Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/NBpjiWY2425Kq0z0EdahLDaCYp8.roa
File:                     NBpjiWY2425Kq0z0EdahLDaCYp8.roa (raw, json)
Hash identifier:          m4PQw1LlDXG/BSrqOT5vP6f4AZJjEfsEZm2lHj2TZSY=
Subject key identifier:   34:1A:63:89:66:36:E3:6E:4A:AB:4C:F4:11:D6:A1:2C:36:82:62:9F
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       019422202C17A96BFEE290F1A464EB5B6BF3
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/NBpjiWY2425Kq0z0EdahLDaCYp8.roa
Signing time:             Wed 01 Jan 2025 13:48:41 +0000
ROA not before:           Wed 01 Jan 2025 13:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201979
IP address blocks:        2a0e:8f02:f04c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:2c:17:a9:6b:fe:e2:90:f1:a4:64:eb:5b:6b:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 13:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=341a63896636e36e4aab4cf411d6a12c3682629f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a1:1c:fd:83:52:a1:80:93:6f:fd:55:4f:39:
                    88:1d:73:e3:07:4e:04:ae:f3:2e:6b:de:7f:60:a2:
                    06:b5:23:94:47:cd:c9:a3:59:d4:7f:2b:d5:36:7d:
                    a4:24:8a:b6:24:af:f7:46:0e:ce:cc:8e:fe:ad:9d:
                    50:9c:cf:53:ab:84:f7:57:a7:2c:ce:f8:4b:0b:70:
                    fa:1d:27:84:b6:36:89:26:f7:d2:61:e1:e8:ec:a9:
                    94:45:cf:36:6c:61:2a:24:3f:96:b6:da:c7:cb:f6:
                    8c:60:97:25:ab:bf:eb:a7:3a:62:8e:4a:a6:98:e0:
                    fb:12:9c:eb:6e:f2:d2:88:9f:e6:6f:44:81:4d:8a:
                    d5:5b:f4:26:ac:18:83:42:3c:79:56:7b:0f:f7:62:
                    ba:65:89:a2:fc:47:f4:76:da:11:4c:67:ed:9e:d7:
                    87:9c:6a:3d:6f:46:ac:7a:58:27:b1:d4:b4:d5:e3:
                    30:a4:c7:32:88:6d:a0:4f:86:41:25:02:c4:40:ff:
                    17:ab:4d:2d:9f:db:f7:c5:a1:8d:c2:34:de:3c:1e:
                    40:ce:ee:4b:3f:2a:4d:89:e2:e9:62:70:b7:61:f4:
                    09:e8:22:e4:2b:81:28:fb:6b:f2:95:d7:93:a7:73:
                    bf:de:1b:0b:ad:b0:88:92:d4:60:ef:4d:3a:f6:b2:
                    a1:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:1A:63:89:66:36:E3:6E:4A:AB:4C:F4:11:D6:A1:2C:36:82:62:9F
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/NBpjiWY2425Kq0z0EdahLDaCYp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f04c::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:c5:24:1f:d1:b9:6d:82:40:05:78:9b:28:4c:b7:29:57:bd:
         dc:4f:0c:c2:d9:ee:88:21:45:4b:c3:cd:3c:73:16:38:e9:11:
         11:ca:b9:1e:1d:e9:53:a9:d6:37:11:00:9c:be:77:1c:a2:71:
         57:54:8e:e9:0c:9c:b4:96:19:2a:a1:e8:c1:9f:86:66:73:e9:
         1b:7f:09:08:4a:c5:3a:77:01:1a:4e:8e:cc:57:17:da:68:42:
         1b:b0:e3:d1:96:4b:67:94:3c:f2:b4:af:01:e8:78:84:fc:ae:
         de:45:c4:fd:b7:ef:0f:d1:5c:5b:4c:9f:57:cf:ee:6a:d2:5f:
         56:1a:f6:55:96:d5:43:7e:ad:c5:28:9b:bb:52:34:d7:e5:0f:
         a2:de:f5:d1:aa:82:00:9c:2f:ce:0d:9c:90:81:2a:a8:c2:9d:
         33:1c:40:84:0f:2d:0b:41:c5:fb:62:5b:54:ea:49:c8:c4:0f:
         07:bb:f7:83:7b:28:33:96:cd:5a:99:f6:11:1c:dd:74:90:c3:
         84:75:15:e7:29:d9:5f:1d:93:b9:aa:02:1d:d6:d1:42:6d:1b:
         7a:a6:64:b1:51:50:25:10:bb:57:28:27:de:f2:8c:69:b8:f5:
         46:73:ea:b6:ff:cc:75:f7:ae:31:d9:80:e9:e5:15:81:81:3b:
         45:b7:6f:93
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiICwXqWv+4pDxpGTrW2vzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwMTAxMTM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDFhNjM4OTY2MzZlMzZlNGFhYjRjZjQxMWQ2YTEyYzM2ODI2MjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaEc/YNSoYCTb/1VTzmIHXPjB04E
rvMua95/YKIGtSOUR83Jo1nUfyvVNn2kJIq2JK/3Rg7OzI7+rZ1QnM9Tq4T3V6cs
zvhLC3D6HSeEtjaJJvfSYeHo7KmURc82bGEqJD+WttrHy/aMYJclq7/rpzpijkqm
mOD7EpzrbvLSiJ/mb0SBTYrVW/QmrBiDQjx5VnsP92K6ZYmi/Ef0dtoRTGftnteH
nGo9b0aselgnsdS01eMwpMcyiG2gT4ZBJQLEQP8Xq00tn9v3xaGNwjTePB5Azu5L
PypNieLpYnC3YfQJ6CLkK4Eo+2vyldeTp3O/3hsLrbCIktRg70069rKhNwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDQaY4lmNuNuSqtM9BHWoSw2gmKfMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvTkJwamlXWTI0MjVLcTB6MEVkYWhMRGFDWXA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBM
MA0GCSqGSIb3DQEBCwUAA4IBAQABxSQf0bltgkAFeJsoTLcpV73cTwzC2e6IIUVL
w808cxY46RERyrkeHelTqdY3EQCcvncconFXVI7pDJy0lhkqoejBn4Zmc+kbfwkI
SsU6dwEaTo7MVxfaaEIbsOPRlktnlDzytK8B6HiE/K7eRcT9t+8P0VxbTJ9Xz+5q
0l9WGvZVltVDfq3FKJu7UjTX5Q+i3vXRqoIAnC/ODZyQgSqowp0zHECEDy0LQcX7
YltU6knIxA8Hu/eDeygzls1amfYRHN10kMOEdRXnKdlfHZO5qgId1tFCbRt6pmSx
UVAlELtXKCfe8oxpuPVGc+q2/8x1964x2YDp5RWBgTtFt2+T
-----END CERTIFICATE-----