Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/zPCX-UEPVanoEkB1oXKg59MDOug.roa
File:                     zPCX-UEPVanoEkB1oXKg59MDOug.roa (raw, json)
Hash identifier:          5LzabEg6mOtGkQ6DWBw64aSFfUgZe3PXcUpOjBmk5Vk=
Subject key identifier:   CC:F0:97:F9:41:0F:55:A9:E8:12:40:75:A1:72:A0:E7:D3:03:3A:E8
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0194258F84DFA2B0954E0F0210DB493F2EF4
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/zPCX-UEPVanoEkB1oXKg59MDOug.roa
Signing time:             Thu 02 Jan 2025 05:49:10 +0000
ROA not before:           Thu 02 Jan 2025 05:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29574
IP address blocks:        2a01:5c40:7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:84:df:a2:b0:95:4e:0f:02:10:db:49:3f:2e:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 05:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ccf097f9410f55a9e8124075a172a0e7d3033ae8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:6a:88:fa:1f:2d:c6:d1:57:72:b6:1f:71:f4:
                    b7:57:d2:02:79:59:c6:38:2a:21:40:cd:b3:a9:5f:
                    81:25:65:00:a1:9d:41:7c:d1:f9:7b:3d:07:90:ef:
                    d0:fa:d9:a6:a8:32:11:4f:12:e8:d0:07:12:57:f1:
                    8c:2d:38:85:64:ae:c3:6a:7d:25:fc:55:59:90:87:
                    e9:ba:4a:25:56:31:78:ea:42:ee:be:80:0b:05:15:
                    94:94:8f:f5:47:ff:56:29:2f:78:2b:b1:86:14:18:
                    f3:f8:8a:8f:1e:24:76:b6:f5:64:c1:28:09:39:6d:
                    bc:5b:2d:69:e9:61:45:fd:72:38:85:75:b4:a8:af:
                    55:a6:cf:89:87:dd:ad:ac:8f:f4:ea:7a:3f:5b:fe:
                    82:75:19:33:4a:50:ff:64:86:b7:19:c3:06:ab:dc:
                    f4:13:00:a6:ae:3f:1e:b0:ef:e8:58:43:ef:2a:75:
                    17:88:8e:df:4a:ac:51:38:f5:c4:f6:4c:7d:bb:76:
                    1e:f8:4a:2b:c0:b7:29:d5:8f:a6:2c:1b:67:b3:d5:
                    ed:db:db:b8:63:12:b5:24:54:a2:51:22:0b:56:06:
                    08:df:c5:5a:b1:af:50:66:bb:6a:f2:cb:a5:ae:2e:
                    f1:fb:c6:b6:1f:aa:fd:63:eb:9f:cd:6f:43:d4:23:
                    0d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:F0:97:F9:41:0F:55:A9:E8:12:40:75:A1:72:A0:E7:D3:03:3A:E8
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/zPCX-UEPVanoEkB1oXKg59MDOug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:5c40:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:7c:c5:59:18:bc:de:97:61:2d:96:e8:06:1e:3d:c1:fc:35:
         3c:96:09:98:0a:07:2f:42:0e:7b:bd:c1:b1:05:7c:33:36:f1:
         53:04:70:e7:77:d3:34:35:5e:26:23:f3:3d:b5:1c:65:45:91:
         1e:17:54:f3:ab:d2:50:88:04:52:f3:cd:82:cb:f2:e4:90:04:
         e9:12:31:ac:65:5a:d5:1d:cc:c1:84:66:28:cb:33:59:e3:7a:
         54:34:6f:e5:e1:80:39:1e:db:9c:3e:d1:5d:78:33:6b:59:e5:
         0f:1c:63:76:f5:2f:e3:7a:6c:a3:db:66:a1:b9:7f:31:89:2a:
         d9:43:c3:04:c8:e5:f4:48:14:75:b7:f1:ff:68:77:bc:03:ec:
         e3:c5:85:c6:e2:db:e9:1f:cb:bd:3f:eb:5b:2b:02:8c:0b:ae:
         60:9c:85:d9:e5:5d:c4:d5:26:61:91:25:bf:da:a3:fa:0e:f9:
         ee:63:0d:fb:54:10:b9:97:79:a6:f8:bb:76:21:b7:0a:44:82:
         a9:51:0a:34:10:8a:07:df:b8:3f:c2:84:a1:b6:7e:c1:96:a7:
         e8:78:40:29:c8:da:55:84:96:6e:35:7e:0f:fb:97:85:f8:ab:
         33:43:30:cd:d7:61:73:a4:8b:be:e1:7b:13:92:88:41:cc:35:
         14:dd:c6:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlj4TforCVTg8CENtJPy70MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjUwMTAyMDU0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2YwOTdmOTQxMGY1NWE5ZTgxMjQwNzVhMTcyYTBlN2QzMDMzYWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWqI+h8txtFXcrYfcfS3V9ICeVnG
OCohQM2zqV+BJWUAoZ1BfNH5ez0HkO/Q+tmmqDIRTxLo0AcSV/GMLTiFZK7Dan0l
/FVZkIfpukolVjF46kLuvoALBRWUlI/1R/9WKS94K7GGFBjz+IqPHiR2tvVkwSgJ
OW28Wy1p6WFF/XI4hXW0qK9Vps+Jh92trI/06no/W/6CdRkzSlD/ZIa3GcMGq9z0
EwCmrj8esO/oWEPvKnUXiI7fSqxROPXE9kx9u3Ye+EorwLcp1Y+mLBtns9Xt29u4
YxK1JFSiUSILVgYI38Vasa9QZrtq8sulri7x+8a2H6r9Y+ufzW9D1CMNnwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMzwl/lBD1Wp6BJAdaFyoOfTAzroMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvelBDWC1VRVBWYW5vRWtCMW9YS2c1OU1ET3VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgFcQAAH
MA0GCSqGSIb3DQEBCwUAA4IBAQAAfMVZGLzel2EtlugGHj3B/DU8lgmYCgcvQg57
vcGxBXwzNvFTBHDnd9M0NV4mI/M9tRxlRZEeF1Tzq9JQiARS882Cy/LkkATpEjGs
ZVrVHczBhGYoyzNZ43pUNG/l4YA5HtucPtFdeDNrWeUPHGN29S/jemyj22ahuX8x
iSrZQ8MEyOX0SBR1t/H/aHe8A+zjxYXG4tvpH8u9P+tbKwKMC65gnIXZ5V3E1SZh
kSW/2qP6DvnuYw37VBC5l3mm+Lt2IbcKRIKpUQo0EIoH37g/woShtn7BlqfoeEAp
yNpVhJZuNX4P+5eF+KszQzDN12FzpIu+4XsTkohBzDUU3cZ7
-----END CERTIFICATE-----