Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/4b1a80-4e5f-49e7-b502-a22ffee4a515/1/cn7xlpxUU_sjrheBrcxBDUwIFZM.roa
File:                     cn7xlpxUU_sjrheBrcxBDUwIFZM.roa (raw, json)
Hash identifier:          rjBABCp1JK8gkLVNNwhPnYtWrojXtWHlNh1PMd//BKI=
Subject key identifier:   72:7E:F1:96:9C:54:53:FB:23:AE:17:81:AD:CC:41:0D:4C:08:15:93
Certificate issuer:       /CN=a2d952245bb34e40cdab5d4b090143c0d8581390
Certificate serial:       019424458C114B9E300E0077DD9CBFA2FDC2
Authority key identifier: A2:D9:52:24:5B:B3:4E:40:CD:AB:5D:4B:09:01:43:C0:D8:58:13:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/otlSJFuzTkDNq11LCQFDwNhYE5A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/4b1a80-4e5f-49e7-b502-a22ffee4a515/1/cn7xlpxUU_sjrheBrcxBDUwIFZM.roa
Signing time:             Wed 01 Jan 2025 23:48:45 +0000
ROA not before:           Wed 01 Jan 2025 23:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25091
IP address blocks:        2a0c:4144:100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/4b1a80-4e5f-49e7-b502-a22ffee4a515/1/otlSJFuzTkDNq11LCQFDwNhYE5A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/4b1a80-4e5f-49e7-b502-a22ffee4a515/1/otlSJFuzTkDNq11LCQFDwNhYE5A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/otlSJFuzTkDNq11LCQFDwNhYE5A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:8c:11:4b:9e:30:0e:00:77:dd:9c:bf:a2:fd:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2d952245bb34e40cdab5d4b090143c0d8581390
        Validity
            Not Before: Jan  1 23:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=727ef1969c5453fb23ae1781adcc410d4c081593
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:eb:0d:19:b5:89:b0:ca:90:af:3d:46:c2:d1:
                    60:40:a0:85:74:fc:87:5c:c0:ed:0c:fb:1b:f9:b5:
                    03:b7:c2:38:0a:f4:33:c1:9f:b9:6f:d0:69:f6:55:
                    31:20:45:01:16:2d:ed:a6:26:d0:b7:d0:1d:f5:a9:
                    42:75:37:0a:53:17:be:a9:22:25:97:62:cf:a7:63:
                    f4:7c:15:c6:b7:42:04:e0:e4:88:b9:4e:f3:c7:bd:
                    d7:c9:19:62:bf:2a:f9:de:4d:9c:01:f8:fc:00:63:
                    cf:1b:df:30:5f:54:2b:4d:4e:a4:1e:b5:72:00:2d:
                    00:43:23:98:5d:42:41:8e:48:30:c6:2b:0d:e4:35:
                    67:07:d4:16:6d:a2:30:d6:94:1b:32:3e:66:71:df:
                    4b:3a:c7:5b:ee:4e:71:86:b2:17:14:fb:98:f6:fa:
                    fa:6b:2f:e5:d7:27:e4:73:86:13:48:b4:99:8e:72:
                    97:d8:6f:f7:19:3f:16:46:49:cb:f1:a7:13:0b:0c:
                    21:ea:b1:52:74:6f:68:d3:13:b7:b1:6f:0e:c0:51:
                    bc:66:43:ea:cf:96:a9:c5:3a:65:c1:7d:b1:5c:d6:
                    a9:a7:c1:47:0d:60:40:19:3a:c8:7e:76:7b:bc:8a:
                    9e:bc:d5:73:ab:fd:84:d0:aa:64:a0:92:e2:7e:d3:
                    ec:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:7E:F1:96:9C:54:53:FB:23:AE:17:81:AD:CC:41:0D:4C:08:15:93
            X509v3 Authority Key Identifier:
                keyid:A2:D9:52:24:5B:B3:4E:40:CD:AB:5D:4B:09:01:43:C0:D8:58:13:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/otlSJFuzTkDNq11LCQFDwNhYE5A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/4b1a80-4e5f-49e7-b502-a22ffee4a515/1/cn7xlpxUU_sjrheBrcxBDUwIFZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/4b1a80-4e5f-49e7-b502-a22ffee4a515/1/otlSJFuzTkDNq11LCQFDwNhYE5A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:4144:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:f8:1c:92:db:df:4b:19:f4:4b:46:9f:1a:b0:35:6e:a6:df:
         c4:38:e8:ce:e9:91:94:ce:75:db:01:96:16:f8:dc:4d:04:a9:
         55:1b:a8:bc:94:6a:7f:07:80:06:15:3b:5f:bf:08:21:f5:d7:
         d0:de:a6:17:e4:a7:70:90:13:0f:51:82:e3:22:64:7a:2a:90:
         9b:bf:7d:6b:52:1b:53:69:95:a4:2b:cf:70:d5:8d:1d:e5:2a:
         85:ad:74:65:e9:99:4c:35:f9:80:7f:3b:d0:d8:e5:52:94:33:
         bf:c0:cd:79:c3:19:08:4c:e5:d4:6f:55:a9:26:ce:00:e2:35:
         01:c0:79:4f:e7:6d:0a:8b:41:db:35:ba:0b:9c:4b:77:49:7d:
         90:61:d5:bd:61:77:92:89:12:ee:c3:79:86:fe:54:95:c2:86:
         df:80:68:d9:14:60:34:3f:5d:27:9c:5a:d9:eb:34:1b:5a:61:
         bb:af:a4:30:f2:2b:fe:73:d8:51:ea:ee:6e:ab:7a:87:fa:88:
         6b:24:fa:b0:2f:a7:4f:f1:d5:a0:64:fa:02:24:cf:d2:9b:5b:
         4f:27:0d:a3:d3:aa:8e:1a:2f:e1:85:36:c7:37:a2:cb:d5:1e:
         90:33:1c:aa:76:3b:7a:3a:39:6e:9e:8f:c0:69:d7:0b:96:31:
         f0:86:c9:46
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQkRYwRS54wDgB33Zy/ov3CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyZDk1MjI0NWJiMzRlNDBjZGFiNWQ0YjA5MDE0M2MwZDg1
ODEzOTAwHhcNMjUwMTAxMjM0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjdlZjE5NjljNTQ1M2ZiMjNhZTE3ODFhZGNjNDEwZDRjMDgxNTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOsNGbWJsMqQrz1GwtFgQKCFdPyH
XMDtDPsb+bUDt8I4CvQzwZ+5b9Bp9lUxIEUBFi3tpibQt9Ad9alCdTcKUxe+qSIl
l2LPp2P0fBXGt0IE4OSIuU7zx73XyRlivyr53k2cAfj8AGPPG98wX1QrTU6kHrVy
AC0AQyOYXUJBjkgwxisN5DVnB9QWbaIw1pQbMj5mcd9LOsdb7k5xhrIXFPuY9vr6
ay/l1yfkc4YTSLSZjnKX2G/3GT8WRknL8acTCwwh6rFSdG9o0xO3sW8OwFG8ZkPq
z5apxTplwX2xXNapp8FHDWBAGTrIfnZ7vIqevNVzq/2E0KpkoJLiftPspQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHJ+8ZacVFP7I64Xga3MQQ1MCBWTMB8GA1UdIwQY
MBaAFKLZUiRbs05AzatdSwkBQ8DYWBOQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3RsU0pGdXpUa0ROcTExTENRRkR3TmhZRTVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC80YjFhODAtNGU1Zi00OWU3LWI1MDIt
YTIyZmZlZTRhNTE1LzEvY243eGxweFVVX3NqcmhlQnJjeEJEVXdJRlpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC80YjFhODAtNGU1Zi00OWU3LWI1MDItYTIyZmZlZTRhNTE1
LzEvb3RsU0pGdXpUa0ROcTExTENRRkR3TmhZRTVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgxBRAEA
MA0GCSqGSIb3DQEBCwUAA4IBAQCD+ByS299LGfRLRp8asDVupt/EOOjO6ZGUznXb
AZYW+NxNBKlVG6i8lGp/B4AGFTtfvwgh9dfQ3qYX5KdwkBMPUYLjImR6KpCbv31r
UhtTaZWkK89w1Y0d5SqFrXRl6ZlMNfmAfzvQ2OVSlDO/wM15wxkITOXUb1WpJs4A
4jUBwHlP520Ki0HbNboLnEt3SX2QYdW9YXeSiRLuw3mG/lSVwobfgGjZFGA0P10n
nFrZ6zQbWmG7r6Qw8iv+c9hR6u5uq3qH+ohrJPqwL6dP8dWgZPoCJM/Sm1tPJw2j
06qOGi/hhTbHN6LL1R6QMxyqdjt6Ojluno/AadcLljHwhslG
-----END CERTIFICATE-----