Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/XuYgpmXug2q0Cu_sdJBe-1XGD2I.roa
File:                     XuYgpmXug2q0Cu_sdJBe-1XGD2I.roa (raw, json)
Hash identifier:          joQ8DCTmx5DI+ZzMDXT+0TtQtcaVPpX4LENPUyxWUVI=
Subject key identifier:   5E:E6:20:A6:65:EE:83:6A:B4:0A:EF:EC:74:90:5E:FB:55:C6:0F:62
Certificate issuer:       /CN=bea649ef6030fc80848fdfe21d4321ac8011fd10
Certificate serial:       01942143C3436C3E82BAD12134853A0E3617
Authority key identifier: BE:A6:49:EF:60:30:FC:80:84:8F:DF:E2:1D:43:21:AC:80:11:FD:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/XuYgpmXug2q0Cu_sdJBe-1XGD2I.roa
Signing time:             Wed 01 Jan 2025 09:47:56 +0000
ROA not before:           Wed 01 Jan 2025 09:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208505
IP address blocks:        2a0e:f43:10::/44 maxlen: 47
                          2a0e:f43:1f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:c3:43:6c:3e:82:ba:d1:21:34:85:3a:0e:36:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bea649ef6030fc80848fdfe21d4321ac8011fd10
        Validity
            Not Before: Jan  1 09:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ee620a665ee836ab40aefec74905efb55c60f62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3a:48:76:47:8b:fa:2f:6c:72:8e:e9:4f:08:
                    ef:4a:4b:18:d8:b1:35:1f:04:eb:07:a9:af:c9:b5:
                    ad:90:b4:5e:8e:46:d2:e5:ef:07:b7:41:ab:3c:66:
                    a1:5c:d7:21:35:66:46:d3:54:99:f9:53:57:36:ff:
                    6f:88:85:13:06:c3:65:ef:b2:c5:08:4b:45:ba:47:
                    f1:de:07:e3:aa:dc:c5:d5:d8:e9:79:1a:36:23:45:
                    60:33:7e:eb:f7:c1:b6:dd:b6:50:7f:4c:a5:49:02:
                    c5:a8:6e:ab:5b:c4:2b:c6:fa:d9:98:bf:1a:4c:c3:
                    ac:35:e5:9f:a3:d1:7e:22:1c:62:22:28:0e:f9:3a:
                    39:99:4e:65:7c:13:3b:09:a8:c9:76:f1:6f:bf:85:
                    5a:92:05:c1:33:4e:b4:d0:75:51:0d:66:c2:23:bc:
                    52:05:76:0f:d1:7e:ae:3b:f2:aa:2b:40:bd:3e:22:
                    31:18:f7:cb:75:21:0e:7c:2d:12:78:29:b1:3c:bd:
                    ad:e1:5c:49:aa:e7:7f:8e:41:65:cd:74:20:b2:9c:
                    1b:bc:c9:e2:41:00:4d:90:fc:02:9f:09:3f:20:e1:
                    a2:39:da:9e:0c:94:a6:c0:f4:33:c5:a8:29:34:3e:
                    f6:01:6e:02:07:3e:13:40:d0:01:9a:98:22:dd:99:
                    2b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:E6:20:A6:65:EE:83:6A:B4:0A:EF:EC:74:90:5E:FB:55:C6:0F:62
            X509v3 Authority Key Identifier:
