Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/7e1057-3d1a-4f6a-bf87-cfa8f9d9f81c/1/VEtZZf9DCZWbNoKnf7FdIgrreS8.roa
File:                     VEtZZf9DCZWbNoKnf7FdIgrreS8.roa (raw, json)
Hash identifier:          TCBg4X7Dp/mq95gKrBY1sBflsLJVUkpMXJtFn3JhtO8=
Subject key identifier:   54:4B:59:65:FF:43:09:95:9B:36:82:A7:7F:B1:5D:22:0A:EB:79:2F
Certificate issuer:       /CN=4098174db451d9fefdeec15f9b9c7929daae9980
Certificate serial:       019427475669FF3629D4D9425DFDE000BD1A
Authority key identifier: 40:98:17:4D:B4:51:D9:FE:FD:EE:C1:5F:9B:9C:79:29:DA:AE:99:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QJgXTbRR2f797sFfm5x5KdqumYA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/7e1057-3d1a-4f6a-bf87-cfa8f9d9f81c/1/VEtZZf9DCZWbNoKnf7FdIgrreS8.roa
Signing time:             Thu 02 Jan 2025 13:49:34 +0000
ROA not before:           Thu 02 Jan 2025 13:49:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60019
IP address blocks:        2a02:7d60::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/7e1057-3d1a-4f6a-bf87-cfa8f9d9f81c/1/QJgXTbRR2f797sFfm5x5KdqumYA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/7e1057-3d1a-4f6a-bf87-cfa8f9d9f81c/1/QJgXTbRR2f797sFfm5x5KdqumYA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QJgXTbRR2f797sFfm5x5KdqumYA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:56:69:ff:36:29:d4:d9:42:5d:fd:e0:00:bd:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4098174db451d9fefdeec15f9b9c7929daae9980
        Validity
            Not Before: Jan  2 13:49:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=544b5965ff4309959b3682a77fb15d220aeb792f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ee:c4:34:1e:16:ea:f1:1f:00:cb:ed:59:57:
                    99:3d:2e:06:70:6e:c9:59:3d:04:0d:7e:ca:ce:e4:
                    03:fe:1b:7e:d7:0d:e7:06:2f:cd:fc:9e:6a:9a:3d:
                    30:b4:40:8b:ba:4b:04:89:1f:f2:1e:89:15:d1:6e:
                    24:00:a3:74:27:44:69:6f:dc:49:14:9e:04:e1:a6:
                    dd:89:d4:3f:59:98:7e:b3:76:4a:d1:af:12:ef:79:
                    48:ab:3a:33:c6:a0:dc:a9:6d:36:15:8a:b9:f5:80:
                    04:fc:2e:0d:1e:d0:8a:ad:84:e7:7d:75:21:7b:52:
                    bb:43:3b:84:0b:9c:e0:b2:42:f5:27:db:12:72:b9:
                    da:33:90:9d:fe:93:fe:41:92:a0:1f:17:00:30:c1:
                    09:ef:ea:32:1d:9e:5b:40:5b:a3:90:f2:51:33:a5:
                    13:7f:85:05:7e:20:c7:de:20:8e:3c:1a:20:ad:1d:
                    de:59:b9:6c:c1:7b:eb:44:ed:ba:dc:ce:6d:d7:d8:
                    3c:a4:48:f2:d5:71:52:64:e7:b1:9e:2f:d9:de:23:
                    41:4a:ca:40:bc:37:f1:e7:69:ee:77:e1:de:19:9c:
                    a4:68:10:d4:a8:58:56:b0:eb:05:0b:a7:55:41:db:
                    f8:2f:e1:dc:7d:a9:4b:ad:05:c8:d0:1a:2a:4d:1f:
                    02:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:4B:59:65:FF:43:09:95:9B:36:82:A7:7F:B1:5D:22:0A:EB:79:2F
            X509v3 Authority Key Identifier:
                keyid:40:98:17:4D:B4:51:D9:FE:FD:EE:C1:5F:9B:9C:79:29:DA:AE:99:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QJgXTbRR2f797sFfm5x5KdqumYA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/7e1057-3d1a-4f6a-bf87-cfa8f9d9f81c/1/VEtZZf9DCZWbNoKnf7FdIgrreS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/7e1057-3d1a-4f6a-bf87-cfa8f9d9f81c/1/QJgXTbRR2f797sFfm5x5KdqumYA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:7d60::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:84:2a:22:2b:c8:4e:4b:5a:9a:7b:c0:57:48:5a:5e:16:a1:
         a7:2e:d0:65:11:14:5d:50:45:cd:06:16:81:05:21:bd:d2:e6:
         23:15:89:fa:5a:d5:31:0f:5a:07:16:43:c0:65:4b:ae:b5:8f:
         96:e4:54:8c:d0:02:db:a3:d1:20:89:c9:f8:7f:1d:3f:46:4e:
         12:77:c8:0a:95:b5:a2:72:55:36:84:ed:c7:9e:16:c6:2d:d0:
         e7:47:37:ee:25:7a:73:47:45:60:eb:66:10:32:cd:b5:33:f2:
         eb:c2:1c:7b:76:87:89:60:d8:19:1d:41:97:0a:fe:75:5e:e5:
         22:fa:42:0c:ca:6c:9a:92:aa:ff:4f:70:ac:f7:f3:fe:fe:57:
         d5:23:cc:72:9c:69:aa:e3:e9:21:59:d0:ab:48:be:7e:5a:30:
         1b:c1:39:12:cf:12:ad:1f:63:35:69:8e:9c:88:67:68:ea:52:
         8b:73:55:84:20:c2:81:13:f4:b7:6d:2e:7e:a2:3f:d3:87:d7:
         ed:00:73:ce:c2:b5:93:05:6f:e8:0c:7e:b0:03:3e:89:11:a6:
         ac:67:55:da:a6:34:66:6c:be:b3:de:11:bc:2f:c2:be:42:4f:
         3f:ea:0b:42:b8:9f:20:d8:38:f9:13:eb:76:e8:92:4e:b4:c6:
         2b:41:bb:b1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQnR1Zp/zYp1NlCXf3gAL0aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOTgxNzRkYjQ1MWQ5ZmVmZGVlYzE1ZjliOWM3OTI5ZGFh
ZTk5ODAwHhcNMjUwMTAyMTM0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDRiNTk2NWZmNDMwOTk1OWIzNjgyYTc3ZmIxNWQyMjBhZWI3OTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAse7ENB4W6vEfAMvtWVeZPS4GcG7J
WT0EDX7KzuQD/ht+1w3nBi/N/J5qmj0wtECLuksEiR/yHokV0W4kAKN0J0Rpb9xJ
FJ4E4abdidQ/WZh+s3ZK0a8S73lIqzozxqDcqW02FYq59YAE/C4NHtCKrYTnfXUh
e1K7QzuEC5zgskL1J9sScrnaM5Cd/pP+QZKgHxcAMMEJ7+oyHZ5bQFujkPJRM6UT
f4UFfiDH3iCOPBogrR3eWblswXvrRO263M5t19g8pEjy1XFSZOexni/Z3iNBSspA
vDfx52nud+HeGZykaBDUqFhWsOsFC6dVQdv4L+HcfalLrQXI0BoqTR8CDwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFRLWWX/QwmVmzaCp3+xXSIK63kvMB8GA1UdIwQY
MBaAFECYF020Udn+/e7BX5uceSnarpmAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUpnWFRiUlIyZjc5N3NGZm01eDVLZHF1bVlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83ZTEwNTctM2QxYS00ZjZhLWJmODct
Y2ZhOGY5ZDlmODFjLzEvVkV0WlpmOURDWldiTm9LbmY3RmRJZ3JyZVM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83ZTEwNTctM2QxYS00ZjZhLWJmODctY2ZhOGY5ZDlmODFj
LzEvUUpnWFRiUlIyZjc5N3NGZm01eDVLZHF1bVlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgJ9YDAN
BgkqhkiG9w0BAQsFAAOCAQEAR4QqIivITktamnvAV0haXhahpy7QZREUXVBFzQYW
gQUhvdLmIxWJ+lrVMQ9aBxZDwGVLrrWPluRUjNAC26PRIInJ+H8dP0ZOEnfICpW1
onJVNoTtx54Wxi3Q50c37iV6c0dFYOtmEDLNtTPy68Ice3aHiWDYGR1Blwr+dV7l
IvpCDMpsmpKq/09wrPfz/v5X1SPMcpxpquPpIVnQq0i+flowG8E5Es8SrR9jNWmO
nIhnaOpSi3NVhCDCgRP0t20ufqI/04fX7QBzzsK1kwVv6Ax+sAM+iRGmrGdV2qY0
Zmy+s94RvC/CvkJPP+oLQrifINg4+RPrduiSTrTGK0G7sQ==
-----END CERTIFICATE-----