Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/541462-adb6-4c66-b542-052eaeac647e/1/EslCT3gxkxtf5DQ7QkwYmLYeFlo.roa
File:                     EslCT3gxkxtf5DQ7QkwYmLYeFlo.roa (raw, json)
Hash identifier:          Uhm0SZdyDhhQLcGTvxZ7EAQVgtjflrvk9JNzMwkUJ7I=
Subject key identifier:   12:C9:42:4F:78:31:93:1B:5F:E4:34:3B:42:4C:18:98:B6:1E:16:5A
Certificate issuer:       /CN=556db695ddf31e2898466ef9edfba4880d8e19fb
Certificate serial:       0196691B79269DFE12D030C6BC892184F597
Authority key identifier: 55:6D:B6:95:DD:F3:1E:28:98:46:6E:F9:ED:FB:A4:88:0D:8E:19:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VW22ld3zHiiYRm757fukiA2OGfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/541462-adb6-4c66-b542-052eaeac647e/1/EslCT3gxkxtf5DQ7QkwYmLYeFlo.roa
Signing time:             Thu 24 Apr 2025 18:42:10 +0000
ROA not before:           Thu 24 Apr 2025 18:42:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     46475
IP address blocks:        2a14:fc80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/541462-adb6-4c66-b542-052eaeac647e/1/VW22ld3zHiiYRm757fukiA2OGfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/541462-adb6-4c66-b542-052eaeac647e/1/VW22ld3zHiiYRm757fukiA2OGfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VW22ld3zHiiYRm757fukiA2OGfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 06:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:69:1b:79:26:9d:fe:12:d0:30:c6:bc:89:21:84:f5:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=556db695ddf31e2898466ef9edfba4880d8e19fb
        Validity
            Not Before: Apr 24 18:42:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=12c9424f7831931b5fe4343b424c1898b61e165a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b5:1f:ec:dd:d6:64:04:ba:6e:50:4d:d4:9a:
                    5b:68:0c:52:b9:e5:0f:1e:b0:31:1a:d4:34:cb:ea:
                    b0:3d:93:e1:51:66:07:55:8e:a0:94:3c:11:79:98:
                    38:f3:8e:a9:83:7d:5e:76:0b:4c:07:e3:92:12:ef:
                    c8:dd:f7:eb:da:18:ba:27:92:97:62:07:67:06:4b:
                    46:b3:0f:af:ec:79:dd:5f:01:28:f1:ac:05:cd:82:
                    71:b3:ed:58:df:19:91:7f:45:a1:81:0d:2e:3a:e8:
                    a1:8a:87:69:61:d4:95:89:9c:11:d3:ea:80:45:c8:
                    51:a7:bb:03:e2:8b:9c:a4:49:61:a2:89:47:26:29:
                    82:e9:0b:a4:c6:ee:be:da:02:fe:dd:05:b2:55:8d:
                    8e:41:61:ad:86:fa:05:40:d5:d6:9c:a3:79:4c:82:
                    4a:38:fb:01:d7:92:ca:26:25:cb:6d:fb:27:37:b2:
                    a6:a2:65:5f:f2:ba:cb:95:fa:ab:4d:29:69:f2:bc:
                    2c:c6:0c:94:86:78:7d:d6:5c:7d:15:96:05:79:8c:
                    82:60:1d:71:13:31:a1:ae:01:4b:d0:2e:13:70:74:
                    4a:a2:41:df:09:f7:43:5e:64:71:0a:6a:a2:4c:36:
                    93:69:a9:6f:2e:39:53:ad:20:52:3d:c8:6d:fb:40:
                    93:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:C9:42:4F:78:31:93:1B:5F:E4:34:3B:42:4C:18:98:B6:1E:16:5A
            X509v3 Authority Key Identifier:
