Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/iIzkdHH6GRiRMcSD4HdQTW-CS1k.roa
File:                     iIzkdHH6GRiRMcSD4HdQTW-CS1k.roa (raw, json)
Hash identifier:          qRqZmPnfTnjblp8aboyqlBBe7PWRf4CjPNNIYNMoZ9s=
Subject key identifier:   88:8C:E4:74:71:FA:19:18:91:31:C4:83:E0:77:50:4D:6F:82:4B:59
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       01942220394CB200B4573BF9ACCEA99C1415
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/iIzkdHH6GRiRMcSD4HdQTW-CS1k.roa
Signing time:             Wed 01 Jan 2025 13:48:44 +0000
ROA not before:           Wed 01 Jan 2025 13:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211479
IP address blocks:        2a0e:8f02:f022::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:39:4c:b2:00:b4:57:3b:f9:ac:ce:a9:9c:14:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 13:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=888ce47471fa19189131c483e077504d6f824b59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:06:b2:d5:df:08:10:44:26:8c:1f:60:67:07:
                    3f:e4:c8:0f:ac:d0:d0:b8:28:e2:01:3f:7c:37:c9:
                    af:e8:7a:f4:59:e7:79:cf:7e:56:9c:02:9d:14:db:
                    36:56:3c:60:74:2b:c8:df:73:22:30:f5:d8:2b:2e:
                    ca:af:2c:e9:33:1f:96:40:a3:58:53:b0:87:f1:7c:
                    fa:0d:e5:6c:59:b1:c5:f2:0f:6b:1e:76:0d:1c:02:
                    f9:3f:52:70:e3:bc:08:c2:14:09:d2:21:32:1e:22:
                    4e:71:8e:e1:03:02:25:b5:57:dc:ad:6f:be:f2:79:
                    3b:66:83:2b:24:16:73:6e:c4:b6:5e:b1:4d:3d:84:
                    ec:f4:a1:4b:cf:f4:f0:36:9b:69:79:7e:a3:87:e1:
                    11:39:c5:fd:32:a8:a5:3b:e1:10:88:50:94:1f:36:
                    c9:af:8c:16:b7:58:ca:7b:fa:b6:8f:a8:ea:b2:c2:
                    56:44:0f:16:4d:b3:5b:94:9b:64:62:de:e8:6b:e7:
                    26:7b:99:12:ea:4b:60:77:31:94:0d:c3:e9:0d:4e:
                    2c:6b:df:c2:ac:32:1f:5c:15:52:1f:63:a9:f2:33:
                    25:34:51:79:d9:be:bf:6c:51:a3:76:02:a3:af:c0:
                    9e:7b:d4:56:37:aa:71:52:91:88:53:92:48:38:df:
                    c4:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:8C:E4:74:71:FA:19:18:91:31:C4:83:E0:77:50:4D:6F:82:4B:59
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/iIzkdHH6GRiRMcSD4HdQTW-CS1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f022::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:b7:f7:08:9a:c5:d3:af:42:fe:7c:f3:c9:14:93:74:05:e0:
         a6:02:88:45:ec:ef:07:4b:31:55:0e:ff:91:81:2a:33:59:98:
         b0:d6:e4:f9:a9:3e:5a:0e:c8:02:75:50:8e:be:d6:13:8e:a7:
         19:90:f7:f9:37:ff:5a:17:ee:53:fc:81:60:4b:88:36:9b:24:
         21:cf:b6:ce:66:09:89:49:79:7e:f4:d9:a6:8a:41:ea:05:67:
         78:50:98:84:d6:37:1c:71:b1:ef:13:9e:16:3b:19:c7:c6:5e:
         97:62:26:a2:26:d4:ec:6a:2e:0d:3b:91:bb:01:50:39:88:15:
         2c:ad:87:12:70:79:b0:d7:cb:dd:a3:a8:a5:c8:64:ad:3f:75:
         d5:bb:bd:d5:49:82:b7:72:f7:ea:33:43:63:69:58:a5:f3:02:
         7a:13:50:bb:08:c4:59:1c:ce:63:5b:e8:ff:9d:67:5f:37:e6:
         71:dd:7d:ac:3e:86:76:8e:8c:df:dc:46:30:25:e9:9d:06:6d:
         9e:7f:0f:98:36:8d:e2:72:67:3d:bc:01:8c:4b:2f:56:9c:c1:
         09:cb:2e:2e:22:06:71:59:88:b2:1c:d6:e1:bc:db:09:97:6d:
         e8:61:81:8a:8a:c4:df:28:22:f5:67:32:d3:17:09:b0:e0:65:
         93:a5:65:89
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiIDlMsgC0Vzv5rM6pnBQVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwMTAxMTM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODhjZTQ3NDcxZmExOTE4OTEzMWM0ODNlMDc3NTA0ZDZmODI0YjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgay1d8IEEQmjB9gZwc/5MgPrNDQ
uCjiAT98N8mv6Hr0Wed5z35WnAKdFNs2VjxgdCvI33MiMPXYKy7KryzpMx+WQKNY
U7CH8Xz6DeVsWbHF8g9rHnYNHAL5P1Jw47wIwhQJ0iEyHiJOcY7hAwIltVfcrW++
8nk7ZoMrJBZzbsS2XrFNPYTs9KFLz/TwNptpeX6jh+EROcX9MqilO+EQiFCUHzbJ
r4wWt1jKe/q2j6jqssJWRA8WTbNblJtkYt7oa+cme5kS6ktgdzGUDcPpDU4sa9/C
rDIfXBVSH2Op8jMlNFF52b6/bFGjdgKjr8Cee9RWN6pxUpGIU5JION/E/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIiM5HRx+hkYkTHEg+B3UE1vgktZMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvaUl6a2RISDZHUmlSTWNTRDRIZFFUVy1DUzFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvAi
MA0GCSqGSIb3DQEBCwUAA4IBAQAut/cImsXTr0L+fPPJFJN0BeCmAohF7O8HSzFV
Dv+RgSozWZiw1uT5qT5aDsgCdVCOvtYTjqcZkPf5N/9aF+5T/IFgS4g2myQhz7bO
ZgmJSXl+9NmmikHqBWd4UJiE1jcccbHvE54WOxnHxl6XYiaiJtTsai4NO5G7AVA5
iBUsrYcScHmw18vdo6ilyGStP3XVu73VSYK3cvfqM0NjaVil8wJ6E1C7CMRZHM5j
W+j/nWdfN+Zx3X2sPoZ2jozf3EYwJemdBm2efw+YNo3icmc9vAGMSy9WnMEJyy4u
IgZxWYiyHNbhvNsJl23oYYGKisTfKCL1ZzLTFwmw4GWTpWWJ
-----END CERTIFICATE-----