Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/v4QrgtblJ9YZHJ2hce6GFI5FWqo.roa
File:                     v4QrgtblJ9YZHJ2hce6GFI5FWqo.roa (raw, json)
Hash identifier:          IPVSappB/my+2I72ZgF53a9v013O3iiBW8wa9eIfulg=
Subject key identifier:   BF:84:2B:82:D6:E5:27:D6:19:1C:9D:A1:71:EE:86:14:8E:45:5A:AA
Certificate issuer:       /CN=bcce590711ae7fcb016eeb7376b0a7fc7661cb13
Certificate serial:       019421446324C10545CEA9C220D00F36FB9C
Authority key identifier: BC:CE:59:07:11:AE:7F:CB:01:6E:EB:73:76:B0:A7:FC:76:61:CB:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/v4QrgtblJ9YZHJ2hce6GFI5FWqo.roa
Signing time:             Wed 01 Jan 2025 09:48:37 +0000
ROA not before:           Wed 01 Jan 2025 09:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19541
IP address blocks:        2a00:ad40:100::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:63:24:c1:05:45:ce:a9:c2:20:d0:0f:36:fb:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcce590711ae7fcb016eeb7376b0a7fc7661cb13
        Validity
            Not Before: Jan  1 09:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf842b82d6e527d6191c9da171ee86148e455aaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:1e:a7:55:6c:98:35:29:db:00:1f:b3:25:6c:
                    69:a0:74:40:8b:5a:66:bd:a9:98:4a:b2:b0:ee:f9:
                    51:72:e7:d0:d6:b5:61:95:eb:35:a5:3b:7e:c8:cc:
                    26:7f:b9:9c:0c:07:1c:59:d7:29:b1:32:b6:54:1f:
                    cb:23:e4:f3:8c:57:76:90:2c:2b:a5:25:3d:81:87:
                    ed:04:a6:7e:f0:66:05:29:ab:18:4c:b5:25:e7:cf:
                    a4:53:6f:14:26:ff:3e:4e:9a:d4:67:32:c2:fe:e8:
                    c0:dd:70:5f:4e:ad:3c:78:f1:1d:ca:8a:42:0b:a0:
                    00:ac:21:eb:1b:dc:e8:03:fc:3c:bc:39:85:00:48:
                    7e:92:c3:ba:de:e4:bc:b4:a8:25:93:00:5e:da:6d:
                    5a:fd:d8:e3:06:db:66:5c:c9:c7:39:7e:4a:5a:16:
                    dd:c6:bd:0e:a1:64:f7:7a:1f:48:d2:f0:86:42:10:
                    e2:14:fd:c9:4a:95:91:b4:47:7f:9c:9e:34:b6:86:
                    f0:11:7b:21:da:ac:a4:65:ea:8d:8b:c4:ff:d2:34:
                    62:0a:42:28:95:29:20:26:f5:10:9e:fc:5e:e1:35:
                    98:82:8c:14:04:3c:5d:03:38:61:c8:c8:4e:eb:43:
                    64:20:89:f6:98:b0:3a:bf:52:0c:a6:34:a3:8a:8d:
                    10:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:84:2B:82:D6:E5:27:D6:19:1C:9D:A1:71:EE:86:14:8E:45:5A:AA
            X509v3 Authority Key Identifier:
                keyid:BC:CE:59:07:11:AE:7F:CB:01:6E:EB:73:76:B0:A7:FC:76:61:CB:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/v4QrgtblJ9YZHJ2hce6GFI5FWqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:ad40:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         7b:76:3b:a3:ec:13:44:53:7f:1f:ee:02:5e:4d:ae:b8:c0:cb:
         f4:06:0d:7a:5c:8d:99:9e:a9:6a:6f:9b:97:b4:c2:3f:2d:ac:
         91:ab:46:4a:75:21:9f:3c:91:27:b9:9a:5a:bb:a4:e7:96:80:
         14:30:bb:2f:38:b4:e7:ec:56:77:a8:7b:8b:b4:ac:10:65:fd:
         80:ed:82:58:3e:95:02:e1:e0:51:88:1a:4d:2c:6e:46:28:a8:
         32:bc:43:4e:a7:db:b8:27:9f:28:90:d1:33:82:f2:8d:c2:cf:
         38:a4:ef:2f:38:69:4d:7f:74:2b:23:fb:d0:2f:01:59:64:9f:
         44:6b:71:fb:5c:ad:c8:d3:2d:80:ce:a2:3f:93:8f:65:34:ed:
         07:b5:e7:5f:1c:8c:69:ff:79:a0:3a:19:ac:66:69:93:06:a5:
         ea:69:9d:59:8f:51:5f:2a:f4:73:1b:d1:57:f9:f3:e0:f4:3f:
         0b:26:4b:af:b5:19:53:78:13:0b:aa:f3:85:8a:a1:3c:e8:75:
         24:11:f4:9c:c8:1f:94:fb:5b:ee:81:29:ff:01:7c:e6:00:0a:
         bc:50:91:f0:1c:73:22:26:06:af:0d:bb:77:3f:eb:60:10:71:
         27:81:84:1b:37:9a:dd:06:69:0a:39:91:17:8e:c0:58:01:ee:
         e8:96:61:07
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQhRGMkwQVFzqnCINAPNvucMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjY2U1OTA3MTFhZTdmY2IwMTZlZWI3Mzc2YjBhN2ZjNzY2
MWNiMTMwHhcNMjUwMTAxMDk0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjg0MmI4MmQ2ZTUyN2Q2MTkxYzlkYTE3MWVlODYxNDhlNDU1YWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArR6nVWyYNSnbAB+zJWxpoHRAi1pm
vamYSrKw7vlRcufQ1rVhles1pTt+yMwmf7mcDAccWdcpsTK2VB/LI+TzjFd2kCwr
pSU9gYftBKZ+8GYFKasYTLUl58+kU28UJv8+TprUZzLC/ujA3XBfTq08ePEdyopC
C6AArCHrG9zoA/w8vDmFAEh+ksO63uS8tKglkwBe2m1a/djjBttmXMnHOX5KWhbd
xr0OoWT3eh9I0vCGQhDiFP3JSpWRtEd/nJ40tobwEXsh2qykZeqNi8T/0jRiCkIo
lSkgJvUQnvxe4TWYgowUBDxdAzhhyMhO60NkIIn2mLA6v1IMpjSjio0QYQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFL+EK4LW5SfWGRydoXHuhhSORVqqMB8GA1UdIwQY
MBaAFLzOWQcRrn/LAW7rc3awp/x2YcsTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk01WkJ4R3VmOHNCYnV0emRyQ25fSFpoeXhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9hYzZiOTEtZWRhZi00NDg2LTkzNGUt
MDVkYjQ5N2FjNDU1LzEvdjRRcmd0YmxKOVlaSEoyaGNlNkdGSTVGV3FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9hYzZiOTEtZWRhZi00NDg2LTkzNGUtMDVkYjQ5N2FjNDU1
LzEvdk01WkJ4R3VmOHNCYnV0emRyQ25fSFpoeXhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgCtQAEw
DQYJKoZIhvcNAQELBQADggEBAHt2O6PsE0RTfx/uAl5NrrjAy/QGDXpcjZmeqWpv
m5e0wj8trJGrRkp1IZ88kSe5mlq7pOeWgBQwuy84tOfsVneoe4u0rBBl/YDtglg+
lQLh4FGIGk0sbkYoqDK8Q06n27gnnyiQ0TOC8o3Czzik7y84aU1/dCsj+9AvAVlk
n0RrcftcrcjTLYDOoj+Tj2U07Qe1518cjGn/eaA6GaxmaZMGpeppnVmPUV8q9HMb
0Vf58+D0PwsmS6+1GVN4Ewuq84WKoTzodSQR9JzIH5T7W+6BKf8BfOYACrxQkfAc
cyImBq8Nu3c/62AQcSeBhBs3mt0GaQo5kReOwFgB7uiWYQc=
-----END CERTIFICATE-----