Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/TLLe4Fv1ZWKn7cU4s2eOqRGhW2A.roa
File:                     TLLe4Fv1ZWKn7cU4s2eOqRGhW2A.roa (raw, json)
Hash identifier:          LIvDYJiCNzHfZb5Qat96s04TPvC5BTwrmEMarvzgqYw=
Subject key identifier:   4C:B2:DE:E0:5B:F5:65:62:A7:ED:C5:38:B3:67:8E:A9:11:A1:5B:60
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       0194266B0468701A1A6C05C0C91737AC8CDF
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/TLLe4Fv1ZWKn7cU4s2eOqRGhW2A.roa
Signing time:             Thu 02 Jan 2025 09:48:55 +0000
ROA not before:           Thu 02 Jan 2025 09:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21100
IP address blocks:        2a0d:5a80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:04:68:70:1a:1a:6c:05:c0:c9:17:37:ac:8c:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Jan  2 09:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4cb2dee05bf56562a7edc538b3678ea911a15b60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:30:45:bf:2f:47:c0:80:cb:32:95:21:ff:e6:
                    af:3a:3e:08:d7:89:e9:ba:e0:07:31:33:ed:7a:9d:
                    f4:59:90:e7:0f:37:ab:e2:74:0f:1f:a8:1c:dc:d7:
                    c6:36:77:dc:85:30:f1:bc:88:62:00:6b:95:07:6b:
                    2b:30:1d:af:17:94:4c:cc:1c:8e:fc:c6:15:cd:d4:
                    e5:84:2c:6b:5a:66:6e:97:76:78:12:46:45:f5:af:
                    1e:6a:69:9d:e5:75:69:d3:be:a8:b6:cd:b4:fe:cc:
                    58:ad:be:57:2d:ad:1e:cc:29:de:d9:a9:8d:7f:43:
                    59:ff:a4:44:e5:53:f1:86:b5:7e:ad:45:cf:93:49:
                    ff:65:30:20:73:0c:d6:dc:3a:88:06:19:87:95:ef:
                    6a:5c:12:ea:f3:bd:12:25:2d:b2:02:d0:27:60:86:
                    41:26:ec:97:33:aa:d6:f4:d1:3d:9c:84:6e:23:f4:
                    c2:24:aa:b7:66:6f:69:6d:3d:62:bc:ea:a4:33:24:
                    0b:4d:42:fb:86:c5:62:8d:41:39:9c:2c:e0:de:38:
                    d7:df:31:86:14:0e:22:95:70:43:3f:46:00:2f:5f:
                    d5:d2:90:e5:ab:17:2c:ec:6d:66:76:e9:8d:c3:36:
                    8b:d5:47:d7:97:8f:d8:03:3c:c0:28:68:d0:8c:59:
                    3d:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:B2:DE:E0:5B:F5:65:62:A7:ED:C5:38:B3:67:8E:A9:11:A1:5B:60
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/TLLe4Fv1ZWKn7cU4s2eOqRGhW2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:5a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         9d:c5:31:c9:4f:72:99:fb:55:f3:c5:d4:5b:07:41:a8:a1:34:
         de:ef:22:8f:65:d4:1d:9e:2d:08:f7:49:a6:a7:d8:38:4c:c0:
         c4:5f:a3:9a:ab:5d:4e:2c:0d:77:b5:23:0e:f5:75:2b:28:c0:
         7d:30:8a:a0:07:62:16:9d:d1:19:5b:0a:e3:af:51:1d:1d:07:
         e8:51:24:9b:36:a7:65:17:92:17:66:c6:60:3f:01:4c:c7:e1:
         36:83:6b:bb:ab:f4:81:5a:70:fc:04:09:18:c5:e7:93:6b:0d:
         82:0f:fb:79:c6:f1:2d:37:72:4a:5c:78:9a:74:53:6b:9b:4b:
         28:5f:94:37:92:09:7b:ab:cc:da:75:66:39:23:35:c8:9d:b3:
         4e:51:07:f9:9a:a9:ff:ec:a8:32:9d:b9:d0:ee:6e:56:8c:ac:
         82:ab:15:5b:04:1f:5f:f7:53:e1:5d:ba:01:5c:93:0e:7a:5f:
         d1:1a:83:d8:da:93:7f:10:75:b0:9d:5a:80:70:33:03:04:79:
         cd:4b:73:48:c1:5d:41:cd:02:69:77:49:3d:a8:96:79:68:ac:
         78:e4:49:bc:88:95:48:d5:b0:bc:53:1c:54:f2:c5:83:c3:df:
         c7:43:2c:23:5a:99:72:99:80:ed:f5:19:96:04:6d:50:24:8e:
         3d:b1:82:90
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQmawRocBoabAXAyRc3rIzfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjUwMTAyMDk0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2IyZGVlMDViZjU2NTYyYTdlZGM1MzhiMzY3OGVhOTExYTE1YjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDBFvy9HwIDLMpUh/+avOj4I14np
uuAHMTPtep30WZDnDzer4nQPH6gc3NfGNnfchTDxvIhiAGuVB2srMB2vF5RMzByO
/MYVzdTlhCxrWmZul3Z4EkZF9a8eammd5XVp076ots20/sxYrb5XLa0ezCne2amN
f0NZ/6RE5VPxhrV+rUXPk0n/ZTAgcwzW3DqIBhmHle9qXBLq870SJS2yAtAnYIZB
JuyXM6rW9NE9nIRuI/TCJKq3Zm9pbT1ivOqkMyQLTUL7hsVijUE5nCzg3jjX3zGG
FA4ilXBDP0YAL1/V0pDlqxcs7G1mdumNwzaL1UfXl4/YAzzAKGjQjFk9+wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEyy3uBb9WVip+3FOLNnjqkRoVtgMB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvVExMZTRGdjFaV0tuN2NVNHMyZU9xUkdoVzJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg1agDAN
BgkqhkiG9w0BAQsFAAOCAQEAncUxyU9ymftV88XUWwdBqKE03u8ij2XUHZ4tCPdJ
pqfYOEzAxF+jmqtdTiwNd7UjDvV1KyjAfTCKoAdiFp3RGVsK469RHR0H6FEkmzan
ZReSF2bGYD8BTMfhNoNru6v0gVpw/AQJGMXnk2sNgg/7ecbxLTdySlx4mnRTa5tL
KF+UN5IJe6vM2nVmOSM1yJ2zTlEH+Zqp/+yoMp250O5uVoysgqsVWwQfX/dT4V26
AVyTDnpf0RqD2NqTfxB1sJ1agHAzAwR5zUtzSMFdQc0CaXdJPaiWeWiseORJvIiV
SNWwvFMcVPLFg8Pfx0MsI1qZcpmA7fUZlgRtUCSOPbGCkA==
-----END CERTIFICATE-----