Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/7c9fcc-8fce-44b7-b6bf-11776031415f/1/vUbJMOIYeHF5tekXx2ov5VAjxfc.roa
File:                     vUbJMOIYeHF5tekXx2ov5VAjxfc.roa (raw, json)
Hash identifier:          FS7Fil/iuZVeF4Jy7H/4V4R+rbeX8r0yC7AYMcGeH/Q=
Subject key identifier:   BD:46:C9:30:E2:18:78:71:79:B5:E9:17:C7:6A:2F:E5:50:23:C5:F7
Certificate issuer:       /CN=5754d19527fd85d0d444acadd44a01655fdc7400
Certificate serial:       019420D63F713623DB6E568F532E79EE3309
Authority key identifier: 57:54:D1:95:27:FD:85:D0:D4:44:AC:AD:D4:4A:01:65:5F:DC:74:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V1TRlSf9hdDURKyt1EoBZV_cdAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/7c9fcc-8fce-44b7-b6bf-11776031415f/1/vUbJMOIYeHF5tekXx2ov5VAjxfc.roa
Signing time:             Wed 01 Jan 2025 07:48:19 +0000
ROA not before:           Wed 01 Jan 2025 07:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13445
IP address blocks:        2a00:a640:10a0::/44 maxlen: 48
                          2a00:a640:20a0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/7c9fcc-8fce-44b7-b6bf-11776031415f/1/V1TRlSf9hdDURKyt1EoBZV_cdAA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/7c9fcc-8fce-44b7-b6bf-11776031415f/1/V1TRlSf9hdDURKyt1EoBZV_cdAA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V1TRlSf9hdDURKyt1EoBZV_cdAA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:3f:71:36:23:db:6e:56:8f:53:2e:79:ee:33:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5754d19527fd85d0d444acadd44a01655fdc7400
        Validity
            Not Before: Jan  1 07:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd46c930e218787179b5e917c76a2fe55023c5f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:2f:13:61:c8:70:80:b2:c2:9c:17:13:96:3f:
                    80:aa:13:ab:ad:86:a8:bb:f9:ae:c9:8f:73:17:61:
                    aa:cd:2f:7b:98:53:07:84:c1:62:66:25:50:8e:35:
                    a9:55:a5:c9:64:f1:d2:b8:a4:77:6f:9a:b7:08:04:
                    04:b8:71:09:a3:34:48:85:9e:c7:e2:c5:d5:07:5a:
                    6c:01:2a:47:7b:0e:d2:ef:74:cd:bb:2c:9f:f8:12:
                    10:c8:95:af:53:41:9f:25:c6:70:97:4f:fa:d1:51:
                    96:97:c8:5e:96:9f:0a:31:12:58:d1:c1:54:48:db:
                    0c:12:8c:0a:77:83:01:48:93:e5:93:b2:93:d6:80:
                    aa:30:71:2b:57:c0:92:a1:76:fb:bf:24:ea:d2:a4:
                    cf:49:6b:7f:2e:49:0f:2b:59:42:03:3f:a5:23:39:
                    f4:58:ac:e5:08:b5:e3:4f:63:54:f7:75:1f:3a:48:
                    44:80:e7:1b:44:53:45:95:1e:70:f5:4c:29:6d:7c:
                    91:9e:5a:97:a0:0d:46:9b:5d:4e:7a:7b:e0:e3:68:
                    fd:02:09:c9:58:fe:13:da:53:97:0b:f2:ca:64:d6:
                    c4:c2:e2:34:a1:7f:49:48:cd:dd:47:81:a4:21:b1:
                    5d:9a:cc:55:c9:9f:0e:65:36:9e:ae:d2:c6:26:40:
                    e9:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:46:C9:30:E2:18:78:71:79:B5:E9:17:C7:6A:2F:E5:50:23:C5:F7
            X509v3 Authority Key Identifier:
