Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/h-hVD2l8S9WjZH5dLTUZdqjF7ms.roa
File:                     h-hVD2l8S9WjZH5dLTUZdqjF7ms.roa (raw, json)
Hash identifier:          lO2wmt6AKxIf/fkpxUFADCKyg1JIyLYBon+Hd/MXUaY=
Subject key identifier:   87:E8:55:0F:69:7C:4B:D5:A3:64:7E:5D:2D:35:19:76:A8:C5:EE:6B
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       0194222045F129B285817E389CA304C422F6
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/h-hVD2l8S9WjZH5dLTUZdqjF7ms.roa
Signing time:             Wed 01 Jan 2025 13:48:47 +0000
ROA not before:           Wed 01 Jan 2025 13:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212577
IP address blocks:        2a0e:8f02:2070::/44 maxlen: 48
                          2a0e:8f02:f02a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:45:f1:29:b2:85:81:7e:38:9c:a3:04:c4:22:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 13:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87e8550f697c4bd5a3647e5d2d351976a8c5ee6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:30:d6:c6:70:3f:49:0d:79:4d:97:56:de:cf:
                    87:66:f4:38:2c:20:63:3c:a7:50:e7:69:4b:17:69:
                    a0:49:97:56:06:08:79:a8:a3:5f:be:a2:8e:a7:dd:
                    e1:b7:4e:9b:03:ad:70:4f:a4:0d:b7:69:b0:c3:61:
                    b9:24:88:8f:37:b9:39:f1:ed:54:03:b7:3e:f5:46:
                    44:01:3d:79:49:65:c4:e9:50:55:b1:c0:cc:8d:d5:
                    c6:d4:9d:16:b2:00:be:1a:42:2a:22:c3:0e:cd:39:
                    72:d8:d0:a4:24:8a:7d:63:33:16:01:f8:4d:5b:ac:
                    83:f9:17:9d:19:89:c1:48:28:60:99:a6:0a:ee:2b:
                    e7:4f:51:a0:3b:2e:b9:8c:10:01:ef:ee:31:de:2f:
                    90:08:be:88:2c:93:ba:12:48:87:27:d0:bc:a7:91:
                    4b:59:d2:21:f4:f2:cc:a2:fc:c4:09:8b:a2:bf:2a:
                    8a:2c:de:9b:6c:76:29:37:b3:6c:c3:16:3c:31:a3:
                    ce:43:7b:11:12:e5:91:c9:c0:84:cd:f5:a7:0e:63:
                    62:71:16:b1:32:c4:90:27:8a:62:c8:07:62:a9:d5:
                    98:e4:02:74:8e:b8:93:66:44:d0:1a:dd:70:ae:c1:
                    c6:77:5c:47:27:fe:25:37:33:6c:00:47:e4:27:ff:
                    f0:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:E8:55:0F:69:7C:4B:D5:A3:64:7E:5D:2D:35:19:76:A8:C5:EE:6B
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/h-hVD2l8S9WjZH5dLTUZdqjF7ms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2070::/44
                  2a0e:8f02:f02a::/48

    Signature Algorithm: sha256WithRSAEncryption
         53:e5:fe:c0:da:5e:4e:d9:75:3b:87:70:7d:7d:d1:a4:cc:4c:
         cc:6e:e1:61:12:e8:a7:cb:71:a7:65:15:a8:2c:84:ae:7e:77:
         b3:d6:d5:9a:73:63:28:bb:cd:8d:a0:0c:c6:bf:2d:54:ae:84:
         db:bb:e3:be:56:9e:24:8d:d3:50:7f:eb:36:50:39:45:9b:d8:
         c2:62:0e:cf:07:54:e2:f3:43:9c:07:81:64:9d:31:7f:18:9b:
         83:11:13:1a:69:73:dd:7d:be:2b:eb:ff:77:9a:6e:02:2c:a9:
         8d:4a:1c:97:76:99:88:c4:8c:b3:a6:0f:a2:ca:f6:a2:8a:aa:
         78:97:5c:d0:ad:c5:f9:aa:38:ef:23:a4:7a:d2:4d:02:ad:bd:
         a4:ca:b9:91:92:88:a4:9f:3d:1c:41:18:94:c9:30:b3:94:d4:
         8e:f3:41:96:70:e6:00:fe:71:63:33:b9:f7:9e:25:d9:55:8b:
         d7:76:00:40:17:0d:ad:dc:5d:4d:c2:ad:05:cd:66:54:77:71:
         c7:96:74:50:74:ea:cf:79:ea:59:86:a2:97:be:bd:2c:63:78:
         d7:a7:e9:ae:6e:6b:67:45:a9:9a:79:4d:be:ce:ea:fe:9c:9f:
         9d:cf:e2:78:82:2b:bd:9a:63:9c:a5:fc:92:6d:05:8b:e2:ed:
         4d:e5:c0:55
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQiIEXxKbKFgX44nKMExCL2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwMTAxMTM0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2U4NTUwZjY5N2M0YmQ1YTM2NDdlNWQyZDM1MTk3NmE4YzVlZTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzDWxnA/SQ15TZdW3s+HZvQ4LCBj
PKdQ52lLF2mgSZdWBgh5qKNfvqKOp93ht06bA61wT6QNt2mww2G5JIiPN7k58e1U
A7c+9UZEAT15SWXE6VBVscDMjdXG1J0WsgC+GkIqIsMOzTly2NCkJIp9YzMWAfhN
W6yD+RedGYnBSChgmaYK7ivnT1GgOy65jBAB7+4x3i+QCL6ILJO6EkiHJ9C8p5FL
WdIh9PLMovzECYuivyqKLN6bbHYpN7NswxY8MaPOQ3sREuWRycCEzfWnDmNicRax
MsSQJ4piyAdiqdWY5AJ0jriTZkTQGt1wrsHGd1xHJ/4lNzNsAEfkJ//wqQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIfoVQ9pfEvVo2R+XS01GXaoxe5rMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvaC1oVkQybDhTOVdqWkg1ZExUVVpkcWpGN21zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6PAiBw
AwcAKg6PAvAqMA0GCSqGSIb3DQEBCwUAA4IBAQBT5f7A2l5O2XU7h3B9fdGkzEzM
buFhEuiny3GnZRWoLISufnez1tWac2Mou82NoAzGvy1UroTbu+O+Vp4kjdNQf+s2
UDlFm9jCYg7PB1Ti80OcB4FknTF/GJuDERMaaXPdfb4r6/93mm4CLKmNShyXdpmI
xIyzpg+iyvaiiqp4l1zQrcX5qjjvI6R60k0Crb2kyrmRkoiknz0cQRiUyTCzlNSO
80GWcOYA/nFjM7n3niXZVYvXdgBAFw2t3F1Nwq0FzWZUd3HHlnRQdOrPeepZhqKX
vr0sY3jXp+mubmtnRamaeU2+zur+nJ+dz+J4giu9mmOcpfySbQWL4u1N5cBV
-----END CERTIFICATE-----