Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/247ee2-2365-4768-977f-fefa1abaedcf/1/fQVuwKT50hbkCaxxsedkAc4v4DM.roa
File:                     fQVuwKT50hbkCaxxsedkAc4v4DM.roa (raw, json)
Hash identifier:          7+f7vmuufbnUl5kubA16fvBKejBnvUX170UQ3Kwi8yM=
Subject key identifier:   7D:05:6E:C0:A4:F9:D2:16:E4:09:AC:71:B1:E7:64:01:CE:2F:E0:33
Certificate issuer:       /CN=4dbd0b135a7dfd6b6aa1b1849eb163402de8e1b1
Certificate serial:       019423D7DB13C0F8465EF8BAB269A1A90633
Authority key identifier: 4D:BD:0B:13:5A:7D:FD:6B:6A:A1:B1:84:9E:B1:63:40:2D:E8:E1:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tb0LE1p9_WtqobGEnrFjQC3o4bE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/247ee2-2365-4768-977f-fefa1abaedcf/1/fQVuwKT50hbkCaxxsedkAc4v4DM.roa
Signing time:             Wed 01 Jan 2025 21:48:56 +0000
ROA not before:           Wed 01 Jan 2025 21:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25160
IP address blocks:        2a10:d700::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/247ee2-2365-4768-977f-fefa1abaedcf/1/Tb0LE1p9_WtqobGEnrFjQC3o4bE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/247ee2-2365-4768-977f-fefa1abaedcf/1/Tb0LE1p9_WtqobGEnrFjQC3o4bE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tb0LE1p9_WtqobGEnrFjQC3o4bE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:db:13:c0:f8:46:5e:f8:ba:b2:69:a1:a9:06:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dbd0b135a7dfd6b6aa1b1849eb163402de8e1b1
        Validity
            Not Before: Jan  1 21:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d056ec0a4f9d216e409ac71b1e76401ce2fe033
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:25:4c:31:66:6b:11:00:33:cc:b9:d1:bf:d5:
                    d4:4e:13:40:e0:e5:06:6f:71:e6:f9:f0:06:cd:0d:
                    fb:f8:d4:23:b4:8a:5f:99:14:16:16:cd:98:3b:6f:
                    33:05:7d:e5:03:7f:47:cc:5e:9d:d1:1c:78:d9:28:
                    72:5d:de:0d:1a:1e:81:91:be:e7:81:ab:9b:96:f7:
                    08:58:31:48:c8:e0:44:75:8f:cf:c3:1a:77:8a:80:
                    cb:fa:83:5f:29:e4:3e:e4:46:40:60:54:de:2d:09:
                    9b:bd:c1:38:4d:a8:12:4c:b4:dd:a4:6a:05:5a:6b:
                    57:7e:11:b9:01:59:86:ee:d1:eb:7d:7c:db:4b:dd:
                    11:87:67:b3:23:5a:07:ec:a8:8e:60:62:ee:15:2a:
                    5b:44:29:a8:23:53:20:96:31:c8:03:41:db:e7:da:
                    b2:6a:79:98:1e:61:26:8a:7c:a1:52:5a:2a:b8:af:
                    98:a1:ed:c0:59:3f:c5:0d:15:02:3e:08:11:e7:cc:
                    c5:e2:3c:72:87:f7:1e:d9:e4:4d:ea:f8:0c:e8:4c:
                    aa:25:6c:e0:6d:32:fe:82:08:f4:ab:95:67:ab:b3:
                    b9:38:7c:64:6c:91:a3:12:64:90:8d:05:98:ca:51:
                    a6:5a:8b:3b:8d:11:d2:64:7b:df:bc:1e:31:98:b3:
                    8e:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:05:6E:C0:A4:F9:D2:16:E4:09:AC:71:B1:E7:64:01:CE:2F:E0:33
            X509v3 Authority Key Identifier:
