Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/XkZDM_8IFwDF5TaEYGBCOeA1rnY.roa
File:                     XkZDM_8IFwDF5TaEYGBCOeA1rnY.roa (raw, json)
Hash identifier:          wJ3Nd2iWllTHLJTwVq5JnkwdVdkkialVRVjZAGjLaUA=
Subject key identifier:   5E:46:43:33:FF:08:17:00:C5:E5:36:84:60:60:42:39:E0:35:AE:76
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       0194228E0C9F0CF04DEC22E3D0144E740ADF
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/XkZDM_8IFwDF5TaEYGBCOeA1rnY.roa
Signing time:             Wed 01 Jan 2025 15:48:42 +0000
ROA not before:           Wed 01 Jan 2025 15:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28886
IP address blocks:        217.28.48.0/20 maxlen: 20
                          2a02:2880::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:0c:9f:0c:f0:4d:ec:22:e3:d0:14:4e:74:0a:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Jan  1 15:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e464333ff081700c5e5368460604239e035ae76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a5:60:a2:f4:51:42:62:f2:08:82:12:08:37:
                    f0:df:64:e6:4f:85:1c:12:02:2b:76:e7:7e:fb:4c:
                    a4:35:e0:9d:1b:95:32:f6:87:54:7e:72:c6:ff:6f:
                    60:ec:f2:c2:0a:28:6d:3c:1c:d9:4b:ae:be:17:00:
                    07:a0:db:33:6e:11:5a:54:a1:4e:72:44:9f:11:3f:
                    c6:fa:ba:c2:17:7b:9e:95:1c:98:11:d2:2b:82:1d:
                    0c:e4:a1:10:ae:22:2d:7f:9a:df:9c:34:61:f4:e2:
                    87:8d:27:31:e3:3f:a5:2a:dd:51:b8:cb:92:e7:bd:
                    ca:7f:ae:eb:5d:b6:d3:e2:cb:e8:61:59:ac:e6:3b:
                    b0:5b:b9:80:34:d2:35:23:24:42:6f:dd:98:26:d5:
                    a1:af:a5:78:25:a7:3f:64:96:f0:a8:96:1b:ac:94:
                    89:69:38:7c:b0:0a:80:f8:d9:b3:c0:e5:68:e2:22:
                    4d:b6:57:49:63:5a:7a:d5:45:3d:b2:48:2a:58:f7:
                    05:74:f9:75:97:07:d0:78:f4:a4:d0:81:ca:7f:43:
                    ad:51:b3:9d:5c:0e:ea:b9:41:5a:e8:7d:c0:62:f7:
                    fa:00:38:6f:1b:96:f4:aa:1d:07:6f:e4:83:1c:94:
                    85:b3:a9:3d:e8:3e:29:f9:41:47:c0:44:15:01:4a:
                    cd:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:46:43:33:FF:08:17:00:C5:E5:36:84:60:60:42:39:E0:35:AE:76
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/XkZDM_8IFwDF5TaEYGBCOeA1rnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.28.48.0/20
                IPv6:
                  2a02:2880::/32

    Signature Algorithm: sha256WithRSAEncryption
         04:23:0d:c7:0f:fc:04:3c:fb:28:7c:69:be:3a:03:da:c1:fa:
         e0:df:f3:90:8f:0f:8b:8f:8b:8b:1a:64:51:d0:3f:40:43:a7:
         43:6d:f1:f2:c4:8a:d1:99:d8:f7:9c:6b:bc:f2:8b:d5:eb:02:
         3b:ec:d1:f0:c4:65:84:d4:dc:84:ae:79:f9:97:bf:d4:51:68:
         1c:1b:7f:f1:9c:40:75:1e:d1:1d:c6:f3:86:39:70:9e:03:f3:
         d1:e5:0f:af:45:dd:78:d4:f4:e7:2d:ef:38:0b:cf:1d:5a:14:
         66:a9:87:a5:89:4e:d3:7c:da:86:39:f0:fb:fe:ff:cb:1f:a9:
         2b:3c:17:c8:55:4c:5e:9b:a0:93:ec:2c:b7:67:84:0b:99:a9:
         45:12:7b:e4:99:65:15:2d:7f:d9:e6:ef:9a:3e:b6:85:4e:83:
         43:c4:37:d5:a9:37:15:a5:4a:b6:86:a0:84:f5:d3:af:eb:68:
         a0:7b:44:ba:cc:8b:6e:27:b0:9a:36:ff:6f:69:04:ae:ad:22:
         e0:df:97:52:7e:d1:8b:09:a6:e3:4e:bd:25:55:76:b9:79:2b:
         53:3a:61:14:c7:4b:90:9f:d5:35:cd:1c:4d:b5:19:1d:f5:d7:
         8e:2c:4a:e6:7d:f6:b2:75:2d:19:0b:ff:fc:d8:ca:32:82:39:
         2c:9c:36:68
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijgyfDPBN7CLj0BROdArfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjUwMTAxMTU0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTQ2NDMzM2ZmMDgxNzAwYzVlNTM2ODQ2MDYwNDIzOWUwMzVhZTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqVgovRRQmLyCIISCDfw32TmT4Uc
EgIrdud++0ykNeCdG5Uy9odUfnLG/29g7PLCCihtPBzZS66+FwAHoNszbhFaVKFO
ckSfET/G+rrCF3uelRyYEdIrgh0M5KEQriItf5rfnDRh9OKHjScx4z+lKt1RuMuS
573Kf67rXbbT4svoYVms5juwW7mANNI1IyRCb92YJtWhr6V4Jac/ZJbwqJYbrJSJ
aTh8sAqA+NmzwOVo4iJNtldJY1p61UU9skgqWPcFdPl1lwfQePSk0IHKf0OtUbOd
XA7quUFa6H3AYvf6ADhvG5b0qh0Hb+SDHJSFs6k96D4p+UFHwEQVAUrNUwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF5GQzP/CBcAxeU2hGBgQjngNa52MB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvWGtaRE1fOElGd0RGNVRhRVlHQkNPZUExcm5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQE2RwwMA0E
AgACMAcDBQAqAiiAMA0GCSqGSIb3DQEBCwUAA4IBAQAEIw3HD/wEPPsofGm+OgPa
wfrg3/OQjw+Lj4uLGmRR0D9AQ6dDbfHyxIrRmdj3nGu88ovV6wI77NHwxGWE1NyE
rnn5l7/UUWgcG3/xnEB1HtEdxvOGOXCeA/PR5Q+vRd141PTnLe84C88dWhRmqYel
iU7TfNqGOfD7/v/LH6krPBfIVUxem6CT7Cy3Z4QLmalFEnvkmWUVLX/Z5u+aPraF
ToNDxDfVqTcVpUq2hqCE9dOv62ige0S6zItuJ7CaNv9vaQSurSLg35dSftGLCabj
Tr0lVXa5eStTOmEUx0uQn9U1zRxNtRkd9deOLErmffaydS0ZC//82MoygjksnDZo
-----END CERTIFICATE-----