Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/TeFaZ4zKnJuYW1U6fAsNH1VarVE.roa
File:                     TeFaZ4zKnJuYW1U6fAsNH1VarVE.roa (raw, json)
Hash identifier:          3nZzR0avNgt7/s2NV+FklcMPV5cBZpJIPzIuCfYYbl8=
Subject key identifier:   4D:E1:5A:67:8C:CA:9C:9B:98:5B:55:3A:7C:0B:0D:1F:55:5A:AD:51
Certificate issuer:       /CN=bcce590711ae7fcb016eeb7376b0a7fc7661cb13
Certificate serial:       01942144646AF6739FDFBC659CC75805A26D
Authority key identifier: BC:CE:59:07:11:AE:7F:CB:01:6E:EB:73:76:B0:A7:FC:76:61:CB:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/TeFaZ4zKnJuYW1U6fAsNH1VarVE.roa
Signing time:             Wed 01 Jan 2025 09:48:37 +0000
ROA not before:           Wed 01 Jan 2025 09:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197872
IP address blocks:        2a00:ad40:20::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:64:6a:f6:73:9f:df:bc:65:9c:c7:58:05:a2:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcce590711ae7fcb016eeb7376b0a7fc7661cb13
        Validity
            Not Before: Jan  1 09:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4de15a678cca9c9b985b553a7c0b0d1f555aad51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:f0:41:71:f7:b6:5c:82:39:8e:b1:74:58:7b:
                    30:61:19:f6:12:c7:91:b1:c4:15:47:34:26:42:ba:
                    a9:4e:18:a9:91:8f:60:bb:90:ff:64:12:37:57:56:
                    13:4f:e7:81:05:03:81:37:bc:9b:4e:29:ef:82:03:
                    ef:0c:f4:38:cf:a4:3f:23:04:c1:1d:e5:0d:ef:75:
                    3f:e4:4e:5e:cd:37:ee:ca:b1:de:60:08:b2:90:3f:
                    97:97:13:03:d6:06:4c:c1:90:09:ae:d4:69:2e:48:
                    dd:0d:74:d4:67:25:1b:7b:5d:86:57:bb:fe:b3:e4:
                    f0:69:59:51:fb:03:f5:43:84:b2:7d:5a:de:0a:bd:
                    b7:f4:62:57:51:42:90:09:df:92:0c:d4:ac:d0:a2:
                    9f:bf:12:a7:63:62:b7:95:92:9d:97:3a:54:64:2d:
                    30:dd:ab:2b:75:0b:05:fd:d2:64:8b:95:31:15:52:
                    01:7e:a8:d1:82:1b:6b:dd:66:19:19:07:ed:9d:0e:
                    45:97:d9:77:80:9d:ec:0b:aa:2e:16:29:c6:c7:c1:
                    35:28:bd:a2:1a:56:1e:9b:36:a5:de:94:4b:94:4a:
                    f8:b9:2b:4a:bf:57:29:f9:a5:af:a1:b5:be:7c:f4:
                    52:b8:c6:34:18:ad:61:3b:b0:ca:b6:38:79:ed:58:
                    0c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:E1:5A:67:8C:CA:9C:9B:98:5B:55:3A:7C:0B:0D:1F:55:5A:AD:51
            X509v3 Authority Key Identifier:
                keyid:BC:CE:59:07:11:AE:7F:CB:01:6E:EB:73:76:B0:A7:FC:76:61:CB:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/TeFaZ4zKnJuYW1U6fAsNH1VarVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:ad40:20::/44

