Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/cf7c19-1c7d-4ebe-b4dd-cbccf90455fe/1/1Xxzpu5NB_tAOFF7vKFky5CdRts.roa
File:                     1Xxzpu5NB_tAOFF7vKFky5CdRts.roa (raw, json)
Hash identifier:          n+JshJ/fSDMDcSDZOom+oloo+zJzlcN/7rhG+Doia9U=
Subject key identifier:   D5:7C:73:A6:EE:4D:07:FB:40:38:51:7B:BC:A1:64:CB:90:9D:46:DB
Certificate issuer:       /CN=2d2d7d9743de2efa2f633378a268f58f2aa16050
Certificate serial:       01941F8C25363BBDD602EC6244ACA230ED13
Authority key identifier: 2D:2D:7D:97:43:DE:2E:FA:2F:63:33:78:A2:68:F5:8F:2A:A1:60:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LS19l0PeLvovYzN4omj1jyqhYFA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/cf7c19-1c7d-4ebe-b4dd-cbccf90455fe/1/1Xxzpu5NB_tAOFF7vKFky5CdRts.roa
Signing time:             Wed 01 Jan 2025 01:47:45 +0000
ROA not before:           Wed 01 Jan 2025 01:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197424
IP address blocks:        2a0f:e580::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/cf7c19-1c7d-4ebe-b4dd-cbccf90455fe/1/LS19l0PeLvovYzN4omj1jyqhYFA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/cf7c19-1c7d-4ebe-b4dd-cbccf90455fe/1/LS19l0PeLvovYzN4omj1jyqhYFA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LS19l0PeLvovYzN4omj1jyqhYFA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:25:36:3b:bd:d6:02:ec:62:44:ac:a2:30:ed:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d2d7d9743de2efa2f633378a268f58f2aa16050
        Validity
            Not Before: Jan  1 01:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d57c73a6ee4d07fb4038517bbca164cb909d46db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:81:ca:39:e4:92:d8:d5:4e:0a:52:37:ec:3a:
                    da:be:fd:1b:34:4d:2e:d1:70:34:f1:99:ac:ed:da:
                    51:6b:94:c5:9e:45:8f:e1:84:85:34:1a:2c:e0:61:
                    07:75:34:5d:74:ba:42:1f:02:07:52:d8:91:9d:9e:
                    5d:a6:ee:b7:b1:f6:d4:b8:47:7b:06:be:fa:f7:f1:
                    4e:0b:52:ab:1b:e2:95:3f:7f:31:da:48:9e:4e:81:
                    d7:19:23:b2:62:80:f9:9b:8b:d8:5a:cd:52:19:b1:
                    ab:b7:ce:11:83:24:01:e4:b0:2b:54:a7:8d:4a:24:
                    66:34:91:25:29:a5:95:77:c9:58:12:14:38:00:02:
                    4f:e5:4c:74:39:ea:8d:d4:84:f6:ac:1f:08:a3:74:
                    f0:6e:46:d2:fb:f0:98:10:c1:ab:c5:e7:cf:28:d3:
                    83:94:a4:aa:3e:a9:bb:01:f7:b5:5f:ce:69:fd:57:
                    2a:3d:28:e4:e4:8c:8f:e5:26:3b:b2:23:0a:c8:f8:
                    80:39:90:47:cb:71:6e:29:97:15:5a:74:da:39:81:
                    bc:00:ea:90:d8:c1:97:29:98:66:48:e5:39:24:29:
                    e0:c8:d9:e5:ea:95:d1:e6:88:15:21:81:4c:ce:a2:
                    40:1b:8e:c1:8c:07:72:87:8f:16:90:3f:69:2e:da:
                    56:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:7C:73:A6:EE:4D:07:FB:40:38:51:7B:BC:A1:64:CB:90:9D:46:DB
            X509v3 Authority Key Identifier:
                keyid:2D:2D:7D:97:43:DE:2E:FA:2F:63:33:78:A2:68:F5:8F:2A:A1:60:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LS19l0PeLvovYzN4omj1jyqhYFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/cf7c19-1c7d-4ebe-b4dd-cbccf90455fe/1/1Xxzpu5NB_tAOFF7vKFky5CdRts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/cf7c19-1c7d-4ebe-b4dd-cbccf90455fe/1/LS19l0PeLvovYzN4omj1jyqhYFA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:e580::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:bd:b0:a6:08:92:8d:84:95:fa:4b:d6:03:99:6c:ff:17:82:
         78:83:8e:7f:22:3b:8d:b1:30:42:1c:8e:75:91:a6:0d:58:ed:
         e5:af:00:4f:3f:26:8f:88:d7:e5:d4:4c:38:23:c4:8e:88:d8:
         0a:69:ad:39:8c:ad:74:f0:b1:a2:42:06:10:da:85:c5:43:23:
         c6:06:26:48:9a:34:f7:ed:e2:1d:00:5a:0f:ea:cb:91:a6:e5:
         5c:0d:92:c5:85:88:81:0f:cd:1b:a5:bd:5c:4a:71:d9:3f:95:
         8c:10:09:dd:f7:00:0c:c6:e7:9d:17:3f:5b:a9:00:af:30:2c:
         43:27:48:6b:33:9d:1c:8f:c7:6c:17:54:9d:fa:a0:dc:bb:0e:
         fc:6e:0f:58:8a:c8:5e:dd:f8:cd:2b:3a:e3:fa:f9:08:41:04:
         43:34:b9:7d:40:b7:4a:71:15:ef:f7:98:6f:be:4f:ac:65:4c:
         b3:2e:5c:6c:e3:04:51:b8:b6:b2:f7:10:9a:cd:2b:b7:cc:b5:
         ef:25:eb:e7:d5:5c:be:37:a7:31:ad:14:b2:98:7a:45:ba:2f:
         48:5e:ac:46:07:d1:9b:b2:a8:cd:80:37:d7:30:11:81:17:04:
         b0:5f:a6:f3:31:d6:1d:88:f3:39:8d:c6:07:da:6d:c5:89:c1:
         0e:5b:de:56
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjCU2O73WAuxiRKyiMO0TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMmQ3ZDk3NDNkZTJlZmEyZjYzMzM3OGEyNjhmNThmMmFh
MTYwNTAwHhcNMjUwMTAxMDE0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTdjNzNhNmVlNGQwN2ZiNDAzODUxN2JiY2ExNjRjYjkwOWQ0NmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYHKOeSS2NVOClI37Dravv0bNE0u
0XA08Zms7dpRa5TFnkWP4YSFNBos4GEHdTRddLpCHwIHUtiRnZ5dpu63sfbUuEd7
Br769/FOC1KrG+KVP38x2kieToHXGSOyYoD5m4vYWs1SGbGrt84RgyQB5LArVKeN
SiRmNJElKaWVd8lYEhQ4AAJP5Ux0OeqN1IT2rB8Io3TwbkbS+/CYEMGrxefPKNOD
lKSqPqm7Afe1X85p/VcqPSjk5IyP5SY7siMKyPiAOZBHy3FuKZcVWnTaOYG8AOqQ
2MGXKZhmSOU5JCngyNnl6pXR5ogVIYFMzqJAG47BjAdyh48WkD9pLtpWPwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNV8c6buTQf7QDhRe7yhZMuQnUbbMB8GA1UdIwQY
MBaAFC0tfZdD3i76L2MzeKJo9Y8qoWBQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFMxOWwwUGVMdm92WXpONG9tajFqeXFoWUZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9jZjdjMTktMWM3ZC00ZWJlLWI0ZGQt
Y2JjY2Y5MDQ1NWZlLzEvMVh4enB1NU5CX3RBT0ZGN3ZLRmt5NUNkUnRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9jZjdjMTktMWM3ZC00ZWJlLWI0ZGQtY2JjY2Y5MDQ1NWZl
LzEvTFMxOWwwUGVMdm92WXpONG9tajFqeXFoWUZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg/lgAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBSvbCmCJKNhJX6S9YDmWz/F4J4g45/IjuNsTBC
HI51kaYNWO3lrwBPPyaPiNfl1Ew4I8SOiNgKaa05jK108LGiQgYQ2oXFQyPGBiZI
mjT37eIdAFoP6suRpuVcDZLFhYiBD80bpb1cSnHZP5WMEAnd9wAMxuedFz9bqQCv
MCxDJ0hrM50cj8dsF1Sd+qDcuw78bg9Yishe3fjNKzrj+vkIQQRDNLl9QLdKcRXv
95hvvk+sZUyzLlxs4wRRuLay9xCazSu3zLXvJevn1Vy+N6cxrRSymHpFui9IXqxG
B9GbsqjNgDfXMBGBFwSwX6bzMdYdiPM5jcYH2m3FicEOW95W
-----END CERTIFICATE-----