Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/BmpGigL7yj_vU4YrBcCEXhWHHbI.roa
File:                     BmpGigL7yj_vU4YrBcCEXhWHHbI.roa (raw, json)
Hash identifier:          Ppbu0DUb3G/J7ntuuCJmNlJLWLrlVFHUquuws77rxcY=
Subject key identifier:   06:6A:46:8A:02:FB:CA:3F:EF:53:86:2B:05:C0:84:5E:15:87:1D:B2
Certificate issuer:       /CN=1b982883e1dfbf4633e08c0b58c85e89ffc32101
Certificate serial:       0194274843315B4E444BE818602D9065C5E9
Authority key identifier: 1B:98:28:83:E1:DF:BF:46:33:E0:8C:0B:58:C8:5E:89:FF:C3:21:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G5gog-Hfv0Yz4IwLWMheif_DIQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/BmpGigL7yj_vU4YrBcCEXhWHHbI.roa
Signing time:             Thu 02 Jan 2025 13:50:34 +0000
ROA not before:           Thu 02 Jan 2025 13:50:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42244
IP address blocks:        2a04:b540:1000::/36 maxlen: 36
                          2a04:b540:2000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/G5gog-Hfv0Yz4IwLWMheif_DIQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/G5gog-Hfv0Yz4IwLWMheif_DIQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G5gog-Hfv0Yz4IwLWMheif_DIQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 22:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:43:31:5b:4e:44:4b:e8:18:60:2d:90:65:c5:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b982883e1dfbf4633e08c0b58c85e89ffc32101
        Validity
            Not Before: Jan  2 13:50:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=066a468a02fbca3fef53862b05c0845e15871db2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e8:f7:21:be:29:47:1c:9f:28:8c:b7:0a:fd:
                    03:48:c9:82:e6:48:8b:87:b7:53:a2:b2:e9:a1:cf:
                    ca:aa:c4:44:1a:f7:24:02:44:e5:fd:ad:45:3b:2b:
                    12:cf:04:53:cd:77:32:42:45:8f:a7:a2:db:75:e7:
                    9e:6c:ad:e2:a6:85:75:5d:3a:94:e2:1c:3e:1a:8d:
                    20:2f:8b:2b:0b:07:79:0d:9f:2b:51:df:79:24:50:
                    e8:54:1d:1c:ab:36:11:d3:05:58:04:73:3b:d8:bf:
                    53:a2:ff:e4:68:1c:7c:79:5b:ed:37:49:35:fc:25:
                    88:0e:13:af:d6:22:f3:bd:2b:b4:fc:13:37:74:ec:
                    40:16:e6:1e:75:92:f8:1f:c0:fa:91:ad:9f:49:71:
                    77:7e:05:30:2f:72:d3:2a:7a:f4:f1:64:42:38:f6:
                    ac:53:16:15:7b:03:4e:1e:56:b7:4d:88:7e:2e:81:
                    fe:22:f7:7a:20:45:3b:85:51:1b:51:ba:9f:82:a1:
                    ce:b5:a9:29:d6:df:a5:22:a6:72:53:6e:a5:11:8b:
                    37:07:27:bb:a8:ff:36:3e:8b:54:ab:d1:cf:0e:2b:
                    6b:e9:24:10:fc:46:7f:32:ec:06:b6:91:a5:06:a7:
                    05:1a:83:c7:cf:e3:54:09:84:d4:8a:7e:cd:b2:88:
                    fe:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:6A:46:8A:02:FB:CA:3F:EF:53:86:2B:05:C0:84:5E:15:87:1D:B2
            X509v3 Authority Key Identifier:
                keyid:1B:98:28:83:E1:DF:BF:46:33:E0:8C:0B:58:C8:5E:89:FF:C3:21:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G5gog-Hfv0Yz4IwLWMheif_DIQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/BmpGigL7yj_vU4YrBcCEXhWHHbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/G5gog-Hfv0Yz4IwLWMheif_DIQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b540:1000::-2a04:b540:2fff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         05:3d:6d:fb:d5:9b:af:d1:b8:f3:1f:9e:72:e3:85:8c:11:c9:
         3e:0b:e0:b6:58:34:05:ab:56:c8:e9:c1:ad:46:8f:86:c2:91:
         1c:5d:9c:27:11:5f:5b:56:0d:98:ee:9f:66:41:c8:de:34:dc:
         d5:ca:7b:f9:3c:90:2f:dc:b6:c8:b5:db:85:7b:9f:67:f6:23:
         4b:76:7d:49:1c:09:48:a1:f4:bf:45:74:3c:f0:a0:87:8a:f7:
         78:cd:77:eb:ba:ba:02:72:80:f9:2e:c4:89:99:8a:2e:46:98:
         6d:45:83:48:33:e5:a1:78:08:f8:8d:3a:85:12:21:9e:cc:e8:
         7b:1c:8c:d4:4f:ad:e4:80:59:4c:84:60:d8:4a:4b:55:d6:1e:
         0a:4c:11:8c:28:7f:18:ab:a1:6a:73:33:b6:a4:f1:5d:36:3f:
         d7:7e:9e:a4:6a:f0:81:a4:48:ec:7e:16:ba:f7:59:20:c8:27:
         c0:65:8b:66:99:ba:6c:84:3b:67:30:dd:bc:5e:a4:5d:35:88:
         5c:bc:3a:b9:d0:53:14:5a:d9:86:7b:1b:de:55:46:6e:17:fa:
         ca:93:e6:c3:7a:05:3b:fc:ab:7b:bb:c2:8a:28:b1:04:4e:b1:
         08:a5:9b:e3:b2:70:23:4e:49:13:6f:4c:50:70:c9:43:4d:de:
         08:e3:d3:a1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQnSEMxW05ES+gYYC2QZcXpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOTgyODgzZTFkZmJmNDYzM2UwOGMwYjU4Yzg1ZTg5ZmZj
MzIxMDEwHhcNMjUwMTAyMTM1MDM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjZhNDY4YTAyZmJjYTNmZWY1Mzg2MmIwNWMwODQ1ZTE1ODcxZGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+j3Ib4pRxyfKIy3Cv0DSMmC5kiL
h7dTorLpoc/KqsREGvckAkTl/a1FOysSzwRTzXcyQkWPp6LbdeeebK3ipoV1XTqU
4hw+Go0gL4srCwd5DZ8rUd95JFDoVB0cqzYR0wVYBHM72L9Tov/kaBx8eVvtN0k1
/CWIDhOv1iLzvSu0/BM3dOxAFuYedZL4H8D6ka2fSXF3fgUwL3LTKnr08WRCOPas
UxYVewNOHla3TYh+LoH+Ivd6IEU7hVEbUbqfgqHOtakp1t+lIqZyU26lEYs3Bye7
qP82PotUq9HPDitr6SQQ/EZ/MuwGtpGlBqcFGoPHz+NUCYTUin7Nsoj+XQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAZqRooC+8o/71OGKwXAhF4Vhx2yMB8GA1UdIwQY
MBaAFBuYKIPh379GM+CMC1jIXon/wyEBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzVnb2ctSGZ2MFl6NEl3TFdNaGVpZl9ESVFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS81Nzg2MGEtZGQ1ZS00NmU4LTllY2It
ZDA3OGVlYzgyYjJhLzEvQm1wR2lnTDd5al92VTRZckJjQ0VYaFdISGJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS81Nzg2MGEtZGQ1ZS00NmU4LTllY2ItZDA3OGVlYzgyYjJh
LzEvRzVnb2ctSGZ2MFl6NEl3TFdNaGVpZl9ESVFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASMBADBgQqBLVA
EAMGBCoEtUAgMA0GCSqGSIb3DQEBCwUAA4IBAQAFPW371Zuv0bjzH55y44WMEck+
C+C2WDQFq1bI6cGtRo+GwpEcXZwnEV9bVg2Y7p9mQcjeNNzVynv5PJAv3LbItduF
e59n9iNLdn1JHAlIofS/RXQ88KCHivd4zXfruroCcoD5LsSJmYouRphtRYNIM+Wh
eAj4jTqFEiGezOh7HIzUT63kgFlMhGDYSktV1h4KTBGMKH8Yq6FqczO2pPFdNj/X
fp6kavCBpEjsfha691kgyCfAZYtmmbpshDtnMN28XqRdNYhcvDq50FMUWtmGexve
VUZuF/rKk+bDegU7/Kt7u8KKKLEETrEIpZvjsnAjTkkTb0xQcMlDTd4I49Oh
-----END CERTIFICATE-----