Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/Vx21t_oagyVMf4O40v7qZsXeXQU.roa
File:                     Vx21t_oagyVMf4O40v7qZsXeXQU.roa (raw, json)
Hash identifier:          UL9yz0GAvk+ZvI8LYI9Sctm68iPWeqJLY2M1tPCrmus=
Subject key identifier:   57:1D:B5:B7:FA:1A:83:25:4C:7F:83:B8:D2:FE:EA:66:C5:DE:5D:05
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       01942747C81F8FB6D29CD1F68F025B019D4F
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/Vx21t_oagyVMf4O40v7qZsXeXQU.roa
Signing time:             Thu 02 Jan 2025 13:50:03 +0000
ROA not before:           Thu 02 Jan 2025 13:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210842
IP address blocks:        2a05:b0c2::/35 maxlen: 48
                          2a05:b0c2::/36 maxlen: 36
                          2a05:b0c2:1000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:c8:1f:8f:b6:d2:9c:d1:f6:8f:02:5b:01:9d:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Jan  2 13:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=571db5b7fa1a83254c7f83b8d2feea66c5de5d05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:97:82:a4:a4:90:98:ab:1e:99:98:bd:ae:b4:
                    0f:68:a8:96:da:ee:a9:3b:9b:29:03:da:af:57:bb:
                    6c:bd:31:35:43:f5:9a:22:5d:d3:1a:6c:a6:6e:e1:
                    66:ff:da:26:cc:f5:e0:18:92:85:a2:9a:2e:bc:2f:
                    f8:37:ee:4a:b1:2f:e6:c8:f1:7e:91:b9:70:99:8f:
                    33:22:7e:f9:15:04:9c:16:17:00:07:02:e5:65:44:
                    94:8c:b5:2e:9c:f6:88:4e:c2:c1:71:ef:82:c0:f6:
                    79:0f:ec:60:7d:5e:9a:7c:67:c6:b5:15:2e:42:b8:
                    c9:92:16:19:75:63:7e:24:8b:f2:b7:67:96:f1:57:
                    d6:d8:8f:eb:29:b7:ff:37:44:62:f8:da:d0:9a:47:
                    cd:27:b2:af:a7:f1:35:b7:8e:71:d0:49:51:93:4b:
                    78:42:bd:81:36:a2:b7:e3:d9:ab:4d:69:4e:13:d5:
                    8f:f1:15:1a:57:11:66:2d:dc:1e:5c:8b:6c:6d:16:
                    51:3f:a7:16:19:7a:92:11:55:31:f9:04:9e:7c:11:
                    66:cf:bd:55:4c:40:89:a9:d1:02:5b:79:6b:82:ac:
                    6d:8f:b3:80:22:34:dd:2a:10:b4:f2:d4:f9:4b:6c:
                    6a:81:e9:9b:bd:04:56:eb:35:a9:61:f6:84:35:87:
                    79:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:1D:B5:B7:FA:1A:83:25:4C:7F:83:B8:D2:FE:EA:66:C5:DE:5D:05
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/Vx21t_oagyVMf4O40v7qZsXeXQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b0c2::/35

    Signature Algorithm: sha256WithRSAEncryption
         0f:aa:56:04:d6:f4:a3:7f:e0:75:2d:ec:2b:83:a2:c4:a2:64:
         07:52:eb:8a:1b:49:25:9c:ab:0a:5b:00:81:3c:8a:2a:66:48:
         75:f4:fc:96:d0:96:c2:95:19:e8:3c:61:37:19:57:96:9a:12:
         ac:7a:b9:ef:30:2d:1b:ee:48:57:42:c0:aa:30:af:22:97:4f:
         4e:ab:f9:e9:33:e6:a8:68:5d:8b:42:f1:71:3f:04:2a:66:54:
         e3:b6:8f:74:cf:c9:0d:03:7e:02:d5:ec:72:c0:40:36:34:6f:
         bc:3c:d7:0f:92:56:61:3b:f6:04:0b:06:e1:8c:29:cf:0d:8a:
         d3:5c:58:c0:ef:34:75:43:d8:d3:d1:a4:33:74:ae:18:09:c7:
         52:c4:c7:52:31:0b:05:36:ad:34:9c:d2:f8:9c:b8:ad:dc:f7:
         d9:77:ba:14:30:e1:b4:aa:38:af:a3:91:6a:f0:06:a6:b8:92:
         4e:f7:f7:45:14:b2:f6:a6:e1:05:33:d6:6d:41:55:63:81:c8:
         df:f6:b7:af:f4:9b:00:0d:d9:0d:ea:7f:81:59:7a:b2:55:eb:
         68:44:ec:39:3b:4d:ee:d4:b6:ff:89:b7:72:0b:cb:fe:70:4d:
         d8:7a:4d:5e:5a:ba:55:51:3e:53:03:36:c2:81:aa:cb:4b:09:
         4b:d8:1f:a1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQnR8gfj7bSnNH2jwJbAZ1PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjUwMTAyMTM1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzFkYjViN2ZhMWE4MzI1NGM3ZjgzYjhkMmZlZWE2NmM1ZGU1ZDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5eCpKSQmKsemZi9rrQPaKiW2u6p
O5spA9qvV7tsvTE1Q/WaIl3TGmymbuFm/9omzPXgGJKFopouvC/4N+5KsS/myPF+
kblwmY8zIn75FQScFhcABwLlZUSUjLUunPaITsLBce+CwPZ5D+xgfV6afGfGtRUu
QrjJkhYZdWN+JIvyt2eW8VfW2I/rKbf/N0Ri+NrQmkfNJ7Kvp/E1t45x0ElRk0t4
Qr2BNqK349mrTWlOE9WP8RUaVxFmLdweXItsbRZRP6cWGXqSEVUx+QSefBFmz71V
TECJqdECW3lrgqxtj7OAIjTdKhC08tT5S2xqgembvQRW6zWpYfaENYd5MwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFcdtbf6GoMlTH+DuNL+6mbF3l0FMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvVngyMXRfb2FneVZNZjRPNDB2N3Fac1hlWFFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYFKgWwwgAw
DQYJKoZIhvcNAQELBQADggEBAA+qVgTW9KN/4HUt7CuDosSiZAdS64obSSWcqwpb
AIE8iipmSHX0/JbQlsKVGeg8YTcZV5aaEqx6ue8wLRvuSFdCwKowryKXT06r+ekz
5qhoXYtC8XE/BCpmVOO2j3TPyQ0DfgLV7HLAQDY0b7w81w+SVmE79gQLBuGMKc8N
itNcWMDvNHVD2NPRpDN0rhgJx1LEx1IxCwU2rTSc0vicuK3c99l3uhQw4bSqOK+j
kWrwBqa4kk7390UUsvam4QUz1m1BVWOByN/2t6/0mwAN2Q3qf4FZerJV62hE7Dk7
Te7Utv+Jt3ILy/5wTdh6TV5aulVRPlMDNsKBqstLCUvYH6E=
-----END CERTIFICATE-----