Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/qOJSirqIZF030lDaiDlLOLszAqo.roa
File:                     qOJSirqIZF030lDaiDlLOLszAqo.roa (raw, json)
Hash identifier:          cceSZV5tbmDVcXVgGl8UFbkLxF9VVoz+OhMvXa1/dFw=
Subject key identifier:   A8:E2:52:8A:BA:88:64:5D:37:D2:50:DA:88:39:4B:38:BB:33:02:AA
Certificate issuer:       /CN=29b79380fe407439cc2ecd3fac18157db36cf768
Certificate serial:       0194266BF842EFEB5A065C588166A92AD30B
Authority key identifier: 29:B7:93:80:FE:40:74:39:CC:2E:CD:3F:AC:18:15:7D:B3:6C:F7:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KbeTgP5AdDnMLs0_rBgVfbNs92g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/qOJSirqIZF030lDaiDlLOLszAqo.roa
Signing time:             Thu 02 Jan 2025 09:49:57 +0000
ROA not before:           Thu 02 Jan 2025 09:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4755
IP address blocks:        2a05:6742:9050::/46 maxlen: 46
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/KbeTgP5AdDnMLs0_rBgVfbNs92g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/KbeTgP5AdDnMLs0_rBgVfbNs92g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KbeTgP5AdDnMLs0_rBgVfbNs92g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:f8:42:ef:eb:5a:06:5c:58:81:66:a9:2a:d3:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29b79380fe407439cc2ecd3fac18157db36cf768
        Validity
            Not Before: Jan  2 09:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8e2528aba88645d37d250da88394b38bb3302aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5e:71:61:f8:17:46:4e:ac:98:ec:4b:7c:99:
                    f7:99:1a:01:ca:e2:e9:88:75:9b:b0:23:95:bd:d2:
                    66:9e:11:59:82:a0:da:8f:d9:83:c9:43:1f:b8:e3:
                    d1:fa:be:28:b1:b9:d4:97:51:c6:82:80:a6:44:fa:
                    14:fd:5c:4e:44:8f:9b:f5:d6:44:c6:ac:bb:a8:12:
                    83:14:1e:6d:d8:cb:82:93:1d:0e:50:ad:21:8f:cf:
                    3b:11:c1:3e:dd:dd:aa:10:14:a2:b7:17:0d:d3:f3:
                    ea:15:3a:48:c5:4a:b6:43:f6:7e:63:6e:1a:f9:39:
                    03:fd:b0:24:8c:92:a7:03:da:4d:22:a3:be:55:f7:
                    fb:dc:58:36:28:09:8f:06:51:25:83:89:af:6f:57:
                    e2:23:80:0a:39:5f:bd:e1:b0:68:d1:1a:6e:4f:31:
                    c7:86:98:32:58:c7:65:22:01:ea:e5:b4:bd:df:86:
                    3b:44:6a:de:8c:35:f8:21:b6:d2:97:f8:98:28:66:
                    dd:ac:76:e3:17:33:e3:de:0b:6e:09:ef:86:9a:e4:
                    79:8a:4d:64:d3:9a:e8:5f:06:ad:79:be:43:6c:67:
                    43:f1:18:69:3f:f0:0f:77:5f:6f:c2:f2:d4:bb:68:
                    d1:d9:70:56:1b:cd:ea:4e:b3:3c:3a:f0:cf:0c:b6:
                    54:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:E2:52:8A:BA:88:64:5D:37:D2:50:DA:88:39:4B:38:BB:33:02:AA
            X509v3 Authority Key Identifier:
                keyid:29:B7:93:80:FE:40:74:39:CC:2E:CD:3F:AC:18:15:7D:B3:6C:F7:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KbeTgP5AdDnMLs0_rBgVfbNs92g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/qOJSirqIZF030lDaiDlLOLszAqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/KbeTgP5AdDnMLs0_rBgVfbNs92g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:6742:9050::/46

    Signature Algorithm: sha256WithRSAEncryption
         7f:03:42:fe:2b:fa:ba:7e:c9:1e:87:1c:f5:a3:7f:50:db:46:
         ae:bd:3a:6d:00:65:c5:a2:a8:a5:ec:a3:c7:a0:37:66:7d:fe:
         69:2b:99:e1:20:02:73:80:68:0e:84:90:d7:22:bf:05:1f:13:
         3e:ed:c3:97:79:27:e6:11:b7:5f:2e:26:cf:30:15:3c:62:3e:
         a1:38:f6:47:2e:67:8c:1f:0d:14:37:d6:8e:fb:db:34:a8:8b:
         b6:b2:30:c2:79:25:3e:ab:00:15:e4:90:a9:fc:3b:9e:99:66:
         37:77:67:e1:76:13:62:d9:97:ab:ec:61:a9:fa:91:10:fa:76:
         ff:cd:c7:93:68:00:d2:bc:5d:46:5e:78:9a:00:63:7b:f1:f8:
         b7:41:7e:aa:a4:c3:a2:29:30:c0:ef:2c:e0:2a:9a:70:44:7a:
         1c:1c:81:78:ad:3b:71:93:2a:44:a7:0d:bc:31:65:7d:7e:7d:
         29:5a:ea:22:a4:67:d1:f9:10:f8:f9:18:de:2e:2c:7f:34:97:
         2a:9a:c7:bf:ea:75:a3:b5:77:eb:f3:ec:65:47:1d:f4:64:27:
         4e:8b:ca:a7:8f:4a:ae:49:93:cd:13:81:d7:7b:11:75:74:07:
         5b:16:8f:a4:c5:a7:68:cd:95:0b:71:a8:49:dc:a2:85:c5:ee:
         62:43:0c:5b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQma/hC7+taBlxYgWapKtMLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5Yjc5MzgwZmU0MDc0MzljYzJlY2QzZmFjMTgxNTdkYjM2
Y2Y3NjgwHhcNMjUwMTAyMDk0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGUyNTI4YWJhODg2NDVkMzdkMjUwZGE4ODM5NGIzOGJiMzMwMmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAql5xYfgXRk6smOxLfJn3mRoByuLp
iHWbsCOVvdJmnhFZgqDaj9mDyUMfuOPR+r4osbnUl1HGgoCmRPoU/VxORI+b9dZE
xqy7qBKDFB5t2MuCkx0OUK0hj887EcE+3d2qEBSitxcN0/PqFTpIxUq2Q/Z+Y24a
+TkD/bAkjJKnA9pNIqO+Vff73Fg2KAmPBlElg4mvb1fiI4AKOV+94bBo0RpuTzHH
hpgyWMdlIgHq5bS934Y7RGrejDX4IbbSl/iYKGbdrHbjFzPj3gtuCe+GmuR5ik1k
05roXwateb5DbGdD8RhpP/APd19vwvLUu2jR2XBWG83qTrM8OvDPDLZU1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKjiUoq6iGRdN9JQ2og5Szi7MwKqMB8GA1UdIwQY
MBaAFCm3k4D+QHQ5zC7NP6wYFX2zbPdoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2JlVGdQNUFkRG5NTHMwX3JCZ1ZmYk5zOTJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8zOTM4NDItZTdlZi00ODkzLTljMWIt
MWU4NDIxMThkYjZmLzEvcU9KU2lycUlaRjAzMGxEYWlEbExPTHN6QXFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8zOTM4NDItZTdlZi00ODkzLTljMWItMWU4NDIxMThkYjZm
LzEvS2JlVGdQNUFkRG5NTHMwX3JCZ1ZmYk5zOTJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgVnQpBQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB/A0L+K/q6fskehxz1o39Q20auvTptAGXFoqil
7KPHoDdmff5pK5nhIAJzgGgOhJDXIr8FHxM+7cOXeSfmEbdfLibPMBU8Yj6hOPZH
LmeMHw0UN9aO+9s0qIu2sjDCeSU+qwAV5JCp/DuemWY3d2fhdhNi2Zer7GGp+pEQ
+nb/zceTaADSvF1GXniaAGN78fi3QX6qpMOiKTDA7yzgKppwRHocHIF4rTtxkypE
pw28MWV9fn0pWuoipGfR+RD4+RjeLix/NJcqmse/6nWjtXfr8+xlRx30ZCdOi8qn
j0quSZPNE4HXexF1dAdbFo+kxadozZULcahJ3KKFxe5iQwxb
-----END CERTIFICATE-----