Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/2923ab-3ff8-4aa9-9220-5e292aa544af/1/99QLROUQNHiiqB_a3SA6ZvSr3YI.roa
File:                     99QLROUQNHiiqB_a3SA6ZvSr3YI.roa (raw, json)
Hash identifier:          sNlxkO/aixuwJo13PpX/CwbLGrB7NAaO23Tw9EkoOSE=
Subject key identifier:   F7:D4:0B:44:E5:10:34:78:A2:A8:1F:DA:DD:20:3A:66:F4:AB:DD:82
Certificate issuer:       /CN=4516eb0ee37a71076461ec6cba8b925ac5e28a04
Certificate serial:       0194266C43246B5BA1157AD73D413A6A4F4A
Authority key identifier: 45:16:EB:0E:E3:7A:71:07:64:61:EC:6C:BA:8B:92:5A:C5:E2:8A:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RRbrDuN6cQdkYexsuouSWsXiigQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/2923ab-3ff8-4aa9-9220-5e292aa544af/1/99QLROUQNHiiqB_a3SA6ZvSr3YI.roa
Signing time:             Thu 02 Jan 2025 09:50:16 +0000
ROA not before:           Thu 02 Jan 2025 09:50:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201321
IP address blocks:        2a13:5a07:ff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/2923ab-3ff8-4aa9-9220-5e292aa544af/1/RRbrDuN6cQdkYexsuouSWsXiigQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/2923ab-3ff8-4aa9-9220-5e292aa544af/1/RRbrDuN6cQdkYexsuouSWsXiigQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RRbrDuN6cQdkYexsuouSWsXiigQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:43:24:6b:5b:a1:15:7a:d7:3d:41:3a:6a:4f:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4516eb0ee37a71076461ec6cba8b925ac5e28a04
        Validity
            Not Before: Jan  2 09:50:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7d40b44e5103478a2a81fdadd203a66f4abdd82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:aa:ab:93:a8:3c:b0:51:c3:84:6d:38:56:26:
                    64:05:1f:31:c7:6a:09:f4:d1:97:69:89:71:79:1c:
                    64:18:35:1e:f0:0f:37:8f:dc:58:47:43:a6:b3:1a:
                    39:13:69:c7:ef:29:29:47:ef:b8:f4:4c:aa:02:9d:
                    69:44:1e:99:1f:c7:14:a0:35:88:75:a5:ea:7a:87:
                    0f:79:3d:73:0a:e2:22:2b:8d:1d:a5:ac:ca:35:b1:
                    82:3a:86:51:a8:4f:7c:a1:9b:6c:64:35:80:8d:16:
                    7f:e9:ac:a5:3a:c1:15:8d:da:70:4e:3b:a0:23:17:
                    4a:dd:9f:e0:36:26:08:16:34:7e:09:52:47:0b:57:
                    7b:b5:f1:bb:17:a4:b5:ff:e5:ee:f1:eb:59:3e:1d:
                    96:7c:bb:74:6c:54:cf:f2:46:89:4c:ae:8b:13:52:
                    76:09:6a:e9:76:f0:73:eb:9b:65:d9:35:34:37:8d:
                    65:50:4c:29:ec:a1:7f:14:e4:08:5a:a0:6b:35:f5:
                    21:77:26:15:11:6f:50:29:b0:a9:8e:4e:82:59:ef:
                    8c:f4:dd:41:36:a6:36:54:e4:82:d2:82:9c:79:08:
                    d7:a2:25:1f:14:99:3a:e0:70:ab:4f:a4:00:06:34:
                    2b:37:4c:8c:e2:06:f5:28:2d:25:c7:48:a3:0f:1a:
                    99:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:D4:0B:44:E5:10:34:78:A2:A8:1F:DA:DD:20:3A:66:F4:AB:DD:82
            X509v3 Authority Key Identifier:
                keyid:45:16:EB:0E:E3:7A:71:07:64:61:EC:6C:BA:8B:92:5A:C5:E2:8A:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RRbrDuN6cQdkYexsuouSWsXiigQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/2923ab-3ff8-4aa9-9220-5e292aa544af/1/99QLROUQNHiiqB_a3SA6ZvSr3YI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/2923ab-3ff8-4aa9-9220-5e292aa544af/1/RRbrDuN6cQdkYexsuouSWsXiigQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5a07:ff::/48

    Signature Algorithm: sha256WithRSAEncryption
         b7:97:b6:5d:21:a5:8a:93:3d:01:f1:77:c1:8a:55:d0:a5:e6:
         6b:d0:a8:06:a3:25:1b:47:4f:44:ac:df:5f:61:42:71:e9:21:
         94:99:ae:7b:a1:29:7a:30:90:b7:1a:ac:41:a8:d2:df:aa:f1:
         80:6b:d4:c8:80:8a:a3:35:83:78:0f:c8:24:a8:8f:bb:7d:a9:
         5a:1f:5c:79:d1:52:7e:64:19:20:9f:6e:62:1f:c6:f1:14:56:
         78:49:8b:b2:f7:05:ce:1e:e7:f3:14:e9:51:d3:ab:bd:70:05:
         8b:57:0a:24:93:93:6c:12:db:f2:2f:cf:2e:5d:3f:d3:f9:6f:
         1c:2d:d8:43:af:d0:2b:bc:46:1c:82:90:c5:d3:75:04:3f:61:
         47:f3:53:64:b9:1a:4a:1a:f5:94:c0:40:c6:4d:24:2b:a9:f0:
         d0:6b:b7:25:32:89:96:85:26:e3:e9:3b:c7:0f:a0:00:22:a9:
         dc:17:48:86:3d:f3:ed:78:61:ad:04:fe:df:76:7c:56:46:ea:
         5e:6d:f7:3f:89:33:21:3b:79:dc:bc:03:ab:00:27:d8:56:7f:
         e2:0b:76:eb:60:5f:a5:79:9b:56:41:2e:77:72:56:62:83:01:
         91:0a:44:35:f6:65:2f:58:b1:eb:22:9a:8d:74:f6:a6:cf:34:
         5e:83:24:89
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQmbEMka1uhFXrXPUE6ak9KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1MTZlYjBlZTM3YTcxMDc2NDYxZWM2Y2JhOGI5MjVhYzVl
MjhhMDQwHhcNMjUwMTAyMDk1MDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2Q0MGI0NGU1MTAzNDc4YTJhODFmZGFkZDIwM2E2NmY0YWJkZDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaqrk6g8sFHDhG04ViZkBR8xx2oJ
9NGXaYlxeRxkGDUe8A83j9xYR0Omsxo5E2nH7ykpR++49EyqAp1pRB6ZH8cUoDWI
daXqeocPeT1zCuIiK40dpazKNbGCOoZRqE98oZtsZDWAjRZ/6aylOsEVjdpwTjug
IxdK3Z/gNiYIFjR+CVJHC1d7tfG7F6S1/+Xu8etZPh2WfLt0bFTP8kaJTK6LE1J2
CWrpdvBz65tl2TU0N41lUEwp7KF/FOQIWqBrNfUhdyYVEW9QKbCpjk6CWe+M9N1B
NqY2VOSC0oKceQjXoiUfFJk64HCrT6QABjQrN0yM4gb1KC0lx0ijDxqZUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPfUC0TlEDR4oqgf2t0gOmb0q92CMB8GA1UdIwQY
MBaAFEUW6w7jenEHZGHsbLqLklrF4ooEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlJickR1TjZjUWRrWWV4c3VvdVNXc1hpaWdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8yOTIzYWItM2ZmOC00YWE5LTkyMjAt
NWUyOTJhYTU0NGFmLzEvOTlRTFJPVVFOSGlpcUJfYTNTQTZadlNyM1lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8yOTIzYWItM2ZmOC00YWE5LTkyMjAtNWUyOTJhYTU0NGFm
LzEvUlJickR1TjZjUWRrWWV4c3VvdVNXc1hpaWdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhNaBwD/
MA0GCSqGSIb3DQEBCwUAA4IBAQC3l7ZdIaWKkz0B8XfBilXQpeZr0KgGoyUbR09E
rN9fYUJx6SGUma57oSl6MJC3GqxBqNLfqvGAa9TIgIqjNYN4D8gkqI+7falaH1x5
0VJ+ZBkgn25iH8bxFFZ4SYuy9wXOHufzFOlR06u9cAWLVwokk5NsEtvyL88uXT/T
+W8cLdhDr9ArvEYcgpDF03UEP2FH81NkuRpKGvWUwEDGTSQrqfDQa7clMomWhSbj
6TvHD6AAIqncF0iGPfPteGGtBP7fdnxWRupebfc/iTMhO3ncvAOrACfYVn/iC3br
YF+leZtWQS53clZigwGRCkQ19mUvWLHrIpqNdPamzzRegySJ
-----END CERTIFICATE-----