Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9AWrR667Q2arHFIpVXZByCAgzqg.roa
File:                     9AWrR667Q2arHFIpVXZByCAgzqg.roa (raw, json)
Hash identifier:          bWTNlR0UmPi9E1R2SgSr5flWWvvkZ5/le6oVGCTd+8E=
Subject key identifier:   F4:05:AB:47:AE:BB:43:66:AB:1C:52:29:55:76:41:C8:20:20:CE:A8
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0195684D6F7847651B4FF8B647C3DDA16D12
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9AWrR667Q2arHFIpVXZByCAgzqg.roa
Signing time:             Wed 05 Mar 2025 21:54:20 +0000
ROA not before:           Wed 05 Mar 2025 21:54:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203098
IP address blocks:        2a0f:9b40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:68:4d:6f:78:47:65:1b:4f:f8:b6:47:c3:dd:a1:6d:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Mar  5 21:54:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f405ab47aebb4366ab1c5229557641c82020cea8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:8d:62:cc:e8:ea:26:c9:69:d5:ee:39:ca:d6:
                    44:58:f2:81:57:5b:33:9d:53:64:0e:e8:65:cf:1c:
                    6e:76:b4:5e:4d:23:36:77:50:ac:f8:37:2f:e4:59:
                    76:fe:02:37:14:23:cd:f1:fa:14:8f:35:96:a2:b3:
                    f9:b5:09:0c:ed:90:c0:0e:91:bc:f7:8a:d4:58:18:
                    b3:71:df:c1:4c:05:26:ea:04:41:fe:4f:f6:40:f9:
                    f7:76:b1:75:48:c8:9a:e9:59:76:d4:c8:97:d1:86:
                    df:55:c7:7e:d5:18:d6:4b:47:26:0b:e1:71:e9:7b:
                    79:09:eb:c0:0b:64:43:c1:66:7b:de:4d:41:18:f6:
                    e2:da:24:9e:2a:91:58:9b:88:b2:f7:89:d8:ef:4f:
                    85:00:17:df:ba:22:75:03:04:1e:77:a8:fb:15:cf:
                    ca:ae:cf:57:64:c9:7e:9f:51:5b:6d:cd:c7:78:82:
                    0c:e2:ae:41:34:ca:d3:5d:f3:8f:0c:e1:11:af:fb:
                    fb:3e:32:4a:87:c0:bc:8d:8d:3a:9a:f9:95:61:ab:
                    05:c3:63:43:c8:c0:a6:ba:1d:bb:e5:bd:4c:f6:56:
                    05:8d:37:fb:e5:b5:04:2e:3a:6c:cf:23:4f:93:5f:
                    24:a7:b0:b8:7e:55:b2:40:ba:73:bb:7b:30:c9:57:
                    d8:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:05:AB:47:AE:BB:43:66:AB:1C:52:29:55:76:41:C8:20:20:CE:A8
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9AWrR667Q2arHFIpVXZByCAgzqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:9b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:ef:40:6e:75:d0:89:c8:39:48:12:36:f5:7c:38:05:8b:dc:
         fe:9b:b0:e4:16:92:09:55:29:c6:0e:c5:03:d2:80:32:1f:e7:
         b1:54:fc:97:b7:43:67:59:d9:9a:f4:1b:6f:48:a4:56:94:12:
         26:8d:78:84:e9:3c:d3:ed:d5:c4:71:eb:79:f4:48:a4:57:33:
         39:02:30:da:b3:50:b5:d6:43:53:2d:16:42:48:16:9d:9f:d6:
         4a:a1:7c:54:2d:18:ae:a0:52:67:9a:24:b3:58:25:80:24:b5:
         5f:a0:6a:42:23:d3:94:e5:2b:e2:0b:10:e7:9f:9b:12:a1:53:
         24:ea:a6:8d:52:74:f3:ad:a7:5a:a1:85:17:3a:5e:c6:73:67:
         e1:cc:f5:39:d1:46:d5:69:4c:e0:17:dd:84:b2:dc:96:27:63:
         bc:42:70:05:8b:87:cb:6f:7e:cc:82:f0:66:b6:74:59:68:f7:
         20:91:00:e8:d1:aa:cc:d1:ae:ca:71:79:7c:4d:1d:05:d3:13:
         ce:b2:6e:78:db:89:2f:d9:c4:fe:d2:58:85:1b:a3:38:e7:9c:
         de:d9:42:19:96:ed:cc:24:6f:4d:ff:90:91:ef:d2:d7:1d:db:
         8a:87:e9:cc:f6:56:9a:21:74:c7:f9:d9:89:d5:7e:4b:9c:39:
         43:fa:41:0c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZVoTW94R2UbT/i2R8PdoW0SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMzA1MjE1NDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDA1YWI0N2FlYmI0MzY2YWIxYzUyMjk1NTc2NDFjODIwMjBjZWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt41izOjqJslp1e45ytZEWPKBV1sz
nVNkDuhlzxxudrReTSM2d1Cs+Dcv5Fl2/gI3FCPN8foUjzWWorP5tQkM7ZDADpG8
94rUWBizcd/BTAUm6gRB/k/2QPn3drF1SMia6Vl21MiX0YbfVcd+1RjWS0cmC+Fx
6Xt5CevAC2RDwWZ73k1BGPbi2iSeKpFYm4iy94nY70+FABffuiJ1AwQed6j7Fc/K
rs9XZMl+n1Fbbc3HeIIM4q5BNMrTXfOPDOERr/v7PjJKh8C8jY06mvmVYasFw2ND
yMCmuh275b1M9lYFjTf75bUELjpszyNPk18kp7C4flWyQLpzu3swyVfYxwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPQFq0euu0NmqxxSKVV2QcggIM6oMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvOUFXclI2NjdRMmFySEZJcFZYWkJ5Q0FnenFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg+bQDAN
BgkqhkiG9w0BAQsFAAOCAQEAEe9AbnXQicg5SBI29Xw4BYvc/puw5BaSCVUpxg7F
A9KAMh/nsVT8l7dDZ1nZmvQbb0ikVpQSJo14hOk80+3VxHHrefRIpFczOQIw2rNQ
tdZDUy0WQkgWnZ/WSqF8VC0YrqBSZ5oks1glgCS1X6BqQiPTlOUr4gsQ55+bEqFT
JOqmjVJ0862nWqGFFzpexnNn4cz1OdFG1WlM4BfdhLLclidjvEJwBYuHy29+zILw
ZrZ0WWj3IJEA6NGqzNGuynF5fE0dBdMTzrJueNuJL9nE/tJYhRujOOec3tlCGZbt
zCRvTf+Qke/S1x3biofpzPZWmiF0x/nZidV+S5w5Q/pBDA==
-----END CERTIFICATE-----