Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/KZxZSP8zxqhzvH1RhiZOsKLojdc.roa
File:                     KZxZSP8zxqhzvH1RhiZOsKLojdc.roa (raw, json)
Hash identifier:          79Za4ffHNm/35yqEIEXZzJt7VPi1r5OHEywYNdUL3rQ=
Subject key identifier:   29:9C:59:48:FF:33:C6:A8:73:BC:7D:51:86:26:4E:B0:A2:E8:8D:D7
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       019420D6300C8D5BAFFD04C8C19582F1A741
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/KZxZSP8zxqhzvH1RhiZOsKLojdc.roa
Signing time:             Wed 01 Jan 2025 07:48:15 +0000
ROA not before:           Wed 01 Jan 2025 07:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212001
IP address blocks:        2a0d:f407:1023::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:30:0c:8d:5b:af:fd:04:c8:c1:95:82:f1:a7:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  1 07:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=299c5948ff33c6a873bc7d5186264eb0a2e88dd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f1:11:fa:12:aa:90:55:50:05:d8:ea:4b:16:
                    ce:41:91:92:44:a4:5f:07:96:ec:b2:08:ec:7c:d5:
                    ee:1b:18:3d:73:74:07:ae:67:a6:79:77:33:20:13:
                    00:11:ae:11:1e:1a:0f:b4:88:c9:cb:4a:90:67:2a:
                    9a:0f:c3:9f:a7:6c:2d:fc:fa:e2:08:78:ee:d7:82:
                    5b:fe:0d:a9:98:a9:a3:75:ed:07:1d:e8:7b:9f:97:
                    8e:57:15:b1:c4:48:af:f9:34:e2:63:12:b8:39:88:
                    c8:ac:b0:52:e4:b6:d6:bf:18:6d:e2:45:7d:2a:dd:
                    3d:9a:90:f5:5d:8e:4b:4a:9f:e6:39:e8:8b:69:12:
                    77:11:25:58:72:71:69:7f:9c:fc:76:f7:5f:cf:c1:
                    9c:f1:e7:93:ce:9d:b9:c9:ea:c2:ec:2d:42:54:98:
                    17:f3:01:a6:93:1a:ee:e2:a2:ed:e5:64:6a:0d:70:
                    f8:d4:e3:24:7b:23:b6:18:35:88:cb:01:2f:64:0f:
                    ce:17:60:57:52:38:5b:ec:55:8b:07:82:8e:99:64:
                    32:46:e3:3c:99:e7:5c:23:17:6e:88:4f:29:75:56:
                    18:7d:93:e9:73:3c:1d:3c:cc:7e:38:d7:2f:c4:70:
                    17:f4:d3:d8:21:4f:b5:b2:8b:df:59:7d:b5:d8:01:
                    80:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:9C:59:48:FF:33:C6:A8:73:BC:7D:51:86:26:4E:B0:A2:E8:8D:D7
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/KZxZSP8zxqhzvH1RhiZOsKLojdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:f407:1023::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:81:3f:c0:52:be:9f:51:0d:db:d7:c0:68:c4:92:30:a1:eb:
         55:de:41:69:92:db:13:11:65:89:2f:9a:e4:2b:c7:7a:d3:99:
         fe:22:b9:ac:01:31:10:e7:62:8c:78:e4:c5:e6:9f:c2:8e:96:
         07:5a:1e:ca:5a:e4:8e:33:47:42:a9:e5:c7:f1:12:77:7f:ec:
         49:5e:f1:4d:2b:94:c0:41:64:75:d1:01:00:11:f2:f8:70:3b:
         1d:3f:e8:12:c3:de:23:e4:5d:69:39:d2:07:38:e7:93:32:75:
         5f:27:3c:7c:44:6f:dd:1b:dc:8c:7f:75:02:f0:38:3d:57:47:
         40:7a:1a:f5:14:8d:05:10:4b:06:68:0e:53:50:94:ed:a6:c6:
         63:3a:b0:c0:b1:bc:1f:bb:02:57:ab:5d:f4:1b:1c:82:15:ec:
         57:b4:f8:2b:44:41:80:02:14:b4:c9:93:d4:58:6d:4a:de:6b:
         ef:58:25:f7:4d:e3:d8:6e:ee:31:5f:eb:af:11:bd:46:2a:94:
         bb:a8:69:16:bd:f3:64:2b:47:3a:64:06:2e:85:c4:b2:27:f6:
         f8:27:6d:93:12:f4:ab:80:36:f4:3d:d6:86:96:81:89:92:c7:
         22:04:6e:9a:70:23:13:70:e2:68:f9:df:1c:ca:94:df:33:73:
         ea:63:ad:65
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1jAMjVuv/QTIwZWC8adBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjUwMTAxMDc0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTljNTk0OGZmMzNjNmE4NzNiYzdkNTE4NjI2NGViMGEyZTg4ZGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfER+hKqkFVQBdjqSxbOQZGSRKRf
B5bssgjsfNXuGxg9c3QHrmemeXczIBMAEa4RHhoPtIjJy0qQZyqaD8Ofp2wt/Pri
CHju14Jb/g2pmKmjde0HHeh7n5eOVxWxxEiv+TTiYxK4OYjIrLBS5LbWvxht4kV9
Kt09mpD1XY5LSp/mOeiLaRJ3ESVYcnFpf5z8dvdfz8Gc8eeTzp25yerC7C1CVJgX
8wGmkxru4qLt5WRqDXD41OMkeyO2GDWIywEvZA/OF2BXUjhb7FWLB4KOmWQyRuM8
medcIxduiE8pdVYYfZPpczwdPMx+ONcvxHAX9NPYIU+1sovfWX212AGASQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCmcWUj/M8aoc7x9UYYmTrCi6I3XMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvS1p4WlNQOHp4cWh6dkgxUmhpWk9zS0xvamRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg30BxAj
MA0GCSqGSIb3DQEBCwUAA4IBAQBDgT/AUr6fUQ3b18BoxJIwoetV3kFpktsTEWWJ
L5rkK8d605n+IrmsATEQ52KMeOTF5p/CjpYHWh7KWuSOM0dCqeXH8RJ3f+xJXvFN
K5TAQWR10QEAEfL4cDsdP+gSw94j5F1pOdIHOOeTMnVfJzx8RG/dG9yMf3UC8Dg9
V0dAehr1FI0FEEsGaA5TUJTtpsZjOrDAsbwfuwJXq130GxyCFexXtPgrREGAAhS0
yZPUWG1K3mvvWCX3TePYbu4xX+uvEb1GKpS7qGkWvfNkK0c6ZAYuhcSyJ/b4J22T
EvSrgDb0PdaGloGJksciBG6acCMTcOJo+d8cypTfM3PqY61l
-----END CERTIFICATE-----