Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/2fd20a-53ae-4bea-80c9-03f23a73941d/1/t1D8WcZZnzqJuCrc2wQ7cw0wRmQ.roa
File:                     t1D8WcZZnzqJuCrc2wQ7cw0wRmQ.roa (raw, json)
Hash identifier:          vevggXMbyMvGr4MH92p9uOdv+lx11daC42qLpllimKs=
Subject key identifier:   B7:50:FC:59:C6:59:9F:3A:89:B8:2A:DC:DB:04:3B:73:0D:30:46:64
Certificate issuer:       /CN=8a1f0ad5572bae26e39c8740c68a8fbb46ee4864
Certificate serial:       019425FD9092E88C47DBB577804A5658A1DF
Authority key identifier: 8A:1F:0A:D5:57:2B:AE:26:E3:9C:87:40:C6:8A:8F:BB:46:EE:48:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ih8K1VcrribjnIdAxoqPu0buSGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/2fd20a-53ae-4bea-80c9-03f23a73941d/1/t1D8WcZZnzqJuCrc2wQ7cw0wRmQ.roa
Signing time:             Thu 02 Jan 2025 07:49:22 +0000
ROA not before:           Thu 02 Jan 2025 07:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201634
IP address blocks:        2a05:c180::/32 maxlen: 32
                          2a05:c181::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/2fd20a-53ae-4bea-80c9-03f23a73941d/1/ih8K1VcrribjnIdAxoqPu0buSGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/2fd20a-53ae-4bea-80c9-03f23a73941d/1/ih8K1VcrribjnIdAxoqPu0buSGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ih8K1VcrribjnIdAxoqPu0buSGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:90:92:e8:8c:47:db:b5:77:80:4a:56:58:a1:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a1f0ad5572bae26e39c8740c68a8fbb46ee4864
        Validity
            Not Before: Jan  2 07:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b750fc59c6599f3a89b82adcdb043b730d304664
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:e4:4b:01:92:bc:47:58:e4:d9:a1:ea:61:fb:
                    67:03:8e:fa:71:28:7d:14:b7:e3:db:16:46:71:9b:
                    e6:62:50:01:87:2c:e1:60:2a:79:25:f6:e9:99:c5:
                    7b:99:c5:9b:01:e0:68:a9:a0:24:ca:cc:62:12:09:
                    9c:58:58:71:53:f1:f0:b8:63:4d:6e:19:d7:5e:61:
                    2f:e8:12:c8:75:4a:a7:34:33:22:61:b3:b9:cb:97:
                    dc:0d:2d:2d:06:e5:1d:43:11:05:24:5c:b0:35:9b:
                    06:ca:d5:09:8e:0a:f6:bb:10:b2:82:e0:c7:6d:b3:
                    1a:5e:5c:3b:d7:76:73:0e:85:67:c2:37:3b:db:76:
                    bd:e9:b1:15:84:5b:3e:24:1a:01:38:17:3c:3f:6d:
                    75:f7:e2:94:95:3c:64:27:e9:5c:f1:52:34:99:9c:
                    7b:72:bc:d6:a7:e4:cf:d7:32:71:6d:ea:01:de:33:
                    e5:0c:7e:4f:06:56:82:26:72:5f:42:6e:5b:d5:f9:
                    82:45:bb:a3:9e:1d:10:ce:d1:05:00:04:c3:a2:da:
                    6e:6b:83:86:42:58:91:e9:d5:fb:28:74:18:25:ec:
                    24:d4:7b:3f:33:b3:5c:94:64:67:65:81:78:11:5b:
                    73:cb:24:12:0d:64:7f:55:a4:85:0a:90:37:5c:14:
                    73:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:50:FC:59:C6:59:9F:3A:89:B8:2A:DC:DB:04:3B:73:0D:30:46:64
            X509v3 Authority Key Identifier:
