Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/XpvAs6Tt45TMxISWhloT9Wt5rFA.roa
File:                     XpvAs6Tt45TMxISWhloT9Wt5rFA.roa (raw, json)
Hash identifier:          3RG2rD9Iheegzvp1N+vn8OKiQ4faJt1Nqt7c2kVsNCo=
Subject key identifier:   5E:9B:C0:B3:A4:ED:E3:94:CC:C4:84:96:86:5A:13:F5:6B:79:AC:50
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019420D61B0010356063B8CA582C72B747DA
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/XpvAs6Tt45TMxISWhloT9Wt5rFA.roa
Signing time:             Wed 01 Jan 2025 07:48:10 +0000
ROA not before:           Wed 01 Jan 2025 07:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62445
IP address blocks:        2a05:b680:8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:1b:00:10:35:60:63:b8:ca:58:2c:72:b7:47:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  1 07:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e9bc0b3a4ede394ccc48496865a13f56b79ac50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:24:3e:54:85:b5:70:fb:19:b4:13:84:51:fa:
                    ea:15:b1:f9:9e:bd:4c:69:fe:22:9e:88:db:85:be:
                    50:7e:c6:60:e5:94:7b:cd:0b:e2:e5:00:cb:38:86:
                    cc:44:01:cf:f0:31:6c:0c:fe:c8:a8:79:bb:1f:0e:
                    4d:c0:f0:d4:25:45:d1:0f:c6:9b:2a:98:95:c6:c2:
                    44:7a:c9:4a:c5:f2:53:36:74:2c:a3:ee:d5:ca:bc:
                    27:fb:31:c8:36:f6:ba:41:5f:75:48:d6:c0:da:67:
                    4e:da:3d:d2:ba:ce:fd:e4:db:73:21:73:10:cd:be:
                    b1:2d:f0:7b:df:cb:a4:99:17:bd:76:32:c9:f9:ed:
                    a5:48:ba:5e:0e:38:e9:a2:e5:e7:ee:94:9a:6c:6c:
                    6c:59:bf:f1:e5:9a:8b:90:e5:f7:49:88:4a:21:51:
                    89:9a:4f:92:ee:88:88:a6:27:9c:41:2c:07:b0:ad:
                    cf:c7:76:34:98:69:cc:b6:ce:fb:6f:23:99:3c:df:
                    1f:ec:8a:1b:e1:4c:9e:db:0f:d9:c8:d6:fc:93:51:
                    5f:1b:7a:2c:5c:1a:8b:56:db:4a:71:6f:20:2a:de:
                    11:cb:0b:8a:66:15:e0:e7:eb:6f:ba:9f:87:e1:ae:
                    08:43:1f:70:e5:0f:77:b6:d2:4f:76:e1:27:ab:dc:
                    f6:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:9B:C0:B3:A4:ED:E3:94:CC:C4:84:96:86:5A:13:F5:6B:79:AC:50
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/XpvAs6Tt45TMxISWhloT9Wt5rFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b680:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:6e:48:dc:1a:de:ab:7c:d5:c2:91:ff:25:92:5f:24:20:d1:
         95:e6:5a:95:ae:8a:3e:10:ed:88:fb:fd:38:b5:39:b6:7b:3e:
         d1:c6:3f:ae:00:3a:a7:05:13:59:6b:6d:68:52:29:51:9f:ba:
         a1:e9:b0:60:90:ec:e0:cb:7c:09:a9:07:94:07:a0:ce:46:ae:
         39:5c:2b:96:9f:9f:28:a9:ce:77:fc:b5:03:37:e1:43:a0:4f:
         7e:b2:fc:e6:19:0e:a2:d4:45:e0:3c:62:83:00:90:e2:e6:70:
         c9:97:9d:c0:1a:13:ce:6f:e2:a9:6e:ab:14:fb:ed:01:bc:ad:
         d8:7c:c9:f3:33:0a:18:d5:22:e1:1a:d7:28:2c:3b:20:af:63:
         10:8f:78:ac:48:13:ee:66:44:dd:94:b2:ee:23:4d:58:78:62:
         4b:e7:22:ce:2c:cb:27:49:24:9c:3d:94:d5:06:7b:1f:d3:a1:
         47:18:85:da:01:ea:6a:36:bd:77:4f:09:fb:c3:e5:d6:3a:85:
         70:cd:7a:36:10:00:4c:cf:54:ff:f4:4c:ba:3e:8f:81:58:4a:
         19:82:91:a3:a8:7e:d4:2b:8e:a6:e6:38:5b:3c:6d:56:a8:04:
         98:42:9f:6d:fa:ea:3d:68:3d:9d:48:98:28:64:29:5a:88:3d:
         f1:37:98:e5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1hsAEDVgY7jKWCxyt0faMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjUwMTAxMDc0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTliYzBiM2E0ZWRlMzk0Y2NjNDg0OTY4NjVhMTNmNTZiNzlhYzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4iQ+VIW1cPsZtBOEUfrqFbH5nr1M
af4inojbhb5QfsZg5ZR7zQvi5QDLOIbMRAHP8DFsDP7IqHm7Hw5NwPDUJUXRD8ab
KpiVxsJEeslKxfJTNnQso+7Vyrwn+zHINva6QV91SNbA2mdO2j3Sus795NtzIXMQ
zb6xLfB738ukmRe9djLJ+e2lSLpeDjjpouXn7pSabGxsWb/x5ZqLkOX3SYhKIVGJ
mk+S7oiIpiecQSwHsK3Px3Y0mGnMts77byOZPN8f7Iob4Uye2w/ZyNb8k1FfG3os
XBqLVttKcW8gKt4RywuKZhXg5+tvup+H4a4IQx9w5Q93ttJPduEnq9z2uwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF6bwLOk7eOUzMSEloZaE/VreaxQMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvWHB2QXM2VHQ0NVRNeElTV2hsb1Q5V3Q1ckZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgW2gAAI
MA0GCSqGSIb3DQEBCwUAA4IBAQBxbkjcGt6rfNXCkf8lkl8kINGV5lqVroo+EO2I
+/04tTm2ez7Rxj+uADqnBRNZa21oUilRn7qh6bBgkOzgy3wJqQeUB6DORq45XCuW
n58oqc53/LUDN+FDoE9+svzmGQ6i1EXgPGKDAJDi5nDJl53AGhPOb+KpbqsU++0B
vK3YfMnzMwoY1SLhGtcoLDsgr2MQj3isSBPuZkTdlLLuI01YeGJL5yLOLMsnSSSc
PZTVBnsf06FHGIXaAepqNr13Twn7w+XWOoVwzXo2EABMz1T/9Ey6Po+BWEoZgpGj
qH7UK46m5jhbPG1WqASYQp9t+uo9aD2dSJgoZClaiD3xN5jl
-----END CERTIFICATE-----