                keyid:55:6D:B6:95:DD:F3:1E:28:98:46:6E:F9:ED:FB:A4:88:0D:8E:19:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VW22ld3zHiiYRm757fukiA2OGfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/541462-adb6-4c66-b542-052eaeac647e/1/EslCT3gxkxtf5DQ7QkwYmLYeFlo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/541462-adb6-4c66-b542-052eaeac647e/1/VW22ld3zHiiYRm757fukiA2OGfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:fc80::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:d6:1c:17:9f:0b:46:cb:97:36:64:5e:3f:17:d6:8e:77:1b:
         9c:bc:24:29:c9:3a:75:2c:55:9e:80:14:3f:0a:5b:74:4b:8f:
         ae:90:44:c1:4e:ff:3d:43:48:12:b0:37:e3:5a:4c:27:dd:a2:
         5c:98:05:29:3a:6d:3f:df:d2:9e:2a:52:08:e1:55:22:4f:71:
         b4:72:59:d9:42:40:73:e7:37:76:f8:82:4a:ab:03:9f:d6:e0:
         90:37:d3:73:48:3b:9d:44:9a:95:f3:e0:d2:ec:bc:ce:a9:d2:
         5d:cb:ed:02:39:c0:9d:e3:38:88:0b:25:58:cb:5f:0d:c1:b4:
         3e:40:51:18:b9:09:e4:68:80:9c:cf:9c:1f:1b:13:34:88:c3:
         ee:10:d3:c8:9f:99:97:70:4e:d3:78:1a:b1:6e:45:88:73:de:
         3c:0a:95:bd:b7:8d:27:bd:fa:7d:e1:a0:aa:7a:90:05:86:50:
         be:e4:a6:90:08:e6:2a:3b:fd:3b:17:1e:c4:42:4b:bf:9c:4a:
         69:fc:ba:d3:7e:e1:ea:92:b7:68:82:78:3a:56:05:9f:7e:ac:
         0e:78:fd:5d:a2:f7:ad:02:e2:5c:fb:83:15:6a:5b:91:67:17:
         80:ad:d0:56:c4:05:40:57:47:ff:5b:bb:72:d8:46:5d:96:de:
         3b:13:6f:49
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZZpG3kmnf4S0DDGvIkhhPWXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NmRiNjk1ZGRmMzFlMjg5ODQ2NmVmOWVkZmJhNDg4MGQ4
ZTE5ZmIwHhcNMjUwNDI0MTg0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmM5NDI0Zjc4MzE5MzFiNWZlNDM0M2I0MjRjMTg5OGI2MWUxNjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rUf7N3WZAS6blBN1JpbaAxSueUP
HrAxGtQ0y+qwPZPhUWYHVY6glDwReZg4846pg31edgtMB+OSEu/I3ffr2hi6J5KX
YgdnBktGsw+v7HndXwEo8awFzYJxs+1Y3xmRf0WhgQ0uOuihiodpYdSViZwR0+qA
RchRp7sD4oucpElhoolHJimC6Qukxu6+2gL+3QWyVY2OQWGthvoFQNXWnKN5TIJK
OPsB15LKJiXLbfsnN7KmomVf8rrLlfqrTSlp8rwsxgyUhnh91lx9FZYFeYyCYB1x
EzGhrgFL0C4TcHRKokHfCfdDXmRxCmqiTDaTaalvLjlTrSBSPcht+0CTcQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBLJQk94MZMbX+Q0O0JMGJi2HhZaMB8GA1UdIwQY
MBaAFFVttpXd8x4omEZu+e37pIgNjhn7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlcyMmxkM3pIaWlZUm03NTdmdWtpQTJPR2ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC81NDE0NjItYWRiNi00YzY2LWI1NDIt
MDUyZWFlYWM2NDdlLzEvRXNsQ1QzZ3hreHRmNURRN1Frd1ltTFllRmxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC81NDE0NjItYWRiNi00YzY2LWI1NDItMDUyZWFlYWM2NDdl
LzEvVlcyMmxkM3pIaWlZUm03NTdmdWtpQTJPR2ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhT8gAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAJ1hwXnwtGy5c2ZF4/F9aOdxucvCQpyTp1LFWe
gBQ/Clt0S4+ukETBTv89Q0gSsDfjWkwn3aJcmAUpOm0/39KeKlII4VUiT3G0clnZ
QkBz5zd2+IJKqwOf1uCQN9NzSDudRJqV8+DS7LzOqdJdy+0COcCd4ziICyVYy18N
wbQ+QFEYuQnkaICcz5wfGxM0iMPuENPIn5mXcE7TeBqxbkWIc948CpW9t40nvfp9
4aCqepAFhlC+5KaQCOYqO/07Fx7EQku/nEpp/LrTfuHqkrdogng6VgWffqwOeP1d
ovetAuJc+4MValuRZxeArdBWxAVAV0f/W7ty2EZdlt47E29J
-----END CERTIFICATE-----