    Signature Algorithm: sha256WithRSAEncryption
         1e:4c:7b:eb:6b:6a:3e:66:4b:8c:0c:3f:54:69:ad:26:d8:59:
         d2:6b:b4:e1:e3:79:94:2f:dd:a1:2a:10:f3:dd:28:dc:89:d7:
         2c:30:b5:9b:bb:c0:3d:0b:3e:23:2d:89:9b:4b:ee:47:23:a3:
         82:a5:ad:3c:f8:d7:c4:74:8b:db:58:4b:18:56:be:67:b5:c9:
         37:66:fa:ad:19:cf:ef:84:85:52:bb:c7:9e:ea:2f:cf:0c:ad:
         f3:99:f1:25:9e:e7:e3:8b:25:3f:48:fd:77:64:9e:21:af:18:
         29:6b:b3:79:bb:32:6a:d3:33:db:92:59:dd:53:7b:7d:d7:30:
         73:fd:14:1d:0c:13:c0:35:6f:86:b0:ce:86:03:64:b2:cb:f9:
         32:e5:2e:45:fb:11:42:ee:26:da:ab:81:f5:02:e3:18:2b:ac:
         cc:02:c3:ef:b9:b5:53:63:cd:a6:6e:35:03:9c:47:f3:49:0e:
         51:00:20:6c:25:e3:0c:87:fe:e8:c0:a4:30:51:18:86:c1:34:
         9f:ea:3b:f9:e5:95:81:fb:e9:36:22:e1:27:13:97:8b:20:16:
         cf:bd:aa:0c:2d:6f:5c:5a:f8:0a:11:dc:a2:da:fd:f9:75:df:
         3d:94:a6:51:b0:f0:21:40:2a:c4:68:3c:df:61:15:90:c9:a6:
         ed:1f:1d:d6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhRGRq9nOf37xlnMdYBaJtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjY2U1OTA3MTFhZTdmY2IwMTZlZWI3Mzc2YjBhN2ZjNzY2
MWNiMTMwHhcNMjUwMTAxMDk0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGUxNWE2NzhjY2E5YzliOTg1YjU1M2E3YzBiMGQxZjU1NWFhZDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7vBBcfe2XII5jrF0WHswYRn2EseR
scQVRzQmQrqpThipkY9gu5D/ZBI3V1YTT+eBBQOBN7ybTinvggPvDPQ4z6Q/IwTB
HeUN73U/5E5ezTfuyrHeYAiykD+XlxMD1gZMwZAJrtRpLkjdDXTUZyUbe12GV7v+
s+TwaVlR+wP1Q4SyfVreCr239GJXUUKQCd+SDNSs0KKfvxKnY2K3lZKdlzpUZC0w
3asrdQsF/dJki5UxFVIBfqjRghtr3WYZGQftnQ5Fl9l3gJ3sC6ouFinGx8E1KL2i
GlYemzal3pRLlEr4uStKv1cp+aWvobW+fPRSuMY0GK1hO7DKtjh57VgMDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE3hWmeMypybmFtVOnwLDR9VWq1RMB8GA1UdIwQY
MBaAFLzOWQcRrn/LAW7rc3awp/x2YcsTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk01WkJ4R3VmOHNCYnV0emRyQ25fSFpoeXhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9hYzZiOTEtZWRhZi00NDg2LTkzNGUt
MDVkYjQ5N2FjNDU1LzEvVGVGYVo0ektuSnVZVzFVNmZBc05IMVZhclZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9hYzZiOTEtZWRhZi00NDg2LTkzNGUtMDVkYjQ5N2FjNDU1
LzEvdk01WkJ4R3VmOHNCYnV0emRyQ25fSFpoeXhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgCtQAAg
MA0GCSqGSIb3DQEBCwUAA4IBAQAeTHvra2o+ZkuMDD9Uaa0m2FnSa7Th43mUL92h
KhDz3SjcidcsMLWbu8A9Cz4jLYmbS+5HI6OCpa08+NfEdIvbWEsYVr5ntck3Zvqt
Gc/vhIVSu8ee6i/PDK3zmfElnufjiyU/SP13ZJ4hrxgpa7N5uzJq0zPbklndU3t9
1zBz/RQdDBPANW+GsM6GA2Syy/ky5S5F+xFC7ibaq4H1AuMYK6zMAsPvubVTY82m
bjUDnEfzSQ5RACBsJeMMh/7owKQwURiGwTSf6jv55ZWB++k2IuEnE5eLIBbPvaoM
LW9cWvgKEdyi2v35dd89lKZRsPAhQCrEaDzfYRWQyabtHx3W
-----END CERTIFICATE-----