Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/t42UC8WafyYUbKse29pHAJNNC3U.roa
File:                     t42UC8WafyYUbKse29pHAJNNC3U.roa (raw, json)
Hash identifier:          lr02hDQaPuYzPtIruWXPQrFa5MZSD1DM+ecJpTKvMac=
Subject key identifier:   B7:8D:94:0B:C5:9A:7F:26:14:6C:AB:1E:DB:DA:47:00:93:4D:0B:75
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       01942747F1A3694B3E6714DFD56394A4D225
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/t42UC8WafyYUbKse29pHAJNNC3U.roa
Signing time:             Thu 02 Jan 2025 13:50:13 +0000
ROA not before:           Thu 02 Jan 2025 13:50:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50013
IP address blocks:        2a01:5a8:2:2::/64 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:f1:a3:69:4b:3e:67:14:df:d5:63:94:a4:d2:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  2 13:50:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b78d940bc59a7f26146cab1edbda4700934d0b75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:cd:b8:05:1c:64:40:fc:6d:05:f1:e4:db:eb:
                    c1:f6:07:50:03:29:3f:07:4e:10:1b:ff:04:4d:fa:
                    cc:0f:08:34:f2:0b:2d:70:99:16:30:c4:df:7a:c7:
                    a7:aa:75:50:c1:c9:6c:b0:0c:3e:e1:ef:91:1c:d3:
                    74:e8:04:14:b9:e6:06:60:a1:fc:41:4b:2f:d9:f2:
                    73:81:09:16:a9:95:47:9e:87:ad:d1:6b:ea:75:a3:
                    f9:13:ee:8a:97:1e:31:d0:33:4d:5c:8f:67:57:18:
                    b6:66:95:de:99:3e:81:6c:b2:a5:fd:92:6b:f2:77:
                    2e:cd:0a:61:95:0e:23:e6:0b:77:9f:14:00:f9:29:
                    ca:14:fd:91:cf:a0:35:6d:11:0e:0d:4b:e4:48:d6:
                    4e:8d:1a:a1:5b:02:5e:74:cb:20:be:a2:03:aa:86:
                    df:67:36:5c:61:3a:ce:6f:1e:96:ef:5a:e0:1e:b7:
                    24:51:b3:a6:a5:e6:53:01:84:90:ba:e5:37:d3:7d:
                    b5:b8:7c:65:46:00:af:bb:18:a8:23:d3:30:f5:45:
                    5a:8b:58:f8:23:e2:ed:ce:a9:5a:a9:ef:f1:2c:1a:
                    ea:0f:8a:b2:39:83:01:38:33:ba:d1:e1:c8:d2:63:
                    5f:ab:8b:36:ba:5a:41:88:33:37:32:1d:f1:52:7a:
                    94:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:8D:94:0B:C5:9A:7F:26:14:6C:AB:1E:DB:DA:47:00:93:4D:0B:75
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/t42UC8WafyYUbKse29pHAJNNC3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:5a8:2:2::/64

    Signature Algorithm: sha256WithRSAEncryption
         14:01:2e:f5:79:23:52:1d:49:8d:ea:9b:a8:75:32:2c:85:ff:
         80:f6:00:5b:ca:44:1e:6e:87:9e:22:f3:43:7e:e6:67:76:f9:
         e8:4f:8a:4d:b0:55:e2:f7:40:e9:ff:20:e0:f6:c2:f9:c9:d2:
         61:d5:b9:2e:db:44:5c:81:e9:aa:80:0e:e9:ff:de:3e:e2:b5:
         a7:c0:4e:c8:ad:09:99:14:99:5a:1f:af:a6:94:dd:81:68:b1:
         df:5e:42:8f:03:fc:3f:a6:78:f4:af:0a:08:2a:87:c5:2b:78:
         af:78:64:76:1f:65:64:a3:9c:2b:67:af:14:33:ad:59:af:fa:
         4e:83:cd:fd:a7:7e:bd:aa:21:cb:94:89:d0:8e:da:b3:e6:5e:
         2c:68:bc:e1:41:a4:5a:51:57:f8:ca:64:3f:95:e4:ab:d5:08:
         df:52:e1:a4:f7:fc:7b:bf:65:c6:56:8c:26:52:9e:fe:40:da:
         b1:8f:82:2a:68:b7:45:e7:fc:ca:58:c0:22:1f:45:3b:60:f8:
         8c:1d:83:ee:49:b2:b2:2d:f5:42:d7:94:ff:d0:44:4f:46:b1:
         e5:eb:76:f4:0d:40:38:29:4c:2c:81:fe:2d:1b:62:a6:ed:ac:
         6e:50:b5:28:d5:fb:1b:bc:aa:2f:10:20:0e:72:cb:f4:d0:0f:
         13:99:19:ef
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZQnR/GjaUs+ZxTf1WOUpNIlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjUwMTAyMTM1MDEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzhkOTQwYmM1OWE3ZjI2MTQ2Y2FiMWVkYmRhNDcwMDkzNGQwYjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu824BRxkQPxtBfHk2+vB9gdQAyk/
B04QG/8ETfrMDwg08gstcJkWMMTfesenqnVQwclssAw+4e+RHNN06AQUueYGYKH8
QUsv2fJzgQkWqZVHnoet0WvqdaP5E+6Klx4x0DNNXI9nVxi2ZpXemT6BbLKl/ZJr
8ncuzQphlQ4j5gt3nxQA+SnKFP2Rz6A1bREODUvkSNZOjRqhWwJedMsgvqIDqobf
ZzZcYTrObx6W71rgHrckUbOmpeZTAYSQuuU30321uHxlRgCvuxioI9Mw9UVai1j4
I+Ltzqlaqe/xLBrqD4qyOYMBODO60eHI0mNfq4s2ulpBiDM3Mh3xUnqUTQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFLeNlAvFmn8mFGyrHtvaRwCTTQt1MB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvdDQyVUM4V2FmeVlVYktzZTI5cEhBSk5OQzNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAAjALAwkAKgEFqAAC
AAIwDQYJKoZIhvcNAQELBQADggEBABQBLvV5I1IdSY3qm6h1MiyF/4D2AFvKRB5u
h54i80N+5md2+ehPik2wVeL3QOn/IOD2wvnJ0mHVuS7bRFyB6aqADun/3j7itafA
TsitCZkUmVofr6aU3YFosd9eQo8D/D+mePSvCggqh8UreK94ZHYfZWSjnCtnrxQz
rVmv+k6Dzf2nfr2qIcuUidCO2rPmXixovOFBpFpRV/jKZD+V5KvVCN9S4aT3/Hu/
ZcZWjCZSnv5A2rGPgipot0Xn/MpYwCIfRTtg+Iwdg+5JsrIt9ULXlP/QRE9GseXr
dvQNQDgpTCyB/i0bYqbtrG5QtSjV+xu8qi8QIA5yy/TQDxOZGe8=
-----END CERTIFICATE-----