Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/4ioL667SswS6pk1EpbXpoIsKPCM.roa
File:                     4ioL667SswS6pk1EpbXpoIsKPCM.roa (raw, json)
Hash identifier:          dut5RjUxoDuFc6IxTCtPCLQt8pFIuU/Lk2rF/i42Chs=
Subject key identifier:   E2:2A:0B:EB:AE:D2:B3:04:BA:A6:4D:44:A5:B5:E9:A0:8B:0A:3C:23
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747EEF74543A9B66F8E690F85599C92
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/4ioL667SswS6pk1EpbXpoIsKPCM.roa
Signing time:             Thu 02 Jan 2025 13:50:13 +0000
ROA not before:           Thu 02 Jan 2025 13:50:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212450
IP address blocks:        2a0b:b87:ffa5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ee:f7:45:43:a9:b6:6f:8e:69:0f:85:59:9c:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e22a0bebaed2b304baa64d44a5b5e9a08b0a3c23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f0:71:e6:4b:70:58:f3:67:76:42:ca:0e:a0:
                    8c:bc:88:f1:a9:28:0f:0a:b7:b6:5b:3e:4f:b7:e2:
                    68:07:12:d4:f6:a8:ae:c9:5e:0a:73:fc:e1:63:de:
                    5a:c9:0d:3c:00:75:b3:f0:90:fe:47:9c:51:21:bf:
                    b7:24:49:a8:f8:91:6d:ec:df:6a:be:8b:ea:a4:95:
                    46:fb:d3:78:38:6e:55:3f:12:09:66:3c:87:5c:ee:
                    ee:e2:2c:ef:c3:cf:d4:de:63:44:3c:4b:b4:e9:1a:
                    d5:51:d9:02:24:ff:0b:9b:d8:08:92:d4:dd:1e:5a:
                    ba:6f:31:9e:c8:0a:20:f9:6d:18:76:a1:ed:a3:36:
                    a8:03:d9:0a:ed:ba:ac:9a:2b:a3:94:e1:73:e0:39:
                    84:57:4c:b5:d5:b2:fc:29:6a:60:88:cc:67:12:76:
                    8e:4b:90:ee:c8:e3:95:da:24:23:bb:eb:5d:34:78:
                    87:f8:66:2d:c1:46:f4:88:56:fb:e9:28:53:31:c4:
                    6f:48:3c:1a:35:e1:56:79:58:e7:0b:9b:0e:58:d8:
                    3d:18:c5:30:35:42:43:93:4d:8a:5e:52:0b:98:c8:
                    8e:75:9a:68:64:f2:5b:d2:49:a8:eb:64:54:9e:c7:
                    d7:6f:4b:6e:94:e8:99:59:61:cb:c3:eb:ad:61:d7:
                    1e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:2A:0B:EB:AE:D2:B3:04:BA:A6:4D:44:A5:B5:E9:A0:8B:0A:3C:23
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/4ioL667SswS6pk1EpbXpoIsKPCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffa5::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:70:08:a8:c0:4e:e4:38:80:7e:3a:0a:47:d3:dc:5d:18:55:
         7e:7e:54:c4:4a:1e:99:2e:1d:fe:6a:6a:b1:8f:9d:61:10:85:
         9c:4f:1a:3f:26:fa:d4:ee:54:d6:0a:9b:9c:88:aa:19:a9:d6:
         d3:91:cf:79:dc:8b:b1:25:77:e4:8b:31:bd:b9:89:44:de:61:
         8d:7c:33:f8:5e:0f:d6:fa:96:b5:a7:31:b6:dd:48:0a:00:48:
         ae:d0:a5:c3:d1:3d:5a:88:71:21:82:77:70:8a:6a:5e:1c:a5:
         27:9e:ef:0c:6a:77:a6:66:16:44:e1:fc:02:38:68:7e:27:4c:
         8a:dd:d3:43:d8:84:33:3b:27:61:ec:9d:9b:18:31:19:07:9f:
         68:76:ac:e4:52:57:33:f8:23:d2:d2:75:f6:02:ed:a1:80:cb:
         3e:a9:cd:20:da:5e:27:09:81:45:56:60:eb:c5:c5:a5:7f:b3:
         64:3b:d3:ad:72:03:df:eb:28:b1:36:e8:b4:42:47:81:35:aa:
         e5:3e:3e:9a:56:de:70:bf:81:16:7d:db:23:af:ce:98:d6:a5:
         38:8e:fd:22:b9:6b:76:b9:fa:59:e8:14:66:8b:79:ff:d6:08:
         b4:3a:48:2f:4e:55:8b:ff:3f:49:5e:8d:58:39:7c:42:9e:21:
         98:9a:70:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnR+73RUOptm+OaQ+FWZySMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjJhMGJlYmFlZDJiMzA0YmFhNjRkNDRhNWI1ZTlhMDhiMGEzYzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/Bx5ktwWPNndkLKDqCMvIjxqSgP
Cre2Wz5Pt+JoBxLU9qiuyV4Kc/zhY95ayQ08AHWz8JD+R5xRIb+3JEmo+JFt7N9q
vovqpJVG+9N4OG5VPxIJZjyHXO7u4izvw8/U3mNEPEu06RrVUdkCJP8Lm9gIktTd
Hlq6bzGeyAog+W0YdqHtozaoA9kK7bqsmiujlOFz4DmEV0y11bL8KWpgiMxnEnaO
S5DuyOOV2iQju+tdNHiH+GYtwUb0iFb76ShTMcRvSDwaNeFWeVjnC5sOWNg9GMUw
NUJDk02KXlILmMiOdZpoZPJb0kmo62RUnsfXb0tulOiZWWHLw+utYdceHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOIqC+uu0rMEuqZNRKW16aCLCjwjMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvNGlvTDY2N1Nzd1M2cGsxRXBiWHBvSXNLUENNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh/+l
MA0GCSqGSIb3DQEBCwUAA4IBAQCscAiowE7kOIB+OgpH09xdGFV+flTESh6ZLh3+
amqxj51hEIWcTxo/JvrU7lTWCpuciKoZqdbTkc953IuxJXfkizG9uYlE3mGNfDP4
Xg/W+pa1pzG23UgKAEiu0KXD0T1aiHEhgndwimpeHKUnnu8ManemZhZE4fwCOGh+
J0yK3dND2IQzOydh7J2bGDEZB59odqzkUlcz+CPS0nX2Au2hgMs+qc0g2l4nCYFF
VmDrxcWlf7NkO9OtcgPf6yixNui0QkeBNarlPj6aVt5wv4EWfdsjr86Y1qU4jv0i
uWt2ufpZ6BRmi3n/1gi0OkgvTlWL/z9JXo1YOXxCniGYmnAN
-----END CERTIFICATE-----