Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/PwHJZqekQGT1s20w37UBZbNwAug.roa
File:                     PwHJZqekQGT1s20w37UBZbNwAug.roa (raw, json)
Hash identifier:          ub/DAIcc6aVmEp+1ENRdQAlH9vQln9luF2+xviDdJZc=
Subject key identifier:   3F:01:C9:66:A7:A4:40:64:F5:B3:6D:30:DF:B5:01:65:B3:70:02:E8
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       019421B239F061E3BD966CBC3EADD6C0C8C7
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/PwHJZqekQGT1s20w37UBZbNwAug.roa
Signing time:             Wed 01 Jan 2025 11:48:35 +0000
ROA not before:           Wed 01 Jan 2025 11:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196863
IP address blocks:        2a02:2808:2301::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:39:f0:61:e3:bd:96:6c:bc:3e:ad:d6:c0:c8:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  1 11:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f01c966a7a44064f5b36d30dfb50165b37002e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:34:74:6b:fa:c7:76:71:90:39:28:04:e3:6e:
                    43:b8:2a:04:f8:a5:2e:12:99:57:91:0a:c5:0f:33:
                    18:2f:41:4b:9d:e9:e3:20:8d:d0:de:84:5b:a1:fe:
                    b9:c2:b4:61:64:86:72:84:80:42:7c:5e:3b:d1:d1:
                    cd:7d:af:96:08:3d:47:c7:f0:86:02:7e:5f:4c:73:
                    14:09:24:b8:a9:05:4d:f7:f9:67:30:4d:9f:ee:df:
                    22:09:68:55:ed:9c:fb:1f:1a:b0:56:9d:20:af:05:
                    7b:7d:2f:4d:30:19:ef:e3:78:51:52:f7:97:6a:d7:
                    04:00:e9:dd:16:84:fd:25:82:a2:a0:b1:35:64:5c:
                    7c:c7:86:6e:87:79:ad:b5:ff:dd:31:e2:55:6a:cb:
                    f4:54:bf:47:0a:d5:af:3c:fb:fc:51:b5:f4:45:eb:
                    ee:b6:c9:24:39:be:80:79:b0:2d:e9:77:2a:c0:2a:
                    d1:b2:72:b5:b8:36:d0:66:35:f8:9b:9c:ad:0d:4c:
                    88:cb:0d:72:a3:0d:d8:2e:9e:b5:8b:d5:d1:a7:83:
                    c0:c2:71:c6:ef:29:5a:c2:03:dc:b9:80:8e:7e:0a:
                    1c:19:5e:7f:a0:50:e6:21:6f:84:ba:69:d8:6b:85:
                    81:49:8d:ac:f3:cc:02:4a:be:13:52:11:bc:43:32:
                    2e:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:01:C9:66:A7:A4:40:64:F5:B3:6D:30:DF:B5:01:65:B3:70:02:E8
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/PwHJZqekQGT1s20w37UBZbNwAug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2808:2301::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:fa:c4:27:31:f4:b9:bf:ad:86:5f:36:7c:65:b3:dd:ca:0e:
         e2:22:7a:90:ce:4c:3e:28:5f:d0:42:72:0f:80:cd:c7:a6:74:
         e9:08:c3:56:c1:ba:91:a7:9f:a6:26:52:d2:86:8a:62:2d:db:
         f1:cc:51:16:db:63:6a:89:f7:99:5f:61:41:b5:b0:ef:64:68:
         a9:8f:6d:b4:34:62:61:fe:41:2b:39:cc:86:26:b8:15:cf:cf:
         bf:36:3e:1f:72:ae:7a:14:38:fc:21:dd:c7:b8:44:5e:99:b2:
         a5:eb:90:a4:69:92:88:4a:1b:bf:9e:8e:f8:3f:ed:a8:07:91:
         7c:48:0b:54:1f:53:14:15:b2:5d:d5:b4:ac:46:f1:f1:cf:8d:
         c5:f4:d0:0b:1f:4e:5a:cd:9f:2f:48:63:6b:30:70:38:e4:07:
         1d:64:9e:08:af:6f:df:60:eb:cf:59:39:2c:2e:46:0b:73:3b:
         ec:eb:29:57:55:17:51:54:55:2c:01:1f:6d:db:bb:ed:56:3d:
         5e:c5:0c:59:ab:17:c5:5b:6f:a8:d2:d9:0f:db:c9:ec:d4:0d:
         43:43:f8:57:3f:31:a2:4e:34:9d:d4:c5:8d:10:6e:ee:82:a8:
         0c:46:3b:16:7c:62:b6:0b:1c:a1:41:9b:31:3a:19:47:c2:f3:
         03:93:e6:fb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhsjnwYeO9lmy8Pq3WwMjHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjUwMTAxMTE0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjAxYzk2NmE3YTQ0MDY0ZjViMzZkMzBkZmI1MDE2NWIzNzAwMmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DR0a/rHdnGQOSgE425DuCoE+KUu
EplXkQrFDzMYL0FLnenjII3Q3oRbof65wrRhZIZyhIBCfF470dHNfa+WCD1Hx/CG
An5fTHMUCSS4qQVN9/lnME2f7t8iCWhV7Zz7HxqwVp0grwV7fS9NMBnv43hRUveX
atcEAOndFoT9JYKioLE1ZFx8x4Zuh3mttf/dMeJVasv0VL9HCtWvPPv8UbX0Revu
tskkOb6AebAt6XcqwCrRsnK1uDbQZjX4m5ytDUyIyw1yow3YLp61i9XRp4PAwnHG
7ylawgPcuYCOfgocGV5/oFDmIW+EumnYa4WBSY2s88wCSr4TUhG8QzIuowIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD8ByWanpEBk9bNtMN+1AWWzcALoMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvUHdISlpxZWtRR1QxczIwdzM3VUJaYk53QXVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIoCCMB
MA0GCSqGSIb3DQEBCwUAA4IBAQCX+sQnMfS5v62GXzZ8ZbPdyg7iInqQzkw+KF/Q
QnIPgM3HpnTpCMNWwbqRp5+mJlLShopiLdvxzFEW22NqifeZX2FBtbDvZGipj220
NGJh/kErOcyGJrgVz8+/Nj4fcq56FDj8Id3HuERembKl65CkaZKIShu/no74P+2o
B5F8SAtUH1MUFbJd1bSsRvHxz43F9NALH05azZ8vSGNrMHA45AcdZJ4Ir2/fYOvP
WTksLkYLczvs6ylXVRdRVFUsAR9t27vtVj1exQxZqxfFW2+o0tkP28ns1A1DQ/hX
PzGiTjSd1MWNEG7ugqgMRjsWfGK2CxyhQZsxOhlHwvMDk+b7
-----END CERTIFICATE-----