                keyid:8A:1F:0A:D5:57:2B:AE:26:E3:9C:87:40:C6:8A:8F:BB:46:EE:48:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ih8K1VcrribjnIdAxoqPu0buSGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/2fd20a-53ae-4bea-80c9-03f23a73941d/1/t1D8WcZZnzqJuCrc2wQ7cw0wRmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/2fd20a-53ae-4bea-80c9-03f23a73941d/1/ih8K1VcrribjnIdAxoqPu0buSGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:c180::/31

    Signature Algorithm: sha256WithRSAEncryption
         98:42:d6:36:f8:d5:bb:24:e7:ea:27:32:f6:fd:ac:27:59:ac:
         05:cd:72:59:3b:f8:54:2c:b3:f5:fb:38:16:30:96:6f:ec:9c:
         36:aa:cc:8a:ab:93:20:36:82:53:45:a4:61:a6:d3:8e:34:40:
         63:d7:ea:02:4d:08:34:4f:b9:87:94:bd:b2:d8:dd:fc:37:44:
         8d:08:8b:79:45:ef:b0:ac:84:09:b3:26:0e:52:9f:fb:5d:cf:
         6d:7b:64:37:8c:6b:00:03:5a:cc:e4:cd:8f:3a:5d:1c:65:50:
         9a:b6:9b:32:28:8f:d7:2d:bf:9a:54:0d:7b:39:3d:c2:17:3b:
         b5:c7:a2:ca:6b:19:ea:f5:ab:33:49:28:75:5d:57:6f:de:31:
         ee:f4:2d:42:9a:33:6a:38:2e:13:64:a9:da:6d:2a:a5:d1:2b:
         d1:7f:0e:ff:58:9c:29:3a:65:0f:47:ce:52:b8:90:4b:e8:b8:
         c9:15:9b:d0:ad:23:7a:a1:06:4b:78:fd:74:ba:9c:10:c7:12:
         94:a1:88:35:5d:0c:39:d6:19:7d:ad:31:91:f0:20:bc:fa:44:
         b0:05:00:b8:1d:15:23:99:11:4d:8b:80:2d:6a:02:17:2b:c3:
         17:2b:16:54:24:2d:7f:a7:90:26:cf:f5:bb:27:2d:50:9e:74:
         04:82:93:dd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQl/ZCS6IxH27V3gEpWWKHfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMWYwYWQ1NTcyYmFlMjZlMzljODc0MGM2OGE4ZmJiNDZl
ZTQ4NjQwHhcNMjUwMTAyMDc0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzUwZmM1OWM2NTk5ZjNhODliODJhZGNkYjA0M2I3MzBkMzA0NjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+RLAZK8R1jk2aHqYftnA476cSh9
FLfj2xZGcZvmYlABhyzhYCp5JfbpmcV7mcWbAeBoqaAkysxiEgmcWFhxU/HwuGNN
bhnXXmEv6BLIdUqnNDMiYbO5y5fcDS0tBuUdQxEFJFywNZsGytUJjgr2uxCyguDH
bbMaXlw713ZzDoVnwjc723a96bEVhFs+JBoBOBc8P2119+KUlTxkJ+lc8VI0mZx7
crzWp+TP1zJxbeoB3jPlDH5PBlaCJnJfQm5b1fmCRbujnh0QztEFAATDotpua4OG
QliR6dX7KHQYJewk1Hs/M7NclGRnZYF4EVtzyyQSDWR/VaSFCpA3XBRz5QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLdQ/FnGWZ86ibgq3NsEO3MNMEZkMB8GA1UdIwQY
MBaAFIofCtVXK64m45yHQMaKj7tG7khkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWg4SzFWY3JyaWJqbklkQXhvcVB1MGJ1U0dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS8yZmQyMGEtNTNhZS00YmVhLTgwYzkt
MDNmMjNhNzM5NDFkLzEvdDFEOFdjWlpuenFKdUNyYzJ3UTdjdzB3Um1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS8yZmQyMGEtNTNhZS00YmVhLTgwYzktMDNmMjNhNzM5NDFk
LzEvaWg4SzFWY3JyaWJqbklkQXhvcVB1MGJ1U0dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKgXBgDAN
BgkqhkiG9w0BAQsFAAOCAQEAmELWNvjVuyTn6icy9v2sJ1msBc1yWTv4VCyz9fs4
FjCWb+ycNqrMiquTIDaCU0WkYabTjjRAY9fqAk0INE+5h5S9stjd/DdEjQiLeUXv
sKyECbMmDlKf+13PbXtkN4xrAANazOTNjzpdHGVQmrabMiiP1y2/mlQNezk9whc7
tceiymsZ6vWrM0kodV1Xb94x7vQtQpozajguE2Sp2m0qpdEr0X8O/1icKTplD0fO
UriQS+i4yRWb0K0jeqEGS3j9dLqcEMcSlKGINV0MOdYZfa0xkfAgvPpEsAUAuB0V
I5kRTYuALWoCFyvDFysWVCQtf6eQJs/1uyctUJ50BIKT3Q==
-----END CERTIFICATE-----