Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/98867c-856e-46c9-8925-6ea5d8b75411/1/4lb0_ehOrEG0u66r5OmHQqYKD9w.roa
File:                     4lb0_ehOrEG0u66r5OmHQqYKD9w.roa (raw, json)
Hash identifier:          wj6frhySr+JvDym9nRrjZPRVUBZkguCVEppPEARwkTY=
Subject key identifier:   E2:56:F4:FD:E8:4E:AC:41:B4:BB:AE:AB:E4:E9:87:42:A6:0A:0F:DC
Certificate issuer:       /CN=a2ae3569689ff542a911d7098b82466e6ea9fc85
Certificate serial:       01975A2C8AC19F1B3563DD7BE9A7C8D24DA2
Authority key identifier: A2:AE:35:69:68:9F:F5:42:A9:11:D7:09:8B:82:46:6E:6E:A9:FC:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oq41aWif9UKpEdcJi4JGbm6p_IU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/98867c-856e-46c9-8925-6ea5d8b75411/1/4lb0_ehOrEG0u66r5OmHQqYKD9w.roa
Signing time:             Tue 10 Jun 2025 14:09:17 +0000
ROA not before:           Tue 10 Jun 2025 14:09:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29066
IP address blocks:        2a10:b5c1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/98867c-856e-46c9-8925-6ea5d8b75411/1/oq41aWif9UKpEdcJi4JGbm6p_IU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/98867c-856e-46c9-8925-6ea5d8b75411/1/oq41aWif9UKpEdcJi4JGbm6p_IU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oq41aWif9UKpEdcJi4JGbm6p_IU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 14:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5a:2c:8a:c1:9f:1b:35:63:dd:7b:e9:a7:c8:d2:4d:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2ae3569689ff542a911d7098b82466e6ea9fc85
        Validity
            Not Before: Jun 10 14:09:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e256f4fde84eac41b4bbaeabe4e98742a60a0fdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:4a:a6:42:86:f0:8c:9f:82:36:74:f8:76:22:
                    81:1f:e6:fa:30:4e:4d:66:c0:27:8a:79:74:88:d6:
                    94:1b:92:54:dc:d4:63:22:63:d4:32:10:9c:20:f4:
                    8a:47:25:f7:93:83:c2:48:ca:ab:4f:fd:b2:9c:5c:
                    81:c3:c2:62:bf:46:09:fc:90:0e:70:d1:1f:2d:78:
                    0a:ef:92:6f:6f:52:1c:0d:f1:9c:a7:e2:6f:49:75:
                    d9:ab:16:15:17:55:c0:00:cc:89:e3:3e:18:ac:71:
                    71:50:ee:88:ad:7c:f1:39:14:aa:be:ca:cd:4e:e6:
                    0c:a5:2e:27:31:00:83:19:ae:00:a0:9b:07:3a:df:
                    ff:f4:48:cb:00:1c:0e:b0:cc:b9:81:2e:aa:bb:17:
                    ee:8e:bf:da:0c:22:11:8d:f5:ee:f0:f0:83:2b:d6:
                    4d:93:da:c4:8c:37:05:84:e2:4f:86:72:cd:57:90:
                    c0:39:3b:22:e8:3f:66:b6:15:a6:5f:54:08:82:5d:
                    c8:54:eb:d3:7f:06:91:98:fe:e0:82:02:a5:ab:0a:
                    55:74:ed:a2:17:2b:7d:01:b3:db:8a:da:0e:36:18:
                    f6:59:4f:85:18:0d:6c:77:dd:be:27:d3:8d:44:53:
                    26:0f:31:cd:2f:de:eb:e4:30:bb:bc:c8:b5:e8:48:
                    b6:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:56:F4:FD:E8:4E:AC:41:B4:BB:AE:AB:E4:E9:87:42:A6:0A:0F:DC
            X509v3 Authority Key Identifier:
                keyid:A2:AE:35:69:68:9F:F5:42:A9:11:D7:09:8B:82:46:6E:6E:A9:FC:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oq41aWif9UKpEdcJi4JGbm6p_IU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/98867c-856e-46c9-8925-6ea5d8b75411/1/4lb0_ehOrEG0u66r5OmHQqYKD9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/98867c-856e-46c9-8925-6ea5d8b75411/1/oq41aWif9UKpEdcJi4JGbm6p_IU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:b5c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:51:b9:50:33:0b:b6:30:15:bb:12:4c:62:f9:64:0b:20:fa:
         7d:16:f6:e3:9a:aa:00:7b:f7:5a:11:c0:b8:5e:be:a8:db:2f:
         22:5c:85:30:40:67:fc:40:25:8f:f2:05:39:de:30:31:87:bf:
         99:86:f2:d8:02:75:24:4d:cf:62:1e:d0:30:03:25:68:87:a6:
         88:6d:e2:c7:64:b8:e7:0f:b5:be:7a:a6:22:c3:34:57:18:8d:
         75:9e:df:64:5b:ea:c7:0e:88:ee:a5:3e:fd:e8:d5:ef:ab:85:
         62:80:d3:20:26:70:71:b2:ff:44:e2:00:e8:81:a6:e8:ad:b3:
         dc:fc:fb:2f:0d:0e:1a:dd:cb:92:38:5b:ec:3c:2e:81:c6:b8:
         0d:1c:dd:2e:07:65:ec:98:47:10:c8:d7:78:b7:b5:ec:03:9b:
         9b:b0:30:67:9d:41:29:b0:3f:26:68:19:51:a7:1b:b6:6c:82:
         57:b9:fb:65:77:d4:34:0c:02:26:2d:ec:14:15:cb:fb:59:fd:
         6d:c8:e5:91:f4:e2:a7:d7:95:3b:a2:86:48:8f:80:f2:42:1e:
         7f:56:82:0a:62:6e:9d:79:76:db:8f:40:ca:9e:e8:82:82:4a:
         d1:e0:29:02:4b:53:ad:a8:00:65:5f:1a:dc:df:35:87:25:06:
         75:f9:2b:80
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZdaLIrBnxs1Y9176afI0k2iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYWUzNTY5Njg5ZmY1NDJhOTExZDcwOThiODI0NjZlNmVh
OWZjODUwHhcNMjUwNjEwMTQwOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjU2ZjRmZGU4NGVhYzQxYjRiYmFlYWJlNGU5ODc0MmE2MGEwZmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUqmQobwjJ+CNnT4diKBH+b6ME5N
ZsAninl0iNaUG5JU3NRjImPUMhCcIPSKRyX3k4PCSMqrT/2ynFyBw8Jiv0YJ/JAO
cNEfLXgK75Jvb1IcDfGcp+JvSXXZqxYVF1XAAMyJ4z4YrHFxUO6IrXzxORSqvsrN
TuYMpS4nMQCDGa4AoJsHOt//9EjLABwOsMy5gS6quxfujr/aDCIRjfXu8PCDK9ZN
k9rEjDcFhOJPhnLNV5DAOTsi6D9mthWmX1QIgl3IVOvTfwaRmP7gggKlqwpVdO2i
Fyt9AbPbitoONhj2WU+FGA1sd92+J9ONRFMmDzHNL97r5DC7vMi16Ei2CQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOJW9P3oTqxBtLuuq+Tph0KmCg/cMB8GA1UdIwQY
MBaAFKKuNWlon/VCqRHXCYuCRm5uqfyFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3E0MWFXaWY5VUtwRWRjSmk0SkdibTZwX0lVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85ODg2N2MtODU2ZS00NmM5LTg5MjUt
NmVhNWQ4Yjc1NDExLzEvNGxiMF9laE9yRUcwdTY2cjVPbUhRcVlLRDl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85ODg2N2MtODU2ZS00NmM5LTg5MjUtNmVhNWQ4Yjc1NDEx
LzEvb3E0MWFXaWY5VUtwRWRjSmk0SkdibTZwX0lVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhC1wTAN
BgkqhkiG9w0BAQsFAAOCAQEASFG5UDMLtjAVuxJMYvlkCyD6fRb245qqAHv3WhHA
uF6+qNsvIlyFMEBn/EAlj/IFOd4wMYe/mYby2AJ1JE3PYh7QMAMlaIemiG3ix2S4
5w+1vnqmIsM0VxiNdZ7fZFvqxw6I7qU+/ejV76uFYoDTICZwcbL/ROIA6IGm6K2z
3Pz7Lw0OGt3Lkjhb7Dwugca4DRzdLgdl7JhHEMjXeLe17AObm7AwZ51BKbA/JmgZ
UacbtmyCV7n7ZXfUNAwCJi3sFBXL+1n9bcjlkfTip9eVO6KGSI+A8kIef1aCCmJu
nXl2249Ayp7ogoJK0eApAktTragAZV8a3N81hyUGdfkrgA==
-----END CERTIFICATE-----