Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/w6y6tA7YYKjCRBu0w7S_pejO5kU.roa
File:                     w6y6tA7YYKjCRBu0w7S_pejO5kU.roa (raw, json)
Hash identifier:          m4339RdE053FyeU5wm1JX9FNzAT+cE85Onp7E9j3YoE=
Subject key identifier:   C3:AC:BA:B4:0E:D8:60:A8:C2:44:1B:B4:C3:B4:BF:A5:E8:CE:E6:45
Certificate issuer:       /CN=dc7821e1bcbf6e074ea4814aaa5c63e3ba813c5f
Certificate serial:       019421B1BA38AA0737D2FDB25EEF75F08A89
Authority key identifier: DC:78:21:E1:BC:BF:6E:07:4E:A4:81:4A:AA:5C:63:E3:BA:81:3C:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/w6y6tA7YYKjCRBu0w7S_pejO5kU.roa
Signing time:             Wed 01 Jan 2025 11:48:03 +0000
ROA not before:           Wed 01 Jan 2025 11:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42599
IP address blocks:        2.59.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ba:38:aa:07:37:d2:fd:b2:5e:ef:75:f0:8a:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc7821e1bcbf6e074ea4814aaa5c63e3ba813c5f
        Validity
            Not Before: Jan  1 11:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c3acbab40ed860a8c2441bb4c3b4bfa5e8cee645
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d9:e0:6d:7b:09:2e:a3:9f:72:dd:e3:e3:5b:
                    31:b7:93:08:a3:7e:38:8d:68:e5:7c:07:a0:7c:84:
                    74:05:a2:69:87:53:91:5b:88:5f:1a:81:6e:22:fd:
                    9e:6f:d4:eb:af:3b:46:42:99:41:53:b2:54:64:7b:
                    91:b5:c6:78:cd:f4:be:cf:27:b4:73:ad:bb:b9:3b:
                    dd:ed:dd:d5:b9:29:83:0f:dd:b3:38:dd:30:de:83:
                    b4:d3:6c:99:c6:60:a4:36:6b:f2:fe:1d:34:70:10:
                    54:75:de:7c:10:47:78:f8:9c:c0:73:6b:bd:0b:a5:
                    5f:76:4f:0d:3a:b3:87:34:d4:f3:6f:e6:81:c9:2e:
                    e8:60:86:77:50:0b:18:40:6a:da:bf:bb:5f:71:33:
                    a5:21:56:c7:6b:25:02:60:b5:a3:f2:1b:e6:fc:96:
                    54:de:d5:2e:34:a3:a3:7a:a7:9a:99:d4:02:8c:2b:
                    91:bd:e9:8b:e1:23:26:ba:20:b2:f1:6c:82:dd:f7:
                    d9:8a:b0:95:ef:c1:7d:dd:da:8e:4b:3b:8c:62:f7:
                    72:ed:50:7c:92:75:d5:fa:fe:df:23:d3:97:aa:30:
                    26:ae:e5:79:91:0d:dd:12:2f:d6:ca:b8:67:26:5d:
                    a8:d8:13:62:fb:a1:eb:12:54:d0:be:60:2d:36:eb:
                    c9:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:AC:BA:B4:0E:D8:60:A8:C2:44:1B:B4:C3:B4:BF:A5:E8:CE:E6:45
            X509v3 Authority Key Identifier:
                keyid:DC:78:21:E1:BC:BF:6E:07:4E:A4:81:4A:AA:5C:63:E3:BA:81:3C:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/w6y6tA7YYKjCRBu0w7S_pejO5kU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:df:40:0d:db:7d:21:9c:1e:70:46:e9:a6:ab:46:1f:a5:7e:
