Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/shBa9JrmFrbHIJ50XFqnyAIX03Q.roa
File:                     shBa9JrmFrbHIJ50XFqnyAIX03Q.roa (raw, json)
Hash identifier:          ZX0cowj/X8/UKH2s85v3mEfUGDpRbJzNCB3///lxrIs=
Subject key identifier:   B2:10:5A:F4:9A:E6:16:B6:C7:20:9E:74:5C:5A:A7:C8:02:17:D3:74
Certificate issuer:       /CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
Certificate serial:       01941F8C7BA2E463DCC682D41F1E64C9B42B
Authority key identifier: C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/shBa9JrmFrbHIJ50XFqnyAIX03Q.roa
Signing time:             Wed 01 Jan 2025 01:48:07 +0000
ROA not before:           Wed 01 Jan 2025 01:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211452
IP address blocks:        2a07:291b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:7b:a2:e4:63:dc:c6:82:d4:1f:1e:64:c9:b4:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
        Validity
            Not Before: Jan  1 01:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2105af49ae616b6c7209e745c5aa7c80217d374
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f4:50:ff:dd:52:b3:90:02:74:a3:1a:af:50:
                    aa:e8:d0:49:92:be:e0:ba:14:db:0d:92:36:3e:78:
                    c2:58:62:15:d9:11:b7:fe:5b:b3:6f:1d:c0:41:b4:
                    7d:0b:04:25:7a:9a:cc:22:b2:84:4e:7a:17:3e:08:
                    6f:b3:16:28:3f:c3:64:f3:b4:2d:69:a5:61:e3:b0:
                    ed:33:91:2a:20:fb:bf:c8:64:1e:d1:c3:a8:02:2a:
                    67:6c:77:10:6d:0a:30:69:33:67:4d:4a:dc:6c:c2:
                    ca:71:8f:92:2d:4b:6c:be:68:e7:43:98:32:a2:62:
                    e8:3a:77:2b:f9:c1:bb:f3:5c:4c:a5:17:83:3d:ce:
                    a1:63:be:9b:ea:06:1f:92:ce:16:27:03:76:93:69:
                    f9:3d:87:bd:39:e3:20:04:2b:f0:79:4b:26:1c:2d:
                    c6:04:67:28:fd:94:1e:d6:c3:e3:24:b3:70:ee:05:
                    85:30:25:3c:3e:aa:ec:79:3f:0a:ab:44:b1:59:8f:
                    e8:26:94:2e:83:fd:c1:7e:b3:18:0b:3d:f2:8a:68:
                    10:12:9b:a7:3a:39:63:cd:ce:1a:7b:42:28:c5:a6:
                    6b:c6:19:52:fa:cb:64:f0:14:73:38:08:b6:cc:28:
                    e8:75:cd:79:7b:d4:25:d5:fa:41:ce:e5:f6:71:ac:
                    b8:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:10:5A:F4:9A:E6:16:B6:C7:20:9E:74:5C:5A:A7:C8:02:17:D3:74
            X509v3 Authority Key Identifier:
                keyid:C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/shBa9JrmFrbHIJ50XFqnyAIX03Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:291b::/32

    Signature Algorithm: sha256WithRSAEncryption
         91:79:b3:13:33:1e:18:c9:b2:41:e7:43:b3:cf:aa:59:f6:8b:
         39:81:3d:0c:87:24:3c:45:46:f0:d4:3b:3b:7d:bc:fb:09:09:
         11:02:9f:8d:da:6f:11:58:1a:02:37:9d:e5:4d:29:fe:49:1d:
         d2:ad:be:1d:61:ae:41:5b:92:71:99:f2:a1:c3:6c:e7:35:bb:
         c7:2a:da:51:d8:0c:73:7e:31:0d:e0:a1:9a:33:72:55:f9:fc:
         34:fc:63:96:c3:99:12:9e:99:1c:55:cf:f5:0f:6b:ef:cb:37:
         25:8d:38:ee:b3:cd:1c:0b:5d:f2:4e:93:78:5f:de:7b:d5:49:
         2a:a4:77:e6:4b:40:2f:a1:a2:d7:cc:a6:7e:ad:9a:81:1b:74:
         04:77:8a:99:e3:1f:26:9b:37:39:11:29:b5:7d:83:5e:4f:f5:
         cc:0f:77:91:c4:54:46:b4:31:fe:b0:c9:65:fd:dd:df:b5:11:
         1b:22:e8:cc:51:53:09:a2:78:76:28:a5:1a:6e:b1:dc:30:36:
         48:ae:37:97:c2:0e:08:22:f1:c6:bb:37:95:e9:6b:b8:c3:8c:
         47:cd:98:97:f2:72:7a:a3:5e:bf:51:b7:c6:62:d8:e1:67:ba:
         46:03:57:34:01:f6:ab:86:e2:7b:c7:31:a2:e1:4e:26:06:90:
         69:07:6c:1d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQfjHui5GPcxoLUHx5kybQrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NWM2ODNjYjFlYjljMGY0OWI5NjdlM2JkOWI4Yjg0Y2Yw
OTliYjgwHhcNMjUwMTAxMDE0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjEwNWFmNDlhZTYxNmI2YzcyMDllNzQ1YzVhYTdjODAyMTdkMzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfRQ/91Ss5ACdKMar1Cq6NBJkr7g
uhTbDZI2PnjCWGIV2RG3/luzbx3AQbR9CwQleprMIrKETnoXPghvsxYoP8Nk87Qt
aaVh47DtM5EqIPu/yGQe0cOoAipnbHcQbQowaTNnTUrcbMLKcY+SLUtsvmjnQ5gy
omLoOncr+cG781xMpReDPc6hY76b6gYfks4WJwN2k2n5PYe9OeMgBCvweUsmHC3G
BGco/ZQe1sPjJLNw7gWFMCU8PqrseT8Kq0SxWY/oJpQug/3BfrMYCz3yimgQEpun
Ojljzc4ae0IoxaZrxhlS+stk8BRzOAi2zCjodc15e9Ql1fpBzuX2cay4TQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLIQWvSa5ha2xyCedFxap8gCF9N0MB8GA1UdIwQY
MBaAFMRcaDyx65wPSbln472bi4TPCZu4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYt
ODhkMmRmMTBkMTViLzEvc2hCYTlKcm1GcmJISUo1MFhGcW55QUlYMDNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYtODhkMmRmMTBkMTVi
LzEveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgcpGzAN
BgkqhkiG9w0BAQsFAAOCAQEAkXmzEzMeGMmyQedDs8+qWfaLOYE9DIckPEVG8NQ7
O328+wkJEQKfjdpvEVgaAjed5U0p/kkd0q2+HWGuQVuScZnyocNs5zW7xyraUdgM
c34xDeChmjNyVfn8NPxjlsOZEp6ZHFXP9Q9r78s3JY047rPNHAtd8k6TeF/ee9VJ
KqR35ktAL6Gi18ymfq2agRt0BHeKmeMfJps3OREptX2DXk/1zA93kcRURrQx/rDJ
Zf3d37URGyLozFFTCaJ4diilGm6x3DA2SK43l8IOCCLxxrs3lelruMOMR82Yl/Jy
eqNev1G3xmLY4We6RgNXNAH2q4bie8cxouFOJgaQaQdsHQ==
-----END CERTIFICATE-----