Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/LxwAd59gPAFiSwQsp6U5bWHTUIA.roa
File:                     LxwAd59gPAFiSwQsp6U5bWHTUIA.roa (raw, json)
Hash identifier:          sV/jv6UM3eB6Fepo8zmoDeIxV8A3Cp94EBt2zbiu7+M=
Subject key identifier:   2F:1C:00:77:9F:60:3C:01:62:4B:04:2C:A7:A5:39:6D:61:D3:50:80
Certificate issuer:       /CN=234b54b119a7b3eff153085b7315507cd8513a0f
Certificate serial:       0194266BD9E27B8EFF390F56FA1BE0448C08
Authority key identifier: 23:4B:54:B1:19:A7:B3:EF:F1:53:08:5B:73:15:50:7C:D8:51:3A:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/LxwAd59gPAFiSwQsp6U5bWHTUIA.roa
Signing time:             Thu 02 Jan 2025 09:49:49 +0000
ROA not before:           Thu 02 Jan 2025 09:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        2a04:5b81:2120::/44 maxlen: 48
                          2a04:5b82:2000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:d9:e2:7b:8e:ff:39:0f:56:fa:1b:e0:44:8c:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=234b54b119a7b3eff153085b7315507cd8513a0f
        Validity
            Not Before: Jan  2 09:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f1c00779f603c01624b042ca7a5396d61d35080
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:cf:5a:98:30:60:23:33:6d:02:f7:02:12:72:
                    9f:54:ba:cd:3c:37:2e:e0:28:3e:65:3b:ed:0d:aa:
                    13:16:19:d7:da:1c:a5:34:ab:a2:22:3c:50:bd:da:
                    c1:50:61:9e:d7:56:b8:66:fd:e1:22:e7:bf:db:d2:
                    5a:43:d0:39:81:ba:47:de:e2:9a:76:17:99:e2:62:
                    23:f3:de:e7:51:5c:c5:f5:28:c6:94:7f:11:87:cd:
                    dd:67:73:91:7c:7d:8f:26:b9:b1:db:5a:0d:d0:ca:
                    04:04:fe:45:23:c9:2d:1f:4b:e5:1f:6f:3c:0e:59:
                    ac:56:8a:31:f0:4b:3c:f1:22:48:e4:be:70:5c:1f:
                    3c:f8:87:8d:35:73:a9:b0:7a:42:9b:2d:ff:57:fd:
                    be:14:c2:c5:6d:be:03:78:00:5e:67:14:ba:43:f7:
                    1c:68:b2:8d:b6:b4:90:83:2c:60:ee:22:45:0c:e6:
                    ba:58:a6:f4:b6:94:10:89:eb:ec:dd:98:3f:47:cc:
                    4b:c6:02:ec:61:f2:4f:0f:1a:5e:34:83:12:b9:f0:
                    3a:0e:c7:46:99:0f:b0:c9:0a:f9:42:c6:51:6e:84:
                    19:5e:c5:51:8c:31:5e:d5:18:b9:cd:3b:e1:f2:80:
                    c2:83:a7:c6:e6:ea:7d:e7:77:3e:c2:fe:80:aa:6c:
                    9e:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:1C:00:77:9F:60:3C:01:62:4B:04:2C:A7:A5:39:6D:61:D3:50:80
            X509v3 Authority Key Identifier:
                keyid:23:4B:54:B1:19:A7:B3:EF:F1:53:08:5B:73:15:50:7C:D8:51:3A:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/LxwAd59gPAFiSwQsp6U5bWHTUIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:5b81:2120::/44