                keyid:4D:BD:0B:13:5A:7D:FD:6B:6A:A1:B1:84:9E:B1:63:40:2D:E8:E1:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tb0LE1p9_WtqobGEnrFjQC3o4bE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/247ee2-2365-4768-977f-fefa1abaedcf/1/fQVuwKT50hbkCaxxsedkAc4v4DM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/247ee2-2365-4768-977f-fefa1abaedcf/1/Tb0LE1p9_WtqobGEnrFjQC3o4bE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:d700::/29

    Signature Algorithm: sha256WithRSAEncryption
         66:11:ba:6f:c0:20:a6:53:e2:bf:92:2c:dd:e0:69:4b:46:29:
         26:7a:cb:be:c7:09:55:80:94:27:ab:ee:a6:a0:f3:d3:9f:54:
         27:03:96:6b:e1:74:63:82:b1:fd:ab:d0:e6:e8:c0:6b:0f:6e:
         e9:27:ff:69:0f:ec:67:67:c7:b2:d4:66:55:66:c2:c8:aa:00:
         09:92:ca:9b:9d:1c:c1:90:db:2f:04:13:d7:65:c3:c0:ec:76:
         47:16:f3:4c:bd:05:e8:71:df:b9:cc:7d:aa:61:45:49:3a:97:
         69:9d:0c:43:71:df:40:af:4b:1c:f9:16:61:be:61:40:5e:0f:
         06:6e:87:4f:53:11:6a:6d:1d:ee:41:8a:e7:93:35:83:98:33:
         d3:cb:4a:eb:54:19:3d:61:bf:90:ce:8f:d5:55:4a:43:d3:94:
         b0:25:31:b3:b3:63:30:6d:29:69:b5:02:67:0e:46:77:2a:32:
         f3:d3:36:8a:bc:da:23:23:f2:37:06:31:96:4f:f4:94:9f:dc:
         e4:49:44:04:78:2f:0e:d6:41:16:5e:b3:64:39:ea:e2:e8:96:
         5c:2a:2d:a0:e8:46:e4:e6:e5:f9:d2:61:b0:70:ae:1f:62:96:
         b8:27:be:76:7a:55:ce:80:c5:0c:c9:ca:9d:aa:73:b3:51:80:
         62:8d:75:66
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQj19sTwPhGXvi6smmhqQYzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYmQwYjEzNWE3ZGZkNmI2YWExYjE4NDllYjE2MzQwMmRl
OGUxYjEwHhcNMjUwMTAxMjE0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDA1NmVjMGE0ZjlkMjE2ZTQwOWFjNzFiMWU3NjQwMWNlMmZlMDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyVMMWZrEQAzzLnRv9XUThNA4OUG
b3Hm+fAGzQ37+NQjtIpfmRQWFs2YO28zBX3lA39HzF6d0Rx42ShyXd4NGh6Bkb7n
gaublvcIWDFIyOBEdY/Pwxp3ioDL+oNfKeQ+5EZAYFTeLQmbvcE4TagSTLTdpGoF
WmtXfhG5AVmG7tHrfXzbS90Rh2ezI1oH7KiOYGLuFSpbRCmoI1MgljHIA0Hb59qy
anmYHmEminyhUloquK+Yoe3AWT/FDRUCPggR58zF4jxyh/ce2eRN6vgM6EyqJWzg
bTL+ggj0q5Vnq7O5OHxkbJGjEmSQjQWYylGmWos7jRHSZHvfvB4xmLOOpQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFH0FbsCk+dIW5AmscbHnZAHOL+AzMB8GA1UdIwQY
MBaAFE29CxNaff1raqGxhJ6xY0At6OGxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGIwTEUxcDlfV3Rxb2JHRW5yRmpRQzNvNGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8yNDdlZTItMjM2NS00NzY4LTk3N2Yt
ZmVmYTFhYmFlZGNmLzEvZlFWdXdLVDUwaGJrQ2F4eHNlZGtBYzR2NERNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8yNDdlZTItMjM2NS00NzY4LTk3N2YtZmVmYTFhYmFlZGNm
LzEvVGIwTEUxcDlfV3Rxb2JHRW5yRmpRQzNvNGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhDXADAN
BgkqhkiG9w0BAQsFAAOCAQEAZhG6b8AgplPiv5Is3eBpS0YpJnrLvscJVYCUJ6vu
pqDz059UJwOWa+F0Y4Kx/avQ5ujAaw9u6Sf/aQ/sZ2fHstRmVWbCyKoACZLKm50c
wZDbLwQT12XDwOx2RxbzTL0F6HHfucx9qmFFSTqXaZ0MQ3HfQK9LHPkWYb5hQF4P
Bm6HT1MRam0d7kGK55M1g5gz08tK61QZPWG/kM6P1VVKQ9OUsCUxs7NjMG0pabUC
Zw5Gdyoy89M2irzaIyPyNwYxlk/0lJ/c5ElEBHgvDtZBFl6zZDnq4uiWXCotoOhG
5Obl+dJhsHCuH2KWuCe+dnpVzoDFDMnKnapzs1GAYo11Zg==
-----END CERTIFICATE-----