Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/dSSeeBpgxumBIOIgRUYKo-rlKWo.roa
File:                     dSSeeBpgxumBIOIgRUYKo-rlKWo.roa (raw, json)
Hash identifier:          lmpXcJ+CKLXvZjyKRCwdgP6g8fKXZFHNIaapVhOrY50=
Subject key identifier:   75:24:9E:78:1A:60:C6:E9:81:20:E2:20:45:46:0A:A3:EA:E5:29:6A
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       0194221F6C56EB88ED04ADAC3F27E5B118CF
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/dSSeeBpgxumBIOIgRUYKo-rlKWo.roa
Signing time:             Wed 01 Jan 2025 13:47:52 +0000
ROA not before:           Wed 01 Jan 2025 13:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35471
IP address blocks:        2a02:d80::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:6c:56:eb:88:ed:04:ad:ac:3f:27:e5:b1:18:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Jan  1 13:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75249e781a60c6e98120e22045460aa3eae5296a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:5f:2a:ba:08:f4:ec:3f:16:f6:36:1b:78:cb:
                    c3:11:b5:99:5e:c8:31:7b:e5:29:ff:ed:57:1a:79:
                    53:8a:ef:58:b1:b7:9a:76:b9:48:35:e2:3e:5f:57:
                    af:e4:e7:1b:69:54:08:dc:56:a6:bb:28:8d:c0:67:
                    4f:12:33:32:03:af:04:62:85:63:8c:ae:a0:56:5d:
                    7b:c8:9b:9c:79:ec:d2:e4:f5:6f:05:94:ba:11:d5:
                    e1:a5:9f:19:51:1b:02:e5:c2:ee:82:d0:3c:c6:ee:
                    07:1e:e9:aa:be:63:5b:be:04:2b:a1:14:b8:3b:0d:
                    d3:3a:ad:e2:f9:fa:f6:eb:43:f6:a5:f2:96:65:57:
                    c2:b3:21:e0:b9:c8:fa:8e:b8:1e:20:ab:6f:03:f6:
                    59:0e:33:6f:da:e5:b2:fd:3c:ac:8f:63:b5:45:bb:
                    49:80:19:0c:06:d7:d4:e1:52:5c:7d:61:f6:d8:aa:
                    ce:a0:b8:ef:b9:08:e8:40:5e:a0:1c:cb:69:de:43:
                    69:3d:65:5f:08:1e:14:33:2a:ff:89:17:2e:8f:52:
                    80:fa:7d:52:1a:c0:88:f2:72:01:be:35:e5:dd:9d:
                    b5:8f:b1:dd:4a:ba:57:df:02:c2:a0:b0:73:db:83:
                    64:12:f9:1e:12:bc:49:74:9f:26:2e:03:bc:95:29:
                    fd:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:24:9E:78:1A:60:C6:E9:81:20:E2:20:45:46:0A:A3:EA:E5:29:6A
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/dSSeeBpgxumBIOIgRUYKo-rlKWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:41:de:44:40:d3:37:7e:42:68:d2:fb:07:91:76:c0:7b:f3:
         68:8b:13:39:bd:0f:3e:2f:e1:68:ea:96:ef:25:72:38:d1:ea:
         0e:d7:88:cd:9a:42:37:75:35:f3:dc:57:c2:20:c5:ef:1a:ec:
         a1:ab:10:74:1b:f9:16:f2:fe:e4:b8:74:89:ae:26:87:bd:ec:
         30:e5:1c:72:d8:a4:6e:9b:50:f3:10:75:af:af:5b:c0:68:07:
         c5:d8:4f:ce:7f:3b:8d:f5:f9:c1:7b:ae:dc:2e:49:ba:9c:61:
         5e:c8:9f:49:12:02:4f:c2:07:51:c0:4b:12:d3:03:8a:fe:db:
         a0:44:56:22:2a:f6:d7:a4:99:9a:0b:7a:2c:69:71:07:02:c3:
         94:4f:dc:8c:60:56:e7:a3:ac:9f:29:8e:da:27:c8:ce:97:5d:
         7d:95:2d:e7:75:2e:a5:0b:63:ce:6f:5e:b4:67:50:7b:8b:29:
         38:ae:40:e5:64:1d:3a:29:f4:83:6f:f1:a6:fc:28:e4:a2:d4:
         c0:b5:b8:96:fe:ec:ce:44:9b:d4:e2:02:41:14:a2:3a:e8:35:
         70:88:9e:f7:d6:d0:eb:03:0e:ad:ea:d4:bb:fd:bf:4d:46:d0:
         5e:23:2d:6e:e3:70:b9:53:7e:07:92:1f:6c:f5:82:17:4a:08:
         e2:d0:c8:51
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQiH2xW64jtBK2sPyflsRjPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjUwMTAxMTM0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTI0OWU3ODFhNjBjNmU5ODEyMGUyMjA0NTQ2MGFhM2VhZTUyOTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApl8qugj07D8W9jYbeMvDEbWZXsgx
e+Up/+1XGnlTiu9YsbeadrlINeI+X1ev5OcbaVQI3FamuyiNwGdPEjMyA68EYoVj
jK6gVl17yJuceezS5PVvBZS6EdXhpZ8ZURsC5cLugtA8xu4HHumqvmNbvgQroRS4
Ow3TOq3i+fr260P2pfKWZVfCsyHgucj6jrgeIKtvA/ZZDjNv2uWy/Tysj2O1RbtJ
gBkMBtfU4VJcfWH22KrOoLjvuQjoQF6gHMtp3kNpPWVfCB4UMyr/iRcuj1KA+n1S
GsCI8nIBvjXl3Z21j7HdSrpX3wLCoLBz24NkEvkeErxJdJ8mLgO8lSn9GQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHUknngaYMbpgSDiIEVGCqPq5SlqMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvZFNTZWVCcGd4dW1CSU9JZ1JVWUtvLXJsS1dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgINgDAN
BgkqhkiG9w0BAQsFAAOCAQEAR0HeREDTN35CaNL7B5F2wHvzaIsTOb0PPi/haOqW
7yVyONHqDteIzZpCN3U189xXwiDF7xrsoasQdBv5FvL+5Lh0ia4mh73sMOUcctik
bptQ8xB1r69bwGgHxdhPzn87jfX5wXuu3C5JupxhXsifSRICT8IHUcBLEtMDiv7b
oERWIir216SZmgt6LGlxBwLDlE/cjGBW56OsnymO2ifIzpddfZUt53UupQtjzm9e
tGdQe4spOK5A5WQdOin0g2/xpvwo5KLUwLW4lv7szkSb1OICQRSiOug1cIie99bQ
6wMOrerUu/2/TUbQXiMtbuNwuVN+B5IfbPWCF0oI4tDIUQ==
-----END CERTIFICATE-----