Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/1CaegB4ICZuefzj1JAi6Fx1wj48.roa
File:                     1CaegB4ICZuefzj1JAi6Fx1wj48.roa (raw, json)
Hash identifier:          T0rQumC0QZuqnoQo7aHNCuhZoTyqS5IfWn7/EsAtMu4=
Subject key identifier:   D4:26:9E:80:1E:08:09:9B:9E:7F:38:F5:24:08:BA:17:1D:70:8F:8F
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       0195F0F7DA1585669C9E00EB4F5D9C5E9F12
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/1CaegB4ICZuefzj1JAi6Fx1wj48.roa
Signing time:             Tue 01 Apr 2025 10:48:49 +0000
ROA not before:           Tue 01 Apr 2025 10:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33042
IP address blocks:        2001:3380::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 11:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f0:f7:da:15:85:66:9c:9e:00:eb:4f:5d:9c:5e:9f:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Apr  1 10:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4269e801e08099b9e7f38f52408ba171d708f8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:74:d2:c9:a2:55:1d:f7:21:85:a7:33:d2:f4:
                    8f:14:7c:36:81:6f:f0:cc:d4:d9:4b:7e:d8:96:32:
                    86:0f:42:ae:00:a1:84:23:be:21:e1:f6:03:56:0e:
                    12:4c:8c:3c:f4:94:f5:03:a8:22:6a:bb:96:11:e9:
                    10:8f:66:c7:dd:50:b4:b9:e6:32:4d:bf:40:6a:0b:
                    33:23:7a:95:33:d4:a6:14:c2:ee:7b:63:41:93:ef:
                    10:42:21:25:ec:2e:19:88:e1:80:22:88:9f:cf:2d:
                    07:dd:10:e5:c8:f8:76:d1:8e:11:77:3a:72:aa:7a:
                    9e:93:c1:2b:79:b3:b7:2b:f9:1d:df:80:bc:e2:6d:
                    28:c8:5b:02:69:5d:1b:20:d7:dc:f6:0c:18:5c:bb:
                    b7:2f:6e:7b:ab:fb:d0:32:cb:10:5a:70:a1:95:92:
                    3a:97:a7:34:f2:f5:79:ee:ac:65:8d:30:0c:bf:5a:
                    aa:6b:18:f8:9f:9e:e2:39:23:68:bd:9e:4f:35:34:
                    f8:65:b4:84:61:2f:f7:ef:cb:e9:2e:a4:80:5b:de:
                    81:a2:df:bf:0c:94:c5:b4:b7:13:fe:3d:81:1f:16:
                    44:54:7d:7a:a2:e7:21:0c:d7:48:c9:51:df:71:c6:
                    fd:52:2a:df:1e:85:f8:9d:28:32:bc:34:73:02:20:
                    c5:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:26:9E:80:1E:08:09:9B:9E:7F:38:F5:24:08:BA:17:1D:70:8F:8F
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/1CaegB4ICZuefzj1JAi6Fx1wj48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3380::/29

    Signature Algorithm: sha256WithRSAEncryption
         6e:b6:65:d9:fa:49:e8:e4:c4:13:ea:68:60:42:4f:10:f8:95:
         64:ab:3b:66:0d:6e:81:aa:fc:b8:7a:c0:77:b6:43:3a:5b:3a:
         a7:e7:aa:68:a2:d1:14:a8:89:9b:56:09:87:6c:85:78:e1:dd:
         3c:25:c6:b9:60:29:9d:75:8b:9a:66:f9:9d:e5:07:e0:a5:30:
         b3:56:b8:e3:85:0d:35:b0:e7:40:9b:3a:bc:6b:bf:ef:3e:21:
         7b:fd:4b:ff:f5:41:50:ee:a7:43:20:b0:59:03:da:78:d1:27:
         88:40:07:6a:2e:af:c2:55:05:40:dc:e4:59:ad:e4:fe:4b:91:
         b6:88:3f:0f:78:a9:29:d2:2f:f3:0e:09:33:38:c9:84:e8:a5:
         61:03:50:4e:77:c5:65:ba:6f:82:8c:00:74:9d:35:3d:01:50:
         19:96:52:2f:8e:37:e0:b7:a3:91:4e:6b:53:88:43:2c:0f:d2:
         85:83:4e:61:b7:39:ed:b8:c5:f8:58:c3:ba:1a:37:e8:a5:6a:
         89:ae:f5:d6:1a:71:82:ae:a7:07:37:f6:a6:e9:e3:df:e2:ea:
         16:00:dc:ac:d6:2e:67:e1:04:56:05:03:d7:42:88:04:57:ea:
         00:73:41:0c:6d:63:7a:de:5c:a6:98:71:d7:fd:65:9b:66:e7:
         12:e3:74:fd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZXw99oVhWacngDrT12cXp8SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjUwNDAxMTA0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDI2OWU4MDFlMDgwOTliOWU3ZjM4ZjUyNDA4YmExNzFkNzA4ZjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3TSyaJVHfchhacz0vSPFHw2gW/w
zNTZS37YljKGD0KuAKGEI74h4fYDVg4STIw89JT1A6giaruWEekQj2bH3VC0ueYy
Tb9AagszI3qVM9SmFMLue2NBk+8QQiEl7C4ZiOGAIoifzy0H3RDlyPh20Y4Rdzpy
qnqek8ErebO3K/kd34C84m0oyFsCaV0bINfc9gwYXLu3L257q/vQMssQWnChlZI6
l6c08vV57qxljTAMv1qqaxj4n57iOSNovZ5PNTT4ZbSEYS/378vpLqSAW96Bot+/
DJTFtLcT/j2BHxZEVH16ouchDNdIyVHfccb9UirfHoX4nSgyvDRzAiDF7wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNQmnoAeCAmbnn849SQIuhcdcI+PMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvMUNhZWdCNElDWnVlZnpqMUpBaTZGeDF3ajQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDIAEzgDAN
BgkqhkiG9w0BAQsFAAOCAQEAbrZl2fpJ6OTEE+poYEJPEPiVZKs7Zg1ugar8uHrA
d7ZDOls6p+eqaKLRFKiJm1YJh2yFeOHdPCXGuWApnXWLmmb5neUH4KUws1a444UN
NbDnQJs6vGu/7z4he/1L//VBUO6nQyCwWQPaeNEniEAHai6vwlUFQNzkWa3k/kuR
tog/D3ipKdIv8w4JMzjJhOilYQNQTnfFZbpvgowAdJ01PQFQGZZSL4434LejkU5r
U4hDLA/ShYNOYbc57bjF+FjDuho36KVqia711hpxgq6nBzf2punj3+LqFgDcrNYu
Z+EEVgUD10KIBFfqAHNBDG1jet5cpphx1/1lm2bnEuN0/Q==
-----END CERTIFICATE-----