Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/gOWYAyjzxIKRFcUZmXLFPZZQLAE.roa
File:                     gOWYAyjzxIKRFcUZmXLFPZZQLAE.roa (raw, json)
Hash identifier:          uorrOksjaGfolUbfcHF+KBKk6xKRTaR+l4ir2v0cUaI=
Subject key identifier:   80:E5:98:03:28:F3:C4:82:91:15:C5:19:99:72:C5:3D:96:50:2C:01
Certificate issuer:       /CN=a124ccdd70f3ec762cbd65e04dd6f76be236a8a7
Certificate serial:       01947FD0A0356D6D4C6C165D189A41A57F16
Authority key identifier: A1:24:CC:DD:70:F3:EC:76:2C:BD:65:E0:4D:D6:F7:6B:E2:36:A8:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/gOWYAyjzxIKRFcUZmXLFPZZQLAE.roa
Signing time:             Sun 19 Jan 2025 18:26:06 +0000
ROA not before:           Sun 19 Jan 2025 18:26:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44908
IP address blocks:        2a13:aac4:1000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:7f:d0:a0:35:6d:6d:4c:6c:16:5d:18:9a:41:a5:7f:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a124ccdd70f3ec762cbd65e04dd6f76be236a8a7
        Validity
            Not Before: Jan 19 18:26:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80e5980328f3c4829115c5199972c53d96502c01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:22:3d:ed:bc:b0:85:20:80:34:93:e0:1b:8b:
                    0c:01:86:01:ab:b7:a6:d4:12:87:f1:ef:9d:3a:10:
                    a3:77:64:fb:8f:28:b0:dc:fb:ad:61:80:db:02:0f:
                    b0:7f:bd:56:e3:5f:5b:73:a8:c9:6d:ac:bb:cb:d0:
                    16:d6:10:40:a4:21:e2:62:4b:a9:b3:92:74:28:1b:
                    51:ac:b5:9d:49:8a:e9:81:9c:35:50:dd:75:a6:28:
                    99:da:d8:f9:9c:ce:57:b9:b5:19:d5:d8:b9:e7:be:
                    07:6d:4d:c6:7d:ee:05:e1:44:14:61:67:84:89:34:
                    bb:3b:7c:cf:b9:2b:16:f0:e1:b3:db:95:0d:91:70:
                    3d:a0:27:c2:3f:44:15:82:be:ba:c8:b6:9d:74:1d:
                    b0:6c:d0:c7:46:66:42:dc:36:6d:26:72:bf:aa:2c:
                    24:1d:c8:97:64:68:38:1c:a5:56:c6:e3:fa:9e:21:
                    92:00:e6:be:c4:e6:1c:4b:58:5a:52:5f:f6:cb:0b:
                    fc:4d:52:9f:e6:79:78:d0:2c:49:82:9b:41:8b:4f:
                    49:41:84:9c:e9:12:a8:e8:c5:a9:97:77:2b:37:2b:
                    10:72:0b:93:af:a1:aa:f7:6c:69:9d:2a:41:e1:40:
                    66:ce:c0:85:05:2a:d7:d4:89:0a:de:e7:a9:80:62:
                    81:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:E5:98:03:28:F3:C4:82:91:15:C5:19:99:72:C5:3D:96:50:2C:01
            X509v3 Authority Key Identifier:
                keyid:A1:24:CC:DD:70:F3:EC:76:2C:BD:65:E0:4D:D6:F7:6B:E2:36:A8:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/gOWYAyjzxIKRFcUZmXLFPZZQLAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:aac4:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         6a:3d:69:0f:38:ce:e2:1d:9f:e0:73:3e:57:ea:12:39:e2:42:
         95:58:aa:62:04:b9:6f:6f:2d:9c:4b:94:de:09:5b:32:e7:c2:
         76:f1:c4:16:56:9b:22:0a:1e:ff:52:4e:3f:57:38:28:ae:ed:
         87:a9:d5:80:27:f1:71:11:70:66:e3:77:cf:ac:dc:69:77:67:
         52:40:80:d0:ad:cb:7b:21:86:45:28:24:a7:42:c7:32:25:ca:
         74:23:bc:3f:b6:2c:fd:65:7f:b2:86:c2:7f:72:13:66:15:05:
         2b:74:9e:cc:d7:4f:4d:05:50:d3:db:df:93:9f:42:25:5b:b2:
         38:c9:1c:16:f5:59:d9:ae:59:20:69:27:c0:96:3f:41:fb:0d:
         41:e7:fb:34:ea:40:e7:d2:9e:be:44:19:4c:a7:75:26:79:a3:
         95:7c:7f:2d:0f:89:9c:83:b5:4e:6f:1d:58:33:dd:ed:79:b1:
         23:8f:a4:fb:a9:b7:b0:2c:0a:bf:08:8e:76:ee:ed:34:c2:e4:
         2d:9c:fc:75:da:d1:9b:fa:fe:4f:a4:4a:bd:3a:bd:4c:38:78:
         c2:5b:68:50:f9:05:c8:c7:c6:65:af:b3:6f:8f:b2:f3:b4:e7:
         ef:40:11:ac:d9:6d:6c:65:4b:e0:82:29:45:ce:b7:79:32:14:
         12:36:04:cc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZR/0KA1bW1MbBZdGJpBpX8WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExMjRjY2RkNzBmM2VjNzYyY2JkNjVlMDRkZDZmNzZiZTIz
NmE4YTcwHhcNMjUwMTE5MTgyNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGU1OTgwMzI4ZjNjNDgyOTExNWM1MTk5OTcyYzUzZDk2NTAyYzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhiI97bywhSCANJPgG4sMAYYBq7em
1BKH8e+dOhCjd2T7jyiw3PutYYDbAg+wf71W419bc6jJbay7y9AW1hBApCHiYkup
s5J0KBtRrLWdSYrpgZw1UN11piiZ2tj5nM5XubUZ1di5574HbU3Gfe4F4UQUYWeE
iTS7O3zPuSsW8OGz25UNkXA9oCfCP0QVgr66yLaddB2wbNDHRmZC3DZtJnK/qiwk
HciXZGg4HKVWxuP6niGSAOa+xOYcS1haUl/2ywv8TVKf5nl40CxJgptBi09JQYSc
6RKo6MWpl3crNysQcguTr6Gq92xpnSpB4UBmzsCFBSrX1IkK3uepgGKBqwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIDlmAMo88SCkRXFGZlyxT2WUCwBMB8GA1UdIwQY
MBaAFKEkzN1w8+x2LL1l4E3W92viNqinMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1NUTTNYRHo3SFlzdldYZ1RkYjNhLUkycUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9iNjk0YjgtODIxMS00YzA2LTljODEt
N2IzNTM5N2FmMmY3LzEvZ09XWUF5anp4SUtSRmNVWm1YTEZQWlpRTEFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9iNjk0YjgtODIxMS00YzA2LTljODEtN2IzNTM5N2FmMmY3
LzEvb1NUTTNYRHo3SFlzdldYZ1RkYjNhLUkycUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhOqxBAw
DQYJKoZIhvcNAQELBQADggEBAGo9aQ84zuIdn+BzPlfqEjniQpVYqmIEuW9vLZxL
lN4JWzLnwnbxxBZWmyIKHv9STj9XOCiu7Yep1YAn8XERcGbjd8+s3Gl3Z1JAgNCt
y3shhkUoJKdCxzIlynQjvD+2LP1lf7KGwn9yE2YVBSt0nszXT00FUNPb35OfQiVb
sjjJHBb1WdmuWSBpJ8CWP0H7DUHn+zTqQOfSnr5EGUyndSZ5o5V8fy0PiZyDtU5v
HVgz3e15sSOPpPupt7AsCr8Ijnbu7TTC5C2c/HXa0Zv6/k+kSr06vUw4eMJbaFD5
BcjHxmWvs2+PsvO05+9AEazZbWxlS+CCKUXOt3kyFBI2BMw=
-----END CERTIFICATE-----