Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/6e43b9-c6a7-4d51-8061-06c8bb374a58/1/XYSwDgEDu2AsDXqJSeXTfFwYkMs.roa
File:                     XYSwDgEDu2AsDXqJSeXTfFwYkMs.roa (raw, json)
Hash identifier:          4IZPclZa/Ab6eD/hUighnjIphAqh1KKYEqn+pFsOdrg=
Subject key identifier:   5D:84:B0:0E:01:03:BB:60:2C:0D:7A:89:49:E5:D3:7C:5C:18:90:CB
Certificate issuer:       /CN=e06536d2b17c45c175739f3313119be219d331ac
Certificate serial:       0194888A8317A6C3EFD20D1FE8AD0530E449
Authority key identifier: E0:65:36:D2:B1:7C:45:C1:75:73:9F:33:13:11:9B:E2:19:D3:31:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4GU20rF8RcF1c58zExGb4hnTMaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/6e43b9-c6a7-4d51-8061-06c8bb374a58/1/XYSwDgEDu2AsDXqJSeXTfFwYkMs.roa
Signing time:             Tue 21 Jan 2025 11:06:06 +0000
ROA not before:           Tue 21 Jan 2025 11:06:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49237
IP address blocks:        2a02:de0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/6e43b9-c6a7-4d51-8061-06c8bb374a58/1/4GU20rF8RcF1c58zExGb4hnTMaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/6e43b9-c6a7-4d51-8061-06c8bb374a58/1/4GU20rF8RcF1c58zExGb4hnTMaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4GU20rF8RcF1c58zExGb4hnTMaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:88:8a:83:17:a6:c3:ef:d2:0d:1f:e8:ad:05:30:e4:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e06536d2b17c45c175739f3313119be219d331ac
        Validity
            Not Before: Jan 21 11:06:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d84b00e0103bb602c0d7a8949e5d37c5c1890cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:13:d9:81:48:37:35:9c:b3:84:f6:05:74:72:
                    09:e0:31:d4:89:c4:95:7d:99:a6:65:77:59:19:bd:
                    72:15:52:29:a6:8c:36:b0:cf:da:9e:0f:11:ea:1f:
                    64:78:bf:84:16:0f:9d:af:6c:73:9b:f6:fd:f5:1a:
                    89:b5:ad:be:ca:a3:68:38:a6:99:65:d2:8b:c0:44:
                    be:00:44:82:32:9b:b1:31:7f:83:c1:3b:69:69:1c:
                    84:8b:e7:45:92:ba:71:7f:bf:32:96:3c:4e:fb:80:
                    07:34:bb:19:35:f6:d7:cd:d3:cc:87:0a:25:b6:03:
                    71:8d:36:4d:87:05:ed:4b:9d:c8:c6:e3:74:60:bb:
                    39:40:61:c7:10:de:df:82:82:00:30:1b:d9:83:6f:
                    56:7b:4c:9d:39:53:9a:2e:9f:52:c6:43:74:6a:49:
                    44:91:c1:75:7e:1f:34:79:0e:43:05:3f:85:52:d0:
                    c0:09:5b:4e:99:63:6a:a0:51:56:d9:cc:b8:8a:2e:
                    1e:9a:cc:1d:af:2e:42:77:60:ad:3a:17:fe:4d:58:
                    2e:72:c9:f3:0c:f8:00:48:9a:f7:dc:df:2d:ba:48:
                    56:74:2b:c4:d5:ef:68:70:ad:6c:bc:f3:28:de:7c:
                    77:f8:d3:be:e8:2a:b8:c9:d4:0f:fc:ae:2a:4f:6e:
                    69:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:84:B0:0E:01:03:BB:60:2C:0D:7A:89:49:E5:D3:7C:5C:18:90:CB
            X509v3 Authority Key Identifier:
                keyid:E0:65:36:D2:B1:7C:45:C1:75:73:9F:33:13:11:9B:E2:19:D3:31:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4GU20rF8RcF1c58zExGb4hnTMaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/6e43b9-c6a7-4d51-8061-06c8bb374a58/1/XYSwDgEDu2AsDXqJSeXTfFwYkMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/6e43b9-c6a7-4d51-8061-06c8bb374a58/1/4GU20rF8RcF1c58zExGb4hnTMaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:de0::/32

    Signature Algorithm: sha256WithRSAEncryption
         75:fc:be:25:cd:21:e4:48:f6:ce:af:57:8b:fc:65:f4:7a:33:
         78:43:7a:fa:c8:c6:91:86:a7:4b:01:6d:8f:f9:c3:ff:be:6f:
         38:6c:f7:db:9d:93:73:1d:b2:af:1c:49:9f:33:14:5b:5b:11:
         08:3d:b8:06:18:56:18:c1:ae:25:7d:42:d4:b6:d1:0e:3d:65:
         a0:f6:bc:cd:85:2d:4f:af:c3:26:e2:cf:56:f7:5b:0b:db:cb:
         ab:3d:93:8e:36:d2:59:ab:1d:9c:ea:fc:19:86:5c:cc:d7:96:
         81:cd:68:93:0c:b8:10:3f:be:dd:a7:04:0a:9c:70:a6:85:98:
         87:36:ff:60:d0:e8:96:6e:b2:19:40:2c:4e:93:84:7e:24:06:
         1d:3d:e0:6c:fc:88:d1:39:83:4d:22:a8:26:62:36:73:55:d2:
         56:07:7c:a5:0a:d8:21:ac:bf:ec:b2:16:a9:0c:65:29:34:2a:
         c2:aa:0a:84:7e:27:fb:32:31:ae:29:c2:8a:ef:fc:36:23:57:
         c2:85:bb:34:fb:a5:da:6c:80:25:f7:b4:a8:a6:b0:25:b5:1f:
         76:57:ec:18:57:34:e9:8d:e8:35:07:5c:ed:fc:c5:5c:91:d5:
         30:7b:13:2d:77:44:06:6d:90:7b:02:e7:cf:41:27:cb:fd:a4:
         50:53:5a:15
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZSIioMXpsPv0g0f6K0FMORJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNjUzNmQyYjE3YzQ1YzE3NTczOWYzMzEzMTE5YmUyMTlk
MzMxYWMwHhcNMjUwMTIxMTEwNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDg0YjAwZTAxMDNiYjYwMmMwZDdhODk0OWU1ZDM3YzVjMTg5MGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhPZgUg3NZyzhPYFdHIJ4DHUicSV
fZmmZXdZGb1yFVIppow2sM/ang8R6h9keL+EFg+dr2xzm/b99RqJta2+yqNoOKaZ
ZdKLwES+AESCMpuxMX+DwTtpaRyEi+dFkrpxf78yljxO+4AHNLsZNfbXzdPMhwol
tgNxjTZNhwXtS53IxuN0YLs5QGHHEN7fgoIAMBvZg29We0ydOVOaLp9SxkN0aklE
kcF1fh80eQ5DBT+FUtDACVtOmWNqoFFW2cy4ii4emswdry5Cd2CtOhf+TVgucsnz
DPgASJr33N8tukhWdCvE1e9ocK1svPMo3nx3+NO+6Cq4ydQP/K4qT25pcwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFF2EsA4BA7tgLA16iUnl03xcGJDLMB8GA1UdIwQY
MBaAFOBlNtKxfEXBdXOfMxMRm+IZ0zGsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEdVMjByRjhSY0YxYzU4ekV4R2I0aG5UTWF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy82ZTQzYjktYzZhNy00ZDUxLTgwNjEt
MDZjOGJiMzc0YTU4LzEvWFlTd0RnRUR1MkFzRFhxSlNlWFRmRndZa01zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy82ZTQzYjktYzZhNy00ZDUxLTgwNjEtMDZjOGJiMzc0YTU4
LzEvNEdVMjByRjhSY0YxYzU4ekV4R2I0aG5UTWF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgIN4DAN
BgkqhkiG9w0BAQsFAAOCAQEAdfy+Jc0h5Ej2zq9Xi/xl9HozeEN6+sjGkYanSwFt
j/nD/75vOGz3252Tcx2yrxxJnzMUW1sRCD24BhhWGMGuJX1C1LbRDj1loPa8zYUt
T6/DJuLPVvdbC9vLqz2TjjbSWasdnOr8GYZczNeWgc1okwy4ED++3acECpxwpoWY
hzb/YNDolm6yGUAsTpOEfiQGHT3gbPyI0TmDTSKoJmI2c1XSVgd8pQrYIay/7LIW
qQxlKTQqwqoKhH4n+zIxrinCiu/8NiNXwoW7NPul2myAJfe0qKawJbUfdlfsGFc0
6Y3oNQdc7fzFXJHVMHsTLXdEBm2QewLnz0Eny/2kUFNaFQ==
-----END CERTIFICATE-----