Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/llWkcrYWsxVPIFTcadyXxOCO-kA.roa
File:                     llWkcrYWsxVPIFTcadyXxOCO-kA.roa (raw, json)
Hash identifier:          C6q39BcQIOnOnI3Ijn0YqoZ4SJAOaS4Klvq8zcUJi3M=
Subject key identifier:   96:55:A4:72:B6:16:B3:15:4F:20:54:DC:69:DC:97:C4:E0:8E:FA:40
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       019422203DFE7C0F946F5494076BBF1FD33A
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/llWkcrYWsxVPIFTcadyXxOCO-kA.roa
Signing time:             Wed 01 Jan 2025 13:48:45 +0000
ROA not before:           Wed 01 Jan 2025 13:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211722
IP address blocks:        2a0e:8f02:2130::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:3d:fe:7c:0f:94:6f:54:94:07:6b:bf:1f:d3:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 13:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9655a472b616b3154f2054dc69dc97c4e08efa40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:66:b3:29:f4:98:2d:06:65:86:28:fd:4b:b8:
                    2c:85:ad:7a:16:ec:5c:d8:b6:2a:be:7c:92:71:3c:
                    28:d2:e0:c9:89:a0:2a:60:64:8b:63:fa:f9:c5:49:
                    8b:7a:0a:48:82:cd:f0:4d:d4:47:64:4b:f0:6c:ec:
                    44:f6:43:e6:8e:b1:ae:fe:69:48:a4:28:18:f9:7b:
                    b0:8e:0b:a3:81:22:b4:4b:11:d2:e2:53:78:29:a8:
                    cf:19:a2:06:af:65:84:5a:7a:eb:2f:9e:5e:6d:82:
                    2d:16:50:7b:a8:7b:10:c0:1d:66:ac:66:86:db:67:
                    ed:bd:7b:a9:58:14:77:27:c3:e3:26:e5:42:d3:75:
                    32:de:7c:84:c0:c9:3a:fc:b2:d0:14:f9:30:d9:e4:
                    12:47:55:81:22:dc:56:46:71:ea:be:6d:81:b1:d1:
                    df:bf:19:96:59:a4:21:81:70:a1:8b:de:93:57:23:
                    28:9e:90:3e:ea:60:d1:27:0b:c7:51:f2:a4:73:cf:
                    a7:e8:01:c8:6c:d5:2a:20:e8:06:12:46:0c:fd:82:
                    1f:1c:4e:be:73:ff:a8:d3:e0:c7:77:c8:93:73:a3:
                    49:9c:2a:bd:b9:df:a8:cb:8b:43:87:64:66:01:c4:
                    cb:a4:d5:cf:c5:89:39:14:c2:47:59:7a:81:15:6a:
                    14:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:55:A4:72:B6:16:B3:15:4F:20:54:DC:69:DC:97:C4:E0:8E:FA:40
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/llWkcrYWsxVPIFTcadyXxOCO-kA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2130::/44

    Signature Algorithm: sha256WithRSAEncryption
         55:28:4f:36:96:b3:d5:af:0e:56:8c:6d:41:82:7b:6d:74:56:
         e4:1b:51:16:21:a1:a5:23:3b:57:73:45:49:bd:5e:af:51:75:
         9a:2a:fc:97:51:f6:a5:e2:65:54:9a:d3:6f:b5:b8:b1:d8:82:
         a5:1f:1a:b0:9f:f4:03:ac:31:2c:34:4f:58:8c:f6:9b:e6:16:
         28:8d:20:a8:29:1c:78:f7:21:d6:40:cb:a1:88:31:b7:4c:cb:
         ca:6c:b1:fc:35:e1:b2:e6:9d:57:c6:80:57:6b:e1:d9:f7:1f:
         8a:71:32:12:93:0f:8e:2d:6f:26:bd:a0:6d:4f:1b:f9:bb:e4:
         a1:22:c8:c2:c9:ce:aa:05:8b:05:47:f0:6b:4a:1e:68:38:40:
         9a:8d:69:c4:df:e8:22:45:5b:01:bf:3c:a5:9b:3a:56:16:10:
         56:c5:c0:41:19:81:a6:28:41:81:8f:21:93:45:82:7b:80:2b:
         e0:38:29:48:e5:94:82:e2:e5:0b:11:75:ce:ac:77:7c:82:5d:
         f6:b3:65:58:b0:54:bb:f4:7f:89:49:15:bd:4b:9f:8d:7d:94:
         14:7c:13:c8:56:77:b7:ee:10:ec:73:15:01:b2:b5:7d:ff:88:
         d4:5c:03:ea:a2:21:cc:63:b0:ee:39:24:e3:8f:74:ce:ab:0d:
         a4:7a:74:d5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiID3+fA+Ub1SUB2u/H9M6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwMTAxMTM0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjU1YTQ3MmI2MTZiMzE1NGYyMDU0ZGM2OWRjOTdjNGUwOGVmYTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGazKfSYLQZlhij9S7gsha16Fuxc
2LYqvnyScTwo0uDJiaAqYGSLY/r5xUmLegpIgs3wTdRHZEvwbOxE9kPmjrGu/mlI
pCgY+XuwjgujgSK0SxHS4lN4KajPGaIGr2WEWnrrL55ebYItFlB7qHsQwB1mrGaG
22ftvXupWBR3J8PjJuVC03Uy3nyEwMk6/LLQFPkw2eQSR1WBItxWRnHqvm2BsdHf
vxmWWaQhgXChi96TVyMonpA+6mDRJwvHUfKkc8+n6AHIbNUqIOgGEkYM/YIfHE6+
c/+o0+DHd8iTc6NJnCq9ud+oy4tDh2RmAcTLpNXPxYk5FMJHWXqBFWoU0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJZVpHK2FrMVTyBU3Gncl8TgjvpAMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvbGxXa2NyWVdzeFZQSUZUY2FkeVh4T0NPLWtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiEw
MA0GCSqGSIb3DQEBCwUAA4IBAQBVKE82lrPVrw5WjG1BgnttdFbkG1EWIaGlIztX
c0VJvV6vUXWaKvyXUfal4mVUmtNvtbix2IKlHxqwn/QDrDEsNE9YjPab5hYojSCo
KRx49yHWQMuhiDG3TMvKbLH8NeGy5p1XxoBXa+HZ9x+KcTISkw+OLW8mvaBtTxv5
u+ShIsjCyc6qBYsFR/BrSh5oOECajWnE3+giRVsBvzylmzpWFhBWxcBBGYGmKEGB
jyGTRYJ7gCvgOClI5ZSC4uULEXXOrHd8gl32s2VYsFS79H+JSRW9S5+NfZQUfBPI
Vne37hDscxUBsrV9/4jUXAPqoiHMY7DuOSTjj3TOqw2kenTV
-----END CERTIFICATE-----