Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/vjaYC5QF6rIZllWMVDm6c67Viv4.roa
File:                     vjaYC5QF6rIZllWMVDm6c67Viv4.roa (raw, json)
Hash identifier:          aqLWSry32Dj3VlqfXXySEidqvEjI8Fi4ZsxlYgK0OGo=
Subject key identifier:   BE:36:98:0B:94:05:EA:B2:19:96:55:8C:54:39:BA:73:AE:D5:8A:FE
Certificate issuer:       /CN=d8012faf98275ae4f3f8d87f084ee4ff8420c485
Certificate serial:       01942143DF7878986A569D675C383DF2790A
Authority key identifier: D8:01:2F:AF:98:27:5A:E4:F3:F8:D8:7F:08:4E:E4:FF:84:20:C4:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/vjaYC5QF6rIZllWMVDm6c67Viv4.roa
Signing time:             Wed 01 Jan 2025 09:48:03 +0000
ROA not before:           Wed 01 Jan 2025 09:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215434
IP address blocks:        2a01:f4c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:df:78:78:98:6a:56:9d:67:5c:38:3d:f2:79:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8012faf98275ae4f3f8d87f084ee4ff8420c485
        Validity
            Not Before: Jan  1 09:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be36980b9405eab21996558c5439ba73aed58afe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b9:05:53:89:8d:94:74:a7:32:f6:91:25:4d:
                    79:7a:ed:a8:fa:e0:94:f9:07:78:b9:38:49:68:e2:
                    e4:ad:93:84:61:53:a3:5e:86:03:04:e2:2c:d9:b7:
                    05:10:bf:ff:3b:cc:f5:5c:5a:96:45:0f:25:62:15:
                    6e:9b:03:00:4e:fc:fd:79:38:60:2d:33:0e:00:c8:
                    8f:2f:5c:f6:d8:b6:dc:2c:fc:6c:43:bb:a3:43:08:
                    e8:4a:90:6b:ef:3d:57:ce:3c:87:57:1c:2e:2c:71:
                    5d:16:be:40:b0:26:45:d7:79:9b:8c:c9:a7:1d:80:
                    fc:7b:11:f6:45:74:93:44:f8:ac:8e:af:6a:f0:58:
                    30:78:d7:44:84:7c:f9:c5:d2:6a:94:a2:c4:e8:aa:
                    25:67:99:d6:80:4d:b7:49:cc:7b:ab:3b:d3:83:04:
                    3d:88:dc:ae:c7:21:85:f2:f1:c1:1b:ce:c9:48:fc:
                    b6:c1:45:a1:8f:cb:ac:ae:07:f8:ac:60:42:d7:be:
                    ac:1d:11:7c:e2:bf:1b:e5:e1:94:07:6b:fc:40:fc:
                    ee:e4:94:e5:66:6c:6f:00:12:56:e1:a1:56:a8:25:
                    cc:10:ed:ff:19:f3:61:81:06:53:8f:f8:65:01:17:
                    37:83:26:40:fb:25:57:08:2b:e7:c8:a4:52:e0:95:
                    9e:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:36:98:0B:94:05:EA:B2:19:96:55:8C:54:39:BA:73:AE:D5:8A:FE
            X509v3 Authority Key Identifier:
                keyid:D8:01:2F:AF:98:27:5A:E4:F3:F8:D8:7F:08:4E:E4:FF:84:20:C4:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/vjaYC5QF6rIZllWMVDm6c67Viv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a0:14:3e:99:47:e0:dd:69:f2:75:76:b7:eb:2f:ca:a6:04:ef:
         73:a7:8c:e3:27:e8:6b:10:96:d9:0c:1f:7d:2e:4f:bc:b8:8f:
         52:5c:f5:4d:72:7a:3c:a2:e4:22:47:18:31:f1:1c:c3:e9:af:
         70:59:22:7c:95:a4:42:76:98:f8:17:2e:53:76:8c:7b:1b:ce:
         09:b6:2f:de:eb:81:e6:f3:41:f4:7e:06:86:59:5c:98:53:d5:
         55:ca:11:e9:0d:5b:d1:3d:b1:d3:b6:ea:9e:ce:22:75:5f:73:
         cc:10:ab:5c:cc:eb:44:64:24:41:ab:e5:fa:f9:0b:c3:b1:9d:
         f4:13:ea:38:d8:27:9e:d9:6d:98:50:b9:05:d2:a0:72:89:ae:
         e1:38:5b:0f:bf:ef:98:5b:77:9b:ed:95:db:d0:4a:be:15:2b:
         3c:48:01:ac:ba:50:61:fb:0b:c1:05:26:17:63:cb:ba:e6:2e:
         50:51:f6:cb:17:00:7f:61:d5:a5:84:54:fa:b3:50:b4:62:aa:
         7a:86:fe:6e:c3:d1:00:e4:10:fb:5c:4a:98:3d:6c:f4:b8:0b:
         14:d4:ce:5d:1c:b3:cc:74:dc:8a:d9:1e:75:4b:e7:eb:a3:e0:
         09:00:0a:60:56:a7:aa:7a:88:e3:ab:8e:f2:a4:2d:55:80:d1:
         e7:87:cc:11
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQhQ994eJhqVp1nXDg98nkKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MDEyZmFmOTgyNzVhZTRmM2Y4ZDg3ZjA4NGVlNGZmODQy
MGM0ODUwHhcNMjUwMTAxMDk0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTM2OTgwYjk0MDVlYWIyMTk5NjU1OGM1NDM5YmE3M2FlZDU4YWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprkFU4mNlHSnMvaRJU15eu2o+uCU
+Qd4uThJaOLkrZOEYVOjXoYDBOIs2bcFEL//O8z1XFqWRQ8lYhVumwMATvz9eThg
LTMOAMiPL1z22LbcLPxsQ7ujQwjoSpBr7z1XzjyHVxwuLHFdFr5AsCZF13mbjMmn
HYD8exH2RXSTRPisjq9q8FgweNdEhHz5xdJqlKLE6KolZ5nWgE23Scx7qzvTgwQ9
iNyuxyGF8vHBG87JSPy2wUWhj8usrgf4rGBC176sHRF84r8b5eGUB2v8QPzu5JTl
ZmxvABJW4aFWqCXMEO3/GfNhgQZTj/hlARc3gyZA+yVXCCvnyKRS4JWeowIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFL42mAuUBeqyGZZVjFQ5unOu1Yr+MB8GA1UdIwQY
MBaAFNgBL6+YJ1rk8/jYfwhO5P+EIMSFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkFFdnI1Z25XdVR6LU5oX0NFN2tfNFFneElVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9mNjdhYTgtNTFjMi00M2IyLWIwMjIt
NmQ1NjBkZWJmN2IzLzEvdmphWUM1UUY2cklabGxXTVZEbTZjNjdWaXY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9mNjdhYTgtNTFjMi00M2IyLWIwMjItNmQ1NjBkZWJmN2Iz
LzEvMkFFdnI1Z25XdVR6LU5oX0NFN2tfNFFneElVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgH0wDAN
BgkqhkiG9w0BAQsFAAOCAQEAoBQ+mUfg3WnydXa36y/KpgTvc6eM4yfoaxCW2Qwf
fS5PvLiPUlz1TXJ6PKLkIkcYMfEcw+mvcFkifJWkQnaY+BcuU3aMexvOCbYv3uuB
5vNB9H4GhllcmFPVVcoR6Q1b0T2x07bqns4idV9zzBCrXMzrRGQkQavl+vkLw7Gd
9BPqONgnntltmFC5BdKgcomu4ThbD7/vmFt3m+2V29BKvhUrPEgBrLpQYfsLwQUm
F2PLuuYuUFH2yxcAf2HVpYRU+rNQtGKqeob+bsPRAOQQ+1xKmD1s9LgLFNTOXRyz
zHTcitkedUvn66PgCQAKYFanqnqI46uO8qQtVYDR54fMEQ==
-----END CERTIFICATE-----