Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/dcug0fKg-KsGzBpKENJINtdS5vw.roa
File:                     dcug0fKg-KsGzBpKENJINtdS5vw.roa (raw, json)
Hash identifier:          4mmQ47qSm1UkTR696jh82p3nO+ZrpORkySuxILnJi4I=
Subject key identifier:   75:CB:A0:D1:F2:A0:F8:AB:06:CC:1A:4A:10:D2:48:36:D7:52:E6:FC
Certificate issuer:       /CN=c441738baab988b1d68693bb05e29bfbb4f0f671
Certificate serial:       019425213987D5DB175DB5902F755F1126E0
Authority key identifier: C4:41:73:8B:AA:B9:88:B1:D6:86:93:BB:05:E2:9B:FB:B4:F0:F6:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/dcug0fKg-KsGzBpKENJINtdS5vw.roa
Signing time:             Thu 02 Jan 2025 03:48:41 +0000
ROA not before:           Thu 02 Jan 2025 03:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62155
IP address blocks:        2a04:a680::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:39:87:d5:db:17:5d:b5:90:2f:75:5f:11:26:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c441738baab988b1d68693bb05e29bfbb4f0f671
        Validity
            Not Before: Jan  2 03:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75cba0d1f2a0f8ab06cc1a4a10d24836d752e6fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f8:63:ec:22:a9:ed:9b:6a:de:d8:7a:be:fd:
                    f1:c4:b2:dc:38:6a:c1:8a:90:0d:f6:2f:e2:5d:d3:
                    bb:21:1d:cd:b6:39:8f:87:1e:d8:b6:bb:02:83:13:
                    3c:1c:93:98:16:6a:04:d9:a1:a6:e6:32:db:12:1f:
                    bd:1c:c1:80:ba:f5:5d:73:73:0d:77:e1:2b:8e:e4:
                    b1:a7:c3:13:4e:bd:a1:2c:a6:40:1b:1f:12:73:d8:
                    cc:c3:d5:3b:50:90:bd:76:a2:c8:95:73:d6:44:eb:
                    0a:d7:7a:32:14:50:b6:21:26:ea:48:3f:66:ee:07:
                    e0:4a:d4:da:0d:18:40:d8:0c:d1:69:b8:a8:83:09:
                    20:50:70:e9:a4:89:cb:f6:9f:94:17:0e:d0:ed:1c:
                    a2:fb:fb:de:76:b7:dc:c0:e6:1c:17:97:a3:68:d9:
                    d6:f9:ae:7e:41:28:a1:f3:e1:1c:d9:25:b6:c1:40:
                    05:17:d1:17:f3:9f:02:2b:56:1e:a8:d7:d7:7f:86:
                    02:eb:6d:eb:62:a2:2c:d4:33:e3:24:49:82:d8:d4:
                    6b:a6:88:ca:ba:90:20:db:5b:c5:a8:c0:b4:74:c8:
                    92:e7:66:0a:f2:b1:e8:89:67:76:81:e3:c2:37:1d:
                    25:ba:5a:e2:52:58:6d:e5:61:99:01:ce:95:3f:1b:
                    90:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:CB:A0:D1:F2:A0:F8:AB:06:CC:1A:4A:10:D2:48:36:D7:52:E6:FC
            X509v3 Authority Key Identifier:
                keyid:C4:41:73:8B:AA:B9:88:B1:D6:86:93:BB:05:E2:9B:FB:B4:F0:F6:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/dcug0fKg-KsGzBpKENJINtdS5vw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:a680::/30

