Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/pun04S8PJLiec3KmUI5nMW8lD_A.roa
File:                     pun04S8PJLiec3KmUI5nMW8lD_A.roa (raw, json)
Hash identifier:          6Tumawphhj8GgdSPIhoUdOCLjbhHz3FfGCu5o7Kmg20=
Subject key identifier:   A6:E9:F4:E1:2F:0F:24:B8:9E:73:72:A6:50:8E:67:31:6F:25:0F:F0
Certificate issuer:       /CN=8ef8c471e83b14fc6c6cc7cfc96c1ac3e3087eae
Certificate serial:       019426D96DF962CC3DF7E5E6102FFB431F81
Authority key identifier: 8E:F8:C4:71:E8:3B:14:FC:6C:6C:C7:CF:C9:6C:1A:C3:E3:08:7E:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jvjEceg7FPxsbMfPyWwaw-MIfq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/pun04S8PJLiec3KmUI5nMW8lD_A.roa
Signing time:             Thu 02 Jan 2025 11:49:31 +0000
ROA not before:           Thu 02 Jan 2025 11:49:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216238
IP address blocks:        2a13:f1c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/jvjEceg7FPxsbMfPyWwaw-MIfq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/jvjEceg7FPxsbMfPyWwaw-MIfq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jvjEceg7FPxsbMfPyWwaw-MIfq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:6d:f9:62:cc:3d:f7:e5:e6:10:2f:fb:43:1f:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ef8c471e83b14fc6c6cc7cfc96c1ac3e3087eae
        Validity
            Not Before: Jan  2 11:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6e9f4e12f0f24b89e7372a6508e67316f250ff0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:e1:99:a8:ae:8e:56:3c:31:39:bd:50:c9:7f:
                    09:cd:62:23:b4:82:c4:4c:c6:37:51:15:1a:77:7d:
                    81:02:da:37:8f:dc:79:a2:5b:35:52:e8:3b:5f:8b:
                    f4:5b:ee:c4:cb:33:f0:c4:56:9e:fe:da:c6:af:87:
                    2c:11:f6:13:16:65:05:e2:21:df:6e:36:39:02:49:
                    bc:7c:09:74:7c:13:42:a6:54:2e:6c:53:50:15:60:
                    3b:28:ff:03:98:09:61:0b:84:27:c2:32:a5:cc:07:
                    3f:e6:7b:bf:ed:81:43:74:35:64:b0:e4:e8:f4:df:
                    d4:d0:c1:4c:c6:ac:03:cf:6c:b0:13:3a:07:e7:ed:
                    72:a2:9b:2c:f1:98:8f:2a:68:7e:b9:2a:33:08:51:
                    c6:5f:da:cc:30:1e:5d:17:a4:41:4a:24:6d:d9:12:
                    db:62:43:10:34:bd:43:c8:56:98:32:9f:54:5e:9d:
                    d2:85:35:e7:2f:68:15:f3:c8:86:1f:6b:95:4a:be:
                    19:5b:23:c1:da:11:4e:9b:0c:ec:79:c5:a1:bd:ba:
                    e4:2a:07:4a:67:a2:ac:ec:07:15:8e:87:bd:a4:2e:
                    86:fe:08:fa:80:fd:3b:7e:45:bd:b3:44:78:a2:74:
                    8a:26:58:2f:24:d4:fb:b9:06:0c:94:23:5f:69:7c:
                    b5:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:E9:F4:E1:2F:0F:24:B8:9E:73:72:A6:50:8E:67:31:6F:25:0F:F0
            X509v3 Authority Key Identifier:
                keyid:8E:F8:C4:71:E8:3B:14:FC:6C:6C:C7:CF:C9:6C:1A:C3:E3:08:7E:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jvjEceg7FPxsbMfPyWwaw-MIfq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/pun04S8PJLiec3KmUI5nMW8lD_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/jvjEceg7FPxsbMfPyWwaw-MIfq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:f1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:00:49:bd:86:be:1a:18:d0:00:e9:16:14:fb:ae:cb:bb:e7:
         b7:c5:5a:dc:fd:3d:d6:ac:33:e3:43:25:23:56:d3:01:1b:34:
         ee:42:6d:7d:a5:33:b6:59:e1:eb:fc:37:21:1f:f0:a1:33:88:
         dd:97:b9:60:2c:62:54:31:8b:f8:57:fb:75:0a:a2:bf:07:e8:
         31:f1:f0:3d:b2:84:06:35:b7:db:85:71:f1:bd:4c:bd:b8:69:
         33:19:34:08:b6:25:0f:5c:0c:f3:53:fe:e9:50:79:66:90:0b:
         0a:62:32:13:a5:e2:c5:f5:dc:9c:cf:14:7f:f9:75:44:93:d7:
         af:25:ca:a1:94:4c:16:fd:07:84:88:13:7e:d0:e5:95:4d:9a:
         d7:0f:33:64:36:5d:e8:5e:33:4a:c0:01:97:5c:53:3d:44:8a:
         be:6a:f9:fb:91:4a:48:ab:de:44:3b:5a:f0:9d:d7:51:fd:52:
         fb:35:8a:27:f9:72:35:89:16:1f:33:76:a1:6d:9d:3e:d9:14:
         d1:2c:e7:e6:1c:5b:b3:6e:06:b9:66:e1:d2:aa:dd:16:f7:11:
         c7:15:67:8d:84:c8:5d:d6:ba:f9:61:c2:ae:e6:aa:e1:f4:84:
         ac:94:26:2c:36:c2:4d:0f:7a:dd:4b:a6:2f:e5:c5:cf:91:12:
         99:be:24:89
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQm2W35Ysw99+XmEC/7Qx+BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlZjhjNDcxZTgzYjE0ZmM2YzZjYzdjZmM5NmMxYWMzZTMw
ODdlYWUwHhcNMjUwMTAyMTE0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmU5ZjRlMTJmMGYyNGI4OWU3MzcyYTY1MDhlNjczMTZmMjUwZmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApeGZqK6OVjwxOb1QyX8JzWIjtILE
TMY3URUad32BAto3j9x5ols1Uug7X4v0W+7EyzPwxFae/trGr4csEfYTFmUF4iHf
bjY5Akm8fAl0fBNCplQubFNQFWA7KP8DmAlhC4QnwjKlzAc/5nu/7YFDdDVksOTo
9N/U0MFMxqwDz2ywEzoH5+1yopss8ZiPKmh+uSozCFHGX9rMMB5dF6RBSiRt2RLb
YkMQNL1DyFaYMp9UXp3ShTXnL2gV88iGH2uVSr4ZWyPB2hFOmwzsecWhvbrkKgdK
Z6Ks7AcVjoe9pC6G/gj6gP07fkW9s0R4onSKJlgvJNT7uQYMlCNfaXy1VwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKbp9OEvDyS4nnNyplCOZzFvJQ/wMB8GA1UdIwQY
MBaAFI74xHHoOxT8bGzHz8lsGsPjCH6uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanZqRWNlZzdGUHhzYk1mUHlXd2F3LU1JZnE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS84ZjJhZDgtNmE0OC00MjNjLWJlNDEt
MTM4YTcxMTdkZTM2LzEvcHVuMDRTOFBKTGllYzNLbVVJNW5NVzhsRF9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS84ZjJhZDgtNmE0OC00MjNjLWJlNDEtMTM4YTcxMTdkZTM2
LzEvanZqRWNlZzdGUHhzYk1mUHlXd2F3LU1JZnE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPxwDAN
BgkqhkiG9w0BAQsFAAOCAQEAVQBJvYa+GhjQAOkWFPuuy7vnt8Va3P091qwz40Ml
I1bTARs07kJtfaUztlnh6/w3IR/woTOI3Ze5YCxiVDGL+Ff7dQqivwfoMfHwPbKE
BjW324Vx8b1MvbhpMxk0CLYlD1wM81P+6VB5ZpALCmIyE6XixfXcnM8Uf/l1RJPX
ryXKoZRMFv0HhIgTftDllU2a1w8zZDZd6F4zSsABl1xTPUSKvmr5+5FKSKveRDta
8J3XUf1S+zWKJ/lyNYkWHzN2oW2dPtkU0Szn5hxbs24GuWbh0qrdFvcRxxVnjYTI
Xda6+WHCruaq4fSErJQmLDbCTQ963UumL+XFz5ESmb4kiQ==
-----END CERTIFICATE-----