Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/rplcEHwnzrs9ea4yV0c2pW2uUSU.roa
File:                     rplcEHwnzrs9ea4yV0c2pW2uUSU.roa (raw, json)
Hash identifier:          F6kcOWEqyk9+Z0k9BnSlsmaw3fMe2/8X0jrKTuWJCk4=
Subject key identifier:   AE:99:5C:10:7C:27:CE:BB:3D:79:AE:32:57:47:36:A5:6D:AE:51:25
Certificate issuer:       /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial:       019487F63421945C87BBEEF0C9DEB04483BD
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/rplcEHwnzrs9ea4yV0c2pW2uUSU.roa
Signing time:             Tue 21 Jan 2025 08:24:06 +0000
ROA not before:           Tue 21 Jan 2025 08:24:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49418
IP address blocks:        2a01:ecc0:280::/42 maxlen: 42
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:87:f6:34:21:94:5c:87:bb:ee:f0:c9:de:b0:44:83:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
        Validity
            Not Before: Jan 21 08:24:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae995c107c27cebb3d79ae32574736a56dae5125
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:5e:4a:1c:27:a8:e2:88:2d:ae:35:18:54:2d:
                    07:29:14:21:fa:0c:de:69:fe:b8:57:42:27:24:68:
                    a7:3b:21:e2:f7:5d:38:7f:4f:cf:c1:c8:c8:ae:55:
                    99:1d:60:c1:0a:6f:a7:3b:e6:4b:72:9e:af:08:80:
                    43:ac:82:e4:ff:da:8b:ce:ee:7a:f0:e2:0b:ac:67:
                    6a:b0:7f:72:fb:ea:52:da:15:15:c7:05:5d:05:a6:
                    0a:43:67:e1:bc:b9:11:cd:39:e9:ef:31:bc:a4:d1:
                    1d:fe:0c:76:0f:69:86:ff:c2:5a:6f:ff:56:a1:47:
                    26:a0:62:bb:ea:eb:31:7c:a4:78:68:d0:15:1a:e3:
                    93:f4:c0:43:e0:5b:00:12:b7:1f:cb:8c:f4:af:a6:
                    b9:d7:0f:b4:f2:86:0a:c7:35:76:6f:77:0b:94:de:
                    8f:79:44:a8:5d:5e:39:42:b5:34:06:e4:ac:3a:8f:
                    37:d6:70:19:55:41:9c:23:08:78:e6:d5:33:30:3b:
                    82:d7:c4:1a:00:c1:79:ad:ba:50:a2:d0:ac:c2:ec:
                    b3:30:33:98:5c:1a:6f:ea:46:94:89:06:dc:d5:27:
                    60:56:24:59:ff:6d:59:25:de:33:4f:ae:b2:dd:ea:
                    83:62:26:3c:4a:44:c5:1e:fd:86:86:66:03:bd:2a:
                    b6:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:99:5C:10:7C:27:CE:BB:3D:79:AE:32:57:47:36:A5:6D:AE:51:25
            X509v3 Authority Key Identifier:
                keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/rplcEHwnzrs9ea4yV0c2pW2uUSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ecc0:280::/42

    Signature Algorithm: sha256WithRSAEncryption
         9a:24:53:0b:05:b3:cd:f8:c9:b4:e5:28:a3:25:a4:ef:16:b1:
         e7:0a:bb:71:77:db:04:55:f1:4e:5b:22:ba:3d:d1:5e:db:ff:
         5a:ad:18:2b:03:95:7d:af:70:ac:e6:06:cf:60:e6:aa:b0:a7:
         26:c1:27:0e:f4:02:a6:fa:87:e2:cf:be:46:af:49:78:08:6c:
         3c:ca:36:41:cd:c2:17:d8:d8:8c:18:b6:1d:17:92:24:6f:4e:
         19:d6:33:f5:47:57:94:2d:c8:18:4d:2a:d0:b3:48:52:a5:96:
         7f:05:9b:93:a3:d1:b8:03:0d:78:97:de:a5:c0:77:96:92:d1:
         75:fd:60:f4:fd:73:dd:c6:d4:8a:cd:35:1b:47:2e:69:d7:bf:
         2c:0a:36:bd:86:ec:b9:2e:3a:e1:5c:f9:ae:e3:83:59:b5:3f:
         6e:2c:b1:70:87:48:8a:20:51:1c:6f:8e:3b:7b:cd:75:8d:0d:
         71:04:8a:69:60:15:35:2f:fa:5f:d4:d1:ed:a1:13:e0:3d:fe:
         3a:62:42:df:b6:e9:7c:fc:c8:fc:72:14:5e:99:f3:99:70:03:
         24:20:ab:14:5a:a5:47:46:4f:df:7d:f3:81:9f:54:f6:00:77:
         58:f7:4f:df:ec:43:c1:14:3e:bd:25:9d:c7:c5:c3:8f:04:69:
         e8:83:15:3f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZSH9jQhlFyHu+7wyd6wRIO9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjUwMTIxMDgyNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTk5NWMxMDdjMjdjZWJiM2Q3OWFlMzI1NzQ3MzZhNTZkYWU1MTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvl5KHCeo4ogtrjUYVC0HKRQh+gze
af64V0InJGinOyHi9104f0/PwcjIrlWZHWDBCm+nO+ZLcp6vCIBDrILk/9qLzu56
8OILrGdqsH9y++pS2hUVxwVdBaYKQ2fhvLkRzTnp7zG8pNEd/gx2D2mG/8Jab/9W
oUcmoGK76usxfKR4aNAVGuOT9MBD4FsAErcfy4z0r6a51w+08oYKxzV2b3cLlN6P
eUSoXV45QrU0BuSsOo831nAZVUGcIwh45tUzMDuC18QaAMF5rbpQotCswuyzMDOY
XBpv6kaUiQbc1SdgViRZ/21ZJd4zT66y3eqDYiY8SkTFHv2GhmYDvSq2QQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK6ZXBB8J867PXmuMldHNqVtrlElMB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvcnBsY0VId256cnM5ZWE0eVYwYzJwVzJ1VVNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcGKgHswAKA
MA0GCSqGSIb3DQEBCwUAA4IBAQCaJFMLBbPN+Mm05SijJaTvFrHnCrtxd9sEVfFO
WyK6PdFe2/9arRgrA5V9r3Cs5gbPYOaqsKcmwScO9AKm+ofiz75Gr0l4CGw8yjZB
zcIX2NiMGLYdF5Ikb04Z1jP1R1eULcgYTSrQs0hSpZZ/BZuTo9G4Aw14l96lwHeW
ktF1/WD0/XPdxtSKzTUbRy5p178sCja9huy5LjrhXPmu44NZtT9uLLFwh0iKIFEc
b447e811jQ1xBIppYBU1L/pf1NHtoRPgPf46YkLftul8/Mj8chRemfOZcAMkIKsU
WqVHRk/fffOBn1T2AHdY90/f7EPBFD69JZ3HxcOPBGnogxU/
-----END CERTIFICATE-----