Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/4w0YF9lO50MzXLuOPH80v5OnJwk.roa
File:                     4w0YF9lO50MzXLuOPH80v5OnJwk.roa (raw, json)
Hash identifier:          UKbtTNCLFj5rwPPuaoV8vClCWDgozlk7DGm+pj/D3nE=
Subject key identifier:   E3:0D:18:17:D9:4E:E7:43:33:5C:BB:8E:3C:7F:34:BF:93:A7:27:09
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       01951E6FDE6B5D0FE7AA66B8F77E7CC409A6
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/4w0YF9lO50MzXLuOPH80v5OnJwk.roa
Signing time:             Wed 19 Feb 2025 13:40:02 +0000
ROA not before:           Wed 19 Feb 2025 13:40:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213091
IP address blocks:        2a03:5840:122::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1e:6f:de:6b:5d:0f:e7:aa:66:b8:f7:7e:7c:c4:09:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Feb 19 13:40:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e30d1817d94ee743335cbb8e3c7f34bf93a72709
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:80:61:0a:b0:9e:e0:cf:64:f8:3e:25:c1:f4:
                    bb:83:61:9c:cb:ed:40:e1:8c:67:00:a8:09:3c:30:
                    90:cd:6c:f9:b3:2e:e3:6b:96:2c:1a:4d:1a:41:8f:
                    b7:e8:42:8f:46:c3:e2:76:e9:94:5d:18:ef:81:ff:
                    30:26:9e:c3:85:ca:9e:25:6c:46:3c:4e:41:ee:f7:
                    4e:9d:00:58:6e:9c:cf:9b:80:f7:77:cb:2f:a2:34:
                    79:10:9c:cb:d7:b1:2c:21:1f:8c:e5:95:91:dc:10:
                    d0:68:3f:e4:81:d8:ed:41:cc:2b:23:eb:01:59:28:
                    97:ea:3d:fe:3d:58:01:4f:ac:f5:bc:7f:26:3e:d1:
                    fa:ef:ee:4f:d6:0d:5b:db:7c:f1:bf:3e:ab:6a:c6:
                    bd:bf:d3:96:c6:38:19:03:5b:5e:0b:c0:60:a7:99:
                    ee:10:27:3c:ff:39:e4:f5:cc:be:e7:36:d7:d1:46:
                    81:52:eb:8e:ca:2d:55:06:56:71:fd:22:0e:fb:20:
                    aa:49:fd:3f:58:4b:aa:a5:e3:eb:91:af:05:21:50:
                    af:37:f0:96:f5:c3:a9:5f:8f:93:72:75:89:8e:9b:
                    50:69:41:34:41:92:98:92:73:7f:8f:38:fd:e7:57:
                    7f:60:54:87:38:87:47:ec:22:4c:82:9c:4f:b1:98:
                    f9:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:0D:18:17:D9:4E:E7:43:33:5C:BB:8E:3C:7F:34:BF:93:A7:27:09
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/4w0YF9lO50MzXLuOPH80v5OnJwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:122::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:cf:99:9f:6c:61:1b:83:5e:1f:65:2f:21:26:ca:15:e6:ca:
         52:db:19:fe:85:af:b9:77:a3:f3:23:26:5d:b1:3d:c2:f2:d2:
         c5:49:86:03:01:c1:96:03:b3:2a:6f:ec:5a:c4:42:9e:87:1e:
         a7:00:dd:c4:fe:cc:ed:29:ae:cb:85:0f:5a:c5:e6:21:4b:af:
         85:6c:45:c8:a3:68:eb:5b:51:f1:7f:4e:06:ab:a9:ff:7c:05:
         ff:33:ec:f3:5b:c8:90:16:39:b8:57:cb:a8:21:0c:9d:8d:39:
         69:8e:59:6f:48:3c:de:b2:1b:5b:fb:01:b3:7d:13:8d:0b:b5:
         98:7c:64:97:ba:1c:85:d6:8e:63:9b:80:e6:e9:77:a8:3a:cd:
         f0:78:01:10:50:80:82:78:78:0f:a6:0f:5b:20:b5:1f:1e:78:
         ad:6e:ab:9b:16:e0:1c:d6:a3:0a:6b:48:ec:91:6d:54:d8:0b:
         c9:ce:f1:59:73:d6:60:c3:a1:e5:84:c3:0b:98:6e:5f:62:e0:
         3f:52:b4:a8:61:4f:b2:fc:0c:21:5c:94:f6:37:8b:a7:54:02:
         59:7a:78:35:01:f4:2b:2c:15:e5:e0:29:70:77:c9:8a:10:71:
         34:8c:ad:2d:76:54:26:d2:56:4e:73:7b:f7:1a:cc:77:e1:67:
         a1:2b:67:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZUeb95rXQ/nqma49358xAmmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjUwMjE5MTM0MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzBkMTgxN2Q5NGVlNzQzMzM1Y2JiOGUzYzdmMzRiZjkzYTcyNzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4BhCrCe4M9k+D4lwfS7g2Gcy+1A
4YxnAKgJPDCQzWz5sy7ja5YsGk0aQY+36EKPRsPidumUXRjvgf8wJp7DhcqeJWxG
PE5B7vdOnQBYbpzPm4D3d8svojR5EJzL17EsIR+M5ZWR3BDQaD/kgdjtQcwrI+sB
WSiX6j3+PVgBT6z1vH8mPtH67+5P1g1b23zxvz6rasa9v9OWxjgZA1teC8Bgp5nu
ECc8/znk9cy+5zbX0UaBUuuOyi1VBlZx/SIO+yCqSf0/WEuqpePrka8FIVCvN/CW
9cOpX4+TcnWJjptQaUE0QZKYknN/jzj951d/YFSHOIdH7CJMgpxPsZj5RwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOMNGBfZTudDM1y7jjx/NL+TpycJMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvNHcwWUY5bE81ME16WEx1T1BIODB2NU9uSndrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAEi
MA0GCSqGSIb3DQEBCwUAA4IBAQBQz5mfbGEbg14fZS8hJsoV5spS2xn+ha+5d6Pz
IyZdsT3C8tLFSYYDAcGWA7Mqb+xaxEKehx6nAN3E/sztKa7LhQ9axeYhS6+FbEXI
o2jrW1Hxf04Gq6n/fAX/M+zzW8iQFjm4V8uoIQydjTlpjllvSDzeshtb+wGzfRON
C7WYfGSXuhyF1o5jm4Dm6XeoOs3weAEQUICCeHgPpg9bILUfHnitbqubFuAc1qMK
a0jskW1U2AvJzvFZc9Zgw6HlhMMLmG5fYuA/UrSoYU+y/AwhXJT2N4unVAJZeng1
AfQrLBXl4Clwd8mKEHE0jK0tdlQm0lZOc3v3Gsx34WehK2eW
-----END CERTIFICATE-----