Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/bL9ewQCt4RdgNbYkLxPSTrmyc9w.roa
File:                     bL9ewQCt4RdgNbYkLxPSTrmyc9w.roa (raw, json)
Hash identifier:          jBes/JXB5Pa9fZGI6VO0yVOLtKRuEN7Q7HgrRfyiy4I=
Subject key identifier:   6C:BF:5E:C1:00:AD:E1:17:60:35:B6:24:2F:13:D2:4E:B9:B2:73:DC
Certificate issuer:       /CN=bcce590711ae7fcb016eeb7376b0a7fc7661cb13
Certificate serial:       0194214462AB4768AFCCF94F0FBDCBF7501D
Authority key identifier: BC:CE:59:07:11:AE:7F:CB:01:6E:EB:73:76:B0:A7:FC:76:61:CB:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/bL9ewQCt4RdgNbYkLxPSTrmyc9w.roa
Signing time:             Wed 01 Jan 2025 09:48:37 +0000
ROA not before:           Wed 01 Jan 2025 09:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7171
IP address blocks:        2a00:ad40:200::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:62:ab:47:68:af:cc:f9:4f:0f:bd:cb:f7:50:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcce590711ae7fcb016eeb7376b0a7fc7661cb13
        Validity
            Not Before: Jan  1 09:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6cbf5ec100ade1176035b6242f13d24eb9b273dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:5d:ed:e7:e4:ac:34:ab:0d:ff:78:8e:ea:9c:
                    cf:5d:2b:a6:fc:06:4b:39:44:07:3c:b2:b8:16:ec:
                    b3:ee:c4:9d:75:6e:b9:3b:c6:0f:fc:1b:91:7a:0a:
                    5a:c5:35:d1:30:47:04:bb:bf:f6:aa:71:dc:de:66:
                    5d:11:a0:a2:9b:1d:8d:82:95:9d:7a:8f:d9:0d:9f:
                    7a:07:fd:e9:89:06:23:16:da:d0:b5:2e:12:cf:da:
                    99:fa:0c:22:0a:7d:a0:6c:a4:58:5a:e3:13:27:41:
                    b5:4f:77:a8:09:98:9e:99:fa:32:2e:b5:ef:c3:8b:
                    49:d0:c8:5c:91:e5:a1:34:ec:18:88:10:79:0e:18:
                    88:96:9a:ab:03:8a:44:bf:34:10:43:69:3f:c5:90:
                    a8:29:cd:61:c9:e4:5b:f7:07:0f:dd:b2:3d:fe:58:
                    3b:d7:6e:92:5d:ef:e7:d2:71:cc:46:62:e3:fd:80:
                    42:ea:c1:fd:3b:6d:a3:85:4c:bd:af:1d:75:58:39:
                    63:65:d2:3b:12:91:f2:d6:75:b1:47:ff:5b:6e:07:
                    87:90:3e:03:7a:a1:0f:7a:87:68:ad:83:ee:d0:fa:
                    e4:7f:61:cf:07:2b:f9:0f:f8:1e:dd:80:2f:b7:3f:
                    19:bf:a7:67:99:bf:c5:8a:c8:52:7d:39:b3:e4:22:
                    c5:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:BF:5E:C1:00:AD:E1:17:60:35:B6:24:2F:13:D2:4E:B9:B2:73:DC
            X509v3 Authority Key Identifier:
                keyid:BC:CE:59:07:11:AE:7F:CB:01:6E:EB:73:76:B0:A7:FC:76:61:CB:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/bL9ewQCt4RdgNbYkLxPSTrmyc9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:ad40:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         79:48:b2:72:79:6b:3f:f0:77:ca:e0:79:4d:ee:14:f7:be:f5:
         8d:d3:cf:ec:19:95:6b:69:ce:ba:c4:a3:60:28:b2:06:df:b4:
         c1:4b:1d:4a:92:26:68:2e:0e:d8:3d:26:21:c5:71:90:f9:11:
         f4:22:be:87:7c:3a:37:c8:06:d4:e9:45:c1:90:bb:07:3a:ed:
         3c:66:55:64:48:99:0b:8b:51:e0:d0:3e:dd:81:28:0a:1e:ba:
         d7:a3:14:5c:bc:cd:63:04:65:f5:79:af:56:64:6c:8b:d9:71:
         8d:5c:f2:d9:f1:b2:cf:8e:76:38:15:4e:24:97:02:0f:92:8c:
         77:d5:56:8d:32:23:ed:27:8d:47:18:bf:2e:46:85:48:d9:d4:
         87:6b:a8:02:74:64:0c:ed:54:7a:66:bc:74:3d:90:ce:cb:d3:
         24:09:db:b7:df:a3:e8:e5:a7:b3:de:48:38:da:14:76:27:6e:
         2e:c7:c3:35:e7:6d:6d:29:2a:d1:c2:19:a8:28:56:74:57:d0:
         7b:26:43:ce:67:df:fc:32:e9:c0:2f:82:1a:33:90:78:37:92:
         3a:97:ff:bb:56:f7:c8:c9:7e:28:c1:25:a2:32:40:15:e5:0a:
         61:55:ed:90:e3:47:f6:da:8a:a5:90:e8:75:5a:56:fc:55:ab:
         99:35:67:8a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQhRGKrR2ivzPlPD73L91AdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjY2U1OTA3MTFhZTdmY2IwMTZlZWI3Mzc2YjBhN2ZjNzY2
MWNiMTMwHhcNMjUwMTAxMDk0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2JmNWVjMTAwYWRlMTE3NjAzNWI2MjQyZjEzZDI0ZWI5YjI3M2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnl3t5+SsNKsN/3iO6pzPXSum/AZL
OUQHPLK4Fuyz7sSddW65O8YP/BuRegpaxTXRMEcEu7/2qnHc3mZdEaCimx2NgpWd
eo/ZDZ96B/3piQYjFtrQtS4Sz9qZ+gwiCn2gbKRYWuMTJ0G1T3eoCZiemfoyLrXv
w4tJ0MhckeWhNOwYiBB5DhiIlpqrA4pEvzQQQ2k/xZCoKc1hyeRb9wcP3bI9/lg7
126SXe/n0nHMRmLj/YBC6sH9O22jhUy9rx11WDljZdI7EpHy1nWxR/9bbgeHkD4D
eqEPeodorYPu0Prkf2HPByv5D/ge3YAvtz8Zv6dnmb/FishSfTmz5CLFOwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGy/XsEAreEXYDW2JC8T0k65snPcMB8GA1UdIwQY
MBaAFLzOWQcRrn/LAW7rc3awp/x2YcsTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk01WkJ4R3VmOHNCYnV0emRyQ25fSFpoeXhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9hYzZiOTEtZWRhZi00NDg2LTkzNGUt
MDVkYjQ5N2FjNDU1LzEvYkw5ZXdRQ3Q0UmRnTmJZa0x4UFNUcm15Yzl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9hYzZiOTEtZWRhZi00NDg2LTkzNGUtMDVkYjQ5N2FjNDU1
LzEvdk01WkJ4R3VmOHNCYnV0emRyQ25fSFpoeXhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgCtQAIw
DQYJKoZIhvcNAQELBQADggEBAHlIsnJ5az/wd8rgeU3uFPe+9Y3Tz+wZlWtpzrrE
o2AosgbftMFLHUqSJmguDtg9JiHFcZD5EfQivod8OjfIBtTpRcGQuwc67TxmVWRI
mQuLUeDQPt2BKAoeutejFFy8zWMEZfV5r1ZkbIvZcY1c8tnxss+OdjgVTiSXAg+S
jHfVVo0yI+0njUcYvy5GhUjZ1IdrqAJ0ZAztVHpmvHQ9kM7L0yQJ27ffo+jlp7Pe
SDjaFHYnbi7HwzXnbW0pKtHCGagoVnRX0HsmQ85n3/wy6cAvghozkHg3kjqX/7tW
98jJfijBJaIyQBXlCmFV7ZDjR/baiqWQ6HVaVvxVq5k1Z4o=
-----END CERTIFICATE-----