Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/2eed24-0dff-4400-a57c-459ddc631bcc/1/fPdaDi8Q6kMa2if35eGudsLEQ8o.roa
File:                     fPdaDi8Q6kMa2if35eGudsLEQ8o.roa (raw, json)
Hash identifier:          vc9oGx1t9ju95rv1gQobwnbtC4KxraULnnXmJJ4pSRU=
Subject key identifier:   7C:F7:5A:0E:2F:10:EA:43:1A:DA:27:F7:E5:E1:AE:76:C2:C4:43:CA
Certificate issuer:       /CN=5a02ca81b9f0a9713b099687dc81551c45e3f8fc
Certificate serial:       019428256A9D3DC7B4C563E536433259D472
Authority key identifier: 5A:02:CA:81:B9:F0:A9:71:3B:09:96:87:DC:81:55:1C:45:E3:F8:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WgLKgbnwqXE7CZaH3IFVHEXj-Pw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/2eed24-0dff-4400-a57c-459ddc631bcc/1/fPdaDi8Q6kMa2if35eGudsLEQ8o.roa
Signing time:             Thu 02 Jan 2025 17:52:08 +0000
ROA not before:           Thu 02 Jan 2025 17:52:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        141.30.0.0/16 maxlen: 16
                          141.76.0.0/16 maxlen: 16
                          2a13:dd80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/2eed24-0dff-4400-a57c-459ddc631bcc/1/WgLKgbnwqXE7CZaH3IFVHEXj-Pw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/2eed24-0dff-4400-a57c-459ddc631bcc/1/WgLKgbnwqXE7CZaH3IFVHEXj-Pw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WgLKgbnwqXE7CZaH3IFVHEXj-Pw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:6a:9d:3d:c7:b4:c5:63:e5:36:43:32:59:d4:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a02ca81b9f0a9713b099687dc81551c45e3f8fc
        Validity
            Not Before: Jan  2 17:52:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7cf75a0e2f10ea431ada27f7e5e1ae76c2c443ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:8a:6c:16:7b:72:d4:97:2f:eb:78:da:b7:23:
                    99:9c:46:3c:6c:ab:3f:34:38:ed:9b:a4:3e:9b:e8:
                    cc:70:7c:bc:d1:20:5b:77:56:1b:f8:79:de:79:ca:
                    44:7f:3e:f9:9b:8c:eb:36:c3:f3:15:8c:c7:f7:cd:
                    9e:da:dc:11:64:db:53:3d:61:4c:73:26:fa:5e:6e:
                    95:26:e8:b0:68:af:7e:3c:46:7c:5e:90:b3:8e:c0:
                    b6:72:10:43:67:5a:45:17:37:39:b0:0e:1b:2b:c3:
                    49:6e:ba:29:f7:ec:2f:b3:2f:0d:50:99:da:bf:ea:
                    b6:c0:c7:e2:14:f5:00:9a:0d:8e:a7:e4:8b:39:71:
                    01:68:2c:db:17:8c:3b:8e:f7:fb:19:b3:c1:7c:a6:
                    c3:f8:c6:3f:f3:73:0a:a8:b0:16:09:ee:57:4b:c1:
                    e2:da:9c:c8:53:12:90:78:24:33:40:62:fd:43:52:
                    cd:85:03:b0:06:ac:1b:26:c8:5e:63:fa:8d:94:71:
                    dc:e9:5f:20:c7:43:04:f1:e8:fe:ff:c5:34:e5:b5:
                    fc:bd:41:d1:13:d1:84:63:4c:36:17:40:d8:8c:48:
                    f0:d1:45:29:7e:ab:19:41:de:7d:56:b9:80:9c:ab:
                    ae:5d:5c:55:73:e7:6a:cf:1b:36:cd:d7:01:fa:84:
                    8f:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:F7:5A:0E:2F:10:EA:43:1A:DA:27:F7:E5:E1:AE:76:C2:C4:43:CA
            X509v3 Authority Key Identifier:
                keyid:5A:02:CA:81:B9:F0:A9:71:3B:09:96:87:DC:81:55:1C:45:E3:F8:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WgLKgbnwqXE7CZaH3IFVHEXj-Pw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/2eed24-0dff-4400-a57c-459ddc631bcc/1/fPdaDi8Q6kMa2if35eGudsLEQ8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/2eed24-0dff-4400-a57c-459ddc631bcc/1/WgLKgbnwqXE7CZaH3IFVHEXj-Pw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.30.0.0/16
                  141.76.0.0/16
                IPv6:
                  2a13:dd80::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:41:4c:87:68:6b:5f:16:c2:0f:87:cc:af:ed:1f:ca:36:37:
         b0:36:02:54:63:44:23:57:6d:56:9b:f0:cf:60:6c:56:a1:8e:
         a2:e7:c7:f5:8f:a7:21:a5:19:ce:90:7c:c3:9c:b0:22:a9:d7:
         9c:27:af:ac:b3:03:47:37:8a:24:57:d5:5b:3a:e5:cb:ab:24:
         ad:78:9d:25:6e:f9:d5:97:c3:e6:91:62:f5:46:92:63:eb:d0:
         a2:f7:cd:9e:05:86:06:d3:7b:25:74:98:88:a2:e1:b2:75:87:
         ac:14:30:1a:1d:73:17:e2:9b:bb:c9:bf:b8:3f:98:41:7b:a4:
         f1:fd:3d:91:93:ad:b6:67:e6:69:ac:36:1c:58:c2:8f:6e:ef:
         d4:4a:1b:0c:20:7b:95:bd:11:c6:c7:4a:65:22:d4:c4:8d:c0:
         b8:b4:81:2c:90:3a:d8:24:75:a3:c1:fb:46:dc:8d:a5:cf:21:
         58:91:a1:4d:65:38:0b:68:31:d5:e3:2e:16:50:17:9a:f9:e8:
         8a:35:0d:23:cf:5a:4c:8e:6d:90:10:d5:93:e7:19:0a:9a:2c:
         d6:91:53:12:63:6c:da:87:99:5f:59:c9:75:63:9f:7f:73:83:
         bb:15:76:d4:ed:e2:5d:56:2f:7c:18:07:26:9e:c1:1e:cc:4b:
         b2:da:ec:f9
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZQoJWqdPce0xWPlNkMyWdRyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMDJjYTgxYjlmMGE5NzEzYjA5OTY4N2RjODE1NTFjNDVl
M2Y4ZmMwHhcNMjUwMTAyMTc1MjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2Y3NWEwZTJmMTBlYTQzMWFkYTI3ZjdlNWUxYWU3NmMyYzQ0M2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoopsFnty1Jcv63jatyOZnEY8bKs/
NDjtm6Q+m+jMcHy80SBbd1Yb+HneecpEfz75m4zrNsPzFYzH982e2twRZNtTPWFM
cyb6Xm6VJuiwaK9+PEZ8XpCzjsC2chBDZ1pFFzc5sA4bK8NJbrop9+wvsy8NUJna
v+q2wMfiFPUAmg2Op+SLOXEBaCzbF4w7jvf7GbPBfKbD+MY/83MKqLAWCe5XS8Hi
2pzIUxKQeCQzQGL9Q1LNhQOwBqwbJsheY/qNlHHc6V8gx0ME8ej+/8U05bX8vUHR
E9GEY0w2F0DYjEjw0UUpfqsZQd59VrmAnKuuXVxVc+dqzxs2zdcB+oSPGQIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFHz3Wg4vEOpDGton9+XhrnbCxEPKMB8GA1UdIwQY
MBaAFFoCyoG58KlxOwmWh9yBVRxF4/j8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2dMS2dibndxWEU3Q1phSDNJRlZIRVhqLVB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8yZWVkMjQtMGRmZi00NDAwLWE1N2Mt
NDU5ZGRjNjMxYmNjLzEvZlBkYURpOFE2a01hMmlmMzVlR3Vkc0xFUThvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8yZWVkMjQtMGRmZi00NDAwLWE1N2MtNDU5ZGRjNjMxYmNj
LzEvV2dMS2dibndxWEU3Q1phSDNJRlZIRVhqLVB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAQBAIAATAKAwMAjR4DAwCN
TDANBAIAAjAHAwUDKhPdgDANBgkqhkiG9w0BAQsFAAOCAQEAhkFMh2hrXxbCD4fM
r+0fyjY3sDYCVGNEI1dtVpvwz2BsVqGOoufH9Y+nIaUZzpB8w5ywIqnXnCevrLMD
RzeKJFfVWzrly6skrXidJW751ZfD5pFi9UaSY+vQovfNngWGBtN7JXSYiKLhsnWH
rBQwGh1zF+Kbu8m/uD+YQXuk8f09kZOttmfmaaw2HFjCj27v1EobDCB7lb0RxsdK
ZSLUxI3AuLSBLJA62CR1o8H7RtyNpc8hWJGhTWU4C2gx1eMuFlAXmvnoijUNI89a
TI5tkBDVk+cZCpos1pFTEmNs2oeZX1nJdWOff3ODuxV21O3iXVYvfBgHJp7BHsxL
strs+Q==
-----END CERTIFICATE-----