Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/aSJLBpImrYRI6Qksf9RRvtZ92p4.roa
File:                     aSJLBpImrYRI6Qksf9RRvtZ92p4.roa (raw, json)
Hash identifier:          IwnT2ZkdlNjDPUGhSINR1ImeGfkRN8NOC8Rn8xX20LE=
Subject key identifier:   69:22:4B:06:92:26:AD:84:48:E9:09:2C:7F:D4:51:BE:D6:7D:DA:9E
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       019505ECD7A16CB0F26920EB07D5B57364F0
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/aSJLBpImrYRI6Qksf9RRvtZ92p4.roa
Signing time:             Fri 14 Feb 2025 19:26:02 +0000
ROA not before:           Fri 14 Feb 2025 19:26:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41457
IP address blocks:        192.40.69.0/24 maxlen: 24
                          2a14:6780::/32 maxlen: 32
                          2a14:6780:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 13:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:05:ec:d7:a1:6c:b0:f2:69:20:eb:07:d5:b5:73:64:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: Feb 14 19:26:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69224b069226ad8448e9092c7fd451bed67dda9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e6:65:b7:a4:f1:d3:a5:fd:1a:e6:48:19:b5:
                    7b:a4:50:15:c3:de:f5:fa:71:6f:b7:26:9c:7a:83:
                    2e:e3:1e:e0:07:48:72:e6:fb:86:1c:98:ef:68:1b:
                    d3:4d:e8:d0:84:fc:40:07:41:13:d5:00:ea:40:d3:
                    ff:53:f3:3d:86:b6:e0:15:85:1b:4d:9e:1b:a5:39:
                    08:66:e4:d2:55:04:f8:6e:0d:44:1d:ab:ae:f3:ba:
                    da:48:68:3d:d6:d0:2c:16:94:26:b4:75:aa:06:36:
                    cc:61:24:c3:db:ad:a0:34:3a:04:29:f2:92:25:ec:
                    87:74:1a:32:8c:1e:d3:66:9f:6d:74:4e:78:aa:ab:
                    24:11:e5:1c:10:ad:68:09:e3:fd:ad:48:54:1b:40:
                    cc:b7:80:d0:17:f1:a1:05:2a:b3:2c:84:d3:5d:b0:
                    bc:3b:fc:97:48:f1:6f:f0:76:3d:59:95:4b:12:fb:
                    34:0a:32:c0:53:21:be:6d:0a:c6:33:3c:d8:63:79:
                    58:91:36:6f:97:c1:ec:50:94:ab:c7:87:5f:6e:a4:
                    cd:2c:a2:63:69:b3:ba:c7:23:43:85:cb:d9:db:1a:
                    e4:33:0e:68:6c:36:21:4d:0b:42:ee:13:be:01:1e:
                    43:fb:74:9d:a1:09:ce:41:ce:cb:37:72:fd:6c:7f:
                    3d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:22:4B:06:92:26:AD:84:48:E9:09:2C:7F:D4:51:BE:D6:7D:DA:9E
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/aSJLBpImrYRI6Qksf9RRvtZ92p4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.40.69.0/24
                IPv6:
                  2a14:6780::/32

    Signature Algorithm: sha256WithRSAEncryption
         41:6a:e9:b2:f4:81:3c:00:98:38:13:64:3d:6d:48:cd:f6:35:
         88:94:0a:db:1d:9d:ac:bf:29:fc:13:df:f9:d6:e7:a5:fc:5b:
         e9:99:56:f6:d5:08:43:d8:dd:f7:a9:a3:f5:9a:4f:f3:75:2e:
         07:a4:eb:7f:7e:c8:fe:95:1a:ab:91:4c:d2:cd:9c:1c:94:90:
         ed:ab:a1:7c:36:89:4d:58:2b:d8:a1:30:bb:7f:88:0d:31:37:
         ac:89:8e:2d:b9:05:29:6f:3d:60:70:15:78:02:14:2d:e4:ef:
         b6:d5:0a:31:53:b3:99:9c:64:2f:5c:61:e7:83:da:1a:f6:5f:
         84:31:60:a9:70:87:1d:fd:60:cf:bb:63:2e:fc:fc:7e:d4:af:
         df:a3:ff:0c:04:f0:db:06:53:64:93:c5:3d:95:79:cf:79:94:
         86:c2:ba:fb:a6:de:34:d9:6f:10:d1:95:a4:37:c5:0c:26:1c:
         85:51:f5:ce:f5:c6:da:6b:bd:88:eb:b9:2f:c6:46:c7:f7:69:
         06:e6:06:95:4b:b0:6c:03:9b:f2:be:a1:dd:68:eb:ec:11:5b:
         f8:b0:76:f5:e8:8f:11:15:76:4a:60:7c:b1:ab:bc:c7:7e:1d:
         d1:69:bb:af:1c:23:89:2e:06:05:47:ec:d4:4c:20:5f:a3:f7:
         9c:8d:6f:68
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZUF7NehbLDyaSDrB9W1c2TwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjUwMjE0MTkyNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTIyNGIwNjkyMjZhZDg0NDhlOTA5MmM3ZmQ0NTFiZWQ2N2RkYTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOZlt6Tx06X9GuZIGbV7pFAVw971
+nFvtyaceoMu4x7gB0hy5vuGHJjvaBvTTejQhPxAB0ET1QDqQNP/U/M9hrbgFYUb
TZ4bpTkIZuTSVQT4bg1EHauu87raSGg91tAsFpQmtHWqBjbMYSTD262gNDoEKfKS
JeyHdBoyjB7TZp9tdE54qqskEeUcEK1oCeP9rUhUG0DMt4DQF/GhBSqzLITTXbC8
O/yXSPFv8HY9WZVLEvs0CjLAUyG+bQrGMzzYY3lYkTZvl8HsUJSrx4dfbqTNLKJj
abO6xyNDhcvZ2xrkMw5obDYhTQtC7hO+AR5D+3SdoQnOQc7LN3L9bH89IwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGkiSwaSJq2ESOkJLH/UUb7WfdqeMB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvYVNKTEJwSW1yWVJJNlFrc2Y5UlJ2dFo5MnA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwChFMA0E
AgACMAcDBQAqFGeAMA0GCSqGSIb3DQEBCwUAA4IBAQBBaumy9IE8AJg4E2Q9bUjN
9jWIlArbHZ2svyn8E9/51uel/FvpmVb21QhD2N33qaP1mk/zdS4HpOt/fsj+lRqr
kUzSzZwclJDtq6F8NolNWCvYoTC7f4gNMTesiY4tuQUpbz1gcBV4AhQt5O+21Qox
U7OZnGQvXGHng9oa9l+EMWCpcIcd/WDPu2Mu/Px+1K/fo/8MBPDbBlNkk8U9lXnP
eZSGwrr7pt402W8Q0ZWkN8UMJhyFUfXO9cbaa72I67kvxkbH92kG5gaVS7BsA5vy
vqHdaOvsEVv4sHb16I8RFXZKYHyxq7zHfh3RabuvHCOJLgYFR+zUTCBfo/ecjW9o
-----END CERTIFICATE-----