Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/deec2e-0cd6-4113-b2b9-2a0cf13173d8/1/7wYbQJjmUZJ3jrCYQep7ej1ycX8.roa
File:                     7wYbQJjmUZJ3jrCYQep7ej1ycX8.roa (raw, json)
Hash identifier:          gX6AQ4uDUscH9HZMwyFhtSxb+YXiJVmytGAK7BhRx4Q=
Subject key identifier:   EF:06:1B:40:98:E6:51:92:77:8E:B0:98:41:EA:7B:7A:3D:72:71:7F
Certificate issuer:       /CN=70dbea0753df083e5782bb9f380b5d799cb78a06
Certificate serial:       01941FFA04AD65236AE4A2270048BBACBEE2
Authority key identifier: 70:DB:EA:07:53:DF:08:3E:57:82:BB:9F:38:0B:5D:79:9C:B7:8A:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cNvqB1PfCD5XgrufOAtdeZy3igY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/deec2e-0cd6-4113-b2b9-2a0cf13173d8/1/7wYbQJjmUZJ3jrCYQep7ej1ycX8.roa
Signing time:             Wed 01 Jan 2025 03:47:46 +0000
ROA not before:           Wed 01 Jan 2025 03:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        132.252.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/deec2e-0cd6-4113-b2b9-2a0cf13173d8/1/cNvqB1PfCD5XgrufOAtdeZy3igY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/deec2e-0cd6-4113-b2b9-2a0cf13173d8/1/cNvqB1PfCD5XgrufOAtdeZy3igY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cNvqB1PfCD5XgrufOAtdeZy3igY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:04:ad:65:23:6a:e4:a2:27:00:48:bb:ac:be:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70dbea0753df083e5782bb9f380b5d799cb78a06
        Validity
            Not Before: Jan  1 03:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef061b4098e65192778eb09841ea7b7a3d72717f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:18:ee:42:4a:83:ec:94:4d:d2:6e:6d:1a:e6:
                    7a:71:b0:f3:fa:8c:a7:a1:a1:2e:a5:f4:d3:fa:03:
                    0b:ae:58:32:fb:30:8c:ad:08:94:d1:36:0f:98:ef:
                    d0:b6:88:63:9c:f4:58:2d:bb:1b:47:d3:69:5e:ba:
                    42:1c:df:41:9c:37:5a:a5:3a:60:7a:b7:06:e3:25:
                    24:bb:3e:00:cd:55:68:fc:ab:52:e9:ba:e0:26:0f:
                    e6:bf:4b:a6:12:73:85:f8:57:7a:ae:be:2e:04:e8:
                    d3:10:c0:4e:12:e5:09:d6:ad:14:d4:cc:fe:03:fe:
                    e9:06:82:07:bc:db:23:9a:14:82:2e:4f:d6:c5:e4:
                    e9:61:e5:a7:f3:37:25:3f:72:15:d5:9d:29:61:87:
                    6f:8f:40:ea:5a:f7:0b:9c:64:28:1f:29:dc:05:4f:
                    35:c4:3e:c5:b8:6d:0f:8b:7e:8c:fd:47:ec:a6:dd:
                    32:8e:c5:3f:a8:a1:f7:f0:4b:0c:17:b8:04:a7:b2:
                    50:65:e7:15:81:5e:3d:5c:a6:c1:cd:5f:ee:d1:f6:
                    47:2d:4a:7a:27:63:79:d5:be:60:ae:7a:cb:7c:f6:
                    0a:8c:2d:c6:9c:e4:43:3a:10:f5:01:4d:e7:18:30:
                    b5:62:a9:f6:3e:bb:15:37:d1:82:96:e2:0c:31:9e:
                    ee:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:06:1B:40:98:E6:51:92:77:8E:B0:98:41:EA:7B:7A:3D:72:71:7F
            X509v3 Authority Key Identifier:
                keyid:70:DB:EA:07:53:DF:08:3E:57:82:BB:9F:38:0B:5D:79:9C:B7:8A:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cNvqB1PfCD5XgrufOAtdeZy3igY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/deec2e-0cd6-4113-b2b9-2a0cf13173d8/1/7wYbQJjmUZJ3jrCYQep7ej1ycX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/deec2e-0cd6-4113-b2b9-2a0cf13173d8/1/cNvqB1PfCD5XgrufOAtdeZy3igY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.252.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a1:1b:e2:bb:af:51:91:68:ae:12:f1:61:0d:3c:a6:ed:5e:55:
         ab:36:35:19:6b:7a:96:98:ab:70:0e:03:3e:f3:7c:42:f0:ff:
         f5:fb:72:3f:35:9e:15:2a:1d:48:7f:13:a5:81:d7:2f:50:9d:
         fa:5d:a7:00:75:c7:14:eb:a6:1d:72:9a:4e:bb:48:81:1b:4a:
         df:8f:cc:ea:75:cc:d2:41:2b:e3:2a:34:14:09:12:a3:a0:cd:
         06:a0:6b:fa:b7:34:8f:f4:ad:4d:d4:85:e5:74:f0:33:ba:7b:
         a0:f3:80:e4:c9:8e:92:fb:a9:9d:53:78:93:53:7c:51:ad:c7:
         79:07:24:ac:1e:60:bc:ab:33:9f:5a:47:7c:16:9d:bf:6a:98:
         6f:e9:c9:2d:8a:74:67:39:3b:25:d9:ec:d0:fd:e1:3e:36:2a:
         b9:32:55:f0:fc:3a:81:71:7a:39:ae:df:1b:b4:e2:0a:27:6a:
         a6:44:27:d6:d9:0d:26:e5:bb:e4:7f:d0:78:d8:ba:11:69:b6:
         ca:fc:9f:ef:5f:c9:c0:11:82:ee:7a:6a:00:ee:9e:53:56:71:
         65:21:b9:50:23:d4:f5:63:e1:5c:02:d9:ea:f4:4e:17:e7:5e:
         59:24:bd:ba:23:fb:2f:75:00:02:2d:9a:87:f5:b6:d3:f9:a2:
         c2:17:5e:ae
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQf+gStZSNq5KInAEi7rL7iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZGJlYTA3NTNkZjA4M2U1NzgyYmI5ZjM4MGI1ZDc5OWNi
NzhhMDYwHhcNMjUwMTAxMDM0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjA2MWI0MDk4ZTY1MTkyNzc4ZWIwOTg0MWVhN2I3YTNkNzI3MTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1RjuQkqD7JRN0m5tGuZ6cbDz+oyn
oaEupfTT+gMLrlgy+zCMrQiU0TYPmO/QtohjnPRYLbsbR9NpXrpCHN9BnDdapTpg
ercG4yUkuz4AzVVo/KtS6brgJg/mv0umEnOF+Fd6rr4uBOjTEMBOEuUJ1q0U1Mz+
A/7pBoIHvNsjmhSCLk/WxeTpYeWn8zclP3IV1Z0pYYdvj0DqWvcLnGQoHyncBU81
xD7FuG0Pi36M/Ufspt0yjsU/qKH38EsMF7gEp7JQZecVgV49XKbBzV/u0fZHLUp6
J2N51b5grnrLfPYKjC3GnORDOhD1AU3nGDC1Yqn2PrsVN9GCluIMMZ7ufwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFO8GG0CY5lGSd46wmEHqe3o9cnF/MB8GA1UdIwQY
MBaAFHDb6gdT3wg+V4K7nzgLXXmct4oGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY052cUIxUGZDRDVYZ3J1Zk9BdGRlWnkzaWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9kZWVjMmUtMGNkNi00MTEzLWIyYjkt
MmEwY2YxMzE3M2Q4LzEvN3dZYlFKam1VWkozanJDWVFlcDdlajF5Y1g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9kZWVjMmUtMGNkNi00MTEzLWIyYjktMmEwY2YxMzE3M2Q4
LzEvY052cUIxUGZDRDVYZ3J1Zk9BdGRlWnkzaWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhPwwDQYJ
KoZIhvcNAQELBQADggEBAKEb4ruvUZForhLxYQ08pu1eVas2NRlrepaYq3AOAz7z
fELw//X7cj81nhUqHUh/E6WB1y9QnfpdpwB1xxTrph1ymk67SIEbSt+PzOp1zNJB
K+MqNBQJEqOgzQaga/q3NI/0rU3UheV08DO6e6DzgOTJjpL7qZ1TeJNTfFGtx3kH
JKweYLyrM59aR3wWnb9qmG/pyS2KdGc5OyXZ7ND94T42KrkyVfD8OoFxejmu3xu0
4gonaqZEJ9bZDSblu+R/0HjYuhFptsr8n+9fycARgu56agDunlNWcWUhuVAj1PVj
4VwC2er0ThfnXlkkvboj+y91AAItmof1ttP5osIXXq4=
-----END CERTIFICATE-----