    Signature Algorithm: sha256WithRSAEncryption
         1c:96:04:0b:d5:9f:70:b7:ea:28:be:52:5f:bd:f9:dc:c0:23:
         98:58:1c:f0:3a:cf:8e:13:d6:74:09:72:ba:fb:16:49:31:4e:
         b7:6c:9c:35:7c:cf:1b:c2:33:b6:67:95:c6:8f:1b:ce:a0:f8:
         91:3d:49:ad:91:2e:e9:b9:c8:64:fe:c1:ab:f8:8e:a2:6b:de:
         f8:8a:10:8f:23:1f:80:d1:45:1e:9a:79:81:39:95:60:f8:5c:
         d5:a9:c4:5f:40:71:dd:b9:b0:0b:99:e1:c8:da:89:61:8f:d5:
         48:1a:2a:34:d2:91:f5:92:da:df:04:17:6c:7e:dd:c0:2c:02:
         7d:55:d5:9a:02:45:7f:48:2a:84:99:5a:a0:e0:4c:32:9b:0e:
         25:30:f5:2c:ec:44:2e:0e:42:38:a4:10:de:f3:c0:ee:7b:57:
         44:99:43:dc:35:0f:98:4c:bc:d6:9a:28:94:97:74:76:dc:1e:
         d1:fa:24:7a:26:b1:c6:4e:da:77:ab:5d:2c:0a:e9:da:2d:48:
         f5:59:ec:ee:d3:79:6f:a6:99:26:b3:ca:2b:1b:d3:7c:75:76:
         dc:3d:46:53:31:11:57:4f:8e:4f:8f:4d:53:74:3b:1c:17:18:
         9d:cf:97:a4:de:8b:b4:e3:b0:df:cf:dc:64:10:01:c4:98:d6:
         f6:79:d5:9c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQlITmH1dsXXbWQL3VfESbgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NDE3MzhiYWFiOTg4YjFkNjg2OTNiYjA1ZTI5YmZiYjRm
MGY2NzEwHhcNMjUwMTAyMDM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWNiYTBkMWYyYTBmOGFiMDZjYzFhNGExMGQyNDgzNmQ3NTJlNmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvhj7CKp7Ztq3th6vv3xxLLcOGrB
ipAN9i/iXdO7IR3NtjmPhx7YtrsCgxM8HJOYFmoE2aGm5jLbEh+9HMGAuvVdc3MN
d+ErjuSxp8MTTr2hLKZAGx8Sc9jMw9U7UJC9dqLIlXPWROsK13oyFFC2ISbqSD9m
7gfgStTaDRhA2AzRabiogwkgUHDppInL9p+UFw7Q7Ryi+/vedrfcwOYcF5ejaNnW
+a5+QSih8+Ec2SW2wUAFF9EX858CK1YeqNfXf4YC623rYqIs1DPjJEmC2NRrpojK
upAg21vFqMC0dMiS52YK8rHoiWd2gePCNx0lulriUlht5WGZAc6VPxuQNQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHXLoNHyoPirBswaShDSSDbXUub8MB8GA1UdIwQY
MBaAFMRBc4uquYix1oaTuwXim/u08PZxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEVGemk2cTVpTEhXaHBPN0JlS2ItN1R3OW5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9mODMxNGUtYTNiYy00NWU5LWE5ZjUt
NGM5OGQ5YTUxNDA1LzEvZGN1ZzBmS2ctS3NHekJwS0VOSklOdGRTNXZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9mODMxNGUtYTNiYy00NWU5LWE5ZjUtNGM5OGQ5YTUxNDA1
LzEveEVGemk2cTVpTEhXaHBPN0JlS2ItN1R3OW5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUCKgSmgDAN
BgkqhkiG9w0BAQsFAAOCAQEAHJYEC9WfcLfqKL5SX7353MAjmFgc8DrPjhPWdAly
uvsWSTFOt2ycNXzPG8IztmeVxo8bzqD4kT1JrZEu6bnIZP7Bq/iOomve+IoQjyMf
gNFFHpp5gTmVYPhc1anEX0Bx3bmwC5nhyNqJYY/VSBoqNNKR9ZLa3wQXbH7dwCwC
fVXVmgJFf0gqhJlaoOBMMpsOJTD1LOxELg5COKQQ3vPA7ntXRJlD3DUPmEy81poo
lJd0dtwe0fokeiaxxk7ad6tdLArp2i1I9Vns7tN5b6aZJrPKKxvTfHV23D1GUzER
V0+OT49NU3Q7HBcYnc+XpN6LtOOw38/cZBABxJjW9nnVnA==
-----END CERTIFICATE-----