Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/dEkWV8xPj6ZjKfgx5t3dIacQr1A.roa
File:                     dEkWV8xPj6ZjKfgx5t3dIacQr1A.roa (raw, json)
Hash identifier:          ZOk1wKX5K0Mx4fspQclTvx+3kOne5shTmWgvCBY9O/Q=
Subject key identifier:   74:49:16:57:CC:4F:8F:A6:63:29:F8:31:E6:DD:DD:21:A7:10:AF:50
Certificate issuer:       /CN=4986c73994d02d91fc97d916e9809a6d981e6b17
Certificate serial:       019422FC4ED7491BDDFCDC748D755C9B3D50
Authority key identifier: 49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/dEkWV8xPj6ZjKfgx5t3dIacQr1A.roa
Signing time:             Wed 01 Jan 2025 17:49:08 +0000
ROA not before:           Wed 01 Jan 2025 17:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212144
IP address blocks:        2a10:b540::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:4e:d7:49:1b:dd:fc:dc:74:8d:75:5c:9b:3d:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4986c73994d02d91fc97d916e9809a6d981e6b17
        Validity
            Not Before: Jan  1 17:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74491657cc4f8fa66329f831e6dddd21a710af50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f0:7b:1e:6f:3d:29:fd:79:58:43:5f:9a:84:
                    9d:9c:39:fd:bf:6c:b6:34:4b:aa:1e:b4:5c:c2:e9:
                    5d:f3:4f:3b:32:d4:68:25:a2:e7:cb:5b:54:50:73:
                    dd:b1:a9:82:36:62:03:79:69:8c:47:ea:05:24:c3:
                    e7:ed:a1:db:95:7b:c6:f3:96:32:62:c9:0f:97:bd:
                    50:cb:1a:9b:59:6f:a2:e0:e2:13:9e:b5:94:7d:d3:
                    7c:f9:18:de:d2:6a:65:4c:94:11:a1:56:16:21:6b:
                    e6:a7:c3:e7:34:a1:64:be:6d:ec:a4:36:ec:90:96:
                    8e:57:91:f7:62:89:3c:15:02:22:75:df:ee:d6:ce:
                    f1:0b:af:21:c8:89:e8:77:fd:08:30:be:3f:ad:e2:
                    54:14:2d:d0:26:84:6a:25:e7:1a:e8:43:c8:6f:d2:
                    a1:f2:94:a2:b0:8f:d6:6d:c7:10:85:97:8e:f7:7e:
                    4a:db:f4:84:84:2b:fd:fa:58:a6:a5:8b:ed:4b:35:
                    ee:76:0b:3b:c5:b6:93:3d:f6:f2:e5:ce:c4:0d:94:
                    30:23:86:21:fa:80:6d:80:76:fb:cf:6b:46:af:5d:
                    9d:53:5d:58:21:a4:e1:4b:90:d0:aa:f1:6b:79:60:
                    45:49:29:29:73:21:cf:f2:6d:d6:2b:86:8e:0a:73:
                    dd:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:49:16:57:CC:4F:8F:A6:63:29:F8:31:E6:DD:DD:21:A7:10:AF:50
            X509v3 Authority Key Identifier:
                keyid:49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/dEkWV8xPj6ZjKfgx5t3dIacQr1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:b540::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:a8:86:6a:eb:b2:9b:10:1f:f8:1c:f4:5e:71:3e:97:cd:60:
         1b:5c:96:6f:07:2d:93:73:bd:92:de:98:fc:e0:d8:51:09:37:
         70:7e:35:9d:ea:ef:28:e8:69:e4:3f:a2:99:ed:c3:bd:b8:b7:
         5c:a9:c6:5d:e6:dc:0d:ac:4d:28:5f:33:7e:b3:7b:23:5e:eb:
         40:ec:fe:aa:b6:83:a1:e4:85:18:fa:7f:de:dc:fb:ac:16:c2:
         2a:42:50:f6:74:e3:a9:3b:fb:aa:43:d6:7b:2d:7e:a1:25:ab:
         35:fa:3d:9e:37:19:58:62:6b:fb:f9:1c:c7:32:8e:72:ed:ef:
         f1:c6:17:c8:d8:3a:51:94:aa:50:d4:bd:8b:01:13:27:21:b9:
         a3:67:5e:ea:7b:15:26:a8:2e:c0:4d:9c:90:17:51:52:6b:ae:
         d4:49:45:3e:90:d6:6c:b3:93:37:d3:8d:de:3b:cf:0a:73:86:
         17:0b:51:b5:ea:2f:49:35:60:25:73:f6:a4:5e:44:b3:87:cf:
         11:49:83:c1:b6:88:ac:e7:54:97:5e:6b:9a:8f:e0:fd:fa:69:
         94:43:fc:90:d6:76:31:09:ac:fa:c5:18:87:7d:e4:ad:fc:82:
         38:84:09:49:0c:18:12:8a:b5:c2:2d:04:c9:b9:b7:a3:e0:86:
         38:fd:71:2c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQi/E7XSRvd/Nx0jXVcmz1QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ODZjNzM5OTRkMDJkOTFmYzk3ZDkxNmU5ODA5YTZkOTgx
ZTZiMTcwHhcNMjUwMTAxMTc0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDQ5MTY1N2NjNGY4ZmE2NjMyOWY4MzFlNmRkZGQyMWE3MTBhZjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPB7Hm89Kf15WENfmoSdnDn9v2y2
NEuqHrRcwuld8087MtRoJaLny1tUUHPdsamCNmIDeWmMR+oFJMPn7aHblXvG85Yy
YskPl71QyxqbWW+i4OITnrWUfdN8+Rje0mplTJQRoVYWIWvmp8PnNKFkvm3spDbs
kJaOV5H3Yok8FQIidd/u1s7xC68hyInod/0IML4/reJUFC3QJoRqJeca6EPIb9Kh
8pSisI/WbccQhZeO935K2/SEhCv9+limpYvtSzXudgs7xbaTPfby5c7EDZQwI4Yh
+oBtgHb7z2tGr12dU11YIaThS5DQqvFreWBFSSkpcyHP8m3WK4aOCnPdbQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHRJFlfMT4+mYyn4Mebd3SGnEK9QMB8GA1UdIwQY
MBaAFEmGxzmU0C2R/JfZFumAmm2YHmsXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzIt
OWU4OTVkMGVmOGQyLzEvZEVrV1Y4eFBqNlpqS2ZneDV0M2RJYWNRcjFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzItOWU4OTVkMGVmOGQy
LzEvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhC1QDAN
BgkqhkiG9w0BAQsFAAOCAQEAAaiGauuymxAf+Bz0XnE+l81gG1yWbwctk3O9kt6Y
/ODYUQk3cH41nervKOhp5D+ime3Dvbi3XKnGXebcDaxNKF8zfrN7I17rQOz+qraD
oeSFGPp/3tz7rBbCKkJQ9nTjqTv7qkPWey1+oSWrNfo9njcZWGJr+/kcxzKOcu3v
8cYXyNg6UZSqUNS9iwETJyG5o2de6nsVJqguwE2ckBdRUmuu1ElFPpDWbLOTN9ON
3jvPCnOGFwtRteovSTVgJXP2pF5Es4fPEUmDwbaIrOdUl15rmo/g/fpplEP8kNZ2
MQms+sUYh33krfyCOIQJSQwYEoq1wi0Eybm3o+CGOP1xLA==
-----END CERTIFICATE-----