Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/HZkXU5zDPCtmbxKKS1xJ6ueNbuY.roa
File:                     HZkXU5zDPCtmbxKKS1xJ6ueNbuY.roa (raw, json)
Hash identifier:          +lDozn9SkbxweENYgtBJKeHLEgo3YrmF4Ip13UqUzUA=
Subject key identifier:   1D:99:17:53:9C:C3:3C:2B:66:6F:12:8A:4B:5C:49:EA:E7:8D:6E:E6
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       019422203CC5715DC8D04EC0103178725BAF
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/HZkXU5zDPCtmbxKKS1xJ6ueNbuY.roa
Signing time:             Wed 01 Jan 2025 13:48:45 +0000
ROA not before:           Wed 01 Jan 2025 13:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211696
IP address blocks:        2a0e:8f02:f01f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:3c:c5:71:5d:c8:d0:4e:c0:10:31:78:72:5b:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 13:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d9917539cc33c2b666f128a4b5c49eae78d6ee6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2e:1b:35:b7:cb:b9:f5:60:b2:02:e4:b5:ff:
                    28:5a:3d:b9:3c:28:dc:e1:bb:bd:fc:b3:05:52:66:
                    04:17:0a:af:ac:e1:60:42:6b:43:c7:b0:8c:00:15:
                    05:0f:06:d8:2c:0e:75:d4:4e:cd:4a:31:58:d9:e5:
                    ec:34:96:c2:f4:a0:b2:2c:1f:f7:dd:cd:aa:61:fe:
                    99:b0:4d:42:2e:54:33:15:0d:87:74:0c:02:cf:83:
                    8b:b6:1e:b2:49:49:98:5a:df:92:85:54:b8:cd:59:
                    98:36:03:da:88:52:fe:c9:46:4e:4b:83:16:82:cb:
                    ba:a6:aa:dc:90:2d:be:9d:27:8a:b5:30:bc:7b:6b:
                    69:8e:76:e9:aa:4b:1f:b9:53:b3:db:bd:b5:a7:7e:
                    78:26:86:98:8d:19:32:f2:bb:84:7f:d9:11:77:17:
                    07:13:61:53:21:af:91:2a:47:69:5e:9d:43:d0:30:
                    74:5e:29:2d:a7:df:e1:09:1b:a9:28:34:10:72:8a:
                    2b:39:57:88:a2:84:66:fa:3b:5f:38:ec:56:37:a1:
                    27:13:36:e9:bf:62:50:02:b6:59:4e:02:62:6f:5f:
                    5e:ee:47:53:f4:b7:9c:3e:e1:9e:dd:2f:48:00:b2:
                    bd:ce:6c:33:32:b7:44:48:e2:e5:1c:f4:30:62:6a:
                    1e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:99:17:53:9C:C3:3C:2B:66:6F:12:8A:4B:5C:49:EA:E7:8D:6E:E6
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/HZkXU5zDPCtmbxKKS1xJ6ueNbuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f01f::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:8c:11:84:e9:0e:15:05:c7:09:44:89:69:1c:1a:28:f7:4b:
         1e:ab:b2:8d:22:80:8f:82:38:3f:d4:97:aa:fb:b2:b0:25:a7:
         6f:18:aa:7e:f1:a9:73:f2:8e:8c:cc:4d:2f:45:50:c1:bc:f2:
         35:91:bf:d0:03:d6:a5:59:eb:e8:eb:c3:52:a5:04:10:11:8a:
         1a:75:ed:6c:75:45:a4:1e:4f:04:64:b9:a6:5f:73:bc:b3:d8:
         9b:13:32:d8:59:3c:5b:74:75:ce:c0:97:32:75:aa:ee:ff:23:
         c9:1d:69:99:ce:71:62:5d:6d:33:48:6e:db:e9:97:03:f3:b3:
         34:d4:08:80:cc:18:0a:78:72:42:33:5a:0e:3d:78:ff:10:b4:
         29:de:0b:86:c8:58:97:1c:87:fe:77:5f:74:ba:e3:87:d2:24:
         4f:e0:cf:e3:bf:ee:a6:f5:4b:59:f1:98:53:2a:12:69:76:83:
         a8:e1:e4:37:ee:47:d7:23:c7:aa:20:3d:8a:d9:2f:4c:a1:85:
         cf:30:d2:02:22:a0:12:93:27:47:9e:46:1c:90:f8:7c:19:16:
         7b:5d:54:da:18:df:56:a7:e9:33:3d:f6:b7:d4:b1:b4:b5:08:
         c4:6d:06:c9:f1:06:2c:d8:4f:09:ef:05:a4:b5:ec:49:f5:f1:
         cd:b1:36:46
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiIDzFcV3I0E7AEDF4cluvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwMTAxMTM0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDk5MTc1MzljYzMzYzJiNjY2ZjEyOGE0YjVjNDllYWU3OGQ2ZWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAji4bNbfLufVgsgLktf8oWj25PCjc
4bu9/LMFUmYEFwqvrOFgQmtDx7CMABUFDwbYLA511E7NSjFY2eXsNJbC9KCyLB/3
3c2qYf6ZsE1CLlQzFQ2HdAwCz4OLth6ySUmYWt+ShVS4zVmYNgPaiFL+yUZOS4MW
gsu6pqrckC2+nSeKtTC8e2tpjnbpqksfuVOz2721p354JoaYjRky8ruEf9kRdxcH
E2FTIa+RKkdpXp1D0DB0Xiktp9/hCRupKDQQcoorOVeIooRm+jtfOOxWN6EnEzbp
v2JQArZZTgJib19e7kdT9LecPuGe3S9IALK9zmwzMrdESOLlHPQwYmoeYQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB2ZF1OcwzwrZm8SiktcSernjW7mMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvSFprWFU1ekRQQ3RtYnhLS1MxeEo2dWVOYnVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvAf
MA0GCSqGSIb3DQEBCwUAA4IBAQBgjBGE6Q4VBccJRIlpHBoo90seq7KNIoCPgjg/
1Jeq+7KwJadvGKp+8alz8o6MzE0vRVDBvPI1kb/QA9alWevo68NSpQQQEYoade1s
dUWkHk8EZLmmX3O8s9ibEzLYWTxbdHXOwJcydaru/yPJHWmZznFiXW0zSG7b6ZcD
87M01AiAzBgKeHJCM1oOPXj/ELQp3guGyFiXHIf+d190uuOH0iRP4M/jv+6m9UtZ
8ZhTKhJpdoOo4eQ37kfXI8eqID2K2S9MoYXPMNICIqASkydHnkYckPh8GRZ7XVTa
GN9Wp+kzPfa31LG0tQjEbQbJ8QYs2E8J7wWktexJ9fHNsTZG
-----END CERTIFICATE-----