Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/LN7oZgRySdaVz7sjTRgPAf7Pv3o.roa
File:                     LN7oZgRySdaVz7sjTRgPAf7Pv3o.roa (raw, json)
Hash identifier:          Vjpc5jX7tNC4CtAozp8DqVINWJ9xuA7qF+laQiMV2Wg=
Subject key identifier:   2C:DE:E8:66:04:72:49:D6:95:CF:BB:23:4D:18:0F:01:FE:CF:BF:7A
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       0194222027BC50D89D5A420436773FC32AEA
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/LN7oZgRySdaVz7sjTRgPAf7Pv3o.roa
Signing time:             Wed 01 Jan 2025 13:48:40 +0000
ROA not before:           Wed 01 Jan 2025 13:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198480
IP address blocks:        2a0e:8f02:2260::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:27:bc:50:d8:9d:5a:42:04:36:77:3f:c3:2a:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 13:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2cdee866047249d695cfbb234d180f01fecfbf7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1e:f7:c9:09:7f:24:8d:83:d6:cd:d1:8d:12:
                    0d:da:83:3a:a5:dd:d4:91:f0:8c:55:3c:c5:e6:ce:
                    26:b7:41:73:e5:3e:63:71:00:26:81:16:0d:6f:62:
                    39:49:de:ab:7b:9d:7a:fb:f1:ec:82:02:7d:5c:01:
                    66:be:16:7c:2e:0d:57:98:bb:59:30:ae:0a:c3:41:
                    8e:c6:27:3c:37:ed:5e:ad:5a:6f:83:9d:16:d9:d4:
                    04:32:cf:de:6b:ef:c0:a0:19:08:a0:39:f7:e1:17:
                    20:bd:d7:2a:10:3c:f7:73:d5:c4:a8:9e:de:77:a5:
                    fc:b5:11:e0:d6:c0:22:9f:04:0b:37:fa:a0:8f:8e:
                    f4:b9:fc:72:ea:06:7e:1a:fd:4b:12:31:99:57:8c:
                    00:58:7b:0f:da:59:2a:29:c6:13:7b:42:ec:17:5b:
                    25:e6:0d:3e:c9:df:99:74:7e:b6:51:f2:fa:44:37:
                    ba:38:da:19:73:1e:e5:92:77:16:dd:43:8c:d6:94:
                    0f:75:e0:51:10:d5:08:68:db:f3:94:da:86:e9:6c:
                    b3:e8:87:9d:0d:e1:32:ed:ed:e9:7f:60:b3:88:00:
                    93:4a:8f:a1:03:d7:43:11:cd:f0:d2:20:d5:c7:cd:
                    83:cd:f5:4e:e9:d6:99:69:30:1f:a1:68:5b:b9:95:
                    98:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:DE:E8:66:04:72:49:D6:95:CF:BB:23:4D:18:0F:01:FE:CF:BF:7A
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/LN7oZgRySdaVz7sjTRgPAf7Pv3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2260::/44

    Signature Algorithm: sha256WithRSAEncryption
         7f:8f:6c:2c:a2:15:f1:53:c3:a2:91:85:2e:b3:1f:85:00:76:
         a3:37:47:3a:54:0e:12:2d:b5:2a:cd:22:71:65:6b:25:50:5f:
         b5:70:fd:6f:5d:c0:ae:cd:b6:43:e7:01:84:1c:c9:1d:77:53:
         c6:33:c2:ca:aa:27:39:31:cf:55:30:29:73:e2:b0:d1:a4:75:
         ee:eb:f0:f5:21:97:27:74:ca:83:2f:f2:1e:0d:c5:9e:c3:83:
         28:f0:10:68:a9:f1:cb:0b:36:16:35:59:d3:40:c8:2c:6f:84:
         8b:aa:a8:5b:a4:f1:b9:b5:a8:03:b3:c1:88:9b:87:55:51:f6:
         ef:2b:83:8c:c5:3f:04:03:81:9e:81:5d:e3:15:28:c3:45:dd:
         bc:0a:62:62:2b:6b:80:f0:7c:63:c0:c1:0d:35:5b:62:fa:09:
         d8:da:d2:90:ea:f8:16:9f:df:67:69:c4:4b:d4:b6:66:a6:02:
         8a:f7:be:f6:c3:68:25:77:bc:2d:35:f1:a9:b1:15:d3:2c:8d:
         bb:12:0a:28:8b:87:b3:60:92:c0:ef:68:59:7c:11:d6:fc:7e:
         f4:d3:ca:f6:1f:a3:62:57:eb:2d:51:44:f0:07:a8:40:5f:ad:
         5f:ad:54:95:1b:e6:e6:01:de:c2:55:4b:8a:7a:f8:ab:eb:90:
         34:54:b9:0a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiICe8UNidWkIENnc/wyrqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwMTAxMTM0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2RlZTg2NjA0NzI0OWQ2OTVjZmJiMjM0ZDE4MGYwMWZlY2ZiZjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAth73yQl/JI2D1s3RjRIN2oM6pd3U
kfCMVTzF5s4mt0Fz5T5jcQAmgRYNb2I5Sd6re516+/HsggJ9XAFmvhZ8Lg1XmLtZ
MK4Kw0GOxic8N+1erVpvg50W2dQEMs/ea+/AoBkIoDn34RcgvdcqEDz3c9XEqJ7e
d6X8tRHg1sAinwQLN/qgj470ufxy6gZ+Gv1LEjGZV4wAWHsP2lkqKcYTe0LsF1sl
5g0+yd+ZdH62UfL6RDe6ONoZcx7lkncW3UOM1pQPdeBRENUIaNvzlNqG6Wyz6Ied
DeEy7e3pf2CziACTSo+hA9dDEc3w0iDVx82DzfVO6daZaTAfoWhbuZWYWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCze6GYEcknWlc+7I00YDwH+z796MB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvTE43b1pnUnlTZGFWejdzalRSZ1BBZjdQdjNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiJg
MA0GCSqGSIb3DQEBCwUAA4IBAQB/j2wsohXxU8OikYUusx+FAHajN0c6VA4SLbUq
zSJxZWslUF+1cP1vXcCuzbZD5wGEHMkdd1PGM8LKqic5Mc9VMClz4rDRpHXu6/D1
IZcndMqDL/IeDcWew4Mo8BBoqfHLCzYWNVnTQMgsb4SLqqhbpPG5tagDs8GIm4dV
UfbvK4OMxT8EA4GegV3jFSjDRd28CmJiK2uA8HxjwMENNVti+gnY2tKQ6vgWn99n
acRL1LZmpgKK9772w2gld7wtNfGpsRXTLI27Egooi4ezYJLA72hZfBHW/H7008r2
H6NiV+stUUTwB6hAX61frVSVG+bmAd7CVUuKevir65A0VLkK
-----END CERTIFICATE-----