Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/Tmn1acjaTyNvPplJnss0Vo4Nayg.roa
File:                     Tmn1acjaTyNvPplJnss0Vo4Nayg.roa (raw, json)
Hash identifier:          4N5SZCiGA6yacYeRycirlyr0QK8W01UwW31s8EogvaY=
Subject key identifier:   4E:69:F5:69:C8:DA:4F:23:6F:3E:99:49:9E:CB:34:56:8E:0D:6B:28
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       01942220504DBB0FBEA2AC5DB3AA936DBE54
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/Tmn1acjaTyNvPplJnss0Vo4Nayg.roa
Signing time:             Wed 01 Jan 2025 13:48:50 +0000
ROA not before:           Wed 01 Jan 2025 13:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214959
IP address blocks:        2a0e:8f02:f06e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:50:4d:bb:0f:be:a2:ac:5d:b3:aa:93:6d:be:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 13:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e69f569c8da4f236f3e99499ecb34568e0d6b28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:50:6c:1a:76:9f:24:f3:48:e3:32:83:f8:48:
                    83:5d:f9:ec:92:dd:2e:71:26:2f:5d:03:2d:4e:43:
                    ab:49:33:7e:ec:be:5e:d3:93:cc:2f:81:d6:72:30:
                    77:0d:02:e5:fe:99:6f:13:d7:09:61:1f:88:22:5e:
                    23:51:b7:c5:9e:d6:a2:ed:f4:59:9d:96:cc:78:82:
                    a6:0c:21:c8:54:fb:65:e7:38:ec:4b:d1:24:06:29:
                    c6:11:87:d4:5b:92:dd:c3:de:a3:f0:03:58:55:f3:
                    20:09:eb:57:f7:83:3c:01:39:ad:0a:8d:d6:6c:c2:
                    f0:92:96:a0:a9:85:f4:8b:ee:18:67:06:5b:ae:50:
                    ac:05:c2:dc:72:1c:cf:86:41:66:96:b4:0a:80:91:
                    23:2a:21:05:bb:2d:53:92:22:f8:67:63:54:b9:3b:
                    30:4e:0f:4b:a9:c4:4b:8d:73:37:53:d5:cc:19:a3:
                    d1:8c:e8:68:8c:b6:e8:3c:12:3c:25:da:50:71:67:
                    5c:33:69:8d:44:28:49:8d:bd:ea:40:91:08:03:78:
                    f3:70:98:33:a9:fd:84:66:62:e6:6c:c2:a3:94:cc:
                    e9:98:ce:23:f6:e3:59:b7:12:b0:f8:da:aa:a5:3e:
                    d3:1a:fa:9c:54:25:32:65:5a:79:ef:81:c8:c8:96:
                    f6:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:69:F5:69:C8:DA:4F:23:6F:3E:99:49:9E:CB:34:56:8E:0D:6B:28
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/Tmn1acjaTyNvPplJnss0Vo4Nayg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f06e::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:07:b2:84:cf:68:7d:4c:99:7e:da:c8:da:28:57:e7:2a:51:
         15:81:af:f3:5e:9a:f1:8c:e7:12:6b:d8:97:3f:91:80:4e:3c:
         a1:a2:b6:d6:7f:f3:70:de:f9:66:3e:53:e1:13:93:b7:9c:f5:
         88:a4:6f:3b:1b:5b:ac:90:d1:c6:d4:0e:9c:fd:30:38:06:f2:
         72:07:b0:f5:11:19:5e:53:f8:e4:4d:3f:66:82:f1:03:22:f4:
         6f:6c:01:f6:80:f3:53:12:4e:d3:75:f7:e9:8f:f7:0b:c5:d1:
         4e:7a:02:2a:68:0d:26:4e:67:dd:d0:fb:9f:4c:20:90:7e:47:
         8f:dc:f7:b8:8f:d8:c2:6d:ac:85:93:cc:f9:ae:e2:51:ec:74:
         f7:ab:17:cc:50:b7:8c:2f:df:08:b9:1e:34:8b:8b:80:bc:84:
         82:3e:5e:df:03:ea:f9:85:68:c3:c7:6e:a7:de:9b:f0:b3:2e:
         0b:ab:03:c1:88:58:df:7a:7e:30:76:78:2a:12:9e:1c:e3:07:
         f5:43:2b:e5:cf:75:c0:47:50:c2:9e:fb:26:a1:23:99:71:a2:
         59:fe:85:ee:ec:d9:41:f9:db:41:bd:a6:2b:2e:14:dd:7a:dd:
         7b:e7:53:91:b0:b1:a6:8f:5c:7d:0f:61:e4:e7:96:d7:d5:f7:
         68:5f:3b:5c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiIFBNuw++oqxds6qTbb5UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwMTAxMTM0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTY5ZjU2OWM4ZGE0ZjIzNmYzZTk5NDk5ZWNiMzQ1NjhlMGQ2YjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1FBsGnafJPNI4zKD+EiDXfnskt0u
cSYvXQMtTkOrSTN+7L5e05PML4HWcjB3DQLl/plvE9cJYR+IIl4jUbfFntai7fRZ
nZbMeIKmDCHIVPtl5zjsS9EkBinGEYfUW5Ldw96j8ANYVfMgCetX94M8ATmtCo3W
bMLwkpagqYX0i+4YZwZbrlCsBcLcchzPhkFmlrQKgJEjKiEFuy1TkiL4Z2NUuTsw
Tg9LqcRLjXM3U9XMGaPRjOhojLboPBI8JdpQcWdcM2mNRChJjb3qQJEIA3jzcJgz
qf2EZmLmbMKjlMzpmM4j9uNZtxKw+NqqpT7TGvqcVCUyZVp574HIyJb2nwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE5p9WnI2k8jbz6ZSZ7LNFaODWsoMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvVG1uMWFjamFUeU52UHBsSm5zczBWbzROYXlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBu
MA0GCSqGSIb3DQEBCwUAA4IBAQAiB7KEz2h9TJl+2sjaKFfnKlEVga/zXprxjOcS
a9iXP5GATjyhorbWf/Nw3vlmPlPhE5O3nPWIpG87G1uskNHG1A6c/TA4BvJyB7D1
ERleU/jkTT9mgvEDIvRvbAH2gPNTEk7Tdffpj/cLxdFOegIqaA0mTmfd0PufTCCQ
fkeP3Pe4j9jCbayFk8z5ruJR7HT3qxfMULeML98IuR40i4uAvISCPl7fA+r5hWjD
x26n3pvwsy4LqwPBiFjfen4wdngqEp4c4wf1Qyvlz3XAR1DCnvsmoSOZcaJZ/oXu
7NlB+dtBvaYrLhTdet1751ORsLGmj1x9D2Hk55bX1fdoXztc
-----END CERTIFICATE-----