Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/18181f-5554-4fa0-8c6d-8c23f6f57c8c/1/8RxHOUlOeBNF1q9dQqzL6CLJ-wQ.roa
File:                     8RxHOUlOeBNF1q9dQqzL6CLJ-wQ.roa (raw, json)
Hash identifier:          +v01+zBzDLeUOc5XI9rBivZDnxmBKlPf9T2Z8rmGSao=
Subject key identifier:   F1:1C:47:39:49:4E:78:13:45:D6:AF:5D:42:AC:CB:E8:22:C9:FB:04
Certificate issuer:       /CN=e74aaba5989badb60274760deef6c40cd0112026
Certificate serial:       0196043AE1A8BBC7BAA8616446BD95865BFF
Authority key identifier: E7:4A:AB:A5:98:9B:AD:B6:02:74:76:0D:EE:F6:C4:0C:D0:11:20:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/50qrpZibrbYCdHYN7vbEDNARICY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/18181f-5554-4fa0-8c6d-8c23f6f57c8c/1/8RxHOUlOeBNF1q9dQqzL6CLJ-wQ.roa
Signing time:             Sat 05 Apr 2025 04:34:49 +0000
ROA not before:           Sat 05 Apr 2025 04:34:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213471
IP address blocks:        2a13:c000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/18181f-5554-4fa0-8c6d-8c23f6f57c8c/1/50qrpZibrbYCdHYN7vbEDNARICY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/18181f-5554-4fa0-8c6d-8c23f6f57c8c/1/50qrpZibrbYCdHYN7vbEDNARICY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/50qrpZibrbYCdHYN7vbEDNARICY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 11:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:04:3a:e1:a8:bb:c7:ba:a8:61:64:46:bd:95:86:5b:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e74aaba5989badb60274760deef6c40cd0112026
        Validity
            Not Before: Apr  5 04:34:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f11c4739494e781345d6af5d42accbe822c9fb04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:43:13:28:f2:12:2d:0a:3f:51:c3:cc:cd:9a:
                    e5:90:20:09:b8:97:b8:bb:96:7e:ab:db:dc:59:c8:
                    ef:34:e8:be:c5:0f:ed:e1:98:de:e6:4e:52:48:7c:
                    2c:83:d4:69:e6:2f:1e:bf:b2:63:94:f0:92:ea:0a:
                    17:66:0f:29:f9:a4:96:96:48:67:15:43:f1:64:12:
                    15:07:e8:be:22:4a:2a:69:07:e2:2f:3e:fb:dd:aa:
                    54:08:b6:61:53:20:33:e9:f8:ce:94:14:8f:67:18:
                    e0:99:f0:09:1c:7d:af:f8:38:38:21:95:6d:92:b8:
                    8b:1f:cb:5b:30:fc:4f:e8:34:65:cd:f0:93:54:f7:
                    a7:07:3e:52:1e:51:b9:ec:7c:15:e6:ba:9e:1c:97:
                    24:5e:79:2e:7f:3a:42:19:25:cf:c8:32:fd:fd:24:
                    3c:a6:0a:09:74:f9:20:8c:87:4a:0c:9d:d2:4b:cc:
                    f3:bd:00:ab:5d:60:33:b0:b8:57:cd:f8:94:e5:6f:
                    dd:1f:52:1d:94:8c:bd:a7:21:7a:f8:2a:40:ff:7d:
                    fc:5a:b0:e0:09:56:b6:d0:1d:de:3b:af:6c:52:ac:
                    29:27:41:7b:ea:38:a8:66:81:30:dd:58:41:3a:4c:
                    c9:84:77:64:8f:a6:f0:28:7d:6c:bb:85:6d:2a:dc:
                    e0:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:1C:47:39:49:4E:78:13:45:D6:AF:5D:42:AC:CB:E8:22:C9:FB:04
            X509v3 Authority Key Identifier:
                keyid:E7:4A:AB:A5:98:9B:AD:B6:02:74:76:0D:EE:F6:C4:0C:D0:11:20:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50qrpZibrbYCdHYN7vbEDNARICY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/18181f-5554-4fa0-8c6d-8c23f6f57c8c/1/8RxHOUlOeBNF1q9dQqzL6CLJ-wQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/18181f-5554-4fa0-8c6d-8c23f6f57c8c/1/50qrpZibrbYCdHYN7vbEDNARICY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         42:7a:8b:50:42:64:55:9b:ca:e0:c6:f7:88:f1:29:ea:ce:27:
         ba:b9:34:57:20:b7:a3:83:05:c2:25:c5:f5:1a:e4:bc:ab:21:
         46:78:71:29:04:34:4a:6e:df:cf:2e:6d:b2:83:c2:8f:1a:92:
         82:75:01:17:00:42:0d:8a:a8:dc:df:20:01:b5:71:01:6c:28:
         12:69:d4:9f:d1:66:0f:af:bf:39:7e:94:69:c1:90:34:28:dc:
         26:a8:f3:e1:30:50:4c:a4:16:c0:f9:25:86:50:be:d8:61:ce:
         6c:47:db:88:be:39:81:2b:e7:d4:9a:c5:21:ad:96:b0:d7:c7:
         7f:da:a8:29:44:b4:9a:2e:6b:af:dc:3f:49:ac:aa:82:b2:d5:
         c8:24:0f:19:de:9f:ef:a1:af:4a:4a:e6:c6:0b:b3:3c:1e:e4:
         6d:10:5a:68:c1:19:a8:c1:50:29:c2:0d:1e:f1:ad:33:7c:50:
         fd:9d:f1:f7:86:57:d4:34:31:9e:ac:0c:27:cf:e5:df:11:a9:
         62:c9:c1:05:cb:52:ad:55:b9:bc:f8:e1:6c:31:3c:a8:b3:8c:
         a7:b0:0e:da:91:01:cd:8a:bd:bb:8a:e7:4c:70:0b:10:77:7e:
         ec:86:b1:e4:18:b0:99:5e:1f:79:51:f0:c3:00:84:a3:3a:ba:
         a6:1e:ca:23
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZYEOuGou8e6qGFkRr2Vhlv/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NGFhYmE1OTg5YmFkYjYwMjc0NzYwZGVlZjZjNDBjZDAx
MTIwMjYwHhcNMjUwNDA1MDQzNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTFjNDczOTQ5NGU3ODEzNDVkNmFmNWQ0MmFjY2JlODIyYzlmYjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA40MTKPISLQo/UcPMzZrlkCAJuJe4
u5Z+q9vcWcjvNOi+xQ/t4Zje5k5SSHwsg9Rp5i8ev7JjlPCS6goXZg8p+aSWlkhn
FUPxZBIVB+i+IkoqaQfiLz773apUCLZhUyAz6fjOlBSPZxjgmfAJHH2v+Dg4IZVt
kriLH8tbMPxP6DRlzfCTVPenBz5SHlG57HwV5rqeHJckXnkufzpCGSXPyDL9/SQ8
pgoJdPkgjIdKDJ3SS8zzvQCrXWAzsLhXzfiU5W/dH1IdlIy9pyF6+CpA/338WrDg
CVa20B3eO69sUqwpJ0F76jioZoEw3VhBOkzJhHdkj6bwKH1su4VtKtzg2wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPEcRzlJTngTRdavXUKsy+giyfsEMB8GA1UdIwQY
MBaAFOdKq6WYm622AnR2De72xAzQESAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTBxcnBaaWJyYllDZEhZTjd2YkVETkFSSUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8xODE4MWYtNTU1NC00ZmEwLThjNmQt
OGMyM2Y2ZjU3YzhjLzEvOFJ4SE9VbE9lQk5GMXE5ZFFxekw2Q0xKLXdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8xODE4MWYtNTU1NC00ZmEwLThjNmQtOGMyM2Y2ZjU3Yzhj
LzEvNTBxcnBaaWJyYllDZEhZTjd2YkVETkFSSUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhPAAAAw
DQYJKoZIhvcNAQELBQADggEBAEJ6i1BCZFWbyuDG94jxKerOJ7q5NFcgt6ODBcIl
xfUa5LyrIUZ4cSkENEpu388ubbKDwo8akoJ1ARcAQg2KqNzfIAG1cQFsKBJp1J/R
Zg+vvzl+lGnBkDQo3Cao8+EwUEykFsD5JYZQvthhzmxH24i+OYEr59SaxSGtlrDX
x3/aqClEtJoua6/cP0msqoKy1cgkDxnen++hr0pK5sYLszwe5G0QWmjBGajBUCnC
DR7xrTN8UP2d8feGV9Q0MZ6sDCfP5d8RqWLJwQXLUq1Vubz44WwxPKizjKewDtqR
Ac2KvbuK50xwCxB3fuyGseQYsJleH3lR8MMAhKM6uqYeyiM=
-----END CERTIFICATE-----