Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/1-x5VhpS08GK5A7tuxbLxr8zXcj4.roa
File:                     1-x5VhpS08GK5A7tuxbLxr8zXcj4.roa (raw, json)
Hash identifier:          3p+MYajGNxPx31drY6cEECmwI9RJtUbtvUH0r7qf91o=
Subject key identifier:   FB:1E:55:86:94:B4:F0:62:B9:03:BB:6E:C5:B2:F1:AF:CC:D7:72:3E
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       019425FDDDB3823E05B0218B54C6E47074C8
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/1-x5VhpS08GK5A7tuxbLxr8zXcj4.roa
Signing time:             Thu 02 Jan 2025 07:49:41 +0000
ROA not before:           Thu 02 Jan 2025 07:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204604
IP address blocks:        2a06:e881:4001::/48 maxlen: 48
                          2a06:e881:4002::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:dd:b3:82:3e:05:b0:21:8b:54:c6:e4:70:74:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 07:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb1e558694b4f062b903bb6ec5b2f1afccd7723e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:12:ed:83:97:5e:15:10:9a:93:a4:bb:e7:c0:
                    45:08:9f:01:34:da:b4:ec:bf:3b:da:1f:52:8e:db:
                    38:ac:c1:65:72:09:d2:78:5f:b9:79:29:98:6e:4c:
                    ab:5b:fb:10:c5:b6:8f:8d:fc:73:0d:3d:b1:d2:5a:
                    fc:9a:ac:04:60:cf:ca:19:66:d5:a7:e9:d3:05:9f:
                    99:03:ce:2e:43:f5:2e:18:6d:33:8a:7f:b0:a7:df:
                    d9:16:cc:38:c9:5b:9d:95:6b:0b:4f:d5:d3:be:e1:
                    d0:64:4b:40:1e:bb:a7:62:b1:f6:40:47:4c:62:6c:
                    6c:5c:71:4c:39:c5:14:66:bd:fb:b9:45:ac:f9:af:
                    52:c0:3a:5c:ce:38:22:6c:7e:92:f8:be:3a:9a:32:
                    5d:c1:17:83:eb:03:c2:54:33:cd:8c:25:83:b2:ea:
                    22:43:0f:c7:56:7d:36:98:b4:d9:ab:2e:78:02:a5:
                    b4:7c:6c:3e:7b:68:b2:80:00:3c:7c:a6:6a:29:92:
                    3c:86:db:06:bb:5e:09:9c:f9:9c:e1:64:38:21:aa:
                    77:99:eb:79:dd:0a:3c:69:7a:ef:0c:a3:88:4c:d7:
                    44:74:ea:65:cd:f8:84:24:2f:50:6f:07:1c:b0:95:
                    77:cc:47:b7:1f:e6:2b:39:29:23:0d:c0:7e:27:e1:
                    44:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:1E:55:86:94:B4:F0:62:B9:03:BB:6E:C5:B2:F1:AF:CC:D7:72:3E
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/1-x5VhpS08GK5A7tuxbLxr8zXcj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:4001::-2a06:e881:4002:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         3c:04:f7:cd:bc:81:4a:9c:e1:bb:da:c2:85:a9:2f:a3:c6:c0:
         72:de:60:37:f7:83:91:3e:e1:a6:cb:0f:eb:a8:8e:c9:f8:19:
         42:9a:b3:ef:6d:92:e2:21:b3:bf:b9:7d:26:75:26:9a:e6:9c:
         18:3c:52:ac:b3:9e:7d:59:43:6b:2a:54:be:40:63:09:1b:a5:
         79:05:d2:4f:ee:44:8c:a9:73:46:58:d6:be:75:c6:5b:f3:16:
         33:d0:d9:a7:03:3a:d3:66:c7:0f:a7:1a:61:31:5a:ad:95:c2:
         b4:61:8a:91:90:e9:ff:98:a5:95:2f:16:a9:3b:64:de:e1:d7:
         af:73:26:ef:90:fd:45:5c:33:be:90:55:83:85:fa:e4:8b:60:
         92:4b:0a:3e:5e:29:67:4f:3f:32:9c:b0:e6:8e:e1:4a:cc:5f:
         f4:3f:8b:82:16:ca:6d:7d:97:96:e4:66:11:20:30:bd:fc:27:
         7e:48:12:60:03:93:d1:99:61:d0:b1:96:cc:8d:04:00:e6:b7:
         bf:32:51:02:cb:ea:3d:b6:d8:34:89:bb:70:29:b2:cc:c3:d5:
         0b:e1:3e:b3:3c:3a:9d:d3:d0:23:7c:66:3e:7e:ec:50:06:06:
         7c:23:31:fc:ca:04:39:ea:8b:80:f8:ab:70:2a:c9:46:56:be:
         06:5d:ba:84
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/d2zgj4FsCGLVMbkcHTIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjUwMTAyMDc0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjFlNTU4Njk0YjRmMDYyYjkwM2JiNmVjNWIyZjFhZmNjZDc3MjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hLtg5deFRCak6S758BFCJ8BNNq0
7L872h9Sjts4rMFlcgnSeF+5eSmYbkyrW/sQxbaPjfxzDT2x0lr8mqwEYM/KGWbV
p+nTBZ+ZA84uQ/UuGG0zin+wp9/ZFsw4yVudlWsLT9XTvuHQZEtAHrunYrH2QEdM
YmxsXHFMOcUUZr37uUWs+a9SwDpczjgibH6S+L46mjJdwReD6wPCVDPNjCWDsuoi
Qw/HVn02mLTZqy54AqW0fGw+e2iygAA8fKZqKZI8htsGu14JnPmc4WQ4Iap3met5
3Qo8aXrvDKOITNdEdOplzfiEJC9QbwccsJV3zEe3H+YrOSkjDcB+J+FEHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPseVYaUtPBiuQO7bsWy8a/M13I+MB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvMS14NVZocFMwOEdLNUE3dHV4Ykx4cjh6WGNqNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOWIvMWU0M2U0LWQwNmUtNGE1NS1iZGI2LTNkOTFlZGU1YjJi
MS8xL3VBZExRWjZ0VE9fcUx5clN3bG5aZU1YdGVWUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAtBggrBgEFBQcBBwEB/wQeMBwwGgQCAAIwFDASAwcAKgbo
gUABAwcAKgbogUACMA0GCSqGSIb3DQEBCwUAA4IBAQA8BPfNvIFKnOG72sKFqS+j
xsBy3mA394ORPuGmyw/rqI7J+BlCmrPvbZLiIbO/uX0mdSaa5pwYPFKss559WUNr
KlS+QGMJG6V5BdJP7kSMqXNGWNa+dcZb8xYz0NmnAzrTZscPpxphMVqtlcK0YYqR
kOn/mKWVLxapO2Te4devcybvkP1FXDO+kFWDhfrki2CSSwo+XilnTz8ynLDmjuFK
zF/0P4uCFsptfZeW5GYRIDC9/Cd+SBJgA5PRmWHQsZbMjQQA5re/MlECy+o9ttg0
ibtwKbLMw9UL4T6zPDqd09AjfGY+fuxQBgZ8IzH8ygQ56ouA+KtwKslGVr4GXbqE
-----END CERTIFICATE-----