Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/TEsKuOI8Wr3xLM61BToTHvaxLG0.roa
File:                     TEsKuOI8Wr3xLM61BToTHvaxLG0.roa (raw, json)
Hash identifier:          rGoXl2FfQwurIyUgTu1Dn9mUe7pNqUYv/AJnXAkg28U=
Subject key identifier:   4C:4B:0A:B8:E2:3C:5A:BD:F1:2C:CE:B5:05:3A:13:1E:F6:B1:2C:6D
Certificate issuer:       /CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
Certificate serial:       019424B3BDA22F852DA5EACC9D661A7661F9
Authority key identifier: 32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/TEsKuOI8Wr3xLM61BToTHvaxLG0.roa
Signing time:             Thu 02 Jan 2025 01:49:06 +0000
ROA not before:           Thu 02 Jan 2025 01:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208753
IP address blocks:        2a09:b280:ff60::/48 maxlen: 48
                          2a09:b280:ff61::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 21:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:bd:a2:2f:85:2d:a5:ea:cc:9d:66:1a:76:61:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
        Validity
            Not Before: Jan  2 01:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c4b0ab8e23c5abdf12cceb5053a131ef6b12c6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:7a:cc:67:0d:4c:63:da:52:9e:41:2a:35:03:
                    47:6b:00:ed:8a:00:16:56:d2:8a:1e:e7:20:0c:15:
                    7c:1a:42:9e:00:ab:92:67:f1:ba:47:50:1f:18:c6:
                    7d:12:1a:1d:54:30:2f:cf:e9:a0:e3:4f:87:c2:c8:
                    89:95:93:1b:14:78:17:42:68:80:eb:79:69:db:8b:
                    27:9c:07:06:1a:39:42:27:ff:ac:62:88:24:41:1e:
                    3d:d6:88:11:65:4b:76:fd:ae:04:1e:7a:10:4d:64:
                    e7:d2:44:44:88:86:e1:01:f3:7d:ce:62:9d:e2:26:
                    c7:ad:63:6b:5c:0e:cc:bd:85:cf:9d:a2:3e:e5:c9:
                    cf:35:09:28:40:a7:dc:83:a4:c9:5e:95:b0:eb:f8:
                    28:38:a7:9b:05:31:85:ca:2d:8f:e3:df:3b:db:20:
                    13:66:91:8c:b6:65:0d:be:cb:1a:73:e9:89:c2:ff:
                    d3:a7:8a:fb:4d:a0:7f:92:6f:2a:c9:ea:46:f8:45:
                    19:a1:c7:5a:02:bd:ef:e8:ea:86:5a:0a:2a:fb:d0:
                    1b:1b:e3:f7:8f:a3:c8:2b:d7:18:73:41:20:2b:1c:
                    9f:fb:20:8e:e6:ac:c7:d3:56:de:0b:e4:db:73:60:
                    9a:f4:54:26:10:a0:cc:08:6f:a8:89:3c:2f:4b:fc:
                    7c:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:4B:0A:B8:E2:3C:5A:BD:F1:2C:CE:B5:05:3A:13:1E:F6:B1:2C:6D
            X509v3 Authority Key Identifier:
                keyid:32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/TEsKuOI8Wr3xLM61BToTHvaxLG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:b280:ff60::/47

    Signature Algorithm: sha256WithRSAEncryption
         1d:19:1d:3f:f4:e7:20:b2:b5:97:90:73:e4:db:73:3c:d0:8b:
         16:1f:b5:d0:67:55:4f:c3:70:7d:73:90:fc:d3:e0:43:65:4a:
         5c:27:6a:8a:8c:be:16:ce:e0:96:11:71:ee:64:95:db:f4:97:
         3c:26:1a:64:2d:b7:ea:09:c6:67:30:f0:46:41:22:78:c4:0c:
         cc:29:39:70:e5:db:04:fc:63:8f:d4:c0:95:25:f4:4b:87:58:
         65:e0:ad:0c:06:53:4d:e1:e5:64:37:8c:cd:55:ea:80:b5:55:
         e0:87:5a:99:a8:ec:9c:55:a0:32:4d:24:de:5f:28:0b:09:e6:
         e6:08:2b:1e:12:d4:05:96:c5:9b:4a:a7:4d:0b:b9:11:04:9f:
         47:ec:35:13:b3:7c:c9:45:12:20:16:d0:6e:2c:36:f2:0a:ce:
         26:09:33:15:af:c6:a7:d3:12:de:db:38:bc:f6:14:6a:86:3b:
         cb:db:32:f6:99:c5:01:9f:5f:2d:26:c5:a1:a7:c8:c0:61:3e:
         40:07:1d:1d:a8:f4:8b:5c:b2:69:93:8c:b9:ca:32:1f:f6:93:
         01:ec:4f:66:9c:93:de:dc:57:61:9a:ee:e9:f2:b8:a1:b0:7c:
         47:ec:18:19:95:61:6b:90:c3:29:f9:a4:8d:1e:64:7c:0f:1f:
         19:c4:23:66
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQks72iL4UtperMnWYadmH5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNTA4ZmI3ODFjYTZkYmQ4MjIxZjJjMmY5NTRhM2E3NDQ2
YjJiNDIwHhcNMjUwMTAyMDE0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzRiMGFiOGUyM2M1YWJkZjEyY2NlYjUwNTNhMTMxZWY2YjEyYzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynrMZw1MY9pSnkEqNQNHawDtigAW
VtKKHucgDBV8GkKeAKuSZ/G6R1AfGMZ9EhodVDAvz+mg40+HwsiJlZMbFHgXQmiA
63lp24snnAcGGjlCJ/+sYogkQR491ogRZUt2/a4EHnoQTWTn0kREiIbhAfN9zmKd
4ibHrWNrXA7MvYXPnaI+5cnPNQkoQKfcg6TJXpWw6/goOKebBTGFyi2P49872yAT
ZpGMtmUNvssac+mJwv/Tp4r7TaB/km8qyepG+EUZocdaAr3v6OqGWgoq+9AbG+P3
j6PIK9cYc0EgKxyf+yCO5qzH01beC+Tbc2Ca9FQmEKDMCG+oiTwvS/x8GQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFExLCrjiPFq98SzOtQU6Ex72sSxtMB8GA1UdIwQY
MBaAFDJQj7eBym29giHywvlUo6dEaytCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDkt
YzEyMjE4NzY1MTU0LzEvVEVzS3VPSThXcjN4TE02MUJUb1RIdmF4TEcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDktYzEyMjE4NzY1MTU0
LzEvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgmygP9g
MA0GCSqGSIb3DQEBCwUAA4IBAQAdGR0/9OcgsrWXkHPk23M80IsWH7XQZ1VPw3B9
c5D80+BDZUpcJ2qKjL4WzuCWEXHuZJXb9Jc8JhpkLbfqCcZnMPBGQSJ4xAzMKTlw
5dsE/GOP1MCVJfRLh1hl4K0MBlNN4eVkN4zNVeqAtVXgh1qZqOycVaAyTSTeXygL
CebmCCseEtQFlsWbSqdNC7kRBJ9H7DUTs3zJRRIgFtBuLDbyCs4mCTMVr8an0xLe
2zi89hRqhjvL2zL2mcUBn18tJsWhp8jAYT5ABx0dqPSLXLJpk4y5yjIf9pMB7E9m
nJPe3Fdhmu7p8rihsHxH7BgZlWFrkMMp+aSNHmR8Dx8ZxCNm
-----END CERTIFICATE-----