Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/pSiHzZ6NNZSWDrxpjGd3n4aNM88.roa
File:                     pSiHzZ6NNZSWDrxpjGd3n4aNM88.roa (raw, json)
Hash identifier:          de9D5UdKP4SSxcQu2P7Wa7gGHaS0oc0Mu69Uzk4RR9Y=
Subject key identifier:   A5:28:87:CD:9E:8D:35:94:96:0E:BC:69:8C:67:77:9F:86:8D:33:CF
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       0194228DBE028817B596E912EB314E6DA30E
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/pSiHzZ6NNZSWDrxpjGd3n4aNM88.roa
Signing time:             Wed 01 Jan 2025 15:48:22 +0000
ROA not before:           Wed 01 Jan 2025 15:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49505
IP address blocks:        2a0b:e9c0::/30 maxlen: 30
                          2a0b:e9c4::/30 maxlen: 30
                          2a0c:f641::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 08:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:be:02:88:17:b5:96:e9:12:eb:31:4e:6d:a3:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Jan  1 15:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a52887cd9e8d3594960ebc698c67779f868d33cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:37:33:52:16:8f:76:79:f4:b3:af:52:48:a4:
                    07:dc:e2:49:f0:b3:9d:da:ca:61:87:3e:94:4c:b6:
                    52:92:81:ef:dd:37:0b:70:39:97:1e:db:47:12:c8:
                    ca:59:75:5d:23:91:e6:25:0b:a0:39:76:fb:81:ff:
                    33:30:60:82:dd:e8:53:30:de:2c:07:3e:5e:d3:14:
                    e6:85:e3:31:9b:03:af:44:49:04:f3:0a:1e:2c:f3:
                    2d:a5:92:f3:0f:45:4a:49:14:15:26:d4:da:25:06:
                    a9:f0:72:40:46:49:17:ef:1b:71:7a:6e:94:bc:39:
                    ea:c9:a2:a8:a0:9e:88:77:e5:bf:7d:2b:41:d1:c1:
                    28:2e:f3:6a:17:51:77:06:4b:d4:f7:b0:04:98:b2:
                    f4:20:0b:e3:69:34:f8:1f:d3:cb:a7:d8:cb:98:6f:
                    8e:2b:74:34:1d:3a:f4:55:11:10:af:45:b3:06:dd:
                    c5:ad:ca:bb:4d:33:21:3f:8f:b4:74:d7:72:23:cc:
                    55:35:b4:2a:58:4a:5b:5b:4c:f5:e2:4a:9d:29:ce:
                    d9:b8:e8:f4:25:30:60:95:c9:85:f5:7a:57:00:34:
                    09:5b:ff:3e:24:f8:99:98:3d:6e:b3:03:de:92:5e:
                    dd:1f:06:a4:ec:5e:59:e0:8e:38:3b:05:78:88:d1:
                    8b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:28:87:CD:9E:8D:35:94:96:0E:BC:69:8C:67:77:9F:86:8D:33:CF
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/pSiHzZ6NNZSWDrxpjGd3n4aNM88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:e9c0::/29
                  2a0c:f641::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:ca:1e:e4:99:0d:bf:92:4f:22:fd:24:4b:9a:e3:dd:2d:7c:
         79:69:5e:0a:73:5f:be:5a:3d:74:07:cf:b3:95:03:2b:2e:ea:
         83:ec:a4:f2:32:25:10:2f:55:38:e4:db:8a:c4:0d:c5:2f:60:
         6b:86:da:38:7a:3b:23:b1:aa:14:5d:09:5d:2e:ac:a7:78:34:
         31:52:44:b0:a6:50:58:5d:5c:71:3c:72:82:96:66:7e:25:82:
         48:34:56:a8:7d:5e:20:35:85:d4:70:67:21:1a:f2:41:60:67:
         64:e0:7c:ad:64:93:fc:43:ea:ec:ee:f1:da:bf:dd:ab:81:7e:
         76:8c:2b:7d:aa:78:ac:e5:f6:83:06:d6:1a:82:77:77:09:77:
         80:a8:14:0b:9e:a5:e6:5c:ea:bd:44:7a:9f:78:ce:e0:bb:46:
         84:9b:9d:8c:64:0b:71:72:e7:f5:68:f1:c0:9b:f2:a6:72:f9:
         ce:11:4a:aa:d3:e7:53:21:86:0e:5d:f0:3b:43:c8:b0:6e:f7:
         7d:41:bd:c6:8b:a5:7e:3d:54:27:74:77:87:55:76:f8:5b:b8:
         a1:8b:6e:bc:16:31:07:fe:2e:4e:47:3c:1a:4c:55:3d:04:f5:
         40:91:58:55:a5:99:71:84:86:01:f9:dd:cd:6b:f4:17:04:9d:
         16:5e:7a:07
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQijb4CiBe1lukS6zFObaMOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjUwMTAxMTU0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTI4ODdjZDllOGQzNTk0OTYwZWJjNjk4YzY3Nzc5Zjg2OGQzM2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTczUhaPdnn0s69SSKQH3OJJ8LOd
2sphhz6UTLZSkoHv3TcLcDmXHttHEsjKWXVdI5HmJQugOXb7gf8zMGCC3ehTMN4s
Bz5e0xTmheMxmwOvREkE8woeLPMtpZLzD0VKSRQVJtTaJQap8HJARkkX7xtxem6U
vDnqyaKooJ6Id+W/fStB0cEoLvNqF1F3BkvU97AEmLL0IAvjaTT4H9PLp9jLmG+O
K3Q0HTr0VREQr0WzBt3Frcq7TTMhP4+0dNdyI8xVNbQqWEpbW0z14kqdKc7ZuOj0
JTBglcmF9XpXADQJW/8+JPiZmD1uswPekl7dHwak7F5Z4I44OwV4iNGLhQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKUoh82ejTWUlg68aYxnd5+GjTPPMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvcFNpSHpaNk5OWlNXRHJ4cGpHZDNuNGFOTTg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgvpwAMF
ACoM9kEwDQYJKoZIhvcNAQELBQADggEBAFzKHuSZDb+STyL9JEua490tfHlpXgpz
X75aPXQHz7OVAysu6oPspPIyJRAvVTjk24rEDcUvYGuG2jh6OyOxqhRdCV0urKd4
NDFSRLCmUFhdXHE8coKWZn4lgkg0Vqh9XiA1hdRwZyEa8kFgZ2TgfK1kk/xD6uzu
8dq/3auBfnaMK32qeKzl9oMG1hqCd3cJd4CoFAuepeZc6r1Eep94zuC7RoSbnYxk
C3Fy5/Vo8cCb8qZy+c4RSqrT51Mhhg5d8DtDyLBu931BvcaLpX49VCd0d4dVdvhb
uKGLbrwWMQf+Lk5HPBpMVT0E9UCRWFWlmXGEhgH53c1r9BcEnRZeegc=
-----END CERTIFICATE-----