Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/3uRkplLO7hdNTmsonRByvLPg9us.roa
File:                     3uRkplLO7hdNTmsonRByvLPg9us.roa (raw, json)
Hash identifier:          /Fhlo0mC/kjn6DqlEuYWxKB1RCedCiV3fwGGd/9C9cA=
Subject key identifier:   DE:E4:64:A6:52:CE:EE:17:4D:4E:6B:28:9D:10:72:BC:B3:E0:F6:EB
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       0194258F48C32569C1997C1164332AEB09AE
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/3uRkplLO7hdNTmsonRByvLPg9us.roa
Signing time:             Thu 02 Jan 2025 05:48:54 +0000
ROA not before:           Thu 02 Jan 2025 05:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15562
IP address blocks:        2001:728:1808::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:48:c3:25:69:c1:99:7c:11:64:33:2a:eb:09:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 05:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dee464a652ceee174d4e6b289d1072bcb3e0f6eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:9b:ec:d5:ca:2f:43:41:b1:40:01:f7:28:68:
                    60:fc:2b:f5:84:84:52:e7:89:e4:87:f4:2f:a8:a1:
                    c3:a6:2a:7c:c2:d1:6d:ff:a4:8f:56:a7:0c:0a:5e:
                    2c:eb:a1:19:3f:72:40:98:ab:f8:a7:ee:ff:c5:51:
                    2a:9d:25:92:2f:5d:b5:9a:eb:8e:30:08:df:72:44:
                    e1:8b:68:4f:fa:53:9e:80:46:b7:da:09:0f:fb:e3:
                    d6:7c:09:35:8c:06:d4:7c:d4:59:2d:a9:ee:f2:f8:
                    2f:8c:4d:e4:78:cd:4d:ec:a5:fe:82:ea:a5:5a:56:
                    66:3e:be:ee:fe:10:dd:7f:fb:86:84:b9:5a:74:df:
                    51:8d:fd:7f:31:08:e7:05:ca:0a:3c:f0:92:d8:1e:
                    4a:8a:18:fb:84:72:22:02:50:22:78:9f:20:cf:15:
                    6b:92:b7:c2:a4:8a:e2:ae:0a:26:c0:ff:55:39:7e:
                    b8:af:04:02:15:6d:db:32:c0:69:24:93:d7:b6:a9:
                    8c:59:5a:b3:cc:df:d2:ab:5f:3c:9b:4e:f7:a7:ab:
                    69:15:73:1f:66:35:03:6a:81:77:a5:08:7e:4a:60:
                    b3:3d:05:f7:f9:01:fc:44:d3:35:37:d3:d7:66:ab:
                    7a:3a:3f:9d:dc:d8:ea:00:04:5c:b1:a0:e4:86:d8:
                    a2:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:E4:64:A6:52:CE:EE:17:4D:4E:6B:28:9D:10:72:BC:B3:E0:F6:EB
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/3uRkplLO7hdNTmsonRByvLPg9us.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:728:1808::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:f1:5f:fc:d7:c1:36:3f:5b:ce:49:bb:bb:94:3f:88:a2:ea:
         42:5c:c9:b2:50:3f:5e:85:2c:67:cd:4f:ae:4a:82:ad:90:56:
         4c:5f:75:4d:86:c4:15:bc:c6:d8:45:e2:f6:c2:9e:21:3a:5b:
         c5:bb:04:a0:06:d9:21:0f:cf:cb:e1:f0:9e:68:66:cf:dc:6f:
         f4:ce:e0:6a:22:4c:ca:e5:ff:76:a2:ae:60:dd:62:a2:a8:16:
         2b:30:13:97:bc:9d:c4:38:a8:e4:39:15:2c:0a:5e:7f:f2:33:
         55:63:ee:d8:4c:ba:06:cd:8d:cb:a1:bf:e8:de:f7:11:91:a4:
         22:39:3c:e8:76:c9:92:3f:79:93:ca:dd:b7:78:38:1a:ce:9a:
         cd:d4:de:29:01:b7:e6:89:e1:9f:ec:f5:be:ff:a5:ec:3b:ca:
         da:3e:b3:18:c4:fe:a0:64:a6:c4:e5:07:d2:d4:61:74:8e:83:
         22:4e:5e:c4:85:9c:79:a6:fc:0f:ca:bf:4d:ee:80:7a:fd:1d:
         1e:5b:7e:9a:dd:3d:45:f7:a0:91:da:4f:b5:fd:df:7b:b1:c3:
         d2:40:1e:1b:68:57:c3:c4:24:48:29:42:bb:92:c5:c8:ab:7f:
         62:1c:a0:de:fa:83:c7:4c:78:e5:90:b7:b7:18:c6:05:3b:d4:
         a6:82:8f:45
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlj0jDJWnBmXwRZDMq6wmuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjUwMTAyMDU0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWU0NjRhNjUyY2VlZTE3NGQ0ZTZiMjg5ZDEwNzJiY2IzZTBmNmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZvs1covQ0GxQAH3KGhg/Cv1hIRS
54nkh/QvqKHDpip8wtFt/6SPVqcMCl4s66EZP3JAmKv4p+7/xVEqnSWSL121muuO
MAjfckThi2hP+lOegEa32gkP++PWfAk1jAbUfNRZLanu8vgvjE3keM1N7KX+guql
WlZmPr7u/hDdf/uGhLladN9Rjf1/MQjnBcoKPPCS2B5Kihj7hHIiAlAieJ8gzxVr
krfCpIrirgomwP9VOX64rwQCFW3bMsBpJJPXtqmMWVqzzN/Sq188m073p6tpFXMf
ZjUDaoF3pQh+SmCzPQX3+QH8RNM1N9PXZqt6Oj+d3NjqAARcsaDkhtiilwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN7kZKZSzu4XTU5rKJ0Qcryz4PbrMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvM3VSa3BsTE83aGROVG1zb25SQnl2TFBnOXVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEHKBgI
MA0GCSqGSIb3DQEBCwUAA4IBAQCU8V/818E2P1vOSbu7lD+IoupCXMmyUD9ehSxn
zU+uSoKtkFZMX3VNhsQVvMbYReL2wp4hOlvFuwSgBtkhD8/L4fCeaGbP3G/0zuBq
IkzK5f92oq5g3WKiqBYrMBOXvJ3EOKjkORUsCl5/8jNVY+7YTLoGzY3Lob/o3vcR
kaQiOTzodsmSP3mTyt23eDgazprN1N4pAbfmieGf7PW+/6XsO8raPrMYxP6gZKbE
5QfS1GF0joMiTl7EhZx5pvwPyr9N7oB6/R0eW36a3T1F96CR2k+1/d97scPSQB4b
aFfDxCRIKUK7ksXIq39iHKDe+oPHTHjlkLe3GMYFO9Smgo9F
-----END CERTIFICATE-----