Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/Ax2MQ5Lb54u4442Uota7T1lDXqU.roa
File:                     Ax2MQ5Lb54u4442Uota7T1lDXqU.roa (raw, json)
Hash identifier:          WtpxYyNpcHNC3G/vVwvJ9snmh6XrLgpD5cHVaG5LTa8=
Subject key identifier:   03:1D:8C:43:92:DB:E7:8B:B8:E3:8D:94:A2:D6:BB:4F:59:43:5E:A5
Certificate issuer:       /CN=c5849232e3943bf257c9dcaeab0ef92d30a4cfad
Certificate serial:       019421B1A528CF40BC23FC1D3DA239047167
Authority key identifier: C5:84:92:32:E3:94:3B:F2:57:C9:DC:AE:AB:0E:F9:2D:30:A4:CF:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xYSSMuOUO_JXydyuqw75LTCkz60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/Ax2MQ5Lb54u4442Uota7T1lDXqU.roa
Signing time:             Wed 01 Jan 2025 11:47:57 +0000
ROA not before:           Wed 01 Jan 2025 11:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215539
IP address blocks:        2a0f:ff40:c3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/xYSSMuOUO_JXydyuqw75LTCkz60.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/xYSSMuOUO_JXydyuqw75LTCkz60.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xYSSMuOUO_JXydyuqw75LTCkz60.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:a5:28:cf:40:bc:23:fc:1d:3d:a2:39:04:71:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5849232e3943bf257c9dcaeab0ef92d30a4cfad
        Validity
            Not Before: Jan  1 11:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=031d8c4392dbe78bb8e38d94a2d6bb4f59435ea5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:31:a3:6b:64:40:5f:c4:98:22:ab:26:cd:cb:
                    10:60:63:fd:06:50:5e:31:23:59:b8:c2:8d:dd:ba:
                    a9:f1:f8:96:13:7b:f3:8f:48:0c:99:c6:8d:49:ed:
                    94:53:1d:ae:f1:07:09:f1:8e:0a:b2:16:44:ea:51:
                    7b:44:85:e8:d1:4b:67:8e:e4:ff:7b:ad:d4:ea:d7:
                    5f:13:6c:f2:af:54:e4:78:ee:96:1e:35:cc:9b:51:
                    a7:bc:94:02:57:ba:a3:c2:82:c9:4a:ec:67:95:3f:
                    38:a9:2a:22:a3:03:87:26:b6:5e:44:85:f7:16:62:
                    46:8a:e5:60:e3:0a:48:15:87:61:5c:f4:ff:2d:b1:
                    f2:dc:8a:7e:62:97:1f:ed:97:d7:89:35:15:82:23:
                    8a:73:12:07:90:2a:16:d7:15:d2:85:a0:78:f7:1a:
                    4d:15:95:b8:cd:77:15:6f:23:5c:e9:85:e6:89:47:
                    8b:19:73:4e:4c:f3:73:db:50:cd:9c:37:4f:5c:a8:
                    fc:e6:49:d9:bb:f0:49:df:57:97:16:51:75:a1:e3:
                    d1:58:ed:ba:98:b5:d8:a6:5e:9c:a4:cf:a2:f4:39:
                    31:b9:88:7b:11:9d:88:2c:56:4b:15:63:7f:12:ca:
                    24:4f:1c:c3:55:b5:29:46:39:5a:52:51:b9:2a:75:
                    9b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:1D:8C:43:92:DB:E7:8B:B8:E3:8D:94:A2:D6:BB:4F:59:43:5E:A5
            X509v3 Authority Key Identifier:
                keyid:C5:84:92:32:E3:94:3B:F2:57:C9:DC:AE:AB:0E:F9:2D:30:A4:CF:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xYSSMuOUO_JXydyuqw75LTCkz60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/Ax2MQ5Lb54u4442Uota7T1lDXqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/xYSSMuOUO_JXydyuqw75LTCkz60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:ff40:c3::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:d4:cb:f7:a9:28:4a:5c:1f:4e:17:60:6d:06:6e:56:50:90:
         18:01:fa:38:95:f6:08:ff:6c:2a:80:92:a6:fc:81:e6:12:3b:
         6f:f8:2f:44:8f:df:ec:7b:88:2a:ce:22:ba:67:98:b6:ed:1c:
         1a:a8:4a:fe:cb:96:ba:60:b4:a6:5a:12:0b:41:98:70:87:81:
         37:8b:53:d4:03:26:99:22:74:d3:ab:ea:45:5c:8b:75:11:b1:
         cd:6d:9c:bf:25:66:6b:52:68:c8:95:f0:ff:22:ac:bf:42:f5:
         7a:8d:6b:f2:7c:81:2d:d1:79:cf:6f:8c:5e:71:ed:aa:68:ee:
         ef:b3:c6:bc:20:9d:a1:b2:5f:91:bf:d9:45:49:4a:e2:56:ac:
         57:27:61:5d:6c:81:41:4f:1f:4d:65:ff:12:5e:20:44:0f:8d:
         3c:ed:3c:d0:0f:87:82:13:22:2e:f0:57:50:f3:95:6a:5f:63:
         ed:ef:a9:c0:35:f7:a1:1c:fb:94:2c:e3:86:bd:5a:a9:d9:f1:
         86:00:84:be:96:25:9a:6a:c6:27:66:86:02:a0:54:03:f0:1b:
         5f:b4:cb:9d:21:7e:39:05:79:5b:93:f8:07:39:6b:d6:42:67:
         65:3c:bc:67:fe:0d:83:ee:67:f4:d8:b8:60:45:ca:70:a1:93:
         74:16:73:17
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhsaUoz0C8I/wdPaI5BHFnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1ODQ5MjMyZTM5NDNiZjI1N2M5ZGNhZWFiMGVmOTJkMzBh
NGNmYWQwHhcNMjUwMTAxMTE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzFkOGM0MzkyZGJlNzhiYjhlMzhkOTRhMmQ2YmI0ZjU5NDM1ZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzGja2RAX8SYIqsmzcsQYGP9BlBe
MSNZuMKN3bqp8fiWE3vzj0gMmcaNSe2UUx2u8QcJ8Y4KshZE6lF7RIXo0UtnjuT/
e63U6tdfE2zyr1TkeO6WHjXMm1GnvJQCV7qjwoLJSuxnlT84qSoiowOHJrZeRIX3
FmJGiuVg4wpIFYdhXPT/LbHy3Ip+Ypcf7ZfXiTUVgiOKcxIHkCoW1xXShaB49xpN
FZW4zXcVbyNc6YXmiUeLGXNOTPNz21DNnDdPXKj85knZu/BJ31eXFlF1oePRWO26
mLXYpl6cpM+i9DkxuYh7EZ2ILFZLFWN/EsokTxzDVbUpRjlaUlG5KnWbEQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAMdjEOS2+eLuOONlKLWu09ZQ16lMB8GA1UdIwQY
MBaAFMWEkjLjlDvyV8ncrqsO+S0wpM+tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFlTU011T1VPX0pYeWR5dXF3NzVMVENrejYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS80NDAyMTktYmJjMy00MTg2LWIxYTYt
YWZhOTE3YmRmN2QxLzEvQXgyTVE1TGI1NHU0NDQyVW90YTdUMWxEWHFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS80NDAyMTktYmJjMy00MTg2LWIxYTYtYWZhOTE3YmRmN2Qx
LzEveFlTU011T1VPX0pYeWR5dXF3NzVMVENrejYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg//QADD
MA0GCSqGSIb3DQEBCwUAA4IBAQB71Mv3qShKXB9OF2BtBm5WUJAYAfo4lfYI/2wq
gJKm/IHmEjtv+C9Ej9/se4gqziK6Z5i27RwaqEr+y5a6YLSmWhILQZhwh4E3i1PU
AyaZInTTq+pFXIt1EbHNbZy/JWZrUmjIlfD/Iqy/QvV6jWvyfIEt0XnPb4xece2q
aO7vs8a8IJ2hsl+Rv9lFSUriVqxXJ2FdbIFBTx9NZf8SXiBED4087TzQD4eCEyIu
8FdQ85VqX2Pt76nANfehHPuULOOGvVqp2fGGAIS+liWaasYnZoYCoFQD8BtftMud
IX45BXlbk/gHOWvWQmdlPLxn/g2D7mf02LhgRcpwoZN0FnMX
-----END CERTIFICATE-----