Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/4bEGcfHd_w1hv-Zgrf8mtzNQOF8.roa
File:                     4bEGcfHd_w1hv-Zgrf8mtzNQOF8.roa (raw, json)
Hash identifier:          Yz5lhUK8jG4fxty/HMD7XY7daqUIEiCINpgWbEB+eSk=
Subject key identifier:   E1:B1:06:71:F1:DD:FF:0D:61:BF:E6:60:AD:FF:26:B7:33:50:38:5F
Certificate issuer:       /CN=53c912a0411bb0174507092d0ca35a91ad79905c
Certificate serial:       0194228D1322800FFDA77DDFBFEAF4B79BCC
Authority key identifier: 53:C9:12:A0:41:1B:B0:17:45:07:09:2D:0C:A3:5A:91:AD:79:90:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U8kSoEEbsBdFBwktDKNaka15kFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/4bEGcfHd_w1hv-Zgrf8mtzNQOF8.roa
Signing time:             Wed 01 Jan 2025 15:47:38 +0000
ROA not before:           Wed 01 Jan 2025 15:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28878
IP address blocks:        2a07:cb82::/32 maxlen: 32
                          2a07:cb84::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/U8kSoEEbsBdFBwktDKNaka15kFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/U8kSoEEbsBdFBwktDKNaka15kFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U8kSoEEbsBdFBwktDKNaka15kFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:13:22:80:0f:fd:a7:7d:df:bf:ea:f4:b7:9b:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53c912a0411bb0174507092d0ca35a91ad79905c
        Validity
            Not Before: Jan  1 15:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1b10671f1ddff0d61bfe660adff26b73350385f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fe:e2:b6:7a:6c:82:25:53:81:09:16:11:44:
                    0d:75:19:37:c1:50:b7:19:96:f4:1d:0d:be:0a:df:
                    ce:7b:3c:e0:e5:ed:ca:1c:e7:9d:54:52:41:00:8d:
                    66:9a:1c:3c:b8:e8:d2:0a:fc:47:4f:f7:b8:05:6c:
                    80:f0:32:ae:7a:df:4b:67:c1:23:5f:24:10:96:8b:
                    48:f5:d9:bf:73:1e:19:3b:19:ca:4e:bb:e1:eb:8a:
                    c9:cb:ab:03:0e:51:70:76:e5:95:31:85:3a:c4:42:
                    16:0a:2e:e3:d8:fa:10:56:38:0f:6f:5c:f4:01:3c:
                    14:ff:70:f4:13:5b:af:da:f6:b2:3e:69:67:a3:22:
                    15:f5:80:c0:b0:bc:09:46:3b:79:a2:ae:36:86:be:
                    a2:ea:87:e0:e5:e3:0e:8e:ed:58:bb:18:54:fd:22:
                    82:b7:ed:29:68:df:40:e8:aa:8a:cf:6f:a6:3a:d2:
                    f5:2d:9f:33:66:c4:8c:41:06:ad:3e:89:a8:9e:39:
                    67:1d:50:de:0b:26:ba:af:b4:4b:5c:29:79:a3:bb:
                    ca:65:4e:65:5b:56:ea:fa:44:cd:3b:55:f2:46:4e:
                    b4:f9:6f:3f:b9:ca:8d:b7:1c:a3:8d:49:c0:3b:88:
                    fa:08:a0:44:33:1b:7c:7f:68:3f:37:05:45:4d:db:
                    01:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:B1:06:71:F1:DD:FF:0D:61:BF:E6:60:AD:FF:26:B7:33:50:38:5F
            X509v3 Authority Key Identifier:
                keyid:53:C9:12:A0:41:1B:B0:17:45:07:09:2D:0C:A3:5A:91:AD:79:90:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U8kSoEEbsBdFBwktDKNaka15kFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/4bEGcfHd_w1hv-Zgrf8mtzNQOF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/U8kSoEEbsBdFBwktDKNaka15kFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:cb82::/32
                  2a07:cb84::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:6f:9f:d9:ae:c8:e9:07:b1:6f:c9:e4:d4:64:97:c6:95:50:
         bd:09:9b:dc:e7:e6:33:f1:e3:45:54:de:52:ca:82:db:b9:e7:
         5b:99:5a:3c:91:16:d8:60:32:6b:59:01:fa:ee:ba:0d:58:01:
         b0:3e:15:49:2e:d7:59:44:46:36:a7:ca:8f:b5:cd:08:03:18:
         f0:81:c3:dc:af:16:e2:80:06:ac:c9:db:55:06:34:2c:64:7a:
         b5:c1:11:21:af:e2:1b:e5:e2:6a:12:61:88:6e:e5:c4:f1:1c:
         fc:f8:c0:74:48:48:e2:36:53:e9:d9:23:e0:8b:01:7c:55:c7:
         d7:cb:59:7b:47:e5:1a:70:aa:1f:0d:99:7e:4a:32:08:40:73:
         89:b5:cc:1d:53:8e:0e:28:58:e5:d4:d1:48:a8:33:a6:45:66:
         e7:3d:4c:34:6d:3b:f5:1b:b6:b6:e2:5c:f4:f6:bd:57:05:8b:
         fd:27:a1:97:b8:90:95:45:6a:50:4c:24:42:ac:b9:9f:dd:d1:
         c3:2b:e2:1b:50:76:3f:81:d8:d4:f1:43:c7:33:7d:bb:cf:9a:
         75:15:ae:63:e3:f4:fb:48:3a:c1:a8:09:63:17:27:d7:67:19:
         43:e5:78:15:e7:ce:8a:58:16:02:9f:58:f0:91:5f:04:11:63:
         a8:f9:67:18
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQijRMigA/9p33fv+r0t5vMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYzkxMmEwNDExYmIwMTc0NTA3MDkyZDBjYTM1YTkxYWQ3
OTkwNWMwHhcNMjUwMTAxMTU0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWIxMDY3MWYxZGRmZjBkNjFiZmU2NjBhZGZmMjZiNzMzNTAzODVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwf7itnpsgiVTgQkWEUQNdRk3wVC3
GZb0HQ2+Ct/Oezzg5e3KHOedVFJBAI1mmhw8uOjSCvxHT/e4BWyA8DKuet9LZ8Ej
XyQQlotI9dm/cx4ZOxnKTrvh64rJy6sDDlFwduWVMYU6xEIWCi7j2PoQVjgPb1z0
ATwU/3D0E1uv2vayPmlnoyIV9YDAsLwJRjt5oq42hr6i6ofg5eMOju1YuxhU/SKC
t+0paN9A6KqKz2+mOtL1LZ8zZsSMQQatPomonjlnHVDeCya6r7RLXCl5o7vKZU5l
W1bq+kTNO1XyRk60+W8/ucqNtxyjjUnAO4j6CKBEMxt8f2g/NwVFTdsB8wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOGxBnHx3f8NYb/mYK3/JrczUDhfMB8GA1UdIwQY
MBaAFFPJEqBBG7AXRQcJLQyjWpGteZBcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVThrU29FRWJzQmRGQndrdERLTmFrYTE1a0Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9kNzdlNjAtODkxNi00Zjk2LThlZDAt
ZTIxYzQzNmI2MmVmLzEvNGJFR2NmSGRfdzFodi1aZ3JmOG10ek5RT0Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9kNzdlNjAtODkxNi00Zjk2LThlZDAtZTIxYzQzNmI2MmVm
LzEvVThrU29FRWJzQmRGQndrdERLTmFrYTE1a0Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgfLggMF
ACoHy4QwDQYJKoZIhvcNAQELBQADggEBAAdvn9muyOkHsW/J5NRkl8aVUL0Jm9zn
5jPx40VU3lLKgtu551uZWjyRFthgMmtZAfruug1YAbA+FUku11lERjanyo+1zQgD
GPCBw9yvFuKABqzJ21UGNCxkerXBESGv4hvl4moSYYhu5cTxHPz4wHRISOI2U+nZ
I+CLAXxVx9fLWXtH5Rpwqh8NmX5KMghAc4m1zB1Tjg4oWOXU0UioM6ZFZuc9TDRt
O/UbtrbiXPT2vVcFi/0noZe4kJVFalBMJEKsuZ/d0cMr4htQdj+B2NTxQ8czfbvP
mnUVrmPj9PtIOsGoCWMXJ9dnGUPleBXnzopYFgKfWPCRXwQRY6j5Zxg=
-----END CERTIFICATE-----