Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/ktW2zp7jc-eWdbmylDck6ks-YdU.roa
File:                     ktW2zp7jc-eWdbmylDck6ks-YdU.roa (raw, json)
Hash identifier:          8NlJW8EaYLaXgJn5t+C9zgme7T5eJOxYJWd1NRv0ffw=
Subject key identifier:   92:D5:B6:CE:9E:E3:73:E7:96:75:B9:B2:94:37:24:EA:4B:3E:61:D5
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       019422204C040CCF50FF7DFDABAA7C6EA245
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/ktW2zp7jc-eWdbmylDck6ks-YdU.roa
Signing time:             Wed 01 Jan 2025 13:48:49 +0000
ROA not before:           Wed 01 Jan 2025 13:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213326
IP address blocks:        2a0e:8f02:2110::/44 maxlen: 48
                          2a0e:8f02:f01b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:4c:04:0c:cf:50:ff:7d:fd:ab:aa:7c:6e:a2:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 13:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92d5b6ce9ee373e79675b9b2943724ea4b3e61d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ec:74:c5:e2:4a:e5:74:4a:3c:c8:2c:72:27:
                    31:e4:dd:d9:d1:80:68:3e:c1:84:d4:c0:64:d4:6b:
                    2d:28:08:2d:0b:c9:14:be:98:83:aa:48:6a:2b:a1:
                    2e:9e:e2:90:3f:44:8d:e9:fd:b0:e9:3a:2c:b2:cb:
                    99:98:9b:6b:fc:af:c5:4c:c2:09:03:47:74:38:96:
                    26:e8:21:65:1a:04:fc:4e:fb:43:2e:7a:70:0e:f4:
                    5c:84:ef:4f:91:d3:81:8f:87:f2:ad:49:06:82:2d:
                    2f:0a:50:cc:ab:47:b0:2a:59:df:3e:91:0d:17:ad:
                    87:22:cb:0d:2d:08:11:32:81:11:72:08:42:1f:f9:
                    3a:80:8f:1a:fd:17:1d:d3:67:40:0b:27:fa:53:31:
                    58:b7:15:5b:04:61:54:e7:a0:36:06:a6:ed:a2:0f:
                    c2:cf:fb:ca:13:f8:e2:14:f7:52:b6:c0:81:7e:e5:
                    8b:f2:26:7f:20:da:59:df:ba:6e:c7:d7:21:43:31:
                    65:25:9d:b3:0a:88:43:49:1f:90:bd:69:b6:c5:06:
                    1a:d5:99:13:00:4c:9b:ba:51:2e:14:e9:4f:e5:50:
                    74:ec:87:35:c9:1c:b7:d4:6c:db:60:d0:06:e3:8e:
                    21:be:f9:e1:a7:cb:e9:37:6f:3b:4f:d9:a9:6c:f4:
                    54:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:D5:B6:CE:9E:E3:73:E7:96:75:B9:B2:94:37:24:EA:4B:3E:61:D5
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/ktW2zp7jc-eWdbmylDck6ks-YdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2110::/44
                  2a0e:8f02:f01b::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:f9:79:49:6d:c8:e0:5e:86:f9:94:67:a4:48:90:96:3c:14:
         ff:bd:ed:86:a5:8c:52:01:04:22:66:82:08:10:cf:2c:9e:26:
         32:86:29:94:f1:e8:88:f9:0d:c2:eb:be:c3:d3:b6:b5:36:25:
         35:79:cc:ab:d7:48:14:5f:15:e4:d2:43:1a:24:df:12:86:3f:
         7f:d9:be:37:db:5c:86:09:02:aa:5a:86:c9:51:65:36:03:9c:
         a0:63:69:23:4b:36:7f:8a:d7:20:50:be:49:6c:ec:39:3f:24:
         c2:c2:0f:91:78:b6:d6:a5:62:34:3a:4d:37:3d:6f:00:9c:06:
         7a:a0:3a:83:4f:f0:93:df:14:fd:70:6f:07:02:1b:e8:68:0b:
         95:f5:19:aa:a8:ca:3d:fe:60:91:7d:34:5f:aa:65:39:7a:18:
         d9:0f:95:de:4b:b4:19:16:4d:55:2c:b2:74:f4:24:52:2c:74:
         9c:73:64:98:7f:d3:c7:44:d5:15:5e:84:73:bf:67:43:b7:d0:
         32:61:a3:29:26:f8:f7:08:48:a8:5c:c7:e8:b1:17:44:be:26:
         b5:7b:5c:3a:da:09:1b:0d:69:88:2d:41:83:08:87:94:57:b3:
         0b:f1:87:db:37:ca:ee:24:b0:d0:58:b9:53:38:5d:ef:16:28:
         ed:cc:f4:c7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQiIEwEDM9Q/339q6p8bqJFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwMTAxMTM0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmQ1YjZjZTllZTM3M2U3OTY3NWI5YjI5NDM3MjRlYTRiM2U2MWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOx0xeJK5XRKPMgscicx5N3Z0YBo
PsGE1MBk1GstKAgtC8kUvpiDqkhqK6EunuKQP0SN6f2w6TosssuZmJtr/K/FTMIJ
A0d0OJYm6CFlGgT8TvtDLnpwDvRchO9PkdOBj4fyrUkGgi0vClDMq0ewKlnfPpEN
F62HIssNLQgRMoERcghCH/k6gI8a/Rcd02dACyf6UzFYtxVbBGFU56A2Bqbtog/C
z/vKE/jiFPdStsCBfuWL8iZ/INpZ37pux9chQzFlJZ2zCohDSR+QvWm2xQYa1ZkT
AEybulEuFOlP5VB07Ic1yRy31GzbYNAG444hvvnhp8vpN287T9mpbPRUSwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJLVts6e43PnlnW5spQ3JOpLPmHVMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEva3RXMnpwN2pjLWVXZGJteWxEY2s2a3MtWWRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6PAiEQ
AwcAKg6PAvAbMA0GCSqGSIb3DQEBCwUAA4IBAQCN+XlJbcjgXob5lGekSJCWPBT/
ve2GpYxSAQQiZoIIEM8sniYyhimU8eiI+Q3C677D07a1NiU1ecyr10gUXxXk0kMa
JN8Shj9/2b4321yGCQKqWobJUWU2A5ygY2kjSzZ/itcgUL5JbOw5PyTCwg+ReLbW
pWI0Ok03PW8AnAZ6oDqDT/CT3xT9cG8HAhvoaAuV9RmqqMo9/mCRfTRfqmU5ehjZ
D5XeS7QZFk1VLLJ09CRSLHScc2SYf9PHRNUVXoRzv2dDt9AyYaMpJvj3CEioXMfo
sRdEvia1e1w62gkbDWmILUGDCIeUV7ML8YfbN8ruJLDQWLlTOF3vFijtzPTH
-----END CERTIFICATE-----