Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/8b7867-0a70-44ca-81fd-63f5fe110e76/1/rvEqkaSx88Mofyvgjk106t2jfIQ.roa
File:                     rvEqkaSx88Mofyvgjk106t2jfIQ.roa (raw, json)
Hash identifier:          Mt/fOTdq8tI+LHmhZzATBBPg2EKFAQ2gQnysBrQ+MLM=
Subject key identifier:   AE:F1:2A:91:A4:B1:F3:C3:28:7F:2B:E0:8E:4D:74:EA:DD:A3:7C:84
Certificate issuer:       /CN=c50eea130721e9cd1976fd7e0f34c96df6eac6b0
Certificate serial:       0194228E014CBCBF8E1E76DD9F7FE4D593CA
Authority key identifier: C5:0E:EA:13:07:21:E9:CD:19:76:FD:7E:0F:34:C9:6D:F6:EA:C6:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xQ7qEwch6c0Zdv1-DzTJbfbqxrA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/8b7867-0a70-44ca-81fd-63f5fe110e76/1/rvEqkaSx88Mofyvgjk106t2jfIQ.roa
Signing time:             Wed 01 Jan 2025 15:48:39 +0000
ROA not before:           Wed 01 Jan 2025 15:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     138270
IP address blocks:        2a00:cb20:3a00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/8b7867-0a70-44ca-81fd-63f5fe110e76/1/xQ7qEwch6c0Zdv1-DzTJbfbqxrA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/8b7867-0a70-44ca-81fd-63f5fe110e76/1/xQ7qEwch6c0Zdv1-DzTJbfbqxrA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xQ7qEwch6c0Zdv1-DzTJbfbqxrA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:01:4c:bc:bf:8e:1e:76:dd:9f:7f:e4:d5:93:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c50eea130721e9cd1976fd7e0f34c96df6eac6b0
        Validity
            Not Before: Jan  1 15:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aef12a91a4b1f3c3287f2be08e4d74eadda37c84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:35:cb:5e:0b:9d:b5:91:d3:b7:f1:04:ea:25:
                    f2:3b:79:c9:58:f0:3e:b1:bb:e5:74:4f:a3:ac:33:
                    28:43:b5:f8:fc:2e:3b:05:ff:e0:ba:03:fc:51:5b:
                    7b:ea:ee:a2:3f:9a:49:34:d4:f4:a6:ba:26:fd:0a:
                    0f:a4:c9:7b:7d:c8:55:83:a3:dc:81:7f:74:41:e6:
                    d7:f0:ea:98:2c:85:ea:86:d7:58:96:4d:7f:6e:a9:
                    73:6c:7c:40:b5:c6:81:60:e7:f4:6b:7b:91:e1:c6:
                    9d:0d:8f:ba:ef:cf:68:3f:fc:c9:a6:f0:04:03:14:
                    12:ee:4d:2c:98:20:1a:ad:c0:a0:c4:a3:0d:69:71:
                    53:87:47:b3:33:9c:9b:6c:e1:4b:3b:fa:16:7c:fd:
                    9b:f8:59:a7:ed:88:21:d9:5a:64:fd:d2:06:b3:ef:
                    cd:46:03:35:1e:3e:11:0a:59:60:83:16:00:c2:5f:
                    43:41:33:f5:3d:e5:95:ce:3c:58:0c:21:70:32:fc:
                    96:6b:9a:7d:6d:f1:8f:2d:02:9e:98:6c:fe:77:84:
                    1b:10:1e:a6:e4:b7:17:cb:e6:e2:a0:4f:e9:7d:be:
                    f2:43:07:5f:a8:bb:0b:ba:1c:e7:80:66:49:7c:a6:
                    71:c5:f9:34:b6:3d:c2:80:84:5b:83:3a:fc:90:12:
                    2a:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:F1:2A:91:A4:B1:F3:C3:28:7F:2B:E0:8E:4D:74:EA:DD:A3:7C:84
            X509v3 Authority Key Identifier:
                keyid:C5:0E:EA:13:07:21:E9:CD:19:76:FD:7E:0F:34:C9:6D:F6:EA:C6:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xQ7qEwch6c0Zdv1-DzTJbfbqxrA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/8b7867-0a70-44ca-81fd-63f5fe110e76/1/rvEqkaSx88Mofyvgjk106t2jfIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/8b7867-0a70-44ca-81fd-63f5fe110e76/1/xQ7qEwch6c0Zdv1-DzTJbfbqxrA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:cb20:3a00::/40

    Signature Algorithm: sha256WithRSAEncryption
         4f:bb:1e:1c:38:6f:47:15:d4:49:fd:f2:d8:d5:8e:ec:49:e5:
         cb:23:15:18:a5:3b:17:20:fa:06:f4:c8:45:61:8d:46:aa:be:
         85:f6:38:93:e6:9c:a4:e0:25:6c:6a:f3:13:4a:b5:2f:f4:4b:
         52:17:5d:90:7b:f2:a8:16:53:b6:f0:e2:4e:ae:1b:b0:6d:7e:
         e4:49:06:3b:1b:5c:41:42:00:7c:8d:39:e2:5e:3b:0f:cc:7d:
         d6:c5:c7:ce:c2:9b:0a:29:c4:5f:ca:4d:52:bc:49:9b:59:4c:
         e9:2e:fd:1d:37:a8:28:3c:45:a1:6c:4a:20:92:b8:6b:ef:7b:
         2e:d5:ae:e7:ca:af:04:e4:5e:0b:02:88:c6:f3:06:4c:65:c6:
         d3:c8:38:62:d0:a8:f6:c6:1b:76:8b:e6:96:5f:a8:25:11:cb:
         fe:3f:4b:e5:81:fa:df:0d:14:d6:54:08:9c:7d:4a:64:03:11:
         30:fe:d2:04:94:4d:03:38:da:93:c7:31:68:76:23:b0:fa:8f:
         e4:01:a9:03:fd:fe:a0:5d:8d:70:be:44:54:84:de:fa:58:c4:
         6c:2c:26:14:ac:c1:6a:4e:1c:80:5f:83:d4:af:ec:83:67:57:
         75:10:cb:94:90:37:8c:9a:b8:15:e4:c7:98:59:48:5f:4b:60:
         a9:53:3c:c2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQijgFMvL+OHnbdn3/k1ZPKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1MGVlYTEzMDcyMWU5Y2QxOTc2ZmQ3ZTBmMzRjOTZkZjZl
YWM2YjAwHhcNMjUwMTAxMTU0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWYxMmE5MWE0YjFmM2MzMjg3ZjJiZTA4ZTRkNzRlYWRkYTM3Yzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6zXLXgudtZHTt/EE6iXyO3nJWPA+
sbvldE+jrDMoQ7X4/C47Bf/gugP8UVt76u6iP5pJNNT0prom/QoPpMl7fchVg6Pc
gX90QebX8OqYLIXqhtdYlk1/bqlzbHxAtcaBYOf0a3uR4cadDY+6789oP/zJpvAE
AxQS7k0smCAarcCgxKMNaXFTh0ezM5ybbOFLO/oWfP2b+Fmn7Ygh2Vpk/dIGs+/N
RgM1Hj4RCllggxYAwl9DQTP1PeWVzjxYDCFwMvyWa5p9bfGPLQKemGz+d4QbEB6m
5LcXy+bioE/pfb7yQwdfqLsLuhzngGZJfKZxxfk0tj3CgIRbgzr8kBIqPQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFK7xKpGksfPDKH8r4I5NdOrdo3yEMB8GA1UdIwQY
MBaAFMUO6hMHIenNGXb9fg80yW326sawMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFE3cUV3Y2g2YzBaZHYxLUR6VEpiZmJxeHJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC84Yjc4NjctMGE3MC00NGNhLTgxZmQt
NjNmNWZlMTEwZTc2LzEvcnZFcWthU3g4OE1vZnl2Z2prMTA2dDJqZklRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC84Yjc4NjctMGE3MC00NGNhLTgxZmQtNjNmNWZlMTEwZTc2
LzEveFE3cUV3Y2g2YzBaZHYxLUR6VEpiZmJxeHJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgDLIDow
DQYJKoZIhvcNAQELBQADggEBAE+7Hhw4b0cV1En98tjVjuxJ5csjFRilOxcg+gb0
yEVhjUaqvoX2OJPmnKTgJWxq8xNKtS/0S1IXXZB78qgWU7bw4k6uG7BtfuRJBjsb
XEFCAHyNOeJeOw/MfdbFx87CmwopxF/KTVK8SZtZTOku/R03qCg8RaFsSiCSuGvv
ey7VrufKrwTkXgsCiMbzBkxlxtPIOGLQqPbGG3aL5pZfqCURy/4/S+WB+t8NFNZU
CJx9SmQDETD+0gSUTQM42pPHMWh2I7D6j+QBqQP9/qBdjXC+RFSE3vpYxGwsJhSs
wWpOHIBfg9Sv7INnV3UQy5SQN4yauBXkx5hZSF9LYKlTPMI=
-----END CERTIFICATE-----