Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/s5RpEEv_5c8EhFyL0wmQCc3dGzQ.roa
File:                     s5RpEEv_5c8EhFyL0wmQCc3dGzQ.roa (raw, json)
Hash identifier:          e9sK9OQD0wJE9XhH6XP12yqxJzH9P0rZHZDTvsi0HQA=
Subject key identifier:   B3:94:69:10:4B:FF:E5:CF:04:84:5C:8B:D3:09:90:09:CD:DD:1B:34
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       0194222044682675712A15A319CA03A7BA6D
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/s5RpEEv_5c8EhFyL0wmQCc3dGzQ.roa
Signing time:             Wed 01 Jan 2025 13:48:47 +0000
ROA not before:           Wed 01 Jan 2025 13:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212359
IP address blocks:        2a0e:8f02:f00e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:44:68:26:75:71:2a:15:a3:19:ca:03:a7:ba:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 13:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b39469104bffe5cf04845c8bd3099009cddd1b34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a3:b6:fb:af:2b:f3:fb:18:c3:a3:d8:df:8e:
                    29:7b:2a:b4:40:79:f9:db:a7:da:37:c1:ba:16:66:
                    dc:7b:8f:5f:01:12:cd:b4:94:bb:20:a3:1c:20:8d:
                    e1:15:27:07:10:8e:70:12:93:ab:86:a2:36:82:7a:
                    d2:b1:09:97:f2:6f:85:93:29:88:93:da:96:1a:a9:
                    1f:9b:5c:c0:de:ee:6e:12:c2:0b:be:d5:47:7f:60:
                    ff:55:3b:3b:e6:b0:00:c6:cf:91:03:08:a8:ca:6a:
                    05:d1:3c:dd:52:67:1b:a2:01:47:a9:51:1b:2a:29:
                    32:b3:47:36:a4:9b:f1:2f:e6:9e:58:45:8e:f9:93:
                    f5:54:6d:75:ca:48:68:7d:53:fd:d1:a0:6f:d1:a3:
                    af:0f:62:8c:f9:9f:61:5b:4c:eb:a2:0c:99:97:2c:
                    9b:93:82:27:73:7f:70:43:76:55:60:03:a2:b8:ed:
                    f7:96:37:45:ad:41:42:c6:f9:4d:0e:23:3d:03:e6:
                    61:07:0a:af:19:91:4e:dd:db:6c:56:cb:54:82:1b:
                    12:f5:46:82:32:42:0d:86:ef:d2:d5:b7:16:db:a2:
                    d7:fa:bf:00:a8:ea:b8:df:3b:c6:d0:6a:60:c7:96:
                    14:73:5f:ad:96:90:be:c3:20:31:47:23:9c:f3:be:
                    c1:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:94:69:10:4B:FF:E5:CF:04:84:5C:8B:D3:09:90:09:CD:DD:1B:34
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/s5RpEEv_5c8EhFyL0wmQCc3dGzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f00e::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:76:ee:9b:76:88:7a:fd:41:02:3d:b0:3b:f3:8b:5a:da:bd:
         b4:0e:ea:ab:3f:b6:c2:c2:3c:ac:65:de:a0:ed:4b:71:6d:65:
         ff:cc:cd:f5:eb:a8:86:3b:3d:4d:61:d1:39:ab:e1:e0:0d:1f:
         3c:47:4f:ce:e9:9a:d3:c3:f0:b6:34:ba:70:1e:71:10:93:19:
         a1:f0:74:fa:40:94:9a:ba:51:c5:bb:8b:34:d7:07:4d:fb:76:
         a8:93:bb:0e:cf:30:aa:b0:c8:c3:df:e6:07:8b:4b:09:70:2f:
         95:bb:56:d9:c2:db:3f:58:f2:ed:a3:07:68:81:ed:06:72:ee:
         b3:81:23:f5:53:e5:92:8a:9b:92:4d:d6:2e:f4:8a:e2:88:47:
         46:b2:22:0f:41:cb:ce:1c:4f:1d:50:be:10:75:cc:6c:fe:09:
         60:7c:e5:01:5c:c8:b3:7a:5a:06:4b:d6:23:70:14:43:cc:c9:
         6f:60:6d:6c:32:3f:09:91:ca:c4:04:cc:95:2a:bc:6b:7e:54:
         1c:0c:f4:dc:e6:dd:f6:e7:b1:90:2e:21:da:f8:cc:fe:7e:db:
         3c:d2:eb:eb:d0:99:b6:fb:8f:4c:27:e6:d2:23:09:2b:be:98:
         96:78:b1:b0:4a:9a:70:c1:8c:8a:d5:70:15:54:62:98:d9:ee:
         73:0f:f8:10
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiIERoJnVxKhWjGcoDp7ptMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwMTAxMTM0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzk0NjkxMDRiZmZlNWNmMDQ4NDVjOGJkMzA5OTAwOWNkZGQxYjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaO2+68r8/sYw6PY344peyq0QHn5
26faN8G6Fmbce49fARLNtJS7IKMcII3hFScHEI5wEpOrhqI2gnrSsQmX8m+FkymI
k9qWGqkfm1zA3u5uEsILvtVHf2D/VTs75rAAxs+RAwioymoF0TzdUmcbogFHqVEb
Kikys0c2pJvxL+aeWEWO+ZP1VG11ykhofVP90aBv0aOvD2KM+Z9hW0zrogyZlyyb
k4Inc39wQ3ZVYAOiuO33ljdFrUFCxvlNDiM9A+ZhBwqvGZFO3dtsVstUghsS9UaC
MkINhu/S1bcW26LX+r8AqOq43zvG0Gpgx5YUc1+tlpC+wyAxRyOc877BiQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLOUaRBL/+XPBIRci9MJkAnN3Rs0MB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvczVScEVFdl81YzhFaEZ5TDB3bVFDYzNkR3pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvAO
MA0GCSqGSIb3DQEBCwUAA4IBAQA/du6bdoh6/UECPbA784ta2r20DuqrP7bCwjys
Zd6g7UtxbWX/zM3166iGOz1NYdE5q+HgDR88R0/O6ZrTw/C2NLpwHnEQkxmh8HT6
QJSaulHFu4s01wdN+3aok7sOzzCqsMjD3+YHi0sJcC+Vu1bZwts/WPLtowdoge0G
cu6zgSP1U+WSipuSTdYu9IriiEdGsiIPQcvOHE8dUL4Qdcxs/glgfOUBXMizeloG
S9YjcBRDzMlvYG1sMj8JkcrEBMyVKrxrflQcDPTc5t3257GQLiHa+Mz+fts80uvr
0Jm2+49MJ+bSIwkrvpiWeLGwSppwwYyK1XAVVGKY2e5zD/gQ
-----END CERTIFICATE-----