Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/qy2YkDqljayW8L1eKrjgUU5sPyQ.roa
File:                     qy2YkDqljayW8L1eKrjgUU5sPyQ.roa (raw, json)
Hash identifier:          AsWZRC0AXC3FY0BmIha8yHFLeU4GKo6EqdCK1jqHGe4=
Subject key identifier:   AB:2D:98:90:3A:A5:8D:AC:96:F0:BD:5E:2A:B8:E0:51:4E:6C:3F:24
Certificate issuer:       /CN=53c35ca83fcdf71b244ed803ac468e1453d8268f
Certificate serial:       019421B24E8AFA1380F8D6FAA6FB4D4CA86C
Authority key identifier: 53:C3:5C:A8:3F:CD:F7:1B:24:4E:D8:03:AC:46:8E:14:53:D8:26:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U8NcqD_N9xskTtgDrEaOFFPYJo8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/qy2YkDqljayW8L1eKrjgUU5sPyQ.roa
Signing time:             Wed 01 Jan 2025 11:48:41 +0000
ROA not before:           Wed 01 Jan 2025 11:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49981
IP address blocks:        2a12:e341::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/U8NcqD_N9xskTtgDrEaOFFPYJo8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/U8NcqD_N9xskTtgDrEaOFFPYJo8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U8NcqD_N9xskTtgDrEaOFFPYJo8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:4e:8a:fa:13:80:f8:d6:fa:a6:fb:4d:4c:a8:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53c35ca83fcdf71b244ed803ac468e1453d8268f
        Validity
            Not Before: Jan  1 11:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab2d98903aa58dac96f0bd5e2ab8e0514e6c3f24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:97:8b:82:61:ff:88:bb:4a:88:81:c1:b7:d8:
                    2f:d5:ca:5f:8e:d2:54:d2:2a:8f:8a:5e:60:df:bd:
                    89:75:4d:a0:de:99:7a:24:64:97:fd:89:cd:d5:b4:
                    32:7a:46:16:a7:30:a1:2b:6d:7b:68:7f:61:af:8a:
                    24:d2:40:43:eb:99:8a:ad:c1:19:ca:17:bd:93:c6:
                    b5:3b:b4:e5:d6:50:40:30:d6:62:55:59:b9:31:ea:
                    aa:2a:d0:27:9d:88:46:7c:ba:14:d9:16:d4:f9:b4:
                    d3:56:17:fb:a5:f8:85:e9:ec:88:e7:f7:7d:20:e2:
                    c0:5f:d6:0d:25:a1:35:64:1c:b7:bd:ef:ec:d5:51:
                    36:24:30:87:a0:3c:ae:9c:53:3c:22:78:fb:8e:4a:
                    72:13:a2:bc:98:9d:35:85:c7:b3:34:16:71:4c:87:
                    cb:f3:6f:a5:9a:eb:53:b8:bc:48:41:05:6c:de:95:
                    1d:be:cd:1d:78:39:60:2e:9a:28:60:40:9f:20:b8:
                    c8:1d:1a:d8:6f:64:21:83:32:06:cb:1f:c6:6d:28:
                    ca:44:97:12:14:f8:1d:06:02:fd:03:0c:0b:82:e4:
                    63:46:69:49:51:f7:1c:38:32:ce:17:9f:70:7f:e9:
                    7c:5a:7d:05:7c:39:04:f6:ab:53:74:b5:6c:c9:a5:
                    68:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:2D:98:90:3A:A5:8D:AC:96:F0:BD:5E:2A:B8:E0:51:4E:6C:3F:24
            X509v3 Authority Key Identifier:
                keyid:53:C3:5C:A8:3F:CD:F7:1B:24:4E:D8:03:AC:46:8E:14:53:D8:26:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U8NcqD_N9xskTtgDrEaOFFPYJo8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/qy2YkDqljayW8L1eKrjgUU5sPyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/U8NcqD_N9xskTtgDrEaOFFPYJo8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:e341::/32

    Signature Algorithm: sha256WithRSAEncryption
         b4:94:7e:9e:bc:87:2f:f3:1a:f6:f6:76:71:32:3a:1a:3f:f0:
         94:79:0b:03:29:d9:f2:1e:ee:01:36:9a:5e:a0:26:97:1c:23:
         95:67:8f:73:8f:75:e8:09:04:a2:d0:60:f0:6c:62:fc:7e:98:
         30:3a:55:96:d7:2f:53:fc:aa:44:0e:24:d5:56:f7:26:67:98:
         51:34:db:97:a0:bc:15:66:2e:c1:2e:d7:8c:6f:35:b1:be:ab:
         94:c5:03:fc:75:81:83:5a:e3:34:e6:80:88:1c:44:67:d4:cb:
         6e:03:ad:03:4e:6b:4a:1c:f4:e7:44:47:d9:4d:d1:d8:b7:11:
         3c:65:6c:fd:e2:f8:8f:3a:18:4c:1f:77:56:7e:02:2f:22:53:
         4c:7b:01:90:59:08:15:ba:f2:60:0c:3f:da:16:ee:73:c8:19:
         14:e5:53:4b:fc:76:5a:1d:76:48:7b:2a:c5:d9:ae:1e:75:c1:
         9d:14:c8:b4:f9:6c:28:0d:93:df:52:be:02:cf:ba:de:73:12:
         b0:40:45:e8:e6:13:0f:00:c4:15:a8:39:07:08:8e:75:79:ce:
         c5:d2:7b:4c:4e:fe:90:84:d5:c2:21:b0:ca:d1:0f:30:8e:5e:
         0b:30:78:f1:dc:e2:ae:80:07:64:20:3a:bf:87:4e:f9:18:13:
         8d:e6:6b:05
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQhsk6K+hOA+Nb6pvtNTKhsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYzM1Y2E4M2ZjZGY3MWIyNDRlZDgwM2FjNDY4ZTE0NTNk
ODI2OGYwHhcNMjUwMTAxMTE0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjJkOTg5MDNhYTU4ZGFjOTZmMGJkNWUyYWI4ZTA1MTRlNmMzZjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspeLgmH/iLtKiIHBt9gv1cpfjtJU
0iqPil5g372JdU2g3pl6JGSX/YnN1bQyekYWpzChK217aH9hr4ok0kBD65mKrcEZ
yhe9k8a1O7Tl1lBAMNZiVVm5MeqqKtAnnYhGfLoU2RbU+bTTVhf7pfiF6eyI5/d9
IOLAX9YNJaE1ZBy3ve/s1VE2JDCHoDyunFM8Inj7jkpyE6K8mJ01hcezNBZxTIfL
82+lmutTuLxIQQVs3pUdvs0deDlgLpooYECfILjIHRrYb2QhgzIGyx/GbSjKRJcS
FPgdBgL9AwwLguRjRmlJUfccODLOF59wf+l8Wn0FfDkE9qtTdLVsyaVoPQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKstmJA6pY2slvC9Xiq44FFObD8kMB8GA1UdIwQY
MBaAFFPDXKg/zfcbJE7YA6xGjhRT2CaPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVThOY3FEX045eHNrVHRnRHJFYU9GRlBZSm84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9mZWYyZTAtYmEzNy00ODEyLTk1YWQt
NDExYTI3MTIxNjRkLzEvcXkyWWtEcWxqYXlXOEwxZUtyamdVVTVzUHlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9mZWYyZTAtYmEzNy00ODEyLTk1YWQtNDExYTI3MTIxNjRk
LzEvVThOY3FEX045eHNrVHRnRHJFYU9GRlBZSm84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhLjQTAN
BgkqhkiG9w0BAQsFAAOCAQEAtJR+nryHL/Ma9vZ2cTI6Gj/wlHkLAynZ8h7uATaa
XqAmlxwjlWePc4916AkEotBg8Gxi/H6YMDpVltcvU/yqRA4k1Vb3JmeYUTTbl6C8
FWYuwS7XjG81sb6rlMUD/HWBg1rjNOaAiBxEZ9TLbgOtA05rShz050RH2U3R2LcR
PGVs/eL4jzoYTB93Vn4CLyJTTHsBkFkIFbryYAw/2hbuc8gZFOVTS/x2Wh12SHsq
xdmuHnXBnRTItPlsKA2T31K+As+63nMSsEBF6OYTDwDEFag5BwiOdXnOxdJ7TE7+
kITVwiGwytEPMI5eCzB48dziroAHZCA6v4dO+RgTjeZrBQ==
-----END CERTIFICATE-----