Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/Q4reaRyzxdlr2J3p-E7N3TijG90.roa
File:                     Q4reaRyzxdlr2J3p-E7N3TijG90.roa (raw, json)
Hash identifier:          /yxNBaJLXZrSF/MyIlaBqDEhy23fudEAJpVMYlkUVGA=
Subject key identifier:   43:8A:DE:69:1C:B3:C5:D9:6B:D8:9D:E9:F8:4E:CD:DD:38:A3:1B:DD
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       0196EEC80E42C785D51A7991E162573F7070
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/Q4reaRyzxdlr2J3p-E7N3TijG90.roa
Signing time:             Tue 20 May 2025 17:40:10 +0000
ROA not before:           Tue 20 May 2025 17:40:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50340
IP address blocks:        2a0e:8086::/36 maxlen: 36
                          2a0e:8086:1000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ee:c8:0e:42:c7:85:d5:1a:79:91:e1:62:57:3f:70:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: May 20 17:40:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=438ade691cb3c5d96bd89de9f84ecddd38a31bdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:27:a0:0c:75:d5:25:f1:6d:36:3e:dc:6c:c5:
                    8b:1b:2f:f1:34:e0:b1:7a:96:9e:6b:9b:0b:07:aa:
                    67:ae:28:4c:59:3c:56:c8:fa:eb:26:a3:51:f8:45:
                    72:6a:86:e2:b4:99:97:ce:7b:42:16:72:74:29:36:
                    da:11:a9:34:8a:d8:bd:b6:35:7c:37:f8:5c:61:68:
                    a6:b3:6d:05:74:10:e4:f0:6e:e2:9e:37:a6:33:ef:
                    2c:51:c9:32:57:76:61:5b:7a:b5:31:09:95:fa:97:
                    e6:02:f5:29:2e:bd:3d:20:df:ce:64:ed:04:8f:c4:
                    1e:b2:75:ef:84:11:53:ea:ba:56:fe:f8:99:00:b4:
                    3c:ea:75:7e:d0:4a:33:3f:74:af:01:fd:63:85:70:
                    55:a4:d4:2a:2c:d4:2b:b7:1a:00:b8:b6:6b:bb:68:
                    ca:0d:bb:a3:f1:96:34:47:8d:f6:09:d7:e0:fb:cb:
                    e4:63:16:94:34:e1:a7:02:59:23:48:9a:7f:af:91:
                    af:4c:6e:b8:c2:bd:a3:bc:0b:08:96:9f:2e:ac:87:
                    8a:c9:d0:cf:af:f7:4c:bd:6b:a7:08:d6:3d:86:c3:
                    50:9a:e2:b8:22:2a:3d:f7:3f:3c:da:d0:08:b2:07:
                    1a:ba:9a:11:92:14:c1:9e:11:2d:89:fa:c3:ff:6f:
                    5b:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:8A:DE:69:1C:B3:C5:D9:6B:D8:9D:E9:F8:4E:CD:DD:38:A3:1B:DD
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/Q4reaRyzxdlr2J3p-E7N3TijG90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8086::/35

    Signature Algorithm: sha256WithRSAEncryption
         1a:cf:63:93:3e:2f:b2:c9:b1:e5:f4:e1:c9:63:a7:72:54:61:
         69:e6:40:82:eb:3e:a4:6b:3d:14:e7:aa:f5:63:cd:d2:f6:cf:
         64:3d:c9:97:70:31:73:78:24:12:67:b6:6f:d7:bf:08:dc:15:
         7f:a0:65:45:d4:97:35:d2:06:b2:ed:24:93:f6:07:e5:4b:44:
         b1:ff:90:a3:1a:bf:a5:3b:b4:ab:65:28:54:55:22:58:29:5e:
         12:c2:25:7f:fa:50:de:72:15:86:56:a8:3a:72:cd:73:02:61:
         43:7b:5c:95:64:e7:01:97:fc:4c:4e:fe:5e:4e:df:c6:4f:19:
         20:e7:37:a4:25:0b:0f:37:7f:40:ea:64:ba:73:e4:c1:e0:9f:
         b4:e7:a4:bb:e5:92:f3:03:27:c2:5b:39:e8:af:01:a5:e9:4b:
         0a:13:75:84:62:fc:84:7e:1d:f9:3d:1b:78:70:1f:a6:ea:d8:
         49:5a:eb:04:54:5b:53:21:0d:11:80:92:ca:dd:02:37:85:dd:
         f4:a3:68:61:92:c1:9d:09:f3:ae:9c:8c:8a:a0:14:ab:ab:e0:
         59:c9:73:a6:b3:b9:54:ea:3c:c2:c9:90:b4:72:af:31:ac:4c:
         70:d4:a5:6e:c6:e1:0a:29:bd:6b:5b:fe:c6:29:19:fb:02:a2:
         b2:bb:6c:f1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZbuyA5Cx4XVGnmR4WJXP3BwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjUwNTIwMTc0MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzhhZGU2OTFjYjNjNWQ5NmJkODlkZTlmODRlY2RkZDM4YTMxYmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSegDHXVJfFtNj7cbMWLGy/xNOCx
epaea5sLB6pnrihMWTxWyPrrJqNR+EVyaobitJmXzntCFnJ0KTbaEak0iti9tjV8
N/hcYWims20FdBDk8G7injemM+8sUckyV3ZhW3q1MQmV+pfmAvUpLr09IN/OZO0E
j8QesnXvhBFT6rpW/viZALQ86nV+0EozP3SvAf1jhXBVpNQqLNQrtxoAuLZru2jK
Dbuj8ZY0R432Cdfg+8vkYxaUNOGnAlkjSJp/r5GvTG64wr2jvAsIlp8urIeKydDP
r/dMvWunCNY9hsNQmuK4Iio99z882tAIsgcaupoRkhTBnhEtifrD/29bxwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEOK3mkcs8XZa9id6fhOzd04oxvdMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvUTRyZWFSeXp4ZGxyMkozcC1FN04zVGlqRzkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYFKg6AhgAw
DQYJKoZIhvcNAQELBQADggEBABrPY5M+L7LJseX04cljp3JUYWnmQILrPqRrPRTn
qvVjzdL2z2Q9yZdwMXN4JBJntm/XvwjcFX+gZUXUlzXSBrLtJJP2B+VLRLH/kKMa
v6U7tKtlKFRVIlgpXhLCJX/6UN5yFYZWqDpyzXMCYUN7XJVk5wGX/ExO/l5O38ZP
GSDnN6QlCw83f0DqZLpz5MHgn7TnpLvlkvMDJ8JbOeivAaXpSwoTdYRi/IR+Hfk9
G3hwH6bq2Ela6wRUW1MhDRGAksrdAjeF3fSjaGGSwZ0J866cjIqgFKur4FnJc6az
uVTqPMLJkLRyrzGsTHDUpW7G4QopvWtb/sYpGfsCorK7bPE=
-----END CERTIFICATE-----