Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/5bwrov9Q4TKzJTBo9upY3XK0THU.roa
File:                     5bwrov9Q4TKzJTBo9upY3XK0THU.roa (raw, json)
Hash identifier:          TYWC6rWZltrX891RQlcpPW39DIbNZYI93ECjvUJPd18=
Subject key identifier:   E5:BC:2B:A2:FF:50:E1:32:B3:25:30:68:F6:EA:58:DD:72:B4:4C:75
Certificate issuer:       /CN=a124ccdd70f3ec762cbd65e04dd6f76be236a8a7
Certificate serial:       019427B68AEC464CB07366C26B1794A36B90
Authority key identifier: A1:24:CC:DD:70:F3:EC:76:2C:BD:65:E0:4D:D6:F7:6B:E2:36:A8:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/5bwrov9Q4TKzJTBo9upY3XK0THU.roa
Signing time:             Thu 02 Jan 2025 15:51:02 +0000
ROA not before:           Thu 02 Jan 2025 15:51:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38846
IP address blocks:        2a13:aac4:f020::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:8a:ec:46:4c:b0:73:66:c2:6b:17:94:a3:6b:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a124ccdd70f3ec762cbd65e04dd6f76be236a8a7
        Validity
            Not Before: Jan  2 15:51:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5bc2ba2ff50e132b3253068f6ea58dd72b44c75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ef:4d:92:a5:e9:3b:84:20:a9:ff:e3:a2:05:
                    9a:88:4e:c6:5c:52:a3:a1:03:b0:47:7a:52:98:14:
                    7d:85:3b:36:91:96:bf:47:df:97:ec:9b:29:c4:b5:
                    62:b4:49:a9:d1:47:4c:48:76:13:ef:ad:ec:0d:19:
                    ae:ca:d2:7b:74:07:28:cf:af:40:56:9f:6b:72:5f:
                    17:73:ca:ad:bb:39:cd:a1:7c:26:df:e8:07:a8:36:
                    f3:b9:eb:9c:73:05:55:c0:b2:38:46:6b:b6:03:a7:
                    30:bd:b6:db:9e:95:e7:60:1d:a6:96:4f:44:b1:93:
                    9e:eb:1f:80:09:c3:5d:d0:68:8b:86:8f:10:09:6f:
                    9f:07:40:6b:81:8f:8f:b9:f1:b5:91:05:e8:7f:15:
                    ff:62:46:f3:17:bf:aa:f5:2c:1d:73:03:93:bd:37:
                    e1:1a:22:9e:a4:a7:cf:44:36:f2:f4:a5:bd:af:55:
                    65:21:f7:df:f0:b7:07:b2:75:91:4e:b6:63:2b:ad:
                    a7:bd:70:a0:0e:58:2b:03:7b:72:d8:27:aa:d9:5f:
                    db:d5:1b:bf:0b:82:84:87:d4:c0:8c:12:b9:ce:3d:
                    48:7c:54:00:76:f9:8e:63:a1:92:b0:77:15:72:7c:
                    08:ca:ae:b5:b5:e2:88:69:3c:8f:fb:24:43:59:9d:
                    ef:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:BC:2B:A2:FF:50:E1:32:B3:25:30:68:F6:EA:58:DD:72:B4:4C:75
            X509v3 Authority Key Identifier:
                keyid:A1:24:CC:DD:70:F3:EC:76:2C:BD:65:E0:4D:D6:F7:6B:E2:36:A8:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/5bwrov9Q4TKzJTBo9upY3XK0THU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:aac4:f020::/44

