Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/7c9fcc-8fce-44b7-b6bf-11776031415f/1/xNZWfqccja7LEzzsCPXt2kCUZHI.roa
File:                     xNZWfqccja7LEzzsCPXt2kCUZHI.roa (raw, json)
Hash identifier:          CImiLSKCWjj4ejMFlk2AWyWI5BHASdKwUNBHMBfHsYc=
Subject key identifier:   C4:D6:56:7E:A7:1C:8D:AE:CB:13:3C:EC:08:F5:ED:DA:40:94:64:72
Certificate issuer:       /CN=5754d19527fd85d0d444acadd44a01655fdc7400
Certificate serial:       019420D64053BA82E000C65BFF58FDD35E68
Authority key identifier: 57:54:D1:95:27:FD:85:D0:D4:44:AC:AD:D4:4A:01:65:5F:DC:74:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V1TRlSf9hdDURKyt1EoBZV_cdAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/7c9fcc-8fce-44b7-b6bf-11776031415f/1/xNZWfqccja7LEzzsCPXt2kCUZHI.roa
Signing time:             Wed 01 Jan 2025 07:48:19 +0000
ROA not before:           Wed 01 Jan 2025 07:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2a00:a640:10a0::/44 maxlen: 48
                          2a00:a640:20a0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/7c9fcc-8fce-44b7-b6bf-11776031415f/1/V1TRlSf9hdDURKyt1EoBZV_cdAA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/7c9fcc-8fce-44b7-b6bf-11776031415f/1/V1TRlSf9hdDURKyt1EoBZV_cdAA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V1TRlSf9hdDURKyt1EoBZV_cdAA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:40:53:ba:82:e0:00:c6:5b:ff:58:fd:d3:5e:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5754d19527fd85d0d444acadd44a01655fdc7400
        Validity
            Not Before: Jan  1 07:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4d6567ea71c8daecb133cec08f5edda40946472
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:9e:2f:05:99:79:42:2d:88:7a:02:03:d3:9a:
                    51:0d:3e:44:b4:50:34:e7:e0:0e:34:72:ea:b1:cd:
                    da:4d:e0:0e:9f:20:a5:f6:ed:7a:b8:12:83:be:02:
                    26:cd:01:af:42:e0:93:ce:7a:e5:52:ef:48:a9:53:
                    ef:6c:57:05:7b:01:e6:78:f5:1b:3c:d4:9c:b7:23:
                    0f:cf:a6:c6:bd:6b:11:4a:80:81:25:04:4f:bd:c2:
                    d7:8b:3e:c9:fb:13:8a:3a:7a:50:bd:5b:bc:73:7e:
                    73:2d:a5:3b:fa:94:16:a8:30:fe:3c:72:12:6d:a4:
                    2c:2c:41:e8:df:df:3d:20:0f:49:ed:79:94:28:8f:
                    b0:8d:c7:5a:de:a4:54:15:e0:be:59:af:ef:81:57:
                    e1:0b:ad:8f:cb:e5:44:fb:a7:cb:ae:81:bb:17:01:
                    cc:ef:73:93:dc:bc:08:af:7d:37:42:88:64:be:ed:
                    ee:17:74:72:6c:3d:eb:d8:49:e0:3d:31:de:88:6b:
                    60:45:e2:d7:c1:af:cd:61:89:01:cd:90:15:59:ae:
                    e9:0c:b5:2c:9d:c0:73:bb:52:15:38:15:da:89:6d:
                    8b:93:5f:45:0d:0d:71:f2:82:a8:86:92:03:09:97:
                    c5:7e:2d:fa:bd:cc:cf:4a:e6:6c:37:42:67:cd:16:
                    9e:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:D6:56:7E:A7:1C:8D:AE:CB:13:3C:EC:08:F5:ED:DA:40:94:64:72
            X509v3 Authority Key Identifier:
                keyid:57:54:D1:95:27:FD:85:D0:D4:44:AC:AD:D4:4A:01:65:5F:DC:74:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1TRlSf9hdDURKyt1EoBZV_cdAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/7c9fcc-8fce-44b7-b6bf-11776031415f/1/xNZWfqccja7LEzzsCPXt2kCUZHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/7c9fcc-8fce-44b7-b6bf-11776031415f/1/V1TRlSf9hdDURKyt1EoBZV_cdAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:a640:10a0::/44
                  2a00:a640:20a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         77:ed:f0:17:6a:f7:82:ae:33:e7:0b:73:36:d8:17:01:88:d0:
         0b:79:2c:28:53:f4:97:87:6c:35:1f:15:d6:b3:73:fc:5f:5f:
         96:72:a0:99:9c:ee:8b:fb:ac:a0:73:f4:57:d6:a0:a1:d4:a0:
         bb:d7:b9:fc:26:27:4e:c4:47:8d:eb:d4:ad:4b:8c:b6:f8:c1:
         0c:5a:ba:68:cb:29:df:fb:58:6e:84:39:eb:60:6c:9b:c8:46:
         3e:96:5b:d7:16:01:e5:e2:b3:eb:60:5e:0f:62:26:a2:45:9d:
         9b:52:e5:89:13:65:35:b8:2f:35:ea:3f:16:d3:ce:fa:da:17:
         51:c9:91:40:16:3d:15:19:a1:33:80:74:99:69:70:f3:11:59:
         0d:72:a2:9f:a0:72:96:e5:99:08:3c:1d:aa:0f:ea:f2:83:f1:
         57:5d:26:34:ff:c1:82:a7:79:78:91:e0:bc:8e:92:9c:b4:9d:
         0a:17:32:bb:58:f6:35:b2:4d:33:69:20:6e:cc:e2:32:f8:2e:
         47:b2:8d:ee:82:c2:e6:5f:e8:35:d4:69:4c:1e:cb:40:25:36:
         14:2f:03:60:f5:f7:da:73:8f:5a:33:55:4b:3d:a1:ce:59:3d:
         49:ba:a2:b8:93:f3:19:1a:51:a3:f2:01:8e:f4:e3:7c:1d:e8:
         6c:ff:8f:28
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQg1kBTuoLgAMZb/1j9015oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NTRkMTk1MjdmZDg1ZDBkNDQ0YWNhZGQ0NGEwMTY1NWZk
Yzc0MDAwHhcNMjUwMTAxMDc0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGQ2NTY3ZWE3MWM4ZGFlY2IxMzNjZWMwOGY1ZWRkYTQwOTQ2NDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl54vBZl5Qi2IegID05pRDT5EtFA0
5+AONHLqsc3aTeAOnyCl9u16uBKDvgImzQGvQuCTznrlUu9IqVPvbFcFewHmePUb
PNSctyMPz6bGvWsRSoCBJQRPvcLXiz7J+xOKOnpQvVu8c35zLaU7+pQWqDD+PHIS
baQsLEHo3989IA9J7XmUKI+wjcda3qRUFeC+Wa/vgVfhC62Py+VE+6fLroG7FwHM
73OT3LwIr303Qohkvu3uF3RybD3r2EngPTHeiGtgReLXwa/NYYkBzZAVWa7pDLUs
ncBzu1IVOBXaiW2Lk19FDQ1x8oKohpIDCZfFfi36vczPSuZsN0JnzRaeowIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMTWVn6nHI2uyxM87Aj17dpAlGRyMB8GA1UdIwQY
MBaAFFdU0ZUn/YXQ1ESsrdRKAWVf3HQAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFUUmxTZjloZERVUkt5dDFFb0JaVl9jZEFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS83YzlmY2MtOGZjZS00NGI3LWI2YmYt
MTE3NzYwMzE0MTVmLzEveE5aV2ZxY2NqYTdMRXp6c0NQWHQya0NVWkhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS83YzlmY2MtOGZjZS00NGI3LWI2YmYtMTE3NzYwMzE0MTVm
LzEvVjFUUmxTZjloZERVUkt5dDFFb0JaVl9jZEFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKgCmQBCg
AwcEKgCmQCCgMA0GCSqGSIb3DQEBCwUAA4IBAQB37fAXaveCrjPnC3M22BcBiNAL
eSwoU/SXh2w1HxXWs3P8X1+WcqCZnO6L+6ygc/RX1qCh1KC717n8JidOxEeN69St
S4y2+MEMWrpoyynf+1huhDnrYGybyEY+llvXFgHl4rPrYF4PYiaiRZ2bUuWJE2U1
uC816j8W08762hdRyZFAFj0VGaEzgHSZaXDzEVkNcqKfoHKW5ZkIPB2qD+ryg/FX
XSY0/8GCp3l4keC8jpKctJ0KFzK7WPY1sk0zaSBuzOIy+C5Hso3ugsLmX+g11GlM
HstAJTYULwNg9ffac49aM1VLPaHOWT1JuqK4k/MZGlGj8gGO9ON8Hehs/48o
-----END CERTIFICATE-----