                keyid:BE:A6:49:EF:60:30:FC:80:84:8F:DF:E2:1D:43:21:AC:80:11:FD:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/XuYgpmXug2q0Cu_sdJBe-1XGD2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:f43:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         45:4a:f6:18:28:be:be:11:1d:81:46:d7:55:c1:86:e8:47:07:
         e3:13:93:9f:73:a6:c2:f9:5f:3f:97:6c:cb:72:a0:7b:5a:d3:
         99:ea:76:54:cc:65:23:60:11:06:fe:e5:8f:2b:9d:96:13:95:
         ec:2c:ac:9b:10:98:4c:8b:99:ee:a4:f7:da:d3:8d:e6:36:10:
         5f:5e:8e:41:2d:34:b3:95:89:d2:2d:8f:ef:8e:0b:bb:c1:d9:
         3f:c7:af:33:80:c6:4f:76:b5:88:0d:21:bd:36:88:92:51:2c:
         32:c6:d0:92:50:ba:5d:32:4f:61:a4:72:5e:b1:92:a6:b1:b0:
         7f:24:03:1d:99:d1:83:87:0f:d6:1b:6b:bf:a6:98:57:a1:ca:
         52:20:17:c9:ef:7d:03:ca:49:e3:68:fa:21:22:44:b5:4d:8a:
         57:9a:a3:c6:d9:30:4b:33:f3:a9:19:a1:e0:e6:24:8a:d6:b7:
         03:2e:81:cb:2d:6a:da:07:3f:82:a8:fc:37:fb:6c:94:c7:70:
         1e:60:14:b4:8d:16:0c:9b:5e:36:af:00:74:23:a7:ff:35:f8:
         12:29:9a:34:dc:70:2b:6f:dd:7a:7c:1f:42:b1:44:f8:17:18:
         b8:77:c0:d7:95:91:35:04:d1:ed:f3:aa:ad:e5:f4:25:0a:6c:
         a2:f6:1d:de
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhQ8NDbD6CutEhNIU6DjYXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYTY0OWVmNjAzMGZjODA4NDhmZGZlMjFkNDMyMWFjODAx
MWZkMTAwHhcNMjUwMTAxMDk0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWU2MjBhNjY1ZWU4MzZhYjQwYWVmZWM3NDkwNWVmYjU1YzYwZjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDpIdkeL+i9sco7pTwjvSksY2LE1
HwTrB6mvybWtkLRejkbS5e8Ht0GrPGahXNchNWZG01SZ+VNXNv9viIUTBsNl77LF
CEtFukfx3gfjqtzF1djpeRo2I0VgM37r98G23bZQf0ylSQLFqG6rW8QrxvrZmL8a
TMOsNeWfo9F+IhxiIigO+To5mU5lfBM7CajJdvFvv4VakgXBM0600HVRDWbCI7xS
BXYP0X6uO/KqK0C9PiIxGPfLdSEOfC0SeCmxPL2t4VxJqud/jkFlzXQgspwbvMni
QQBNkPwCnwk/IOGiOdqeDJSmwPQzxagpND72AW4CBz4TQNABmpgi3ZkrUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF7mIKZl7oNqtArv7HSQXvtVxg9iMB8GA1UdIwQY
MBaAFL6mSe9gMPyAhI/f4h1DIayAEf0QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnFaSjcyQXdfSUNFajlfaUhVTWhySUFSX1JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8xOTQ1NWItZDJjZi00ZTVmLWJmNTgt
MjFkZjU1YmE5ZWJmLzEvWHVZZ3BtWHVnMnEwQ3Vfc2RKQmUtMVhHRDJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8xOTQ1NWItZDJjZi00ZTVmLWJmNTgtMjFkZjU1YmE5ZWJm
LzEvdnFaSjcyQXdfSUNFajlfaUhVTWhySUFSX1JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg4PQwAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBFSvYYKL6+ER2BRtdVwYboRwfjE5Ofc6bC+V8/
l2zLcqB7WtOZ6nZUzGUjYBEG/uWPK52WE5XsLKybEJhMi5nupPfa043mNhBfXo5B
LTSzlYnSLY/vjgu7wdk/x68zgMZPdrWIDSG9NoiSUSwyxtCSULpdMk9hpHJesZKm
sbB/JAMdmdGDhw/WG2u/pphXocpSIBfJ730DyknjaPohIkS1TYpXmqPG2TBLM/Op
GaHg5iSK1rcDLoHLLWraBz+CqPw3+2yUx3AeYBS0jRYMm142rwB0I6f/NfgSKZo0
3HArb916fB9CsUT4Fxi4d8DXlZE1BNHt86qt5fQlCmyi9h3e
-----END CERTIFICATE-----