Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/a8e45b-17c6-436d-81a8-c5195162e3be/1/Q-ERh4C_fIreU1kJHqIbiCU1JV4.roa
File:                     Q-ERh4C_fIreU1kJHqIbiCU1JV4.roa (raw, json)
Hash identifier:          CvofurTY3xCBBIW91EGU3e0F4XVRnYSMNX8fSyDcopY=
Subject key identifier:   43:E1:11:87:80:BF:7C:8A:DE:53:59:09:1E:A2:1B:88:25:35:25:5E
Certificate issuer:       /CN=baaa748ba14a76e5d8a6edacb5426082a56f5e3d
Certificate serial:       0194244503E41637B1BE0B7B832926D3DB2C
Authority key identifier: BA:AA:74:8B:A1:4A:76:E5:D8:A6:ED:AC:B5:42:60:82:A5:6F:5E:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uqp0i6FKduXYpu2stUJggqVvXj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/a8e45b-17c6-436d-81a8-c5195162e3be/1/Q-ERh4C_fIreU1kJHqIbiCU1JV4.roa
Signing time:             Wed 01 Jan 2025 23:48:10 +0000
ROA not before:           Wed 01 Jan 2025 23:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215828
IP address blocks:        2a13:ccc5::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/a8e45b-17c6-436d-81a8-c5195162e3be/1/uqp0i6FKduXYpu2stUJggqVvXj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/a8e45b-17c6-436d-81a8-c5195162e3be/1/uqp0i6FKduXYpu2stUJggqVvXj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uqp0i6FKduXYpu2stUJggqVvXj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 00:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:03:e4:16:37:b1:be:0b:7b:83:29:26:d3:db:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=baaa748ba14a76e5d8a6edacb5426082a56f5e3d
        Validity
            Not Before: Jan  1 23:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43e1118780bf7c8ade5359091ea21b882535255e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:6e:7d:de:eb:bc:ad:f6:81:13:67:33:d6:67:
                    e2:6d:ce:f7:48:15:12:01:5b:96:e9:26:e8:2e:0c:
                    7b:1c:0c:38:df:4a:0b:55:e6:1c:e4:6b:ec:fb:52:
                    23:8b:95:1f:a5:94:4e:09:a7:c8:b4:f5:83:89:47:
                    9f:05:19:05:56:5c:53:3c:4d:03:84:93:cb:5d:11:
                    e0:04:bd:92:2c:d2:1c:b0:5b:1e:ee:00:f6:a8:7c:
                    a7:e5:37:69:7c:d1:cf:ee:bf:68:8c:d7:3a:c8:39:
                    ca:23:14:a3:fe:7c:3f:ec:3c:04:95:a4:c6:ee:fb:
                    62:35:b9:e9:9f:cd:04:3a:20:62:35:0a:34:20:79:
                    f1:3c:8e:50:52:e4:a8:0b:4b:59:3d:87:d8:e7:cc:
                    10:b2:ff:a2:e6:d5:04:b1:5a:a7:fd:9c:61:93:0c:
                    98:35:56:46:5d:a1:7c:59:3b:f9:ba:c2:68:32:d3:
                    b5:8d:b8:57:af:97:2a:dd:a2:ce:23:09:39:da:20:
                    3a:11:8f:9c:96:40:18:7d:33:a2:5e:4a:48:90:f7:
                    71:87:33:56:23:16:86:d0:66:7b:4c:c1:91:20:3d:
                    c2:fa:13:d2:ce:b2:8a:62:55:1a:8c:a5:7e:c3:b2:
                    10:74:df:04:ef:e2:22:b8:64:91:57:88:6d:3c:46:
                    57:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:E1:11:87:80:BF:7C:8A:DE:53:59:09:1E:A2:1B:88:25:35:25:5E
            X509v3 Authority Key Identifier:
