Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/u4VMi8-ag5p35J-eydKmtVU9BQI.roa
File:                     u4VMi8-ag5p35J-eydKmtVU9BQI.roa (raw, json)
Hash identifier:          UOPuL1TyPImmax7V9J0KDJ3T8t85DAz7kqMklli2cQk=
Subject key identifier:   BB:85:4C:8B:CF:9A:83:9A:77:E4:9F:9E:C9:D2:A6:B5:55:3D:05:02
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01922961816FBA6AC602F55167478A288DA7
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/u4VMi8-ag5p35J-eydKmtVU9BQI.roa
Signing time:             Wed 25 Sep 2024 13:31:48 +0000
ROA not before:           Wed 25 Sep 2024 13:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152089
IP address blocks:        2a0e:1a83:100::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:40:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:29:61:81:6f:ba:6a:c6:02:f5:51:67:47:8a:28:8d:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Sep 25 13:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb854c8bcf9a839a77e49f9ec9d2a6b5553d0502
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:a7:db:4b:d7:32:83:59:b5:cf:55:7c:0c:49:
                    a5:8b:9c:52:59:00:d3:b1:18:10:d4:9f:dd:36:de:
                    a9:27:cd:12:cd:4d:81:d2:d4:cf:2d:2d:e0:a3:e5:
                    17:cc:c7:a6:2a:b6:99:f9:d3:b9:cb:bd:3c:9c:a3:
                    79:9a:f5:7c:0c:8a:65:a7:1b:0a:59:f3:31:0c:24:
                    d7:e4:02:5c:09:e2:3e:8c:18:5f:a9:bb:58:c0:e5:
                    9f:65:db:29:c9:b0:e8:fe:85:70:b1:25:36:4c:2f:
                    77:e9:82:55:9b:93:98:82:cb:e0:88:ed:d3:b8:0f:
                    ed:9b:f9:bd:ac:26:1e:2c:94:98:36:18:f5:a2:06:
                    56:ca:59:17:82:3c:96:a2:bd:22:95:56:f4:3e:3b:
                    c1:4b:d1:f0:31:8d:7a:43:a6:9f:7b:38:53:c8:d8:
                    a8:5a:e7:9a:14:0c:7c:df:db:7e:44:81:dd:a6:46:
                    2e:b3:d2:4c:2d:93:f6:a7:59:bf:2f:64:c6:12:84:
                    12:9e:34:20:95:a1:8d:64:75:ff:f1:5e:0b:ff:ed:
                    d8:2f:a4:3c:58:5f:8f:d7:9f:c8:d9:2c:1e:fc:5c:
                    fb:bb:55:2b:59:73:72:21:ed:15:c3:e0:6b:4c:66:
                    8a:69:dd:c4:85:3c:c5:a8:51:73:83:7a:3a:71:be:
                    9a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:85:4C:8B:CF:9A:83:9A:77:E4:9F:9E:C9:D2:A6:B5:55:3D:05:02
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/u4VMi8-ag5p35J-eydKmtVU9BQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:1a83:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:85:d6:c5:31:7b:12:58:8f:bb:7f:3c:7a:3b:ea:79:06:7c:
         82:4e:7d:8a:f7:6b:b3:6e:69:02:52:0c:58:db:d0:8f:f9:88:
         8c:79:0a:d6:c0:96:e9:2b:76:91:19:1b:1d:68:92:5d:5b:b0:
         66:d2:fa:da:8a:c3:6f:66:4a:14:7c:3d:2c:b3:98:88:34:b8:
         66:87:16:55:81:0c:f8:73:77:14:1b:5f:b2:51:13:3b:17:f2:
         a9:a6:46:be:42:09:1e:86:43:1b:d5:e9:56:b5:59:ab:c7:7c:
         3d:2c:a5:38:b7:ad:0f:bf:b0:a4:3f:9b:69:2d:f6:3f:73:29:
         f9:ee:bc:29:06:e6:ea:b1:4f:e7:2a:9d:57:1e:c1:1a:b7:73:
         80:fc:5c:50:fe:c9:56:43:3b:0e:ba:6e:2d:26:9b:11:bb:dc:
         2d:4e:12:bb:fb:9d:0b:4e:cc:cd:aa:a9:89:a0:f4:61:28:2a:
         60:e9:22:ba:43:51:56:af:1b:1d:55:97:11:a3:c2:75:82:e9:
         15:50:7a:82:92:f6:84:45:f6:2e:9b:6c:6e:7e:04:92:a1:3c:
         d8:86:9a:29:ae:1b:b9:6a:19:ac:0a:91:ca:80:cc:ec:a6:7b:
         ec:23:13:5d:91:21:2e:a7:d7:34:93:b9:51:29:27:5f:e0:53:
         4c:07:4f:92
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZIpYYFvumrGAvVRZ0eKKI2nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwOTI1MTMzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjg1NGM4YmNmOWE4MzlhNzdlNDlmOWVjOWQyYTZiNTU1M2QwNTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKfbS9cyg1m1z1V8DEmli5xSWQDT
sRgQ1J/dNt6pJ80SzU2B0tTPLS3go+UXzMemKraZ+dO5y708nKN5mvV8DIplpxsK
WfMxDCTX5AJcCeI+jBhfqbtYwOWfZdspybDo/oVwsSU2TC936YJVm5OYgsvgiO3T
uA/tm/m9rCYeLJSYNhj1ogZWylkXgjyWor0ilVb0PjvBS9HwMY16Q6afezhTyNio
WueaFAx839t+RIHdpkYus9JMLZP2p1m/L2TGEoQSnjQglaGNZHX/8V4L/+3YL6Q8
WF+P15/I2Swe/Fz7u1UrWXNyIe0Vw+BrTGaKad3EhTzFqFFzg3o6cb6aGwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLuFTIvPmoOad+SfnsnSprVVPQUCMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvdTRWTWk4LWFnNXAzNUotZXlkS210VlU5QlFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg4agwEA
MA0GCSqGSIb3DQEBCwUAA4IBAQAMhdbFMXsSWI+7fzx6O+p5BnyCTn2K92uzbmkC
UgxY29CP+YiMeQrWwJbpK3aRGRsdaJJdW7Bm0vraisNvZkoUfD0ss5iINLhmhxZV
gQz4c3cUG1+yURM7F/Kppka+QgkehkMb1elWtVmrx3w9LKU4t60Pv7CkP5tpLfY/
cyn57rwpBubqsU/nKp1XHsEat3OA/FxQ/slWQzsOum4tJpsRu9wtThK7+50LTszN
qqmJoPRhKCpg6SK6Q1FWrxsdVZcRo8J1gukVUHqCkvaERfYum2xufgSSoTzYhpop
rhu5ahmsCpHKgMzspnvsIxNdkSEup9c0k7lRKSdf4FNMB0+S
-----END CERTIFICATE-----