Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/c9db0e-903e-485e-b67f-2c7a2a746279/1/XbLNbpcMzthn6l0veRfIZ9QxeEk.roa
File:                     XbLNbpcMzthn6l0veRfIZ9QxeEk.roa (raw, json)
Hash identifier:          Zbud2lYm0I4TklwYM90yu2xM4m8NLbFwJE0Y7F2RnFY=
Subject key identifier:   5D:B2:CD:6E:97:0C:CE:D8:67:EA:5D:2F:79:17:C8:67:D4:31:78:49
Certificate issuer:       /CN=5376467ef0921c51190e2ea60f2abb3bd6e9c19f
Certificate serial:       019421B22377C2DE58C1BC50E0DE2C709742
Authority key identifier: 53:76:46:7E:F0:92:1C:51:19:0E:2E:A6:0F:2A:BB:3B:D6:E9:C1:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U3ZGfvCSHFEZDi6mDyq7O9bpwZ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/c9db0e-903e-485e-b67f-2c7a2a746279/1/XbLNbpcMzthn6l0veRfIZ9QxeEk.roa
Signing time:             Wed 01 Jan 2025 11:48:29 +0000
ROA not before:           Wed 01 Jan 2025 11:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8772
IP address blocks:        2a0b:480::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/c9db0e-903e-485e-b67f-2c7a2a746279/1/U3ZGfvCSHFEZDi6mDyq7O9bpwZ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/c9db0e-903e-485e-b67f-2c7a2a746279/1/U3ZGfvCSHFEZDi6mDyq7O9bpwZ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U3ZGfvCSHFEZDi6mDyq7O9bpwZ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:23:77:c2:de:58:c1:bc:50:e0:de:2c:70:97:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5376467ef0921c51190e2ea60f2abb3bd6e9c19f
        Validity
            Not Before: Jan  1 11:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5db2cd6e970cced867ea5d2f7917c867d4317849
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:da:0a:69:57:12:77:2a:0c:4f:85:10:1e:45:
                    33:fa:6a:e1:b7:e1:e4:6d:41:77:c6:1c:5d:13:3d:
                    d9:4d:0a:43:69:0f:6b:b2:e8:31:06:5a:62:0a:56:
                    f2:e8:66:9d:5e:61:5f:b7:8b:7b:3b:9f:16:7e:4b:
                    06:38:5a:2e:21:58:31:8e:27:ff:37:f3:c8:24:7f:
                    65:29:18:0c:df:76:a9:2d:77:e2:94:8e:c2:59:b2:
                    87:c3:3a:3b:d3:5f:56:d4:79:04:ad:b3:e6:40:cc:
                    30:2b:a3:99:7b:05:3c:eb:f3:75:ee:38:8b:9d:7e:
                    74:eb:3d:f9:80:8c:e7:cc:5f:60:6e:ba:de:43:d8:
                    0c:4d:ec:16:d7:73:74:a4:e5:d1:87:0c:08:35:33:
                    bc:82:e2:93:bf:c4:fd:df:d3:d2:a6:b3:72:17:8e:
                    78:48:9b:26:ab:df:53:58:40:ae:ad:29:e5:2a:40:
                    62:39:e5:72:aa:7d:97:af:8f:fc:92:d5:49:4d:d8:
                    1d:71:17:c3:21:13:78:06:42:01:d2:19:79:45:16:
                    a1:01:47:e8:b2:9f:a6:f7:9c:e9:01:92:ca:fe:c6:
                    5a:4e:b1:49:0a:0d:ec:d2:77:7a:b0:ca:59:41:39:
                    9d:c8:c8:70:54:93:61:50:06:30:f2:5a:86:5e:b9:
                    fc:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:B2:CD:6E:97:0C:CE:D8:67:EA:5D:2F:79:17:C8:67:D4:31:78:49
            X509v3 Authority Key Identifier:
                keyid:53:76:46:7E:F0:92:1C:51:19:0E:2E:A6:0F:2A:BB:3B:D6:E9:C1:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U3ZGfvCSHFEZDi6mDyq7O9bpwZ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/c9db0e-903e-485e-b67f-2c7a2a746279/1/XbLNbpcMzthn6l0veRfIZ9QxeEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/c9db0e-903e-485e-b67f-2c7a2a746279/1/U3ZGfvCSHFEZDi6mDyq7O9bpwZ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:480::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:16:2e:57:48:a4:a6:79:5b:5b:c6:2f:5e:e4:b9:bf:2c:16:
         f2:74:64:9f:ae:21:2e:b3:9b:ca:fa:d9:78:da:05:26:86:6b:
         a2:92:d3:0e:68:1f:81:03:d1:18:67:97:0f:93:b5:de:7e:38:
         04:5d:39:ef:59:3c:1e:69:0d:10:66:ad:f3:c4:31:d7:34:aa:
         4f:f9:38:b1:cc:13:7a:03:13:45:a0:5e:a4:3d:06:68:3f:a9:
         b8:b4:92:f4:6c:19:58:0a:ad:12:34:34:2f:d1:44:87:76:e4:
         4f:12:0d:8e:16:c7:11:bb:0d:95:2e:c6:e3:c0:d0:19:3e:90:
         67:e8:e4:16:0a:bf:f0:61:c2:6e:bf:f8:c8:9c:b3:ea:88:db:
         ee:c6:38:32:de:c4:ab:de:8f:86:18:28:16:af:ec:7f:6c:b1:
         3b:13:05:30:39:b1:25:1b:1a:2f:5c:e4:a8:bb:63:d8:4e:3d:
         bc:4b:19:bd:5f:e3:aa:54:64:ec:b7:54:8a:81:af:b1:de:fa:
         99:06:7b:20:29:c0:e3:ec:43:26:93:06:22:52:33:5d:e9:3e:
         eb:5d:e0:e6:f2:f6:ef:06:64:e6:31:4d:a5:c5:0d:5d:00:d0:
         7a:0d:42:14:48:71:b1:1e:23:10:ff:d7:e4:e0:25:98:41:aa:
         c3:ef:ff:19
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQhsiN3wt5YwbxQ4N4scJdCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNzY0NjdlZjA5MjFjNTExOTBlMmVhNjBmMmFiYjNiZDZl
OWMxOWYwHhcNMjUwMTAxMTE0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGIyY2Q2ZTk3MGNjZWQ4NjdlYTVkMmY3OTE3Yzg2N2Q0MzE3ODQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9oKaVcSdyoMT4UQHkUz+mrht+Hk
bUF3xhxdEz3ZTQpDaQ9rsugxBlpiClby6GadXmFft4t7O58WfksGOFouIVgxjif/
N/PIJH9lKRgM33apLXfilI7CWbKHwzo7019W1HkErbPmQMwwK6OZewU86/N17jiL
nX506z35gIznzF9gbrreQ9gMTewW13N0pOXRhwwINTO8guKTv8T939PSprNyF454
SJsmq99TWECurSnlKkBiOeVyqn2Xr4/8ktVJTdgdcRfDIRN4BkIB0hl5RRahAUfo
sp+m95zpAZLK/sZaTrFJCg3s0nd6sMpZQTmdyMhwVJNhUAYw8lqGXrn8DQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFF2yzW6XDM7YZ+pdL3kXyGfUMXhJMB8GA1UdIwQY
MBaAFFN2Rn7wkhxRGQ4upg8quzvW6cGfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTNaR2Z2Q1NIRkVaRGk2bUR5cTdPOWJwd1o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9jOWRiMGUtOTAzZS00ODVlLWI2N2Yt
MmM3YTJhNzQ2Mjc5LzEvWGJMTmJwY016dGhuNmwwdmVSZklaOVF4ZUVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9jOWRiMGUtOTAzZS00ODVlLWI2N2YtMmM3YTJhNzQ2Mjc5
LzEvVTNaR2Z2Q1NIRkVaRGk2bUR5cTdPOWJwd1o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgsEgDAN
BgkqhkiG9w0BAQsFAAOCAQEARBYuV0ikpnlbW8YvXuS5vywW8nRkn64hLrObyvrZ
eNoFJoZropLTDmgfgQPRGGeXD5O13n44BF0571k8HmkNEGat88Qx1zSqT/k4scwT
egMTRaBepD0GaD+puLSS9GwZWAqtEjQ0L9FEh3bkTxINjhbHEbsNlS7G48DQGT6Q
Z+jkFgq/8GHCbr/4yJyz6ojb7sY4Mt7Eq96PhhgoFq/sf2yxOxMFMDmxJRsaL1zk
qLtj2E49vEsZvV/jqlRk7LdUioGvsd76mQZ7ICnA4+xDJpMGIlIzXek+613g5vL2
7wZk5jFNpcUNXQDQeg1CFEhxsR4jEP/X5OAlmEGqw+//GQ==
-----END CERTIFICATE-----