         8f:19:fc:4e:34:bb:be:0e:9c:df:5f:f3:c1:f7:fc:88:fd:7d:
         61:f9:6a:16:12:28:4c:a4:c8:81:38:23:6a:61:ba:61:1b:30:
         87:f0:05:e7:59:a0:3b:de:d7:3c:4c:16:97:f7:34:23:34:0d:
         31:35:fc:ac:f9:ff:c1:05:57:0c:d6:7d:03:c6:d3:45:3e:d3:
         d3:64:27:30:82:16:ab:16:89:ec:11:9f:46:a0:64:4a:80:2e:
         61:cd:92:d3:a6:56:3b:19:f3:24:be:a9:04:b0:a9:9c:6a:58:
         09:6c:91:e4:de:15:89:93:a4:63:89:34:f7:38:5c:04:c9:d0:
         fb:90:67:e1:25:7a:67:be:bd:7a:d4:f1:3f:c9:da:1d:99:7f:
         1a:ae:04:93:6d:a9:9c:01:ed:0e:7a:f3:6a:3a:a9:c0:f2:59:
         d2:e3:19:39:8f:c2:80:58:eb:c4:4b:90:8d:26:05:f1:8d:78:
         9a:1a:dc:b1:d3:be:32:e1:e8:90:d9:df:78:e8:a8:c6:5e:14:
         63:fe:3b:bd:ef:fd:89:fa:1b:c8:55:42:aa:cb:c6:4b:91:1a:
         52:55:ee:5f:b0:66:93:33:48:0e:34:38:04:1a:df:0c:e1:47:
         a2:d3:e9:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsbo4qgc30v2yXu918IqJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNzgyMWUxYmNiZjZlMDc0ZWE0ODE0YWFhNWM2M2UzYmE4
MTNjNWYwHhcNMjUwMTAxMTE0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2FjYmFiNDBlZDg2MGE4YzI0NDFiYjRjM2I0YmZhNWU4Y2VlNjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNngbXsJLqOfct3j41sxt5MIo344
jWjlfAegfIR0BaJph1ORW4hfGoFuIv2eb9TrrztGQplBU7JUZHuRtcZ4zfS+zye0
c627uTvd7d3VuSmDD92zON0w3oO002yZxmCkNmvy/h00cBBUdd58EEd4+JzAc2u9
C6Vfdk8NOrOHNNTzb+aByS7oYIZ3UAsYQGrav7tfcTOlIVbHayUCYLWj8hvm/JZU
3tUuNKOjeqeamdQCjCuRvemL4SMmuiCy8WyC3ffZirCV78F93dqOSzuMYvdy7VB8
knXV+v7fI9OXqjAmruV5kQ3dEi/WyrhnJl2o2BNi+6HrElTQvmAtNuvJDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMOsurQO2GCowkQbtMO0v6XozuZFMB8GA1UdIwQY
MBaAFNx4IeG8v24HTqSBSqpcY+O6gTxfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0hnaDRieV9iZ2RPcElGS3FseGo0N3FCUEY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC85ZGFmZjQtZjE1OC00ODBmLWI0MWYt
ZDQ4YjQyZWYxNTliLzEvdzZ5NnRBN1lZS2pDUkJ1MHc3U19wZWpPNWtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC85ZGFmZjQtZjE1OC00ODBmLWI0MWYtZDQ4YjQyZWYxNTli
LzEvM0hnaDRieV9iZ2RPcElGS3FseGo0N3FCUEY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjsNMA0G
CSqGSIb3DQEBCwUAA4IBAQAz30AN230hnB5wRummq0YfpX6PGfxONLu+DpzfX/PB
9/yI/X1h+WoWEihMpMiBOCNqYbphGzCH8AXnWaA73tc8TBaX9zQjNA0xNfys+f/B
BVcM1n0DxtNFPtPTZCcwgharFonsEZ9GoGRKgC5hzZLTplY7GfMkvqkEsKmcalgJ
bJHk3hWJk6RjiTT3OFwEydD7kGfhJXpnvr161PE/ydodmX8argSTbamcAe0OevNq
OqnA8lnS4xk5j8KAWOvES5CNJgXxjXiaGtyx074y4eiQ2d946KjGXhRj/ju97/2J
+hvIVUKqy8ZLkRpSVe5fsGaTM0gONDgEGt8M4Uei0+kM
-----END CERTIFICATE-----