Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/9f58f2-7919-4bfc-8f73-e7073cfe134f/1/pXY7p3AnqDJfjALLmtVHw8U2GfM.roa
File:                     pXY7p3AnqDJfjALLmtVHw8U2GfM.roa (raw, json)
Hash identifier:          ZUNXce9TBnEjmUfFa15l+WlhliqRz/AO8NwAB4Sid60=
Subject key identifier:   A5:76:3B:A7:70:27:A8:32:5F:8C:02:CB:9A:D5:47:C3:C5:36:19:F3
Certificate issuer:       /CN=4eaefc49e6cd67e25996a2c0fc57b80cc23dba44
Certificate serial:       0194266A0075F31B558F05E926E587A550FD
Authority key identifier: 4E:AE:FC:49:E6:CD:67:E2:59:96:A2:C0:FC:57:B8:0C:C2:3D:BA:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tq78SebNZ-JZlqLA_Fe4DMI9ukQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/9f58f2-7919-4bfc-8f73-e7073cfe134f/1/pXY7p3AnqDJfjALLmtVHw8U2GfM.roa
Signing time:             Thu 02 Jan 2025 09:47:48 +0000
ROA not before:           Thu 02 Jan 2025 09:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        141.41.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/9f58f2-7919-4bfc-8f73-e7073cfe134f/1/Tq78SebNZ-JZlqLA_Fe4DMI9ukQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/9f58f2-7919-4bfc-8f73-e7073cfe134f/1/Tq78SebNZ-JZlqLA_Fe4DMI9ukQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tq78SebNZ-JZlqLA_Fe4DMI9ukQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:00:75:f3:1b:55:8f:05:e9:26:e5:87:a5:50:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4eaefc49e6cd67e25996a2c0fc57b80cc23dba44
        Validity
            Not Before: Jan  2 09:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5763ba77027a8325f8c02cb9ad547c3c53619f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9e:fd:fa:bd:d1:54:9c:e5:6b:43:b3:65:70:
                    2b:26:f3:16:d6:ac:4e:7d:53:a8:d7:b9:1c:0d:4b:
                    c7:78:1f:68:77:7b:b4:da:c7:80:dd:00:10:df:f3:
                    a0:ac:76:50:0f:1f:09:71:81:e8:e6:42:c7:09:e7:
                    66:1b:cf:6e:05:71:99:6f:4a:f3:cd:73:ac:b7:dd:
                    3f:9c:1e:27:7b:03:ad:c1:a2:1e:51:9a:e5:2b:7c:
                    7e:d4:fa:d0:ca:bf:98:88:c8:1f:6a:a0:8f:8d:34:
                    c4:6a:4f:66:4a:e3:76:5d:b6:19:5c:2d:36:22:10:
                    bc:30:c4:58:56:02:c5:f1:91:97:77:0c:12:52:d2:
                    e5:44:33:1f:46:35:f6:23:bf:ec:b8:7f:cf:3c:4e:
                    32:33:bd:36:09:af:26:16:9f:ad:a3:0c:1c:5e:f8:
                    ae:5c:6b:a2:78:6c:56:33:ca:53:fe:40:77:b1:ca:
                    ce:c6:ec:ee:8b:6c:43:36:16:ff:8a:a4:a0:47:b7:
                    0e:4b:0e:0f:9b:af:d1:05:02:02:9a:70:32:1d:ce:
                    c4:9a:a8:75:96:6f:28:6b:2f:39:22:df:91:d0:94:
                    86:b6:c2:65:bb:76:c3:a9:f9:2e:dc:9f:6c:9d:d5:
                    84:ea:ae:c3:f1:80:78:cd:09:8f:57:d2:06:88:b5:
                    43:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:76:3B:A7:70:27:A8:32:5F:8C:02:CB:9A:D5:47:C3:C5:36:19:F3
            X509v3 Authority Key Identifier:
                keyid:4E:AE:FC:49:E6:CD:67:E2:59:96:A2:C0:FC:57:B8:0C:C2:3D:BA:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tq78SebNZ-JZlqLA_Fe4DMI9ukQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9f58f2-7919-4bfc-8f73-e7073cfe134f/1/pXY7p3AnqDJfjALLmtVHw8U2GfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9f58f2-7919-4bfc-8f73-e7073cfe134f/1/Tq78SebNZ-JZlqLA_Fe4DMI9ukQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.41.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         79:73:36:37:92:c0:ff:5d:88:30:f0:9b:1a:47:fb:64:42:dc:
         c4:3d:a3:7a:58:ae:8a:2c:c4:b8:39:a3:8d:23:f7:3f:8b:6c:
         d0:34:42:0e:09:de:f7:a6:6c:8e:88:ec:16:2f:98:92:c5:57:
         cf:9b:72:e8:68:e2:7e:63:08:55:c2:7f:52:13:48:27:3c:0c:
         81:f9:dc:29:ab:e9:79:23:9b:fe:e4:84:ee:e8:a9:d9:cb:48:
         dd:65:3a:58:a8:2a:0f:c4:2f:e4:78:0c:ff:3c:58:85:44:11:
         9a:81:eb:4a:cb:d8:62:f9:a5:66:ec:74:62:23:fc:78:27:62:
         12:8f:b6:3c:46:b4:05:f8:91:5e:69:db:ca:2b:2b:a3:08:ac:
         4b:25:c1:cc:9e:50:90:5a:13:7f:22:a2:35:2f:3a:da:39:8a:
         d3:0d:9d:a3:bf:8b:fb:d7:9c:29:33:e4:e1:d2:4d:96:92:3e:
         ee:15:73:fe:f9:fa:10:fc:a8:75:15:95:73:ce:19:22:47:57:
         64:dd:8f:a4:6a:c2:f6:0f:73:68:5e:c6:e6:59:d8:b4:3a:a3:
         95:0d:aa:8f:db:61:39:b6:32:6e:1b:50:d2:14:89:15:49:ff:
         cc:a6:c2:03:97:6b:47:c9:98:5a:85:62:a0:27:2f:4d:6d:21:
         5a:36:ea:36
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQmagB18xtVjwXpJuWHpVD9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlYWVmYzQ5ZTZjZDY3ZTI1OTk2YTJjMGZjNTdiODBjYzIz
ZGJhNDQwHhcNMjUwMTAyMDk0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTc2M2JhNzcwMjdhODMyNWY4YzAyY2I5YWQ1NDdjM2M1MzYxOWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsp79+r3RVJzla0OzZXArJvMW1qxO
fVOo17kcDUvHeB9od3u02seA3QAQ3/OgrHZQDx8JcYHo5kLHCedmG89uBXGZb0rz
zXOst90/nB4newOtwaIeUZrlK3x+1PrQyr+YiMgfaqCPjTTEak9mSuN2XbYZXC02
IhC8MMRYVgLF8ZGXdwwSUtLlRDMfRjX2I7/suH/PPE4yM702Ca8mFp+towwcXviu
XGuieGxWM8pT/kB3scrOxuzui2xDNhb/iqSgR7cOSw4Pm6/RBQICmnAyHc7Emqh1
lm8oay85It+R0JSGtsJlu3bDqfku3J9sndWE6q7D8YB4zQmPV9IGiLVDUwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFKV2O6dwJ6gyX4wCy5rVR8PFNhnzMB8GA1UdIwQY
MBaAFE6u/EnmzWfiWZaiwPxXuAzCPbpEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHE3OFNlYk5aLUpabHFMQV9GZTRETUk5dWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi85ZjU4ZjItNzkxOS00YmZjLThmNzMt
ZTcwNzNjZmUxMzRmLzEvcFhZN3AzQW5xREpmakFMTG10Vkh3OFUyR2ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi85ZjU4ZjItNzkxOS00YmZjLThmNzMtZTcwNzNjZmUxMzRm
LzEvVHE3OFNlYk5aLUpabHFMQV9GZTRETUk5dWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjSkwDQYJ
KoZIhvcNAQELBQADggEBAHlzNjeSwP9diDDwmxpH+2RC3MQ9o3pYroosxLg5o40j
9z+LbNA0Qg4J3vembI6I7BYvmJLFV8+bcuho4n5jCFXCf1ITSCc8DIH53Cmr6Xkj
m/7khO7oqdnLSN1lOlioKg/EL+R4DP88WIVEEZqB60rL2GL5pWbsdGIj/HgnYhKP
tjxGtAX4kV5p28orK6MIrEslwcyeUJBaE38iojUvOto5itMNnaO/i/vXnCkz5OHS
TZaSPu4Vc/75+hD8qHUVlXPOGSJHV2Tdj6RqwvYPc2hexuZZ2LQ6o5UNqo/bYTm2
Mm4bUNIUiRVJ/8ymwgOXa0fJmFqFYqAnL01tIVo26jY=
-----END CERTIFICATE-----