Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/owZzsAnJSaU1iNYi45n_txLL9DY.roa
File:                     owZzsAnJSaU1iNYi45n_txLL9DY.roa (raw, json)
Hash identifier:          mcBj/ytCvuFdEBFFZvoIyH3aWBfrAgmYQKhMFyspI2M=
Subject key identifier:   A3:06:73:B0:09:C9:49:A5:35:88:D6:22:E3:99:FF:B7:12:CB:F4:36
Certificate issuer:       /CN=c5849232e3943bf257c9dcaeab0ef92d30a4cfad
Certificate serial:       019421B1A4C02151E8D991241A4021FDC756
Authority key identifier: C5:84:92:32:E3:94:3B:F2:57:C9:DC:AE:AB:0E:F9:2D:30:A4:CF:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xYSSMuOUO_JXydyuqw75LTCkz60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/owZzsAnJSaU1iNYi45n_txLL9DY.roa
Signing time:             Wed 01 Jan 2025 11:47:57 +0000
ROA not before:           Wed 01 Jan 2025 11:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0f:ff40:c0f3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/xYSSMuOUO_JXydyuqw75LTCkz60.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/xYSSMuOUO_JXydyuqw75LTCkz60.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xYSSMuOUO_JXydyuqw75LTCkz60.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:a4:c0:21:51:e8:d9:91:24:1a:40:21:fd:c7:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5849232e3943bf257c9dcaeab0ef92d30a4cfad
        Validity
            Not Before: Jan  1 11:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a30673b009c949a53588d622e399ffb712cbf436
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:66:6c:52:54:00:ae:8b:5a:81:c3:d3:b6:4b:
                    6d:90:e7:93:3c:5a:a5:bf:ec:58:a8:4a:6d:c2:d1:
                    36:3c:75:6f:de:0d:3d:5e:f2:d8:26:1b:0e:57:a8:
                    03:b5:a9:d5:70:24:f5:45:f9:b9:15:c7:ff:38:07:
                    df:d2:f5:a3:2c:cc:f3:52:a0:de:fd:41:e7:9a:c9:
                    25:f1:5f:fc:d2:cb:2d:4d:5e:c9:77:2f:e3:6a:5b:
                    9e:d8:6a:50:ea:d7:69:44:f9:b0:a8:ce:21:a2:c0:
                    2c:5b:a5:0d:4a:97:9f:22:0d:96:b5:e6:3b:8a:02:
                    61:89:df:95:06:23:a2:40:44:a5:9d:e2:4b:fb:81:
                    85:b9:c1:73:00:bf:9d:8b:03:f8:46:99:46:d6:3a:
                    3a:a8:96:f0:81:40:af:ac:5d:dc:c8:51:64:3b:0f:
                    36:ab:25:b1:cf:2c:1d:4f:ff:5b:e8:cc:6e:22:43:
                    2e:5d:6d:bb:18:13:26:e0:1a:e8:90:fe:2d:05:d0:
                    95:8b:3b:c3:2f:fb:b9:d5:5c:48:45:ec:f0:a9:ce:
                    a9:07:fd:73:d9:e6:72:21:43:18:8f:1b:cc:2b:f8:
                    9c:62:28:36:7f:c5:1e:dd:da:aa:fd:b9:1e:8b:86:
                    a8:38:8b:10:ce:ef:99:63:4f:af:68:30:99:ab:1e:
                    04:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:06:73:B0:09:C9:49:A5:35:88:D6:22:E3:99:FF:B7:12:CB:F4:36
            X509v3 Authority Key Identifier:
                keyid:C5:84:92:32:E3:94:3B:F2:57:C9:DC:AE:AB:0E:F9:2D:30:A4:CF:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xYSSMuOUO_JXydyuqw75LTCkz60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/owZzsAnJSaU1iNYi45n_txLL9DY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/xYSSMuOUO_JXydyuqw75LTCkz60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:ff40:c0f3::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:44:86:ea:b3:be:b3:b7:ff:92:97:b5:37:e3:7d:15:2b:06:
         b1:a4:08:35:78:3d:b0:da:c3:ce:3c:53:52:45:75:96:c2:ee:
         ac:86:c1:b7:a7:73:37:73:26:1a:ac:c2:e5:c8:74:9e:99:62:
         30:05:25:d3:72:6d:df:fd:f6:79:aa:c5:c7:6f:fb:65:d1:b8:
         ac:0a:b4:20:13:6e:16:eb:9d:81:86:7a:e7:2c:82:a5:64:70:
         6e:af:ba:3d:7f:19:d6:f2:1c:0e:50:bd:5d:4b:b8:b2:2e:f3:
         02:b6:3f:52:75:69:24:67:b2:30:bd:9d:80:4a:bf:95:02:cc:
         a7:e2:bd:16:07:4a:22:8e:fc:6b:5d:e2:18:ac:9c:2a:18:e0:
         6c:d1:d7:2f:4a:c4:f6:52:47:a5:b7:26:de:56:94:75:4d:d7:
         6c:65:ad:f5:03:13:9b:af:4c:91:f1:20:37:f7:13:dc:fa:bb:
         0b:01:7b:7c:6e:27:a1:9e:29:57:48:95:e2:90:c2:bc:25:d6:
         de:01:95:47:c4:f6:84:fe:b7:fc:0a:86:17:f1:17:af:12:f6:
         f6:8e:67:d2:72:b9:bc:03:49:89:cb:f8:c8:41:b7:5e:76:d7:
         5a:0b:34:75:62:a0:a1:7e:9e:86:c8:55:8f:74:b1:fa:93:1e:
         d2:e6:fe:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhsaTAIVHo2ZEkGkAh/cdWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1ODQ5MjMyZTM5NDNiZjI1N2M5ZGNhZWFiMGVmOTJkMzBh
NGNmYWQwHhcNMjUwMTAxMTE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzA2NzNiMDA5Yzk0OWE1MzU4OGQ2MjJlMzk5ZmZiNzEyY2JmNDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2ZsUlQArotagcPTtkttkOeTPFql
v+xYqEptwtE2PHVv3g09XvLYJhsOV6gDtanVcCT1Rfm5Fcf/OAff0vWjLMzzUqDe
/UHnmskl8V/80sstTV7Jdy/jalue2GpQ6tdpRPmwqM4hosAsW6UNSpefIg2WteY7
igJhid+VBiOiQESlneJL+4GFucFzAL+diwP4RplG1jo6qJbwgUCvrF3cyFFkOw82
qyWxzywdT/9b6MxuIkMuXW27GBMm4BrokP4tBdCVizvDL/u51VxIRezwqc6pB/1z
2eZyIUMYjxvMK/icYig2f8Ue3dqq/bkei4aoOIsQzu+ZY0+vaDCZqx4EswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKMGc7AJyUmlNYjWIuOZ/7cSy/Q2MB8GA1UdIwQY
MBaAFMWEkjLjlDvyV8ncrqsO+S0wpM+tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFlTU011T1VPX0pYeWR5dXF3NzVMVENrejYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS80NDAyMTktYmJjMy00MTg2LWIxYTYt
YWZhOTE3YmRmN2QxLzEvb3daenNBbkpTYVUxaU5ZaTQ1bl90eExMOURZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS80NDAyMTktYmJjMy00MTg2LWIxYTYtYWZhOTE3YmRmN2Qx
LzEveFlTU011T1VPX0pYeWR5dXF3NzVMVENrejYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg//QMDz
MA0GCSqGSIb3DQEBCwUAA4IBAQBDRIbqs76zt/+Sl7U3430VKwaxpAg1eD2w2sPO
PFNSRXWWwu6shsG3p3M3cyYarMLlyHSemWIwBSXTcm3f/fZ5qsXHb/tl0bisCrQg
E24W652BhnrnLIKlZHBur7o9fxnW8hwOUL1dS7iyLvMCtj9SdWkkZ7IwvZ2ASr+V
Asyn4r0WB0oijvxrXeIYrJwqGOBs0dcvSsT2UkeltybeVpR1TddsZa31AxObr0yR
8SA39xPc+rsLAXt8biehnilXSJXikMK8JdbeAZVHxPaE/rf8CoYX8RevEvb2jmfS
crm8A0mJy/jIQbdedtdaCzR1YqChfp6GyFWPdLH6kx7S5v7v
-----END CERTIFICATE-----