Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/epomSlopw6iOX1fCpUz6uqeG0uA.roa
File:                     epomSlopw6iOX1fCpUz6uqeG0uA.roa (raw, json)
Hash identifier:          F8Xll1o9j2cBCVD/H73mG3PpAM3zIcN16DxPcP7RZWA=
Subject key identifier:   7A:9A:26:4A:5A:29:C3:A8:8E:5F:57:C2:A5:4C:FA:BA:A7:86:D2:E0
Certificate issuer:       /CN=090e592a2e0d427a09aa2de1b9baf08ccd14f0a0
Certificate serial:       01941F8C8FF917F98B51B3D2CDBE3BD5481E
Authority key identifier: 09:0E:59:2A:2E:0D:42:7A:09:AA:2D:E1:B9:BA:F0:8C:CD:14:F0:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/epomSlopw6iOX1fCpUz6uqeG0uA.roa
Signing time:             Wed 01 Jan 2025 01:48:13 +0000
ROA not before:           Wed 01 Jan 2025 01:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47294
IP address blocks:        2a13:e5c0:8888::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:8f:f9:17:f9:8b:51:b3:d2:cd:be:3b:d5:48:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=090e592a2e0d427a09aa2de1b9baf08ccd14f0a0
        Validity
            Not Before: Jan  1 01:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a9a264a5a29c3a88e5f57c2a54cfabaa786d2e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:3d:ce:08:10:fe:d3:f9:d5:e1:4c:17:5f:42:
                    b2:02:49:ff:83:9a:d8:b3:a4:1f:1c:94:46:89:9e:
                    9f:62:2e:48:1c:1a:e1:49:ea:56:b8:5a:82:8a:95:
                    fb:45:82:0b:96:5c:01:aa:0f:9d:25:db:f0:03:1b:
                    24:03:ec:73:dd:9a:4f:6e:98:16:19:0c:f4:bf:fb:
                    24:3a:d1:ed:a3:21:10:ea:40:45:9d:f7:3c:31:0c:
                    36:88:47:1b:a1:51:c8:c9:ef:e0:31:4f:6a:4f:27:
                    09:1c:84:cc:2b:bf:f7:7c:97:8f:d4:1a:69:a9:60:
                    b0:d7:cc:9e:fa:31:f2:21:fc:7e:e0:61:1d:53:ba:
                    30:4b:09:50:f3:b0:48:2b:33:1b:1a:75:a3:7c:b0:
                    97:12:ce:c5:78:73:70:6f:a9:01:07:69:4a:42:d4:
                    a5:36:2c:27:1c:f0:1b:4e:9f:9f:b2:d4:fb:59:3e:
                    2b:dc:67:b3:4b:fb:ee:a9:ea:48:db:a9:7c:08:39:
                    2e:ee:c9:18:80:01:7b:c2:e1:70:c5:12:69:1b:bb:
                    f1:c9:6c:70:7b:9e:59:6a:89:92:1c:de:53:fd:58:
                    5b:d1:4d:de:78:b6:20:28:e9:6b:66:7e:0c:9b:38:
                    d2:44:54:45:d9:92:45:36:14:09:9f:bf:90:00:92:
                    d6:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:9A:26:4A:5A:29:C3:A8:8E:5F:57:C2:A5:4C:FA:BA:A7:86:D2:E0
            X509v3 Authority Key Identifier:
                keyid:09:0E:59:2A:2E:0D:42:7A:09:AA:2D:E1:B9:BA:F0:8C:CD:14:F0:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/epomSlopw6iOX1fCpUz6uqeG0uA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:e5c0:8888::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:7d:44:b7:cf:9a:06:c1:a2:06:07:89:3f:04:9f:97:9b:fb:
         8e:47:ba:d8:7f:58:99:da:7f:66:bf:cb:02:4d:66:10:db:ae:
         37:16:1f:69:a8:15:09:f0:72:11:d7:c3:db:7a:ef:6e:ca:1e:
         2c:df:6b:aa:06:f9:ed:26:66:1b:9a:04:d0:05:cb:19:0e:e6:
         0a:11:9d:c9:fe:c3:d1:c8:58:5d:4f:d1:48:54:e3:3b:b6:99:
         81:4f:27:9b:1a:16:52:7c:b6:44:c7:b0:b9:2d:b4:cc:46:c3:
         5f:a7:55:05:df:a5:db:37:bf:a9:5f:7c:63:c3:85:38:3c:a7:
         1b:c2:81:cb:ee:3e:87:30:89:c6:12:9b:da:dd:31:33:44:b8:
         e3:2e:ae:bb:21:ec:df:65:49:f3:59:e4:6b:bc:bb:2a:35:41:
         b5:26:b5:c8:c1:be:b1:41:a0:d8:66:00:03:a5:7f:cf:57:85:
         57:92:7a:a0:50:59:8e:10:3b:f6:e6:73:53:07:d6:8c:87:80:
         9f:9e:cf:f4:c3:b3:2c:d5:cb:5c:b3:1d:ac:e0:0d:14:f6:83:
         55:08:c3:77:b1:80:7d:52:4e:57:95:65:84:81:ee:ac:83:b8:
         9b:47:a2:ef:f6:55:00:7e:ce:d1:65:02:e1:87:30:a4:b7:90:
         76:28:90:85
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjI/5F/mLUbPSzb471UgeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MGU1OTJhMmUwZDQyN2EwOWFhMmRlMWI5YmFmMDhjY2Qx
NGYwYTAwHhcNMjUwMTAxMDE0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTlhMjY0YTVhMjljM2E4OGU1ZjU3YzJhNTRjZmFiYWE3ODZkMmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5j3OCBD+0/nV4UwXX0KyAkn/g5rY
s6QfHJRGiZ6fYi5IHBrhSepWuFqCipX7RYILllwBqg+dJdvwAxskA+xz3ZpPbpgW
GQz0v/skOtHtoyEQ6kBFnfc8MQw2iEcboVHIye/gMU9qTycJHITMK7/3fJeP1Bpp
qWCw18ye+jHyIfx+4GEdU7owSwlQ87BIKzMbGnWjfLCXEs7FeHNwb6kBB2lKQtSl
NiwnHPAbTp+fstT7WT4r3GezS/vuqepI26l8CDku7skYgAF7wuFwxRJpG7vxyWxw
e55ZaomSHN5T/Vhb0U3eeLYgKOlrZn4MmzjSRFRF2ZJFNhQJn7+QAJLWxQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHqaJkpaKcOojl9XwqVM+rqnhtLgMB8GA1UdIwQY
MBaAFAkOWSouDUJ6Caot4bm68IzNFPCgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1E1WktpNE5Rbm9KcWkzaHVicndqTTBVOEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8xNWY2OTAtNWFkZC00NzBkLWEyODYt
MzNiZGM3M2VkMGVhLzEvZXBvbVNsb3B3NmlPWDFmQ3BVejZ1cWVHMHVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8xNWY2OTAtNWFkZC00NzBkLWEyODYtMzNiZGM3M2VkMGVh
LzEvQ1E1WktpNE5Rbm9KcWkzaHVicndqTTBVOEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhPlwIiI
MA0GCSqGSIb3DQEBCwUAA4IBAQBkfUS3z5oGwaIGB4k/BJ+Xm/uOR7rYf1iZ2n9m
v8sCTWYQ2643Fh9pqBUJ8HIR18Pbeu9uyh4s32uqBvntJmYbmgTQBcsZDuYKEZ3J
/sPRyFhdT9FIVOM7tpmBTyebGhZSfLZEx7C5LbTMRsNfp1UF36XbN7+pX3xjw4U4
PKcbwoHL7j6HMInGEpva3TEzRLjjLq67IezfZUnzWeRrvLsqNUG1JrXIwb6xQaDY
ZgADpX/PV4VXknqgUFmOEDv25nNTB9aMh4Cfns/0w7Ms1ctcsx2s4A0U9oNVCMN3
sYB9Uk5XlWWEge6sg7ibR6Lv9lUAfs7RZQLhhzCkt5B2KJCF
-----END CERTIFICATE-----