Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/aNjEb5eKDyYkgeaI_pw6s6Nyxio.roa
File:                     aNjEb5eKDyYkgeaI_pw6s6Nyxio.roa (raw, json)
Hash identifier:          LXIG7QItKisSD3lO6v16i6iN7S5ddhKshFToQIqNXAU=
Subject key identifier:   68:D8:C4:6F:97:8A:0F:26:24:81:E6:88:FE:9C:3A:B3:A3:72:C6:2A
Certificate issuer:       /CN=49f7c1a4677eb7826dae69de01a699b6201d6244
Certificate serial:       019420D5B821214580579CCD70DD092D3193
Authority key identifier: 49:F7:C1:A4:67:7E:B7:82:6D:AE:69:DE:01:A6:99:B6:20:1D:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SffBpGd-t4JtrmneAaaZtiAdYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/aNjEb5eKDyYkgeaI_pw6s6Nyxio.roa
Signing time:             Wed 01 Jan 2025 07:47:44 +0000
ROA not before:           Wed 01 Jan 2025 07:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        2a02:d480::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/SffBpGd-t4JtrmneAaaZtiAdYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/SffBpGd-t4JtrmneAaaZtiAdYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SffBpGd-t4JtrmneAaaZtiAdYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 04:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:b8:21:21:45:80:57:9c:cd:70:dd:09:2d:31:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49f7c1a4677eb7826dae69de01a699b6201d6244
        Validity
            Not Before: Jan  1 07:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68d8c46f978a0f262481e688fe9c3ab3a372c62a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:37:1c:30:27:1a:73:f9:fa:36:c3:81:64:e6:
                    49:5a:99:3c:a3:12:6a:74:f2:42:53:ee:b9:6a:81:
                    e3:e3:96:47:12:a1:df:4f:4e:a7:8b:98:2c:fc:76:
                    e1:b8:4d:ce:b5:9c:3a:67:5d:c8:26:33:c5:52:e1:
                    cc:53:ad:c2:ca:e4:b1:50:c0:d1:b4:0b:a8:56:af:
                    27:0c:38:2c:cc:b6:2a:1f:6d:db:ec:1d:e6:ce:bc:
                    69:14:9b:22:70:78:04:28:c8:42:ca:62:77:61:e8:
                    5b:ff:3e:6f:47:19:b9:00:3c:11:08:f8:12:71:80:
                    7c:d9:1a:47:d9:ba:d1:62:c8:3e:7b:3f:ec:bc:b1:
                    e9:00:d1:22:f5:df:07:0a:3a:39:b6:2d:24:5b:1e:
                    e6:50:67:cc:b2:c0:04:22:a2:30:44:78:49:55:31:
                    95:05:a1:6f:53:07:d0:41:c7:c8:7e:ca:77:e4:62:
                    6d:1e:cf:a4:ba:67:b3:40:cd:e3:fe:c2:c2:ae:a2:
                    3d:45:ab:01:4f:c5:33:87:c5:58:85:e6:af:ea:6b:
                    c3:06:6b:cc:79:96:f4:8c:6a:25:5c:05:8c:04:46:
                    ba:13:92:73:65:87:e5:21:2b:a0:0c:54:97:b4:16:
                    6b:39:d1:5a:57:fc:85:89:6a:7a:11:89:ec:56:4e:
                    55:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:D8:C4:6F:97:8A:0F:26:24:81:E6:88:FE:9C:3A:B3:A3:72:C6:2A
            X509v3 Authority Key Identifier:
                keyid:49:F7:C1:A4:67:7E:B7:82:6D:AE:69:DE:01:A6:99:B6:20:1D:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SffBpGd-t4JtrmneAaaZtiAdYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/aNjEb5eKDyYkgeaI_pw6s6Nyxio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/SffBpGd-t4JtrmneAaaZtiAdYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:d480::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:bf:17:50:85:1f:09:95:3a:3c:e2:27:ab:e7:b0:fe:1f:87:
         a9:06:d4:da:a0:65:2f:0f:1b:4a:29:76:3d:c7:f1:a0:e0:d3:
         b4:a6:56:b9:61:20:53:f7:af:d4:ac:da:03:3b:3c:b6:30:ba:
         85:d9:a4:8a:b0:26:e9:40:7c:4f:73:76:ab:95:28:f9:2b:47:
         e3:4e:ee:a6:cd:1c:4c:16:00:36:76:0d:62:c7:bd:86:56:b3:
         8a:0a:d9:54:d6:0f:f7:b8:42:ba:42:bd:bb:2e:d3:dc:28:23:
         6b:01:14:ff:07:2c:8b:b2:c2:4b:f8:5f:53:dc:2d:6f:03:79:
         88:ed:fb:44:bb:e4:4c:cb:51:e8:6f:c5:ad:c7:a0:c3:fc:85:
         17:f4:36:eb:99:fa:2c:b0:03:54:29:e7:ae:28:12:47:13:78:
         5b:fa:72:07:31:e9:74:a0:db:5f:67:8b:ec:5f:a9:5c:18:af:
         63:ff:b7:5a:db:99:b7:f0:88:ab:38:d3:ea:ad:2c:18:a8:38:
         15:9b:ea:25:58:1d:19:86:ab:5f:80:4d:99:57:04:d9:49:98:
         82:5d:ab:e1:ae:c5:2a:c5:a1:a0:dc:6a:63:28:af:e6:8c:92:
         c3:22:dc:3c:30:8c:80:fd:1d:42:f6:d1:40:0d:86:6f:9d:2f:
         fa:79:0f:7a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQg1bghIUWAV5zNcN0JLTGTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZjdjMWE0Njc3ZWI3ODI2ZGFlNjlkZTAxYTY5OWI2MjAx
ZDYyNDQwHhcNMjUwMTAxMDc0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGQ4YzQ2Zjk3OGEwZjI2MjQ4MWU2ODhmZTljM2FiM2EzNzJjNjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTccMCcac/n6NsOBZOZJWpk8oxJq
dPJCU+65aoHj45ZHEqHfT06ni5gs/HbhuE3OtZw6Z13IJjPFUuHMU63CyuSxUMDR
tAuoVq8nDDgszLYqH23b7B3mzrxpFJsicHgEKMhCymJ3Yehb/z5vRxm5ADwRCPgS
cYB82RpH2brRYsg+ez/svLHpANEi9d8HCjo5ti0kWx7mUGfMssAEIqIwRHhJVTGV
BaFvUwfQQcfIfsp35GJtHs+kumezQM3j/sLCrqI9RasBT8Uzh8VYheav6mvDBmvM
eZb0jGolXAWMBEa6E5JzZYflISugDFSXtBZrOdFaV/yFiWp6EYnsVk5VSwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGjYxG+Xig8mJIHmiP6cOrOjcsYqMB8GA1UdIwQY
MBaAFEn3waRnfreCba5p3gGmmbYgHWJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2ZmQnBHZC10NEp0cm1uZUFhYVp0aUFkWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS80ZGJkNjMtNzZiMS00YjAzLTlkZWEt
NTBjMTZiZGQ1YzI0LzEvYU5qRWI1ZUtEeVlrZ2VhSV9wdzZzNk55eGlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS80ZGJkNjMtNzZiMS00YjAzLTlkZWEtNTBjMTZiZGQ1YzI0
LzEvU2ZmQnBHZC10NEp0cm1uZUFhYVp0aUFkWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgLUgDAN
BgkqhkiG9w0BAQsFAAOCAQEAFr8XUIUfCZU6POInq+ew/h+HqQbU2qBlLw8bSil2
PcfxoODTtKZWuWEgU/ev1KzaAzs8tjC6hdmkirAm6UB8T3N2q5Uo+StH407ups0c
TBYANnYNYse9hlazigrZVNYP97hCukK9uy7T3CgjawEU/wcsi7LCS/hfU9wtbwN5
iO37RLvkTMtR6G/Frcegw/yFF/Q265n6LLADVCnnrigSRxN4W/pyBzHpdKDbX2eL
7F+pXBivY/+3WtuZt/CIqzjT6q0sGKg4FZvqJVgdGYarX4BNmVcE2UmYgl2r4a7F
KsWhoNxqYyiv5oySwyLcPDCMgP0dQvbRQA2Gb50v+nkPeg==
-----END CERTIFICATE-----