Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/G4N5RYla6fjlsBv4AqQQ8H19rRs.roa
File:                     G4N5RYla6fjlsBv4AqQQ8H19rRs.roa (raw, json)
Hash identifier:          /cOKslqtRznPZkTvknnJYZdRjHaMmTcA0TEYmAIJqIQ=
Subject key identifier:   1B:83:79:45:89:5A:E9:F8:E5:B0:1B:F8:02:A4:10:F0:7D:7D:AD:1B
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       01956BEF9D44F230D1C265A99AB3C44EB097
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/G4N5RYla6fjlsBv4AqQQ8H19rRs.roa
Signing time:             Thu 06 Mar 2025 14:50:20 +0000
ROA not before:           Thu 06 Mar 2025 14:50:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205659
IP address blocks:        2a10:eac0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 14:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6b:ef:9d:44:f2:30:d1:c2:65:a9:9a:b3:c4:4e:b0:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Mar  6 14:50:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b837945895ae9f8e5b01bf802a410f07d7dad1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:4f:5a:64:53:3c:67:92:51:76:ae:51:f6:eb:
                    fb:02:c5:ff:3a:8c:a3:80:96:e6:38:a9:bc:96:df:
                    1e:0b:71:75:69:a3:cf:62:c5:fe:fa:55:c7:a0:c6:
                    e1:dd:d3:cc:08:1f:93:90:f3:5b:2d:bd:3d:8d:10:
                    5f:c5:77:94:d5:ca:33:ac:80:f4:ec:97:7c:46:ea:
                    d4:f4:28:9b:09:bd:cb:8e:ac:ed:b0:2a:22:e3:3b:
                    06:bb:fa:51:d9:41:53:c5:a0:e3:83:83:2e:5c:23:
                    e8:a8:0a:2a:a0:dd:f4:07:5a:4e:8a:af:37:d4:95:
                    69:78:fa:99:46:e3:fd:53:60:6a:52:62:9b:19:25:
                    7a:c7:60:1d:b8:68:27:00:c0:2e:15:7a:b8:a2:41:
                    5a:1a:1a:b6:21:3b:c5:fe:9f:7c:ec:33:97:8d:ee:
                    da:32:18:db:bb:fc:80:bb:7c:50:0d:78:a7:e8:d2:
                    3e:bb:22:08:9a:57:e8:e9:73:2b:00:12:d1:a9:96:
                    c5:c7:fd:56:e3:4b:b7:3c:df:2a:2e:82:63:83:8a:
                    ee:28:f6:66:10:2d:05:25:a1:c5:0b:3c:68:91:4f:
                    f5:e0:f0:68:52:5c:1d:72:85:94:cd:da:5b:29:2a:
                    48:82:92:43:a1:34:27:dd:d8:ef:d2:23:2b:d5:1c:
                    55:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:83:79:45:89:5A:E9:F8:E5:B0:1B:F8:02:A4:10:F0:7D:7D:AD:1B
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/G4N5RYla6fjlsBv4AqQQ8H19rRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:eac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:c6:52:51:5b:8d:be:bb:d2:de:8c:c5:bb:ff:18:9e:91:85:
         ff:2f:d7:b3:70:49:c8:2f:34:1a:a4:f5:dd:00:37:e0:c7:2f:
         96:f2:b8:9d:6e:bc:ac:a5:eb:00:88:d3:f3:e9:f5:65:63:34:
         ba:33:b8:87:f5:45:cf:30:86:c0:6e:6c:e4:20:69:5a:e3:4a:
         ac:32:38:df:0b:1f:7f:9b:3d:59:3c:6e:88:54:a3:82:38:fb:
         ad:89:17:eb:89:81:cb:06:68:93:30:89:23:74:6c:6f:86:35:
         02:e7:b9:df:97:60:28:e0:89:61:6b:3b:9b:b8:9a:8a:ba:4a:
         ee:f4:ef:cc:db:04:d2:df:d8:1b:32:73:5a:e2:51:c2:37:2c:
         b7:37:77:e7:c1:de:4c:19:9d:80:cf:bc:60:ab:c0:20:9d:40:
         e4:59:0e:7f:79:75:37:7c:73:df:ff:31:64:2b:6e:ae:2c:a0:
         a8:da:0e:6e:aa:c9:7a:6d:ba:d5:7c:5c:f6:f4:36:55:b2:69:
         96:72:86:1a:24:4b:0a:e2:dc:c3:fc:83:1c:cf:e8:21:b4:17:
         bd:4b:32:b7:fb:56:c8:9e:2a:21:85:a1:7d:96:12:06:d5:7a:
         79:15:82:4e:c3:47:a4:26:b9:6c:31:70:b1:f6:01:9a:13:05:
         d7:06:96:f7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZVr751E8jDRwmWpmrPETrCXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwMzA2MTQ1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjgzNzk0NTg5NWFlOWY4ZTViMDFiZjgwMmE0MTBmMDdkN2RhZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqk9aZFM8Z5JRdq5R9uv7AsX/Ooyj
gJbmOKm8lt8eC3F1aaPPYsX++lXHoMbh3dPMCB+TkPNbLb09jRBfxXeU1cozrID0
7Jd8RurU9CibCb3LjqztsCoi4zsGu/pR2UFTxaDjg4MuXCPoqAoqoN30B1pOiq83
1JVpePqZRuP9U2BqUmKbGSV6x2AduGgnAMAuFXq4okFaGhq2ITvF/p987DOXje7a
Mhjbu/yAu3xQDXin6NI+uyIImlfo6XMrABLRqZbFx/1W40u3PN8qLoJjg4ruKPZm
EC0FJaHFCzxokU/14PBoUlwdcoWUzdpbKSpIgpJDoTQn3djv0iMr1RxVLQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBuDeUWJWun45bAb+AKkEPB9fa0bMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvRzRONVJZbGE2Zmpsc0J2NEFxUVE4SDE5clJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhDqwDAN
BgkqhkiG9w0BAQsFAAOCAQEAeMZSUVuNvrvS3ozFu/8YnpGF/y/Xs3BJyC80GqT1
3QA34McvlvK4nW68rKXrAIjT8+n1ZWM0ujO4h/VFzzCGwG5s5CBpWuNKrDI43wsf
f5s9WTxuiFSjgjj7rYkX64mBywZokzCJI3Rsb4Y1Aue535dgKOCJYWs7m7iairpK
7vTvzNsE0t/YGzJzWuJRwjcstzd358HeTBmdgM+8YKvAIJ1A5FkOf3l1N3xz3/8x
ZCturiygqNoObqrJem261Xxc9vQ2VbJplnKGGiRLCuLcw/yDHM/oIbQXvUsyt/tW
yJ4qIYWhfZYSBtV6eRWCTsNHpCa5bDFwsfYBmhMF1waW9w==
-----END CERTIFICATE-----