Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/TvWiGITQL6TnbZlCP18LK1XHyq0.roa
File:                     TvWiGITQL6TnbZlCP18LK1XHyq0.roa (raw, json)
Hash identifier:          ECY0NKVBp1G1uivHtWe1d/7Az9PaMkOqJpUteCitqFE=
Subject key identifier:   4E:F5:A2:18:84:D0:2F:A4:E7:6D:99:42:3F:5F:0B:2B:55:C7:CA:AD
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       0194221F4E6299A06BA9C7584042A614200E
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/TvWiGITQL6TnbZlCP18LK1XHyq0.roa
Signing time:             Wed 01 Jan 2025 13:47:44 +0000
ROA not before:           Wed 01 Jan 2025 13:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204790
IP address blocks:        2a0e:4200::/29 maxlen: 29
                          2a10:2380::/29 maxlen: 29
                          2a10:3e40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:4e:62:99:a0:6b:a9:c7:58:40:42:a6:14:20:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Jan  1 13:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ef5a21884d02fa4e76d99423f5f0b2b55c7caad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:f9:82:12:f9:7f:42:da:45:41:14:74:d6:3c:
                    d8:d1:2a:ff:fe:29:ea:dc:1e:14:69:91:54:35:33:
                    d3:e9:b9:4d:ea:bd:53:56:b5:2a:9e:8e:04:38:d1:
                    5c:a1:1e:ef:5c:38:dc:e2:53:55:34:87:32:cc:da:
                    af:c2:bd:1a:dd:35:56:84:76:8e:6a:5d:9f:7f:6a:
                    4e:eb:b4:d6:b4:99:0d:0d:8e:22:60:82:c2:0a:00:
                    28:fb:d8:a9:95:50:c7:cf:61:72:68:7e:7d:a3:c5:
                    18:06:69:bf:09:ec:84:91:4b:cf:90:33:44:74:28:
                    41:b3:13:69:d2:4a:90:a1:ef:f8:b3:ec:a4:ad:9c:
                    86:8e:b0:f5:b2:f2:c5:9a:99:d0:8f:10:af:1e:5c:
                    38:7d:d8:4c:fd:81:7a:d0:d6:f8:66:46:81:58:f8:
                    91:ea:21:aa:f0:30:54:52:12:09:98:79:ce:04:c3:
                    bd:5d:8c:af:70:d3:b2:1e:49:9b:17:30:12:f3:2b:
                    78:19:45:b7:e9:9b:9d:c0:af:8e:7a:e3:7f:08:ac:
                    70:35:28:3d:89:ec:f4:4c:30:7c:5a:c5:84:b0:91:
                    62:6e:cd:a2:dd:fc:a5:19:76:cd:00:8d:e3:b4:1d:
                    7a:bd:4b:1c:40:23:bc:0b:b2:c2:e7:87:60:6a:21:
                    97:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:F5:A2:18:84:D0:2F:A4:E7:6D:99:42:3F:5F:0B:2B:55:C7:CA:AD
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/TvWiGITQL6TnbZlCP18LK1XHyq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4200::/29
                  2a10:2380::/29
                  2a10:3e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:3d:56:81:c1:f9:98:26:55:50:39:16:fb:50:96:0b:d7:c1:
         68:6f:89:08:cf:d7:0f:46:a1:c8:bc:2a:8e:10:0d:ff:94:72:
         99:05:7b:7c:0a:06:f1:a6:78:b3:57:60:78:2f:31:37:ff:63:
         b0:fc:bf:ab:4d:de:0b:b8:d9:30:25:dc:22:b9:64:67:27:31:
         cc:c0:e6:3a:05:5f:44:e6:8d:cb:92:2a:1b:c4:fd:a4:40:4a:
         7b:e9:16:5c:dd:04:7a:83:4c:b3:66:6f:7b:18:84:9d:2e:0c:
         db:07:ed:9d:c9:77:b6:c0:f6:85:d2:13:3e:14:c7:51:b4:b4:
         9f:89:81:b9:f2:21:b3:57:47:9f:fc:19:34:f5:46:60:c3:55:
         f0:25:82:84:9b:f1:a7:3e:c5:0a:19:55:db:4e:fe:e9:af:8d:
         79:a8:04:ba:85:80:34:ea:91:02:19:21:23:c6:85:29:75:c3:
         bd:08:a6:fc:64:62:04:92:fd:9f:94:12:6d:92:d9:6a:52:61:
         20:68:af:a9:ea:e2:b6:c6:37:cd:2c:b8:7b:2d:d5:c0:19:42:
         36:af:1a:4d:75:d0:4f:65:f6:ea:42:dd:80:1f:5d:bd:fa:7c:
         1e:33:d3:94:fb:57:9f:9b:5d:0f:8e:74:f9:a4:7e:bd:d9:51:
         cc:00:ca:33
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiH05imaBrqcdYQEKmFCAOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjUwMTAxMTM0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWY1YTIxODg0ZDAyZmE0ZTc2ZDk5NDIzZjVmMGIyYjU1YzdjYWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/mCEvl/QtpFQRR01jzY0Sr//inq
3B4UaZFUNTPT6blN6r1TVrUqno4EONFcoR7vXDjc4lNVNIcyzNqvwr0a3TVWhHaO
al2ff2pO67TWtJkNDY4iYILCCgAo+9iplVDHz2FyaH59o8UYBmm/CeyEkUvPkDNE
dChBsxNp0kqQoe/4s+ykrZyGjrD1svLFmpnQjxCvHlw4fdhM/YF60Nb4ZkaBWPiR
6iGq8DBUUhIJmHnOBMO9XYyvcNOyHkmbFzAS8yt4GUW36ZudwK+OeuN/CKxwNSg9
iez0TDB8WsWEsJFibs2i3fylGXbNAI3jtB16vUscQCO8C7LC54dgaiGXjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE71ohiE0C+k522ZQj9fCytVx8qtMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvVHZXaUdJVFFMNlRuYlpsQ1AxOExLMVhIeXEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKg5CAAMF
AyoQI4ADBQMqED5AMA0GCSqGSIb3DQEBCwUAA4IBAQAqPVaBwfmYJlVQORb7UJYL
18Fob4kIz9cPRqHIvCqOEA3/lHKZBXt8CgbxpnizV2B4LzE3/2Ow/L+rTd4LuNkw
JdwiuWRnJzHMwOY6BV9E5o3LkiobxP2kQEp76RZc3QR6g0yzZm97GISdLgzbB+2d
yXe2wPaF0hM+FMdRtLSfiYG58iGzV0ef/Bk09UZgw1XwJYKEm/GnPsUKGVXbTv7p
r415qAS6hYA06pECGSEjxoUpdcO9CKb8ZGIEkv2flBJtktlqUmEgaK+p6uK2xjfN
LLh7LdXAGUI2rxpNddBPZfbqQt2AH129+nweM9OU+1efm10PjnT5pH692VHMAMoz
-----END CERTIFICATE-----