Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/viBgIC4abJYY7C__L2VefsiYSYI.roa
File:                     viBgIC4abJYY7C__L2VefsiYSYI.roa (raw, json)
Hash identifier:          r+Hi34v0Qt4A/ODVfo4uFHb77CXM38aMXnF2F0o4IcY=
Subject key identifier:   BE:20:60:20:2E:1A:6C:96:18:EC:2F:FF:2F:65:5E:7E:C8:98:49:82
Certificate issuer:       /CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
Certificate serial:       01941F8C7271A218BB60DE92D97491969E9E
Authority key identifier: D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/viBgIC4abJYY7C__L2VefsiYSYI.roa
Signing time:             Wed 01 Jan 2025 01:48:05 +0000
ROA not before:           Wed 01 Jan 2025 01:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213935
IP address blocks:        2a0e:e704:48::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 10:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:72:71:a2:18:bb:60:de:92:d9:74:91:96:9e:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
        Validity
            Not Before: Jan  1 01:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be2060202e1a6c9618ec2fff2f655e7ec8984982
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c8:95:ab:80:e7:44:a5:4c:f3:03:14:9c:ca:
                    53:45:dc:f4:81:0d:00:27:ac:2f:94:66:39:d0:b4:
                    ec:25:fc:5b:2a:85:ed:2f:78:c6:77:df:1f:b4:03:
                    75:83:99:9c:ea:15:c6:f0:ec:82:34:f3:f6:63:6d:
                    34:3e:e1:b3:86:d5:6f:2d:8b:5a:f3:8b:26:fb:fa:
                    20:85:0c:79:e8:0a:af:ea:22:7d:21:e6:fd:04:79:
                    ed:2c:c6:a0:15:d8:a6:7b:ee:dd:5c:ff:74:8d:ad:
                    86:15:8c:eb:b8:db:9c:25:07:41:dd:76:a5:24:1e:
                    eb:23:29:3f:02:57:60:ce:4e:b4:08:d8:17:42:82:
                    ca:6d:53:25:0e:f8:14:e8:17:5f:e8:76:a1:d1:78:
                    20:7c:83:b2:7d:5b:98:04:ba:7f:4e:a8:9b:17:be:
                    16:26:7e:f0:01:db:6a:e4:90:0b:c1:3d:d6:95:9b:
                    12:c0:16:75:98:12:b7:2e:b2:f5:5d:8c:da:42:c2:
                    f0:94:a9:cf:93:b9:f8:7f:a5:8e:68:95:1b:b1:07:
                    e8:ac:b9:12:8a:d4:bf:b4:fc:b4:34:d9:ba:ac:8c:
                    12:7d:a9:b3:60:57:12:ac:1e:12:f9:7b:0d:e5:4f:
                    03:c7:11:63:2a:8e:e4:87:9d:56:d0:0b:3f:59:52:
                    87:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:20:60:20:2E:1A:6C:96:18:EC:2F:FF:2F:65:5E:7E:C8:98:49:82
            X509v3 Authority Key Identifier:
                keyid:D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/viBgIC4abJYY7C__L2VefsiYSYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:e704:48::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:60:90:91:2d:cf:9e:b0:99:50:78:18:e9:03:a1:e0:90:57:
         3d:1c:08:ef:62:b3:54:9b:b7:37:ff:9d:b6:09:69:4a:11:a3:
         d0:12:6c:fe:42:de:40:df:2a:3f:47:66:04:52:be:4c:29:43:
         23:e9:12:b4:d2:62:52:f7:7c:1c:d8:09:52:6f:50:03:54:86:
         47:88:e0:97:b5:66:e9:a1:4c:88:ef:21:87:32:d2:42:71:51:
         d5:98:d7:3d:18:a5:6d:c9:79:fc:d5:fd:54:d9:76:3a:6f:37:
         16:8a:5f:7d:45:1b:4f:4a:ac:a7:7d:8b:21:66:aa:c2:cf:66:
         87:24:2e:be:51:33:dc:2b:c5:19:57:d2:93:eb:25:4d:0a:51:
         f0:87:65:18:20:d3:79:ba:cc:6a:56:af:fc:34:c0:e2:d9:55:
         f7:d2:7c:5d:0e:91:f4:2f:cf:ca:52:0c:5b:56:48:a6:ba:df:
         17:10:39:43:19:74:a1:0c:e0:66:66:e2:e4:cc:cb:cc:78:bb:
         e4:1c:fb:dd:19:73:31:a1:66:47:49:05:b1:86:3d:cb:5a:79:
         64:8b:1c:86:7b:12:e2:78:49:08:ff:0d:7c:76:dd:3f:ed:3d:
         2e:11:89:46:04:ed:ed:07:03:00:eb:91:88:db:7b:8c:31:70:
         1e:db:a6:c5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjHJxohi7YN6S2XSRlp6eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MGY0NWY3Y2M0YjY5MWZkNGEzMWMxZjFjMGI0ZjYwNWQ3
N2E2ZWYwHhcNMjUwMTAxMDE0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTIwNjAyMDJlMWE2Yzk2MThlYzJmZmYyZjY1NWU3ZWM4OTg0OTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8iVq4DnRKVM8wMUnMpTRdz0gQ0A
J6wvlGY50LTsJfxbKoXtL3jGd98ftAN1g5mc6hXG8OyCNPP2Y200PuGzhtVvLYta
84sm+/oghQx56Aqv6iJ9Ieb9BHntLMagFdime+7dXP90ja2GFYzruNucJQdB3Xal
JB7rIyk/Aldgzk60CNgXQoLKbVMlDvgU6Bdf6Hah0XggfIOyfVuYBLp/TqibF74W
Jn7wAdtq5JALwT3WlZsSwBZ1mBK3LrL1XYzaQsLwlKnPk7n4f6WOaJUbsQforLkS
itS/tPy0NNm6rIwSfamzYFcSrB4S+XsN5U8DxxFjKo7kh51W0As/WVKHgQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL4gYCAuGmyWGOwv/y9lXn7ImEmCMB8GA1UdIwQY
MBaAFNYPRffMS2kf1KMcHxwLT2Bdd6bvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWc5Rjk4eExhUl9Vb3h3ZkhBdFBZRjEzcHU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9hZDMwNDQtY2RjZS00NmNmLTkyYzkt
YTk1NGQwNTM5OTRhLzEvdmlCZ0lDNGFiSllZN0NfX0wyVmVmc2lZU1lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9hZDMwNDQtY2RjZS00NmNmLTkyYzktYTk1NGQwNTM5OTRh
LzEvMWc5Rjk4eExhUl9Vb3h3ZkhBdFBZRjEzcHU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg7nBABI
MA0GCSqGSIb3DQEBCwUAA4IBAQBPYJCRLc+esJlQeBjpA6HgkFc9HAjvYrNUm7c3
/522CWlKEaPQEmz+Qt5A3yo/R2YEUr5MKUMj6RK00mJS93wc2AlSb1ADVIZHiOCX
tWbpoUyI7yGHMtJCcVHVmNc9GKVtyXn81f1U2XY6bzcWil99RRtPSqynfYshZqrC
z2aHJC6+UTPcK8UZV9KT6yVNClHwh2UYINN5usxqVq/8NMDi2VX30nxdDpH0L8/K
UgxbVkimut8XEDlDGXShDOBmZuLkzMvMeLvkHPvdGXMxoWZHSQWxhj3LWnlkixyG
exLieEkI/w18dt0/7T0uEYlGBO3tBwMA65GI23uMMXAe26bF
-----END CERTIFICATE-----