    Signature Algorithm: sha256WithRSAEncryption
         0a:e7:8c:bb:cd:a0:ac:bf:08:42:33:5f:5a:b3:db:40:2d:24:
         a8:43:f2:98:4f:11:c9:ff:a1:d8:ec:09:15:92:2e:fc:f8:7b:
         71:51:fe:ad:58:d2:44:bc:da:a4:48:3b:15:04:88:93:df:69:
         e3:08:4e:cf:56:ec:13:ba:e3:c3:bf:40:c4:57:d6:36:41:de:
         c7:36:06:fd:c3:df:41:89:bb:1d:fc:5f:4f:90:c9:25:ab:c4:
         24:51:be:e5:62:fe:94:41:f6:6f:13:20:4f:6b:86:1e:0c:43:
         d2:ec:c3:10:64:4e:68:de:21:e9:3f:95:ca:ba:dd:91:04:55:
         e7:68:f3:a3:a9:1d:e0:5b:37:8d:41:02:80:e3:13:18:03:4e:
         5f:b9:40:83:7e:9a:8e:3c:b4:a5:a7:04:ec:a4:7a:1b:cf:45:
         30:3f:ba:ff:39:9b:16:2e:54:b3:f8:d3:a9:4d:7a:ff:9c:2b:
         f4:2e:68:3c:c3:09:6a:e4:38:5a:6d:77:c6:f3:97:02:aa:9b:
         81:5b:eb:0e:72:0c:54:37:f5:64:05:e6:12:d1:44:b2:6f:58:
         ed:74:b3:a6:0b:54:99:25:17:ab:26:1f:c5:e2:b0:92:24:d5:
         13:e1:c4:69:71:16:25:1e:6e:d3:08:dd:2e:cf:4b:41:9d:cf:
         5e:30:a4:a0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntorsRkywc2bCaxeUo2uQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExMjRjY2RkNzBmM2VjNzYyY2JkNjVlMDRkZDZmNzZiZTIz
NmE4YTcwHhcNMjUwMTAyMTU1MTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWJjMmJhMmZmNTBlMTMyYjMyNTMwNjhmNmVhNThkZDcyYjQ0Yzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAue9NkqXpO4Qgqf/jogWaiE7GXFKj
oQOwR3pSmBR9hTs2kZa/R9+X7JspxLVitEmp0UdMSHYT763sDRmuytJ7dAcoz69A
Vp9rcl8Xc8qtuznNoXwm3+gHqDbzueuccwVVwLI4Rmu2A6cwvbbbnpXnYB2mlk9E
sZOe6x+ACcNd0GiLho8QCW+fB0BrgY+PufG1kQXofxX/YkbzF7+q9SwdcwOTvTfh
GiKepKfPRDby9KW9r1VlIfff8LcHsnWRTrZjK62nvXCgDlgrA3ty2Ceq2V/b1Ru/
C4KEh9TAjBK5zj1IfFQAdvmOY6GSsHcVcnwIyq61teKIaTyP+yRDWZ3vQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOW8K6L/UOEysyUwaPbqWN1ytEx1MB8GA1UdIwQY
MBaAFKEkzN1w8+x2LL1l4E3W92viNqinMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1NUTTNYRHo3SFlzdldYZ1RkYjNhLUkycUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9iNjk0YjgtODIxMS00YzA2LTljODEt
N2IzNTM5N2FmMmY3LzEvNWJ3cm92OVE0VEt6SlRCbzl1cFkzWEswVEhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9iNjk0YjgtODIxMS00YzA2LTljODEtN2IzNTM5N2FmMmY3
LzEvb1NUTTNYRHo3SFlzdldYZ1RkYjNhLUkycUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhOqxPAg
MA0GCSqGSIb3DQEBCwUAA4IBAQAK54y7zaCsvwhCM19as9tALSSoQ/KYTxHJ/6HY
7AkVki78+HtxUf6tWNJEvNqkSDsVBIiT32njCE7PVuwTuuPDv0DEV9Y2Qd7HNgb9
w99Bibsd/F9PkMklq8QkUb7lYv6UQfZvEyBPa4YeDEPS7MMQZE5o3iHpP5XKut2R
BFXnaPOjqR3gWzeNQQKA4xMYA05fuUCDfpqOPLSlpwTspHobz0UwP7r/OZsWLlSz
+NOpTXr/nCv0Lmg8wwlq5DhabXfG85cCqpuBW+sOcgxUN/VkBeYS0USyb1jtdLOm
C1SZJRerJh/F4rCSJNUT4cRpcRYlHm7TCN0uz0tBnc9eMKSg
-----END CERTIFICATE-----