Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e52b07-f2a4-47c1-9460-1e4e0400844b/1/4ivYTJwHbxlEFGw6yHQUPiIrnLk.roa
File:                     4ivYTJwHbxlEFGw6yHQUPiIrnLk.roa (raw, json)
Hash identifier:          c/5BSogehebsaJujE8GYhFFEuezzSIs2u3N/ALM/jkY=
Subject key identifier:   E2:2B:D8:4C:9C:07:6F:19:44:14:6C:3A:C8:74:14:3E:22:2B:9C:B9
Certificate issuer:       /CN=21351865b767dd7b9c22314bfc8055bd57db0065
Certificate serial:       019427B5E1D7D5DAB17E0D60A3BBEDF3D9E7
Authority key identifier: 21:35:18:65:B7:67:DD:7B:9C:22:31:4B:FC:80:55:BD:57:DB:00:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITUYZbdn3XucIjFL_IBVvVfbAGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e52b07-f2a4-47c1-9460-1e4e0400844b/1/4ivYTJwHbxlEFGw6yHQUPiIrnLk.roa
Signing time:             Thu 02 Jan 2025 15:50:18 +0000
ROA not before:           Thu 02 Jan 2025 15:50:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200334
IP address blocks:        2a0c:f587:fffe::/48 maxlen: 48
                          2a0c:f587:ffff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e52b07-f2a4-47c1-9460-1e4e0400844b/1/ITUYZbdn3XucIjFL_IBVvVfbAGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e52b07-f2a4-47c1-9460-1e4e0400844b/1/ITUYZbdn3XucIjFL_IBVvVfbAGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITUYZbdn3XucIjFL_IBVvVfbAGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 23:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:e1:d7:d5:da:b1:7e:0d:60:a3:bb:ed:f3:d9:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21351865b767dd7b9c22314bfc8055bd57db0065
        Validity
            Not Before: Jan  2 15:50:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e22bd84c9c076f1944146c3ac874143e222b9cb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:11:33:eb:05:1a:62:db:58:5c:83:cb:2a:48:
                    da:f8:a6:8c:95:fa:88:23:c5:41:ef:00:4a:3b:68:
                    3c:85:93:32:d1:e7:d7:47:ca:80:d9:21:d4:04:70:
                    b2:b7:d1:7e:ab:82:7a:29:48:fa:26:15:38:12:c7:
                    20:cc:65:0e:28:db:ab:fe:e5:83:c8:75:7f:7e:23:
                    f4:73:21:2c:6c:c7:97:04:cf:25:08:3c:10:56:1b:
                    58:7c:4f:a9:6a:c8:de:5a:fe:ef:fc:a6:aa:0c:41:
                    3e:99:07:1c:cd:ba:44:14:9c:c2:53:b7:9d:18:8e:
                    08:7d:b5:da:ab:6c:db:5e:da:78:77:7b:02:66:50:
                    a5:38:60:c4:ee:0d:f1:32:d3:4a:5d:28:f5:d4:2b:
                    da:17:2e:e9:e2:9f:b9:0d:f3:56:11:56:22:4b:aa:
                    4c:47:82:95:30:88:e0:df:53:5a:e9:f9:87:26:9e:
                    1b:7f:a6:f5:0b:ad:b2:a8:e1:4b:2b:de:39:26:29:
                    29:17:88:86:73:c6:e4:3d:5c:ce:19:cb:e3:52:ef:
                    f1:94:d9:c1:13:c8:98:90:43:d6:2c:77:fb:4a:8e:
                    10:b2:24:9e:5d:d4:26:ab:3e:68:9d:7b:1d:e0:9d:
                    f4:9e:e8:50:32:1a:df:68:af:9b:88:b0:d9:b7:1a:
                    c9:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:2B:D8:4C:9C:07:6F:19:44:14:6C:3A:C8:74:14:3E:22:2B:9C:B9
            X509v3 Authority Key Identifier:
                keyid:21:35:18:65:B7:67:DD:7B:9C:22:31:4B:FC:80:55:BD:57:DB:00:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITUYZbdn3XucIjFL_IBVvVfbAGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e52b07-f2a4-47c1-9460-1e4e0400844b/1/4ivYTJwHbxlEFGw6yHQUPiIrnLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e52b07-f2a4-47c1-9460-1e4e0400844b/1/ITUYZbdn3XucIjFL_IBVvVfbAGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:f587:fffe::/47

    Signature Algorithm: sha256WithRSAEncryption
         1b:24:b5:15:8c:3e:9c:6f:68:58:bc:6e:cc:23:b3:9f:3b:70:
         a0:91:f3:ed:67:a9:98:54:36:58:80:88:0c:a9:de:3a:97:71:
         9e:d3:eb:90:a5:ca:3c:20:78:ee:a4:38:41:ed:36:6d:db:22:
         4e:91:ef:75:b3:52:cf:15:4c:8e:4b:d0:71:1c:e2:90:09:84:
         a7:c3:20:d8:48:83:51:4f:5d:5f:41:95:f3:55:25:60:0d:d0:
         85:5d:28:61:4a:5b:18:b5:a9:6f:1b:a4:1a:13:9c:aa:52:e0:
         71:c5:68:93:93:1e:e0:6a:15:1d:54:dc:ea:90:c3:0c:b4:dc:
         3d:e6:1c:33:e2:6c:92:dd:50:53:60:91:1c:e1:49:84:91:ab:
         d3:ed:75:6b:21:4c:fc:c6:ac:f1:c4:bb:1a:bc:11:75:99:17:
         10:c3:11:e0:83:bf:d2:84:60:3b:29:e1:b6:33:21:32:58:8e:
         dd:31:f5:05:fb:99:43:cd:f2:74:40:9f:d2:55:03:7d:2e:8e:
         41:13:54:21:e2:d5:1b:3c:8c:2b:b6:b8:cb:57:a7:25:37:cc:
         aa:b9:53:a0:cb:b2:1f:09:50:96:bd:43:3a:4d:1f:6a:8f:36:
         53:96:94:65:77:24:c2:89:2e:68:89:e1:73:eb:3c:49:7c:7d:
         85:c2:91:61
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnteHX1dqxfg1go7vt89nnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzUxODY1Yjc2N2RkN2I5YzIyMzE0YmZjODA1NWJkNTdk
YjAwNjUwHhcNMjUwMTAyMTU1MDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjJiZDg0YzljMDc2ZjE5NDQxNDZjM2FjODc0MTQzZTIyMmI5Y2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBEz6wUaYttYXIPLKkja+KaMlfqI
I8VB7wBKO2g8hZMy0efXR8qA2SHUBHCyt9F+q4J6KUj6JhU4EscgzGUOKNur/uWD
yHV/fiP0cyEsbMeXBM8lCDwQVhtYfE+pasjeWv7v/KaqDEE+mQcczbpEFJzCU7ed
GI4IfbXaq2zbXtp4d3sCZlClOGDE7g3xMtNKXSj11CvaFy7p4p+5DfNWEVYiS6pM
R4KVMIjg31Na6fmHJp4bf6b1C62yqOFLK945JikpF4iGc8bkPVzOGcvjUu/xlNnB
E8iYkEPWLHf7So4QsiSeXdQmqz5onXsd4J30nuhQMhrfaK+biLDZtxrJXQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOIr2EycB28ZRBRsOsh0FD4iK5y5MB8GA1UdIwQY
MBaAFCE1GGW3Z917nCIxS/yAVb1X2wBlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRVWVpiZG4zWHVjSWpGTF9JQlZ2VmZiQUdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lNTJiMDctZjJhNC00N2MxLTk0NjAt
MWU0ZTA0MDA4NDRiLzEvNGl2WVRKd0hieGxFRkd3NnlIUVVQaUlybkxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lNTJiMDctZjJhNC00N2MxLTk0NjAtMWU0ZTA0MDA4NDRi
LzEvSVRVWVpiZG4zWHVjSWpGTF9JQlZ2VmZiQUdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgz1h//+
MA0GCSqGSIb3DQEBCwUAA4IBAQAbJLUVjD6cb2hYvG7MI7OfO3CgkfPtZ6mYVDZY
gIgMqd46l3Ge0+uQpco8IHjupDhB7TZt2yJOke91s1LPFUyOS9BxHOKQCYSnwyDY
SINRT11fQZXzVSVgDdCFXShhSlsYtalvG6QaE5yqUuBxxWiTkx7gahUdVNzqkMMM
tNw95hwz4myS3VBTYJEc4UmEkavT7XVrIUz8xqzxxLsavBF1mRcQwxHgg7/ShGA7
KeG2MyEyWI7dMfUF+5lDzfJ0QJ/SVQN9Lo5BE1Qh4tUbPIwrtrjLV6clN8yquVOg
y7IfCVCWvUM6TR9qjzZTlpRldyTCiS5oieFz6zxJfH2FwpFh
-----END CERTIFICATE-----