Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/REivJr876Vo2mi9Yln0Im1oH5sU.roa
File:                     REivJr876Vo2mi9Yln0Im1oH5sU.roa (raw, json)
Hash identifier:          ShYE/4tCcfyQgzT7cAtyCzkP44oaR/x/AZUTc38x6Ko=
Subject key identifier:   44:48:AF:26:BF:3B:E9:5A:36:9A:2F:58:96:7D:08:9B:5A:07:E6:C5
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       01942220386F16A5266A90333181EC262DD0
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/REivJr876Vo2mi9Yln0Im1oH5sU.roa
Signing time:             Wed 01 Jan 2025 13:48:44 +0000
ROA not before:           Wed 01 Jan 2025 13:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211168
IP address blocks:        2a0e:8f02:2170::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 22:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:38:6f:16:a5:26:6a:90:33:31:81:ec:26:2d:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 13:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4448af26bf3be95a369a2f58967d089b5a07e6c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:97:25:4b:ad:9e:d0:8a:96:3d:06:2c:37:ee:
                    73:e1:15:3c:23:c8:4e:88:6d:f1:96:ac:b1:31:4d:
                    69:84:3d:d5:b9:24:c4:8b:54:3b:ab:88:00:9e:be:
                    a9:75:77:fb:3a:92:13:a3:a0:39:4e:93:9f:70:93:
                    81:95:1b:2c:a3:df:3a:7d:e8:fb:b0:70:93:61:99:
                    c1:69:e2:a3:c6:32:b2:8b:4e:c7:8b:c0:ca:45:5a:
                    1e:3a:d6:b3:17:cf:21:84:2f:63:70:d6:c7:77:91:
                    29:ef:bf:b8:4f:78:8b:91:b3:1a:d3:cc:29:19:97:
                    78:3b:b9:37:5a:1c:8c:9c:11:27:9e:87:fb:34:14:
                    67:04:6f:31:e9:d8:7b:bb:18:2b:27:1e:0a:a0:d3:
                    20:95:5a:28:da:e6:af:f4:a6:9c:af:fd:6f:5c:8e:
                    9e:82:0a:f3:bb:bf:ae:b5:36:f1:c3:35:e2:33:f8:
                    76:12:4d:c1:49:f5:d7:9c:90:ba:61:c3:5e:83:e7:
                    51:5e:8d:63:00:14:10:fb:85:7b:ae:bf:1f:21:ba:
                    1d:8f:c4:9f:62:14:d2:9c:47:a7:a4:52:c7:2a:4d:
                    71:6d:51:f3:b0:c0:b9:2f:59:8c:2e:12:4c:d3:64:
                    a4:16:10:0c:80:bc:c5:2b:ec:e0:ef:02:42:e8:ce:
                    26:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:48:AF:26:BF:3B:E9:5A:36:9A:2F:58:96:7D:08:9B:5A:07:E6:C5
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/REivJr876Vo2mi9Yln0Im1oH5sU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2170::/44

    Signature Algorithm: sha256WithRSAEncryption
         7a:54:1f:b6:0d:61:e9:f9:b5:d1:04:7c:98:09:63:50:90:7f:
         0b:2f:00:78:5c:bb:54:71:a8:df:f5:1a:a4:1c:49:63:27:87:
         41:64:3f:d4:04:3b:ea:97:5e:81:95:ea:d3:1b:b3:f4:46:9b:
         89:5d:22:84:e1:88:9e:c3:cc:f6:47:4f:ca:29:f4:33:81:55:
         f9:cf:2b:78:1d:66:d8:35:d3:82:c7:ad:0d:bb:29:19:87:d4:
         b9:a5:77:68:1f:0e:73:a8:16:ac:8b:8e:ed:3a:f6:f3:9a:6e:
         b7:34:25:3f:b3:ff:ce:3b:d1:8f:0f:bd:e5:b4:6a:6e:bb:91:
         2b:b3:35:28:e9:a0:04:a5:6b:4d:a7:6d:3d:10:f8:bc:a1:15:
         1e:34:a0:cf:0e:e9:41:0c:02:a6:46:f3:ce:f8:86:74:2a:9f:
         c2:f1:2b:61:68:99:1e:d8:56:bd:af:c2:f6:b8:9d:93:18:01:
         d4:01:3c:30:b1:0e:83:9c:98:21:e2:7d:5e:9e:bd:ac:d1:94:
         62:1e:09:b3:a5:18:bc:a9:d4:a5:5e:66:12:19:0f:c5:69:5d:
         c3:93:a2:17:07:2c:57:0b:15:ec:ee:fc:43:34:7b:75:69:67:
         5e:4f:6a:e3:a5:b8:09:e3:17:ec:09:0c:0a:30:49:24:25:95:
         3a:77:f5:a7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiIDhvFqUmapAzMYHsJi3QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwMTAxMTM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDQ4YWYyNmJmM2JlOTVhMzY5YTJmNTg5NjdkMDg5YjVhMDdlNmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpclS62e0IqWPQYsN+5z4RU8I8hO
iG3xlqyxMU1phD3VuSTEi1Q7q4gAnr6pdXf7OpITo6A5TpOfcJOBlRsso986fej7
sHCTYZnBaeKjxjKyi07Hi8DKRVoeOtazF88hhC9jcNbHd5Ep77+4T3iLkbMa08wp
GZd4O7k3WhyMnBEnnof7NBRnBG8x6dh7uxgrJx4KoNMglVoo2uav9Kacr/1vXI6e
ggrzu7+utTbxwzXiM/h2Ek3BSfXXnJC6YcNeg+dRXo1jABQQ+4V7rr8fIbodj8Sf
YhTSnEenpFLHKk1xbVHzsMC5L1mMLhJM02SkFhAMgLzFK+zg7wJC6M4mbwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFERIrya/O+laNpovWJZ9CJtaB+bFMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvUkVpdkpyODc2Vm8ybWk5WWxuMEltMW9INXNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiFw
MA0GCSqGSIb3DQEBCwUAA4IBAQB6VB+2DWHp+bXRBHyYCWNQkH8LLwB4XLtUcajf
9RqkHEljJ4dBZD/UBDvql16BlerTG7P0RpuJXSKE4Yiew8z2R0/KKfQzgVX5zyt4
HWbYNdOCx60NuykZh9S5pXdoHw5zqBasi47tOvbzmm63NCU/s//OO9GPD73ltGpu
u5ErszUo6aAEpWtNp209EPi8oRUeNKDPDulBDAKmRvPO+IZ0Kp/C8SthaJke2Fa9
r8L2uJ2TGAHUATwwsQ6DnJgh4n1enr2s0ZRiHgmzpRi8qdSlXmYSGQ/FaV3Dk6IX
ByxXCxXs7vxDNHt1aWdeT2rjpbgJ4xfsCQwKMEkkJZU6d/Wn
-----END CERTIFICATE-----