                keyid:57:54:D1:95:27:FD:85:D0:D4:44:AC:AD:D4:4A:01:65:5F:DC:74:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1TRlSf9hdDURKyt1EoBZV_cdAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/7c9fcc-8fce-44b7-b6bf-11776031415f/1/vUbJMOIYeHF5tekXx2ov5VAjxfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/7c9fcc-8fce-44b7-b6bf-11776031415f/1/V1TRlSf9hdDURKyt1EoBZV_cdAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:a640:10a0::/44
                  2a00:a640:20a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         96:2a:36:d8:5d:88:ae:ed:e5:35:db:ca:91:ba:ce:32:b9:ee:
         02:dc:4d:61:b4:0b:dc:0a:19:16:5b:7a:c6:45:c1:22:d4:5c:
         9c:29:68:a6:bc:c5:4c:c5:f1:4b:0a:00:e1:56:89:41:62:cf:
         cc:dc:22:78:ff:0a:4c:e8:38:44:ba:41:ad:21:b4:71:8c:be:
         2b:ab:f7:fb:8c:3a:ab:70:74:58:1e:1d:67:67:23:6d:44:ea:
         ea:f2:e0:4d:92:ba:d8:bd:87:91:c8:1a:73:cf:a7:f7:25:ee:
         0c:70:6b:63:af:58:50:bf:23:75:4c:c6:35:47:03:ab:5c:d6:
         06:14:6a:f4:4f:0d:86:cb:a4:4a:d1:b5:7c:62:d0:d2:a7:01:
         b7:8e:72:7c:e3:66:c1:cb:d5:44:d0:12:c9:00:3c:3e:bd:33:
         5a:89:0a:78:9f:ca:75:67:15:47:c8:95:81:54:ed:28:b9:31:
         22:77:7f:1e:c1:b8:35:f0:db:34:e0:fc:78:09:78:2a:d6:78:
         a6:77:98:4d:e1:0a:52:33:59:11:e3:4d:d7:a7:1e:93:b4:4e:
         e9:ae:1e:55:bb:9c:a8:93:32:88:32:84:a0:22:a9:44:46:7e:
         4f:aa:20:88:6f:e3:20:bf:e5:25:01:77:76:a3:30:b6:5a:a2:
         ae:c6:b6:e1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQg1j9xNiPbblaPUy557jMJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NTRkMTk1MjdmZDg1ZDBkNDQ0YWNhZGQ0NGEwMTY1NWZk
Yzc0MDAwHhcNMjUwMTAxMDc0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDQ2YzkzMGUyMTg3ODcxNzliNWU5MTdjNzZhMmZlNTUwMjNjNWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqC8TYchwgLLCnBcTlj+AqhOrrYao
u/muyY9zF2GqzS97mFMHhMFiZiVQjjWpVaXJZPHSuKR3b5q3CAQEuHEJozRIhZ7H
4sXVB1psASpHew7S73TNuyyf+BIQyJWvU0GfJcZwl0/60VGWl8help8KMRJY0cFU
SNsMEowKd4MBSJPlk7KT1oCqMHErV8CSoXb7vyTq0qTPSWt/LkkPK1lCAz+lIzn0
WKzlCLXjT2NU93UfOkhEgOcbRFNFlR5w9UwpbXyRnlqXoA1Gm11Oenvg42j9AgnJ
WP4T2lOXC/LKZNbEwuI0oX9JSM3dR4GkIbFdmsxVyZ8OZTaertLGJkDp9wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL1GyTDiGHhxebXpF8dqL+VQI8X3MB8GA1UdIwQY
MBaAFFdU0ZUn/YXQ1ESsrdRKAWVf3HQAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFUUmxTZjloZERVUkt5dDFFb0JaVl9jZEFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS83YzlmY2MtOGZjZS00NGI3LWI2YmYt
MTE3NzYwMzE0MTVmLzEvdlViSk1PSVllSEY1dGVrWHgyb3Y1VkFqeGZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS83YzlmY2MtOGZjZS00NGI3LWI2YmYtMTE3NzYwMzE0MTVm
LzEvVjFUUmxTZjloZERVUkt5dDFFb0JaVl9jZEFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKgCmQBCg
AwcEKgCmQCCgMA0GCSqGSIb3DQEBCwUAA4IBAQCWKjbYXYiu7eU128qRus4yue4C
3E1htAvcChkWW3rGRcEi1FycKWimvMVMxfFLCgDhVolBYs/M3CJ4/wpM6DhEukGt
IbRxjL4rq/f7jDqrcHRYHh1nZyNtROrq8uBNkrrYvYeRyBpzz6f3Je4McGtjr1hQ
vyN1TMY1RwOrXNYGFGr0Tw2Gy6RK0bV8YtDSpwG3jnJ842bBy9VE0BLJADw+vTNa
iQp4n8p1ZxVHyJWBVO0ouTEid38ewbg18Ns04Px4CXgq1nimd5hN4QpSM1kR403X
px6TtE7prh5Vu5yokzKIMoSgIqlERn5PqiCIb+Mgv+UlAXd2ozC2WqKuxrbh
-----END CERTIFICATE-----