Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/7Qe59yEW7U7chp45wrlrOOBrcpk.roa
File:                     7Qe59yEW7U7chp45wrlrOOBrcpk.roa (raw, json)
Hash identifier:          Md3Sf2aP3zQKSv1JAQBFfYI5IElvnInpSGp9RK9f30s=
Subject key identifier:   ED:07:B9:F7:21:16:ED:4E:DC:86:9E:39:C2:B9:6B:38:E0:6B:72:99
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       019425FC13FC674BFF31BB01CD4340506FA4
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/7Qe59yEW7U7chp45wrlrOOBrcpk.roa
Signing time:             Thu 02 Jan 2025 07:47:44 +0000
ROA not before:           Thu 02 Jan 2025 07:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        2a02:1140:200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:13:fc:67:4b:ff:31:bb:01:cd:43:40:50:6f:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: Jan  2 07:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed07b9f72116ed4edc869e39c2b96b38e06b7299
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a5:15:57:ec:3f:aa:b6:3b:5a:84:3a:eb:1f:
                    09:ca:57:b9:e5:68:d6:f9:0c:eb:2e:77:b3:1a:46:
                    55:87:ce:00:f3:24:32:18:e8:14:62:88:d6:07:2e:
                    12:d8:6b:40:90:2c:cf:1d:c2:e5:19:d5:54:29:27:
                    e0:f5:e0:49:f8:3a:e0:45:51:09:df:3b:f3:42:0c:
                    2c:bf:92:56:6a:7b:ef:87:d2:cd:05:60:58:4c:f1:
                    b2:34:c3:51:4e:c4:9b:c5:b8:b7:6e:4f:ae:6b:66:
                    9d:a9:2d:6c:83:10:f7:82:18:4f:73:ae:55:c2:58:
                    78:5b:b7:35:63:ef:21:12:da:8a:a1:2f:93:1a:a4:
                    e6:49:3c:51:27:d8:ec:26:6a:3a:80:e8:93:9f:11:
                    96:85:53:a8:56:b5:08:d6:f1:23:83:ac:a4:ca:4e:
                    ae:62:36:ba:72:7c:1d:d2:fc:e9:1c:94:4f:07:ce:
                    bb:84:1b:a2:df:25:b9:49:ca:4f:96:e8:9d:d4:2e:
                    b3:a2:8a:63:a2:df:1b:0f:17:72:3f:88:39:6d:e3:
                    a1:42:63:0a:44:bf:98:5c:0f:97:42:34:ed:da:fa:
                    86:98:ff:79:ef:2d:01:b6:61:56:61:ee:de:99:6f:
                    3a:90:65:fc:7a:42:96:28:7d:e3:18:a6:02:7b:4e:
                    1e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:07:B9:F7:21:16:ED:4E:DC:86:9E:39:C2:B9:6B:38:E0:6B:72:99
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/7Qe59yEW7U7chp45wrlrOOBrcpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:1140:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         c4:ce:47:ac:89:80:ef:f2:6a:19:00:85:da:17:14:8c:a2:8e:
         e2:35:db:9c:88:f5:09:c5:ad:be:53:6c:05:84:57:c8:a4:28:
         5d:c6:3a:f1:5c:4c:91:de:6f:06:71:d2:31:82:b4:7b:55:9f:
         6a:23:28:0f:a3:f7:cc:31:f3:17:db:9f:d4:bd:a6:c0:7e:33:
         19:72:ae:c5:4a:52:1e:0b:56:a5:80:ca:1d:03:ae:04:74:65:
         fb:96:9f:49:09:90:e5:fc:6c:e5:2a:84:08:54:f5:4a:52:8c:
         55:a9:f0:8d:7f:77:c9:d5:98:8b:23:bd:2e:9f:07:08:fe:4d:
         e0:b5:9c:58:75:47:d4:b9:03:e8:8c:12:f0:27:70:08:d3:90:
         87:d2:3a:9d:e4:ab:65:28:11:eb:69:1c:5b:ec:1f:a6:8e:73:
         5d:2f:6c:f8:63:e6:4f:00:97:14:3e:f2:65:67:72:c7:24:be:
         9a:b0:b0:54:e9:94:55:6b:f9:99:45:df:84:8f:0d:6c:2b:12:
         6b:77:8d:87:d4:25:f8:43:35:8b:34:bd:54:48:2e:46:8d:37:
         72:e7:85:82:0d:77:98:96:d5:cc:b8:cc:7a:7b:32:4d:38:69:
         4e:c4:d0:35:02:bc:fa:41:69:c9:a8:6d:8b:8c:31:5b:85:25:
         8f:28:bd:cd
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQl/BP8Z0v/MbsBzUNAUG+kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjUwMTAyMDc0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDA3YjlmNzIxMTZlZDRlZGM4NjllMzljMmI5NmIzOGUwNmI3Mjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKUVV+w/qrY7WoQ66x8Jyle55WjW
+QzrLnezGkZVh84A8yQyGOgUYojWBy4S2GtAkCzPHcLlGdVUKSfg9eBJ+DrgRVEJ
3zvzQgwsv5JWanvvh9LNBWBYTPGyNMNRTsSbxbi3bk+ua2adqS1sgxD3ghhPc65V
wlh4W7c1Y+8hEtqKoS+TGqTmSTxRJ9jsJmo6gOiTnxGWhVOoVrUI1vEjg6ykyk6u
Yja6cnwd0vzpHJRPB867hBui3yW5ScpPluid1C6zoopjot8bDxdyP4g5beOhQmMK
RL+YXA+XQjTt2vqGmP957y0BtmFWYe7emW86kGX8ekKWKH3jGKYCe04eFwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFO0HufchFu1O3IaeOcK5azjga3KZMB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvN1FlNTl5RVc3VTdjaHA0NXdybHJPT0JyY3BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYtYTk2YzYyNjZhYmRi
LzEvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgIRQAIw
DQYJKoZIhvcNAQELBQADggEBAMTOR6yJgO/yahkAhdoXFIyijuI125yI9QnFrb5T
bAWEV8ikKF3GOvFcTJHebwZx0jGCtHtVn2ojKA+j98wx8xfbn9S9psB+MxlyrsVK
Uh4LVqWAyh0DrgR0ZfuWn0kJkOX8bOUqhAhU9UpSjFWp8I1/d8nVmIsjvS6fBwj+
TeC1nFh1R9S5A+iMEvAncAjTkIfSOp3kq2UoEetpHFvsH6aOc10vbPhj5k8AlxQ+
8mVncsckvpqwsFTplFVr+ZlF34SPDWwrEmt3jYfUJfhDNYs0vVRILkaNN3LnhYIN
d5iW1cy4zHp7Mk04aU7E0DUCvPpBacmobYuMMVuFJY8ovc0=
-----END CERTIFICATE-----