcJVP5o0bSZWA2DQukKTUWxyt/93GquFD
KxI6VRlZAXfqg55hNQ7EtdVNBe8xQOHWkWG3zsKNWhu16Baj7dCH7hGvZefsI4yT
LudEaRd6otIOY0Wp65MDw9rgIFb/5H0LO+f9GXxFUTX/pahiDy8l1huCzQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLZLsbVs27rJsFkLm9s+K45HcF3XMB8GA1UdIwQY
MBaAFFcTD3mfiomFUCouozVgN2dAhc/KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhNUGVaLUtpWVZRS2k2ak5XQTNaMENGejhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi81MTgxZGUtNDRjZC00NjU0LTk2ZmMt
ZDNiOTBhOWI5YjQxLzEvdGt1eHRXemJ1c213V1F1YjJ6NHJqa2R3WGRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi81MTgxZGUtNDRjZC00NjU0LTk2ZmMtZDNiOTBhOWI5YjQx
LzEvVnhNUGVaLUtpWVZRS2k2ak5XQTNaMENGejhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgzQQTAN
BgkqhkiG9w0BAQsFAAOCAQEAAhIL75RPIFKA2ZxtkyPO2ohvKQC7g/e6gSSiQrPv
O1BG5J0k1CZd0bJnlYSn8EqxgJMtpgNI7P3JcPRjoF0jEf3ApCqPP4kcWYr9VU3e
A/CxKQymx5SwXpa10+VZ+DzQHyuoyCFYmiVEo8+wlpIKu/ZIhCPJyW3woAMcNzuk
1JMQ7113yds9rP7V6tBdHf9woJPh62ALGLtdPlm/pL3IOGGeLHYSsBLqharGINVd
DAaps6pUed+ipH/4CX0YDRYsrrZQ7QuEa6QLc4aehNPmts32TWCPm9xTw71AzByg
RWkJC82iQay7nIS9AqleSzuZ/+QNNA04EScMCUsLLkhMJw==
-----END CERTIFICATE-----