                  2a04:5b82:2000::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:4b:40:eb:1b:03:a9:78:02:71:42:80:85:ea:3f:4f:1c:99:
         d8:93:19:f2:14:54:a7:75:2f:2e:1b:b7:66:e7:0d:14:bd:c8:
         49:34:66:4b:43:45:d4:8f:92:a9:b4:4d:71:16:73:f2:ac:b8:
         e6:27:64:31:f5:32:89:4f:62:09:be:5e:24:fe:b0:18:df:b6:
         2c:2e:04:cf:e2:a4:f6:df:2e:3e:22:d5:1e:84:61:0b:35:71:
         d0:86:29:80:76:5b:2e:4e:8c:5d:0d:c5:a7:cf:27:bb:29:3f:
         98:9b:21:19:1c:e3:07:b1:68:82:a1:f5:79:da:92:89:a0:25:
         fc:4d:eb:73:db:bc:97:55:81:2c:51:0f:02:af:66:01:d3:3a:
         6d:fa:40:e7:1d:73:4d:9c:e8:81:e1:a6:e4:29:69:a4:d1:27:
         4a:54:70:6f:59:75:03:aa:75:7f:56:a7:b4:00:76:db:f7:5c:
         f1:c9:bc:c2:ac:fa:d0:32:55:65:6a:60:85:11:bc:df:04:59:
         b6:b6:c1:6f:d0:2c:1e:a7:fb:99:12:af:50:7b:2b:f9:5b:e0:
         cf:a5:ce:96:7b:68:bd:7b:24:ab:7a:63:c9:e9:6a:be:94:53:
         87:69:2a:fb:6d:f6:71:08:8e:d7:b1:e1:18:d6:29:eb:04:bc:
         59:26:a2:86
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQma9nie47/OQ9W+hvgRIwIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNGI1NGIxMTlhN2IzZWZmMTUzMDg1YjczMTU1MDdjZDg1
MTNhMGYwHhcNMjUwMTAyMDk0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjFjMDA3NzlmNjAzYzAxNjI0YjA0MmNhN2E1Mzk2ZDYxZDM1MDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApM9amDBgIzNtAvcCEnKfVLrNPDcu
4Cg+ZTvtDaoTFhnX2hylNKuiIjxQvdrBUGGe11a4Zv3hIue/29JaQ9A5gbpH3uKa
dheZ4mIj897nUVzF9SjGlH8Rh83dZ3ORfH2PJrmx21oN0MoEBP5FI8ktH0vlH288
DlmsVoox8Es88SJI5L5wXB88+IeNNXOpsHpCmy3/V/2+FMLFbb4DeABeZxS6Q/cc
aLKNtrSQgyxg7iJFDOa6WKb0tpQQievs3Zg/R8xLxgLsYfJPDxpeNIMSufA6DsdG
mQ+wyQr5QsZRboQZXsVRjDFe1Ri5zTvh8oDCg6fG5up953c+wv6AqmyeRQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC8cAHefYDwBYksELKelOW1h01CAMB8GA1UdIwQY
MBaAFCNLVLEZp7Pv8VMIW3MVUHzYUToPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTB0VXNSbW5zLV94VXdoYmN4VlFmTmhST2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9iYzcwNzgtMWVlNC00MmYxLWJjMzQt
MWQyMWQxYmNlM2ZlLzEvTHh3QWQ1OWdQQUZpU3dRc3A2VTViV0hUVUlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9iYzcwNzgtMWVlNC00MmYxLWJjMzQtMWQyMWQxYmNlM2Zl
LzEvSTB0VXNSbW5zLV94VXdoYmN4VlFmTmhST2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKgRbgSEg
AwcAKgRbgiAAMA0GCSqGSIb3DQEBCwUAA4IBAQAzS0DrGwOpeAJxQoCF6j9PHJnY
kxnyFFSndS8uG7dm5w0UvchJNGZLQ0XUj5KptE1xFnPyrLjmJ2Qx9TKJT2IJvl4k
/rAY37YsLgTP4qT23y4+ItUehGELNXHQhimAdlsuToxdDcWnzye7KT+YmyEZHOMH
sWiCofV52pKJoCX8Tetz27yXVYEsUQ8Cr2YB0zpt+kDnHXNNnOiB4abkKWmk0SdK
VHBvWXUDqnV/Vqe0AHbb91zxybzCrPrQMlVlamCFEbzfBFm2tsFv0Cwep/uZEq9Q
eyv5W+DPpc6We2i9eySremPJ6Wq+lFOHaSr7bfZxCI7XseEY1inrBLxZJqKG
-----END CERTIFICATE-----