Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/xCt-3I4HSr25MhC8BMd2thevgVU.roa
File:                     xCt-3I4HSr25MhC8BMd2thevgVU.roa (raw, json)
Hash identifier:          sZUNm0dz+rTstayb8zMPvmRuDI0MPNSTCMqD12A4Oww=
Subject key identifier:   C4:2B:7E:DC:8E:07:4A:BD:B9:32:10:BC:04:C7:76:B6:17:AF:81:55
Certificate issuer:       /CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
Certificate serial:       019427479DFE714A96FF6D9E038C1DEC7DCB
Authority key identifier: FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/xCt-3I4HSr25MhC8BMd2thevgVU.roa
Signing time:             Thu 02 Jan 2025 13:49:52 +0000
ROA not before:           Thu 02 Jan 2025 13:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64474
IP address blocks:        2a0d:7440:22::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 15:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:9d:fe:71:4a:96:ff:6d:9e:03:8c:1d:ec:7d:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
        Validity
            Not Before: Jan  2 13:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c42b7edc8e074abdb93210bc04c776b617af8155
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:f0:f1:b1:66:91:6f:ca:3c:84:a1:32:25:d4:
                    a3:9d:cd:04:b2:28:3a:73:f2:32:75:d1:6f:84:bb:
                    28:eb:74:15:31:fa:8a:2c:d5:67:5b:98:ab:fb:f8:
                    3c:36:df:d0:0d:60:01:06:c1:82:7e:f6:47:ff:56:
                    75:8b:0d:8a:6a:25:21:42:a2:7b:ab:20:c9:ce:4c:
                    3a:6b:6d:51:1d:75:77:d0:96:ff:01:94:85:3e:e4:
                    fd:0b:d2:0d:a1:2c:8b:28:56:c3:43:a2:de:b0:26:
                    e8:22:5a:74:4c:1e:08:84:fc:5c:9b:f5:cc:db:0c:
                    6d:66:f9:6e:16:1a:bf:09:9a:10:09:91:92:0f:a8:
                    14:3f:08:da:75:3f:7c:b2:ff:f0:6e:18:2b:69:03:
                    d3:77:fe:55:56:63:bc:eb:92:92:41:5a:e2:7a:25:
                    ed:a4:35:05:4d:7e:eb:f0:ad:45:14:f2:db:0a:da:
                    74:b4:08:16:b5:1c:ce:c2:b4:5a:09:61:d8:fa:3d:
                    71:29:ba:e9:9e:6c:c6:eb:84:8d:3a:ee:58:ca:f1:
                    8f:67:27:23:e5:cd:ac:3e:a9:db:9c:2f:23:57:7d:
                    78:4f:c0:d1:41:da:7b:e5:1c:62:ac:b8:97:e8:e6:
                    17:62:b9:28:a4:ce:9f:77:79:54:7c:08:d6:8e:be:
                    43:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:2B:7E:DC:8E:07:4A:BD:B9:32:10:BC:04:C7:76:B6:17:AF:81:55
            X509v3 Authority Key Identifier:
                keyid:FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/xCt-3I4HSr25MhC8BMd2thevgVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:7440:22::/48

    Signature Algorithm: sha256WithRSAEncryption
         bd:b8:f8:99:09:30:ea:8c:52:d3:81:f0:3c:73:c3:36:d9:d2:
         7b:2d:69:09:3e:06:cd:eb:df:07:d2:ee:f9:26:77:d1:ee:2d:
         ec:30:26:c6:6d:ff:c2:e9:ce:3e:0c:eb:94:a7:75:82:ad:4e:
         f1:2d:12:a8:3e:61:8a:90:ee:a6:bf:cd:d3:0e:fd:f0:e0:e9:
         ab:e8:26:89:ce:f1:30:50:f9:d3:cf:e9:74:cf:6d:02:98:fc:
         42:30:1f:91:b2:61:4f:0d:26:8c:28:44:00:03:8a:15:0c:c6:
         ef:7c:bd:89:9a:94:25:dc:28:52:0d:f6:18:5e:c3:b3:69:24:
         1f:49:03:73:b7:8f:56:11:ab:2a:72:2b:58:8b:3d:ea:42:fd:
         f7:72:ae:88:25:d4:aa:b6:6c:02:7b:f5:8e:5f:81:9b:78:d1:
         2a:7f:c5:13:81:7f:3a:46:5a:49:7a:65:3d:7c:16:5f:e3:d6:
         43:a2:33:87:61:8a:0e:cb:b9:3c:60:4f:13:8a:af:42:9c:dd:
         30:8d:97:e5:6d:b3:17:04:48:30:9a:11:dc:f3:b6:3a:17:51:
         c8:0e:93:2d:96:f0:98:32:0e:b9:e7:5e:44:3b:ee:c3:98:6c:
         43:74:d9:6a:4c:c4:32:73:d8:e9:30:5c:c3:b7:bc:dc:6c:9d:
         77:c0:e7:5e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnR53+cUqW/22eA4wd7H3LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMzdjYzhmMTZiM2M2Y2JkMzM0NmFhM2VkNjE3NzFmM2U4
M2FjOTcwHhcNMjUwMTAyMTM0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDJiN2VkYzhlMDc0YWJkYjkzMjEwYmMwNGM3NzZiNjE3YWY4MTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PDxsWaRb8o8hKEyJdSjnc0Esig6
c/IyddFvhLso63QVMfqKLNVnW5ir+/g8Nt/QDWABBsGCfvZH/1Z1iw2KaiUhQqJ7
qyDJzkw6a21RHXV30Jb/AZSFPuT9C9INoSyLKFbDQ6LesCboIlp0TB4IhPxcm/XM
2wxtZvluFhq/CZoQCZGSD6gUPwjadT98sv/wbhgraQPTd/5VVmO865KSQVrieiXt
pDUFTX7r8K1FFPLbCtp0tAgWtRzOwrRaCWHY+j1xKbrpnmzG64SNOu5YyvGPZycj
5c2sPqnbnC8jV314T8DRQdp75RxirLiX6OYXYrkopM6fd3lUfAjWjr5DwwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMQrftyOB0q9uTIQvATHdrYXr4FVMB8GA1UdIwQY
MBaAFP03zI8Ws8bL0zRqo+1hdx8+g6yXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMt
N2UwNWFiNDFiNmU0LzEveEN0LTNJNEhTcjI1TWhDOEJNZDJ0aGV2Z1ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMtN2UwNWFiNDFiNmU0
LzEvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg10QAAi
MA0GCSqGSIb3DQEBCwUAA4IBAQC9uPiZCTDqjFLTgfA8c8M22dJ7LWkJPgbN698H
0u75JnfR7i3sMCbGbf/C6c4+DOuUp3WCrU7xLRKoPmGKkO6mv83TDv3w4Omr6CaJ
zvEwUPnTz+l0z20CmPxCMB+RsmFPDSaMKEQAA4oVDMbvfL2JmpQl3ChSDfYYXsOz
aSQfSQNzt49WEasqcitYiz3qQv33cq6IJdSqtmwCe/WOX4GbeNEqf8UTgX86RlpJ
emU9fBZf49ZDojOHYYoOy7k8YE8Tiq9CnN0wjZflbbMXBEgwmhHc87Y6F1HIDpMt
lvCYMg65515EO+7DmGxDdNlqTMQyc9jpMFzDt7zcbJ13wOde
-----END CERTIFICATE-----