Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/3a7e49-9d27-4e4e-aa36-6f6ccb6e2cda/1/kZMSHFwhjt5ByeIL4QTKEiDJjZQ.roa
File:                     kZMSHFwhjt5ByeIL4QTKEiDJjZQ.roa (raw, json)
Hash identifier:          WpstqOcmslj7HDAeoS/gg7u0eBQmjbTvTylTqyOzeKc=
Subject key identifier:   91:93:12:1C:5C:21:8E:DE:41:C9:E2:0B:E1:04:CA:12:20:C9:8D:94
Certificate issuer:       /CN=4ddd0f9dcd88949b8f3a3771063562a057679290
Certificate serial:       01942444C81128DC224CE3A9C0C1B31644AD
Authority key identifier: 4D:DD:0F:9D:CD:88:94:9B:8F:3A:37:71:06:35:62:A0:57:67:92:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Td0Pnc2IlJuPOjdxBjVioFdnkpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/3a7e49-9d27-4e4e-aa36-6f6ccb6e2cda/1/kZMSHFwhjt5ByeIL4QTKEiDJjZQ.roa
Signing time:             Wed 01 Jan 2025 23:47:54 +0000
ROA not before:           Wed 01 Jan 2025 23:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204810
IP address blocks:        2a0c:4b80:4000::/34 maxlen: 34
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/3a7e49-9d27-4e4e-aa36-6f6ccb6e2cda/1/Td0Pnc2IlJuPOjdxBjVioFdnkpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/3a7e49-9d27-4e4e-aa36-6f6ccb6e2cda/1/Td0Pnc2IlJuPOjdxBjVioFdnkpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Td0Pnc2IlJuPOjdxBjVioFdnkpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:c8:11:28:dc:22:4c:e3:a9:c0:c1:b3:16:44:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ddd0f9dcd88949b8f3a3771063562a057679290
        Validity
            Not Before: Jan  1 23:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9193121c5c218ede41c9e20be104ca1220c98d94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:54:df:d4:c8:43:f0:c7:48:ec:16:7d:c9:a9:
                    95:c4:af:c5:e2:b2:81:e1:63:09:a6:54:a6:d9:34:
                    9e:2b:93:fb:a3:91:83:e3:fd:2e:a4:78:85:44:a6:
                    0b:b6:86:90:a5:42:1f:61:ab:0f:c7:53:56:7b:7d:
                    f9:64:bb:b0:8e:93:a5:91:7f:b7:17:5e:8a:8e:6b:
                    69:82:5d:6c:39:5d:26:14:36:dd:e5:7b:b0:60:1a:
                    8f:59:b2:06:5b:f3:5d:96:f8:5a:e5:09:86:e3:7d:
                    f3:f8:94:bb:be:66:cc:bc:7d:42:93:c9:01:35:4b:
                    9a:9d:a1:52:59:35:c0:90:bd:c8:5a:8c:94:0f:10:
                    aa:c9:6d:45:d3:32:60:44:94:3d:96:3d:d9:18:9e:
                    dd:51:49:37:08:4d:0d:ee:ce:00:78:4e:60:79:ba:
                    26:22:b1:c9:1e:48:75:fb:8b:b9:db:83:9e:1e:83:
                    86:26:a5:86:74:5b:fe:5c:f0:6b:73:3e:b3:a4:bf:
                    04:62:4b:37:0c:49:10:de:59:69:0e:a4:9b:6f:bd:
                    14:fa:90:5c:b5:6e:be:a4:7a:87:3b:fb:6a:92:42:
                    b9:8f:4b:f7:39:61:e9:25:3a:38:a7:a6:97:6a:85:
                    3d:52:86:c4:17:50:20:d2:0b:7a:6d:c4:b0:3b:c0:
                    ad:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:93:12:1C:5C:21:8E:DE:41:C9:E2:0B:E1:04:CA:12:20:C9:8D:94
            X509v3 Authority Key Identifier:
                keyid:4D:DD:0F:9D:CD:88:94:9B:8F:3A:37:71:06:35:62:A0:57:67:92:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Td0Pnc2IlJuPOjdxBjVioFdnkpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/3a7e49-9d27-4e4e-aa36-6f6ccb6e2cda/1/kZMSHFwhjt5ByeIL4QTKEiDJjZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/3a7e49-9d27-4e4e-aa36-6f6ccb6e2cda/1/Td0Pnc2IlJuPOjdxBjVioFdnkpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:4b80:4000::/34

    Signature Algorithm: sha256WithRSAEncryption
         8d:96:4f:d8:6d:45:57:c4:20:38:af:cc:63:b9:00:81:7c:be:
         cb:d4:4e:ca:81:a8:2e:77:ba:8f:d7:0f:47:00:43:e5:bb:75:
         9c:a1:55:27:b5:31:78:41:04:77:8b:7b:cd:6a:e3:1c:66:8b:
         9c:5e:f2:15:17:1a:51:ec:42:bb:87:8c:f9:94:6d:b7:7c:f4:
         bf:a1:90:00:d1:98:21:cf:33:89:0f:89:6f:84:38:85:7f:26:
         a7:a1:48:3c:49:6f:42:14:4c:c9:3c:b4:f3:78:18:94:4f:66:
         b6:88:ff:b7:ce:13:5c:4b:76:8b:88:bf:a4:5e:3c:71:b9:18:
         6b:7d:73:bd:2a:7f:b9:94:00:b7:df:36:b7:bc:65:91:32:ac:
         3c:c6:18:96:8c:f7:1f:65:ba:1a:e9:d7:64:ca:c0:3f:c4:79:
         14:03:6b:9e:75:e2:3a:ca:59:91:67:80:ab:d6:46:2e:54:87:
         cc:86:8d:8b:aa:83:60:ec:e1:05:60:0f:09:7a:4f:99:80:67:
         6b:99:8b:eb:de:e7:e7:32:48:25:4f:39:de:5b:f3:75:76:0e:
         e2:ee:1e:cd:27:bf:8d:f7:4f:7d:f3:7b:dc:6e:0b:79:b4:e3:
         0f:fe:11:0a:9b:8e:6a:fa:59:cb:01:b2:c5:ab:4e:af:b2:60:
         17:0b:5f:d9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQkRMgRKNwiTOOpwMGzFkStMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZGQwZjlkY2Q4ODk0OWI4ZjNhMzc3MTA2MzU2MmEwNTc2
NzkyOTAwHhcNMjUwMTAxMjM0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTkzMTIxYzVjMjE4ZWRlNDFjOWUyMGJlMTA0Y2ExMjIwYzk4ZDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVTf1MhD8MdI7BZ9yamVxK/F4rKB
4WMJplSm2TSeK5P7o5GD4/0upHiFRKYLtoaQpUIfYasPx1NWe335ZLuwjpOlkX+3
F16Kjmtpgl1sOV0mFDbd5XuwYBqPWbIGW/Ndlvha5QmG433z+JS7vmbMvH1Ck8kB
NUuanaFSWTXAkL3IWoyUDxCqyW1F0zJgRJQ9lj3ZGJ7dUUk3CE0N7s4AeE5gebom
IrHJHkh1+4u524OeHoOGJqWGdFv+XPBrcz6zpL8EYks3DEkQ3llpDqSbb70U+pBc
tW6+pHqHO/tqkkK5j0v3OWHpJTo4p6aXaoU9UobEF1Ag0gt6bcSwO8Ct0wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJGTEhxcIY7eQcniC+EEyhIgyY2UMB8GA1UdIwQY
MBaAFE3dD53NiJSbjzo3cQY1YqBXZ5KQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGQwUG5jMklsSnVQT2pkeEJqVmlvRmRua3BBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8zYTdlNDktOWQyNy00ZTRlLWFhMzYt
NmY2Y2NiNmUyY2RhLzEva1pNU0hGd2hqdDVCeWVJTDRRVEtFaURKalpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8zYTdlNDktOWQyNy00ZTRlLWFhMzYtNmY2Y2NiNmUyY2Rh
LzEvVGQwUG5jMklsSnVQT2pkeEJqVmlvRmRua3BBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYGKgxLgEAw
DQYJKoZIhvcNAQELBQADggEBAI2WT9htRVfEIDivzGO5AIF8vsvUTsqBqC53uo/X
D0cAQ+W7dZyhVSe1MXhBBHeLe81q4xxmi5xe8hUXGlHsQruHjPmUbbd89L+hkADR
mCHPM4kPiW+EOIV/JqehSDxJb0IUTMk8tPN4GJRPZraI/7fOE1xLdouIv6RePHG5
GGt9c70qf7mUALffNre8ZZEyrDzGGJaM9x9luhrp12TKwD/EeRQDa5514jrKWZFn
gKvWRi5Uh8yGjYuqg2Ds4QVgDwl6T5mAZ2uZi+ve5+cySCVPOd5b83V2DuLuHs0n
v433T33ze9xuC3m04w/+EQqbjmr6WcsBssWrTq+yYBcLX9k=
-----END CERTIFICATE-----