Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/M4q7I7cOU6_R12j5wjIu9L6o9Aw.roa
File:                     M4q7I7cOU6_R12j5wjIu9L6o9Aw.roa (raw, json)
Hash identifier:          Ng4zgd0AVFLrtQHc/CWQtVfEkYy0WR/oiNK1WLff7PA=
Subject key identifier:   33:8A:BB:23:B7:0E:53:AF:D1:D7:68:F9:C2:32:2E:F4:BE:A8:F4:0C
Certificate issuer:       /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial:       0196E3129E60E23250256FCF278302AA08A5
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/M4q7I7cOU6_R12j5wjIu9L6o9Aw.roa
Signing time:             Sun 18 May 2025 11:06:10 +0000
ROA not before:           Sun 18 May 2025 11:06:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49418
IP address blocks:        2a01:ecc0:280::/42 maxlen: 42
                          2a01:ecc0:640::/42 maxlen: 42
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e3:12:9e:60:e2:32:50:25:6f:cf:27:83:02:aa:08:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
        Validity
            Not Before: May 18 11:06:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=338abb23b70e53afd1d768f9c2322ef4bea8f40c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f7:44:68:43:3c:78:a6:7f:5d:cb:47:13:26:
                    be:6d:cf:9f:c7:9b:8c:6a:47:77:50:9b:cc:2e:66:
                    e6:d1:c5:ae:a1:e8:8a:24:72:d1:50:1c:f5:71:c0:
                    6e:08:41:ab:21:9e:f9:6c:a1:d4:56:02:9e:0c:4b:
                    71:45:fc:c1:b2:f2:97:89:fd:25:8b:8a:b2:11:3c:
                    1f:34:2e:df:6c:fa:af:af:17:a4:7f:96:6d:93:11:
                    00:c2:ad:17:9d:f7:8f:c4:00:ca:ce:c0:20:33:82:
                    01:25:01:6f:ff:83:04:1a:d8:80:c5:71:39:53:3b:
                    08:b2:3e:0a:ed:f5:a9:ba:d5:f4:73:33:56:42:67:
                    01:f6:96:24:bf:30:42:7c:3e:e6:76:27:7c:4f:a2:
                    4d:6d:d6:b4:e7:72:61:e3:8d:ab:1c:ed:c7:b0:aa:
                    6c:9c:36:c0:9a:6c:f6:59:ce:d3:fa:77:77:6a:9f:
                    2f:c0:e4:22:1c:44:0d:b8:76:c0:b9:be:74:79:aa:
                    03:4e:0f:0c:b6:01:3f:92:3e:11:5a:d4:4a:7a:a9:
                    27:37:1d:e5:c0:aa:65:8d:89:09:16:e1:93:bf:67:
                    13:99:8f:53:de:bc:90:f4:71:33:c3:9c:0b:f2:fb:
                    4a:0f:22:b7:9c:f9:13:03:6c:ba:1c:bc:7b:09:0b:
                    b8:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:8A:BB:23:B7:0E:53:AF:D1:D7:68:F9:C2:32:2E:F4:BE:A8:F4:0C
            X509v3 Authority Key Identifier:
                keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/M4q7I7cOU6_R12j5wjIu9L6o9Aw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ecc0:280::/42
                  2a01:ecc0:640::/42

    Signature Algorithm: sha256WithRSAEncryption
         98:e8:ca:85:fc:0a:1a:35:fd:b2:f2:da:33:e5:81:fe:35:ef:
         53:80:d6:0f:5c:9a:3b:2e:94:6c:d0:8c:bb:eb:c9:f7:58:e6:
         ce:57:d1:c3:2f:03:dc:07:fd:fc:83:25:b3:36:84:dd:e9:14:
         6d:37:25:f9:2c:d9:5e:7f:13:fe:b1:08:5e:aa:ee:4a:f1:f8:
         b4:18:a4:ce:96:f1:d7:4f:03:10:8e:f2:aa:21:46:a7:d8:02:
         bf:6f:00:35:ab:26:7a:e5:ec:6b:86:bb:37:e0:b7:51:38:9a:
         4d:51:54:aa:95:13:f8:73:be:64:9c:3d:0c:a2:22:64:0a:d7:
         8d:22:31:f7:1a:21:fe:10:e1:00:71:89:61:94:99:38:b9:c6:
         43:19:2b:da:8d:26:ca:40:30:81:1c:9c:55:79:39:86:50:5d:
         f7:39:21:97:c6:fb:b8:ec:c3:48:fa:51:6c:c6:14:f4:b6:19:
         15:1a:41:5e:b0:37:44:38:13:ec:9d:5b:11:5c:f4:40:92:1e:
         be:3d:1b:8a:20:f4:73:2f:60:24:a3:38:70:6f:c2:b4:3b:b7:
         a9:a4:bf:ab:b1:bd:2a:6f:cc:18:2b:a1:d6:bf:3a:28:de:37:
         3e:9e:d0:d8:3b:c7:ec:e9:82:d6:d6:43:80:b0:25:1f:67:71:
         af:4a:0e:f5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZbjEp5g4jJQJW/PJ4MCqgilMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjUwNTE4MTEwNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzhhYmIyM2I3MGU1M2FmZDFkNzY4ZjljMjMyMmVmNGJlYThmNDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/dEaEM8eKZ/XctHEya+bc+fx5uM
akd3UJvMLmbm0cWuoeiKJHLRUBz1ccBuCEGrIZ75bKHUVgKeDEtxRfzBsvKXif0l
i4qyETwfNC7fbPqvrxekf5ZtkxEAwq0XnfePxADKzsAgM4IBJQFv/4MEGtiAxXE5
UzsIsj4K7fWputX0czNWQmcB9pYkvzBCfD7mdid8T6JNbda053Jh442rHO3HsKps
nDbAmmz2Wc7T+nd3ap8vwOQiHEQNuHbAub50eaoDTg8MtgE/kj4RWtRKeqknNx3l
wKpljYkJFuGTv2cTmY9T3ryQ9HEzw5wL8vtKDyK3nPkTA2y6HLx7CQu4UwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDOKuyO3DlOv0ddo+cIyLvS+qPQMMB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvTTRxN0k3Y09VNl9SMTJqNXdqSXU5TDZvOUF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcGKgHswAKA
AwcGKgHswAZAMA0GCSqGSIb3DQEBCwUAA4IBAQCY6MqF/AoaNf2y8toz5YH+Ne9T
gNYPXJo7LpRs0Iy768n3WObOV9HDLwPcB/38gyWzNoTd6RRtNyX5LNlefxP+sQhe
qu5K8fi0GKTOlvHXTwMQjvKqIUan2AK/bwA1qyZ65exrhrs34LdROJpNUVSqlRP4
c75knD0MoiJkCteNIjH3GiH+EOEAcYlhlJk4ucZDGSvajSbKQDCBHJxVeTmGUF33
OSGXxvu47MNI+lFsxhT0thkVGkFesDdEOBPsnVsRXPRAkh6+PRuKIPRzL2Akozhw
b8K0O7eppL+rsb0qb8wYK6HWvzoo3jc+ntDYO8fs6YLW1kOAsCUfZ3GvSg71
-----END CERTIFICATE-----