Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ESUAf8cLwEPeZEbbuva8oPq3tnI.roa
File:                     ESUAf8cLwEPeZEbbuva8oPq3tnI.roa (raw, json)
Hash identifier:          WbUVCTAuiqn5b1x04xN1Z7CNWXmYydSBRMGC9om/SxI=
Subject key identifier:   11:25:00:7F:C7:0B:C0:43:DE:64:46:DB:BA:F6:BC:A0:FA:B7:B6:72
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0194CCC2329C7A5140C085F5C90D4BD66C95
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ESUAf8cLwEPeZEbbuva8oPq3tnI.roa
Signing time:             Mon 03 Feb 2025 17:01:06 +0000
ROA not before:           Mon 03 Feb 2025 17:01:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51559
IP address blocks:        2a0a:2d07:fc3b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:cc:c2:32:9c:7a:51:40:c0:85:f5:c9:0d:4b:d6:6c:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Feb  3 17:01:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1125007fc70bc043de6446dbbaf6bca0fab7b672
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e7:f3:0b:e6:dd:f1:69:15:47:eb:7d:47:e6:
                    45:42:ef:e7:b6:c4:12:bc:99:14:ee:bd:29:41:c0:
                    e0:20:8e:cc:ac:35:f8:e0:e2:d0:62:50:e7:ae:02:
                    66:f7:b8:45:02:f9:91:a0:58:56:76:14:65:d0:bb:
                    94:66:da:4e:d1:ba:26:9f:e6:78:bc:42:08:45:e7:
                    53:1d:f2:7a:b2:a9:d4:02:44:5a:55:6e:de:d0:bc:
                    0c:5c:d0:86:0e:7a:a0:ec:f0:c5:1b:df:05:1b:6d:
                    54:4c:5d:06:37:1f:bc:09:8c:30:dd:a8:c4:59:a6:
                    ae:40:0c:8f:b6:21:b5:a4:8d:12:b9:2d:ac:bc:27:
                    a7:15:88:b6:8b:a2:73:54:3f:a5:22:2a:bf:55:0d:
                    25:c2:22:80:79:f6:82:e4:26:fe:a5:f4:99:87:22:
                    3f:f7:5d:1a:29:2c:d9:93:4a:21:3d:5a:c1:d8:e8:
                    7f:0c:d4:84:d8:e0:33:fd:12:b4:8e:fb:db:30:08:
                    99:64:8d:b1:3f:61:65:df:3d:d4:65:0e:53:06:d8:
                    fd:a2:68:e2:fb:52:90:c5:3c:c8:43:61:ac:8c:2d:
                    b7:35:b7:c6:c5:f7:d1:14:6b:7e:5d:29:3d:e9:0f:
                    4a:93:a0:3f:5f:54:03:47:ef:38:d4:b8:ed:89:c9:
                    ca:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:25:00:7F:C7:0B:C0:43:DE:64:46:DB:BA:F6:BC:A0:FA:B7:B6:72
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ESUAf8cLwEPeZEbbuva8oPq3tnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2d07:fc3b::/48

    Signature Algorithm: sha256WithRSAEncryption
         53:b2:d7:d7:7c:db:97:c2:c1:1a:00:d0:88:5a:b8:e6:62:ef:
         24:18:02:3b:23:f0:6b:c6:fe:50:cd:21:07:25:df:c8:8c:ae:
         29:21:9f:93:d2:e2:1e:3a:ed:01:90:5c:01:63:5f:a9:b9:e8:
         cf:6e:d1:eb:1b:ad:c7:3b:d0:b3:ff:0c:ef:8a:ac:a2:56:26:
         f1:8f:3b:57:94:2a:82:9d:2b:11:d6:4f:e9:66:1e:a4:fa:73:
         04:d5:d4:c3:f0:0e:8e:79:14:26:61:3c:90:ea:24:fd:81:84:
         e6:ba:e9:b5:61:28:35:77:f3:3f:15:97:a6:5a:1a:25:e8:f9:
         00:de:37:eb:d4:08:0b:f8:5f:d0:7b:1a:09:b7:47:a3:8d:c8:
         92:ff:c5:a8:b7:29:80:6a:91:c0:e0:d2:6f:71:86:4d:65:04:
         cb:38:bc:5c:84:4f:28:b1:8a:7a:c6:63:5e:0b:22:fa:11:b6:
         1d:43:e5:66:3b:89:62:2f:c5:27:e0:c4:80:a1:dc:16:18:66:
         29:59:09:78:2c:1d:bc:9a:f1:d6:20:12:93:05:80:50:92:97:
         16:43:ab:00:63:3d:d3:43:42:e9:b7:da:22:22:86:cb:1d:1a:
         7f:b5:12:bf:fa:f3:c0:e3:de:9f:e8:12:ba:c1:39:6d:43:8d:
         f4:f5:26:d0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZTMwjKcelFAwIX1yQ1L1myVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwMjAzMTcwMTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTI1MDA3ZmM3MGJjMDQzZGU2NDQ2ZGJiYWY2YmNhMGZhYjdiNjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+fzC+bd8WkVR+t9R+ZFQu/ntsQS
vJkU7r0pQcDgII7MrDX44OLQYlDnrgJm97hFAvmRoFhWdhRl0LuUZtpO0bomn+Z4
vEIIRedTHfJ6sqnUAkRaVW7e0LwMXNCGDnqg7PDFG98FG21UTF0GNx+8CYww3ajE
WaauQAyPtiG1pI0SuS2svCenFYi2i6JzVD+lIiq/VQ0lwiKAefaC5Cb+pfSZhyI/
910aKSzZk0ohPVrB2Oh/DNSE2OAz/RK0jvvbMAiZZI2xP2Fl3z3UZQ5TBtj9omji
+1KQxTzIQ2GsjC23NbfGxffRFGt+XSk96Q9Kk6A/X1QDR+841LjticnKbQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBElAH/HC8BD3mRG27r2vKD6t7ZyMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvRVNVQWY4Y0x3RVBlWkViYnV2YThvUHEzdG5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgotB/w7
MA0GCSqGSIb3DQEBCwUAA4IBAQBTstfXfNuXwsEaANCIWrjmYu8kGAI7I/Brxv5Q
zSEHJd/IjK4pIZ+T0uIeOu0BkFwBY1+puejPbtHrG63HO9Cz/wzviqyiVibxjztX
lCqCnSsR1k/pZh6k+nME1dTD8A6OeRQmYTyQ6iT9gYTmuum1YSg1d/M/FZemWhol
6PkA3jfr1AgL+F/QexoJt0ejjciS/8WotymAapHA4NJvcYZNZQTLOLxchE8osYp6
xmNeCyL6EbYdQ+VmO4liL8Un4MSAodwWGGYpWQl4LB28mvHWIBKTBYBQkpcWQ6sA
Yz3TQ0Lpt9oiIobLHRp/tRK/+vPA496f6BK6wTltQ4309SbQ
-----END CERTIFICATE-----