Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/8b4147-e6e0-4d80-a93f-ef63b816dd35/1/iqIlnqBAsCP1vrTJxAKqWbAWks4.roa
File:                     iqIlnqBAsCP1vrTJxAKqWbAWks4.roa (raw, json)
Hash identifier:          vVI7diOsXRvyknJwGK7kF8IRY0rc+wCwnZKiMTGdaGM=
Subject key identifier:   8A:A2:25:9E:A0:40:B0:23:F5:BE:B4:C9:C4:02:AA:59:B0:16:92:CE
Certificate issuer:       /CN=e4d7aaa3d25c2f9ebbec74c830cc0cde9318c8f8
Certificate serial:       019425204082D21D3A792E7F6BA9AB3450C4
Authority key identifier: E4:D7:AA:A3:D2:5C:2F:9E:BB:EC:74:C8:30:CC:0C:DE:93:18:C8:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Neqo9JcL5677HTIMMwM3pMYyPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/8b4147-e6e0-4d80-a93f-ef63b816dd35/1/iqIlnqBAsCP1vrTJxAKqWbAWks4.roa
Signing time:             Thu 02 Jan 2025 03:47:38 +0000
ROA not before:           Thu 02 Jan 2025 03:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215568
IP address blocks:        2a01:f240::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/8b4147-e6e0-4d80-a93f-ef63b816dd35/1/5Neqo9JcL5677HTIMMwM3pMYyPg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/8b4147-e6e0-4d80-a93f-ef63b816dd35/1/5Neqo9JcL5677HTIMMwM3pMYyPg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Neqo9JcL5677HTIMMwM3pMYyPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 13:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:20:40:82:d2:1d:3a:79:2e:7f:6b:a9:ab:34:50:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4d7aaa3d25c2f9ebbec74c830cc0cde9318c8f8
        Validity
            Not Before: Jan  2 03:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8aa2259ea040b023f5beb4c9c402aa59b01692ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:70:34:e1:0e:5c:b6:a4:2f:fb:1f:7e:5c:f3:
                    b1:75:c2:3a:61:74:fc:39:99:01:fa:50:be:28:2c:
                    ce:d8:93:bf:79:e5:a2:d9:4e:b3:18:15:f2:cc:32:
                    54:60:ea:0a:ad:a7:bc:8d:1d:c1:70:71:90:cd:c2:
                    a5:6d:c1:e7:ec:07:42:7c:02:32:db:1c:3e:f6:50:
                    fd:6a:28:4d:64:18:71:a2:8a:da:ce:4f:8e:c1:80:
                    cb:fd:d9:83:be:8f:69:54:4f:2e:1a:76:74:e5:fa:
                    63:28:11:35:1e:b4:3a:00:d5:70:cb:ab:54:09:08:
                    cc:37:df:f5:ed:0e:70:4e:6f:f1:af:f9:93:d4:2b:
                    b3:78:78:6c:4a:9e:e5:58:0a:23:8a:ca:d5:b3:a3:
                    1f:15:04:ce:0f:41:e5:56:2a:f7:a6:4b:0d:46:51:
                    25:4a:c8:53:c5:01:47:c9:69:b0:ef:c9:37:d2:b9:
                    31:16:40:83:2c:4b:58:51:e7:c0:f2:80:4b:9a:27:
                    87:3a:dc:b5:17:86:19:23:55:2a:4a:9e:21:38:b2:
                    82:61:ac:9e:5a:00:eb:d1:db:62:1f:38:70:5e:24:
                    1c:18:ac:07:86:6c:3a:d2:42:1a:cb:f4:3c:ec:6c:
                    d7:6b:d0:f3:6d:0d:3b:81:1b:94:b5:15:b9:f0:01:
                    b2:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:A2:25:9E:A0:40:B0:23:F5:BE:B4:C9:C4:02:AA:59:B0:16:92:CE
            X509v3 Authority Key Identifier:
                keyid:E4:D7:AA:A3:D2:5C:2F:9E:BB:EC:74:C8:30:CC:0C:DE:93:18:C8:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Neqo9JcL5677HTIMMwM3pMYyPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/8b4147-e6e0-4d80-a93f-ef63b816dd35/1/iqIlnqBAsCP1vrTJxAKqWbAWks4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/8b4147-e6e0-4d80-a93f-ef63b816dd35/1/5Neqo9JcL5677HTIMMwM3pMYyPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f240::/29

    Signature Algorithm: sha256WithRSAEncryption
         9f:7e:cf:89:a8:31:69:6e:91:b3:b5:f6:20:b1:80:0f:4a:75:
         0e:81:6b:b6:71:2b:87:23:cc:88:7f:26:b2:37:dc:c1:15:8b:
         49:ce:47:55:63:1f:d2:bd:a5:14:86:d2:ed:ef:a9:95:4a:b2:
         5c:e9:28:bf:59:7b:10:53:29:82:1b:b1:17:17:3c:bd:39:7b:
         88:32:02:08:ea:ad:b0:e3:64:0f:25:53:68:04:e0:73:54:f6:
         4e:13:a1:24:35:21:93:6c:00:ef:fd:67:70:cc:d0:28:44:8c:
         49:6d:1b:94:1e:40:38:73:98:b1:26:cf:01:bf:ec:a2:be:ef:
         7f:e5:ff:e2:cb:af:27:7d:0a:38:e1:90:f0:f4:9a:ea:41:d1:
         f2:fd:0c:a8:6e:df:19:87:3f:05:27:fb:00:45:48:4a:09:dd:
         b3:ad:3b:24:b8:ec:25:41:33:54:2d:4e:5c:d6:83:2f:28:5d:
         67:73:78:8a:49:db:53:81:67:16:ca:08:bd:79:b4:b3:e3:b2:
         e6:bc:2b:47:86:42:f9:53:61:0a:f3:f4:3d:c0:f0:7e:54:48:
         2f:d2:45:dc:ef:c7:21:39:8b:2f:1b:53:b4:65:00:79:8e:b0:
         69:4f:09:31:ac:93:a4:80:17:05:0a:01:3f:6d:3d:26:60:7b:
         6b:26:29:ba
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQlIECC0h06eS5/a6mrNFDEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0ZDdhYWEzZDI1YzJmOWViYmVjNzRjODMwY2MwY2RlOTMx
OGM4ZjgwHhcNMjUwMTAyMDM0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWEyMjU5ZWEwNDBiMDIzZjViZWI0YzljNDAyYWE1OWIwMTY5MmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnA04Q5ctqQv+x9+XPOxdcI6YXT8
OZkB+lC+KCzO2JO/eeWi2U6zGBXyzDJUYOoKrae8jR3BcHGQzcKlbcHn7AdCfAIy
2xw+9lD9aihNZBhxoorazk+OwYDL/dmDvo9pVE8uGnZ05fpjKBE1HrQ6ANVwy6tU
CQjMN9/17Q5wTm/xr/mT1CuzeHhsSp7lWAojisrVs6MfFQTOD0HlVir3pksNRlEl
SshTxQFHyWmw78k30rkxFkCDLEtYUefA8oBLmieHOty1F4YZI1UqSp4hOLKCYaye
WgDr0dtiHzhwXiQcGKwHhmw60kIay/Q87GzXa9DzbQ07gRuUtRW58AGyjwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIqiJZ6gQLAj9b60ycQCqlmwFpLOMB8GA1UdIwQY
MBaAFOTXqqPSXC+eu+x0yDDMDN6TGMj4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU5lcW85SmNMNTY3N0hUSU1Nd00zcE1ZeVBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS84YjQxNDctZTZlMC00ZDgwLWE5M2Yt
ZWY2M2I4MTZkZDM1LzEvaXFJbG5xQkFzQ1AxdnJUSnhBS3FXYkFXa3M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS84YjQxNDctZTZlMC00ZDgwLWE5M2YtZWY2M2I4MTZkZDM1
LzEvNU5lcW85SmNMNTY3N0hUSU1Nd00zcE1ZeVBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHyQDAN
BgkqhkiG9w0BAQsFAAOCAQEAn37PiagxaW6Rs7X2ILGAD0p1DoFrtnErhyPMiH8m
sjfcwRWLSc5HVWMf0r2lFIbS7e+plUqyXOkov1l7EFMpghuxFxc8vTl7iDICCOqt
sONkDyVTaATgc1T2ThOhJDUhk2wA7/1ncMzQKESMSW0blB5AOHOYsSbPAb/sor7v
f+X/4suvJ30KOOGQ8PSa6kHR8v0MqG7fGYc/BSf7AEVISgnds607JLjsJUEzVC1O
XNaDLyhdZ3N4iknbU4FnFsoIvXm0s+Oy5rwrR4ZC+VNhCvP0PcDwflRIL9JF3O/H
ITmLLxtTtGUAeY6waU8JMayTpIAXBQoBP209JmB7ayYpug==
-----END CERTIFICATE-----