                keyid:BA:AA:74:8B:A1:4A:76:E5:D8:A6:ED:AC:B5:42:60:82:A5:6F:5E:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqp0i6FKduXYpu2stUJggqVvXj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/a8e45b-17c6-436d-81a8-c5195162e3be/1/Q-ERh4C_fIreU1kJHqIbiCU1JV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/a8e45b-17c6-436d-81a8-c5195162e3be/1/uqp0i6FKduXYpu2stUJggqVvXj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:ccc5::/32

    Signature Algorithm: sha256WithRSAEncryption
         1c:6f:88:62:63:81:2d:74:3f:81:1a:74:eb:0e:e2:75:99:fe:
         d1:a9:c4:7d:87:ee:19:26:51:dc:b8:2f:3f:e8:3f:af:ea:82:
         fb:e9:3a:49:58:19:d1:2e:35:64:97:1a:32:f0:4d:26:74:cb:
         e3:c0:9a:59:be:81:0a:9f:1d:c8:6a:c9:68:c3:15:cd:d7:b4:
         30:76:60:82:cc:e8:2c:9e:f3:49:34:b5:29:1c:3b:c6:5a:b2:
         a0:ac:eb:47:b0:0f:dc:b3:ee:69:b6:04:b0:a5:46:24:2d:a9:
         2d:76:f4:9d:73:dc:23:8c:89:cb:7d:a8:f9:13:3b:c3:12:85:
         c7:a6:28:38:d7:ba:34:6a:72:e9:e1:24:91:b2:9c:7f:3b:c1:
         42:fa:06:4e:02:aa:4e:7a:b9:24:e0:f4:f5:7d:d4:c1:01:2b:
         ee:ca:a5:c7:ee:b1:52:4a:25:49:42:5b:b4:d6:72:43:8c:d2:
         c9:0a:6c:f1:ba:b6:b1:1a:ab:af:fb:5c:dd:d9:3e:ba:12:d1:
         e8:8b:60:d5:5a:50:10:2a:37:a2:68:b7:59:c9:9c:ed:70:ad:
         32:37:46:1b:da:2b:db:66:6e:b3:29:4e:b4:a2:04:a7:96:b2:
         5b:66:a2:c1:9f:e9:97:88:d6:b6:06:96:de:c2:be:65:70:10:
         cc:4e:78:2e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQkRQPkFjexvgt7gykm09ssMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYWE3NDhiYTE0YTc2ZTVkOGE2ZWRhY2I1NDI2MDgyYTU2
ZjVlM2QwHhcNMjUwMTAxMjM0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2UxMTE4NzgwYmY3YzhhZGU1MzU5MDkxZWEyMWI4ODI1MzUyNTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02593uu8rfaBE2cz1mfibc73SBUS
AVuW6SboLgx7HAw430oLVeYc5Gvs+1Iji5UfpZROCafItPWDiUefBRkFVlxTPE0D
hJPLXRHgBL2SLNIcsFse7gD2qHyn5TdpfNHP7r9ojNc6yDnKIxSj/nw/7DwElaTG
7vtiNbnpn80EOiBiNQo0IHnxPI5QUuSoC0tZPYfY58wQsv+i5tUEsVqn/ZxhkwyY
NVZGXaF8WTv5usJoMtO1jbhXr5cq3aLOIwk52iA6EY+clkAYfTOiXkpIkPdxhzNW
IxaG0GZ7TMGRID3C+hPSzrKKYlUajKV+w7IQdN8E7+IiuGSRV4htPEZXjwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEPhEYeAv3yK3lNZCR6iG4glNSVeMB8GA1UdIwQY
MBaAFLqqdIuhSnbl2KbtrLVCYIKlb149MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFwMGk2RktkdVhZcHUyc3RVSmdncVZ2WGowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9hOGU0NWItMTdjNi00MzZkLTgxYTgt
YzUxOTUxNjJlM2JlLzEvUS1FUmg0Q19mSXJlVTFrSkhxSWJpQ1UxSlY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9hOGU0NWItMTdjNi00MzZkLTgxYTgtYzUxOTUxNjJlM2Jl
LzEvdXFwMGk2RktkdVhZcHUyc3RVSmdncVZ2WGowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhPMxTAN
BgkqhkiG9w0BAQsFAAOCAQEAHG+IYmOBLXQ/gRp06w7idZn+0anEfYfuGSZR3Lgv
P+g/r+qC++k6SVgZ0S41ZJcaMvBNJnTL48CaWb6BCp8dyGrJaMMVzde0MHZggszo
LJ7zSTS1KRw7xlqyoKzrR7AP3LPuabYEsKVGJC2pLXb0nXPcI4yJy32o+RM7wxKF
x6YoONe6NGpy6eEkkbKcfzvBQvoGTgKqTnq5JOD09X3UwQEr7sqlx+6xUkolSUJb
tNZyQ4zSyQps8bq2sRqrr/tc3dk+uhLR6Itg1VpQECo3omi3Wcmc7XCtMjdGG9or
22ZusylOtKIEp5ayW2aiwZ/pl4jWtgaW3sK+ZXAQzE54Lg==
-----END CERTIFICATE-----