Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/yAXUepuqy1Jbj9R6XNC4ai7FfGg.roa
File:                     yAXUepuqy1Jbj9R6XNC4ai7FfGg.roa (raw, json)
Hash identifier:          Br5sE3EcvHbcirwbPVNtC+403MF64TtCvGh57mDUGD0=
Subject key identifier:   C8:05:D4:7A:9B:AA:CB:52:5B:8F:D4:7A:5C:D0:B8:6A:2E:C5:7C:68
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       019423D7620AC8ACE886DFAE78E2C42E802D
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/yAXUepuqy1Jbj9R6XNC4ai7FfGg.roa
Signing time:             Wed 01 Jan 2025 21:48:25 +0000
ROA not before:           Wed 01 Jan 2025 21:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51058
IP address blocks:        2a01:360:99::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:62:0a:c8:ac:e8:86:df:ae:78:e2:c4:2e:80:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 21:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c805d47a9baacb525b8fd47a5cd0b86a2ec57c68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:eb:61:7e:4f:08:7d:07:6e:d6:ea:d3:45:39:
                    f8:dd:d1:4d:4f:0d:d3:95:9f:26:c5:14:08:bd:fb:
                    58:8e:ec:c3:16:3b:b3:ee:04:70:46:f2:18:c0:71:
                    99:f9:f8:6d:e4:fd:09:40:d4:af:93:4f:c4:60:a5:
                    58:5a:a0:dd:15:65:33:e5:11:ab:39:2f:89:6b:7a:
                    75:25:f7:86:9f:bb:59:3e:45:8c:67:8b:30:05:23:
                    2b:d7:14:c5:56:96:7c:53:b1:75:f5:35:f7:10:52:
                    bb:59:6d:09:26:d7:e4:5c:f9:cd:04:f8:47:8b:38:
                    21:bf:aa:a1:6b:c4:35:14:53:d4:a9:2d:29:df:01:
                    cb:d6:b6:7c:49:24:8c:33:8f:c3:1b:bf:ff:b9:b2:
                    b2:82:f3:e6:b6:13:c7:43:1e:1e:59:bc:71:5e:32:
                    ef:ef:76:28:24:1a:b2:0e:ea:b1:fd:f9:fa:b8:2d:
                    2b:ef:54:4f:d0:e5:b7:1b:df:3b:f9:3d:a1:f5:f2:
                    94:fa:85:1f:07:80:6e:05:f2:00:b7:d9:25:5d:f8:
                    3d:eb:f8:25:11:fd:31:0e:68:21:df:c3:45:8e:fe:
                    63:a4:7a:97:af:26:3b:ec:e3:da:73:24:98:4f:ed:
                    0e:6c:cc:d4:32:65:9a:93:c8:cb:07:25:c6:44:4e:
                    8e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:05:D4:7A:9B:AA:CB:52:5B:8F:D4:7A:5C:D0:B8:6A:2E:C5:7C:68
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/yAXUepuqy1Jbj9R6XNC4ai7FfGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:360:99::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:cf:ec:0f:5b:7e:33:1e:3d:12:49:5d:f3:6d:a4:e9:88:67:
         7f:7a:11:56:1a:9b:90:44:81:06:d5:49:35:a9:fe:6d:c6:83:
         7e:43:11:4a:cd:fc:47:9f:dc:a8:23:a6:15:47:4d:de:96:4e:
         a2:44:95:8c:be:24:a2:81:9b:fc:12:ce:31:e7:e3:0e:3d:66:
         99:c6:3e:24:e0:e2:78:a4:56:87:40:5f:1b:10:c6:68:4d:d0:
         57:72:a8:f9:28:0a:e5:a0:26:62:dc:13:a4:ab:60:a2:1b:08:
         52:0d:4d:0c:5a:7c:58:2b:46:a4:69:4a:10:1c:29:5d:bc:8c:
         fd:6d:a1:76:0f:41:da:77:e7:8e:47:43:71:29:3e:b5:e8:6a:
         2f:b1:f9:04:96:27:35:83:07:49:98:e7:94:ae:dd:d1:ac:1f:
         cc:32:ee:3e:cc:12:16:fc:a4:ab:8d:09:ba:48:e8:c8:87:ce:
         02:bc:34:14:ae:46:58:75:72:39:82:d6:39:cb:85:6b:1b:8f:
         d8:6e:4f:d2:60:02:d4:ae:65:f8:60:8d:8d:1e:92:f1:6b:a9:
         d8:64:e8:90:87:08:8f:3c:11:a3:37:e9:45:8f:93:d2:e2:7a:
         cf:1c:01:b8:29:a4:66:f3:ee:fb:53:3f:24:8a:1f:72:83:54:
         d6:e9:a3:f8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQj12IKyKzoht+ueOLELoAtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwMTAxMjE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODA1ZDQ3YTliYWFjYjUyNWI4ZmQ0N2E1Y2QwYjg2YTJlYzU3YzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+thfk8IfQdu1urTRTn43dFNTw3T
lZ8mxRQIvftYjuzDFjuz7gRwRvIYwHGZ+fht5P0JQNSvk0/EYKVYWqDdFWUz5RGr
OS+Ja3p1JfeGn7tZPkWMZ4swBSMr1xTFVpZ8U7F19TX3EFK7WW0JJtfkXPnNBPhH
izghv6qha8Q1FFPUqS0p3wHL1rZ8SSSMM4/DG7//ubKygvPmthPHQx4eWbxxXjLv
73YoJBqyDuqx/fn6uC0r71RP0OW3G987+T2h9fKU+oUfB4BuBfIAt9klXfg96/gl
Ef0xDmgh38NFjv5jpHqXryY77OPacySYT+0ObMzUMmWak8jLByXGRE6OYwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMgF1HqbqstSW4/UelzQuGouxXxoMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEveUFYVWVwdXF5MUpiajlSNlhOQzRhaTdGZkdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEDYACZ
MA0GCSqGSIb3DQEBCwUAA4IBAQArz+wPW34zHj0SSV3zbaTpiGd/ehFWGpuQRIEG
1Uk1qf5txoN+QxFKzfxHn9yoI6YVR03elk6iRJWMviSigZv8Es4x5+MOPWaZxj4k
4OJ4pFaHQF8bEMZoTdBXcqj5KArloCZi3BOkq2CiGwhSDU0MWnxYK0akaUoQHCld
vIz9baF2D0Had+eOR0NxKT616GovsfkElic1gwdJmOeUrt3RrB/MMu4+zBIW/KSr
jQm6SOjIh84CvDQUrkZYdXI5gtY5y4VrG4/Ybk/SYALUrmX4YI2NHpLxa6nYZOiQ
hwiPPBGjN+lFj5PS4nrPHAG4KaRm8+77Uz8kih9yg1TW6aP4
-----END CERTIFICATE-----