Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/zURslIPoCzmuF9cVBs91SF_jfZs.roa
File:                     zURslIPoCzmuF9cVBs91SF_jfZs.roa (raw, json)
Hash identifier:          PBlZSBkxr5D+YnPFObnzHQvndsM2zZG1fAG0x5+wRk4=
Subject key identifier:   CD:44:6C:94:83:E8:0B:39:AE:17:D7:15:06:CF:75:48:5F:E3:7D:9B
Certificate issuer:       /CN=3f3bf511774b6e1d706bb2727b3d3125775a912f
Certificate serial:       01942669FDFF0CB4E5837AB7CA821A4C71E2
Authority key identifier: 3F:3B:F5:11:77:4B:6E:1D:70:6B:B2:72:7B:3D:31:25:77:5A:91:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pzv1EXdLbh1wa7Jyez0xJXdakS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/zURslIPoCzmuF9cVBs91SF_jfZs.roa
Signing time:             Thu 02 Jan 2025 09:47:48 +0000
ROA not before:           Thu 02 Jan 2025 09:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0a:144::/35 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/Pzv1EXdLbh1wa7Jyez0xJXdakS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/Pzv1EXdLbh1wa7Jyez0xJXdakS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pzv1EXdLbh1wa7Jyez0xJXdakS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:69:fd:ff:0c:b4:e5:83:7a:b7:ca:82:1a:4c:71:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f3bf511774b6e1d706bb2727b3d3125775a912f
        Validity
            Not Before: Jan  2 09:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd446c9483e80b39ae17d71506cf75485fe37d9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:0c:f1:a2:fa:29:95:8f:10:bd:aa:bd:2b:48:
                    0d:47:54:f4:0c:8c:1f:b1:be:db:7d:d6:bc:78:0c:
                    57:0e:90:d4:75:fa:ee:e0:bf:e4:ab:69:02:d5:a5:
                    9d:ee:be:20:d5:6b:fd:44:c4:60:8a:8e:71:9e:9b:
                    ca:2d:49:fe:45:16:72:67:cc:1c:15:e4:a9:40:88:
                    08:d9:ac:1a:9e:88:08:91:15:5c:99:8c:9f:9a:27:
                    3c:96:46:45:4a:3f:77:02:d6:10:d8:37:04:0e:78:
                    69:73:b3:3c:ba:b3:f5:fc:3c:89:88:ed:be:7b:65:
                    89:0d:51:03:94:f0:1f:1a:cc:8c:70:03:7a:f7:78:
                    fe:95:23:f1:54:0f:b6:4f:44:71:92:61:da:ff:ea:
                    2a:70:20:6f:56:93:68:fc:4d:81:c8:4f:bd:3b:7b:
                    95:44:1c:3b:a9:36:18:bc:30:6f:3c:8e:cf:21:1f:
                    4d:21:97:20:5d:e5:9e:cd:3d:42:84:f0:0e:a9:42:
                    af:9f:72:e5:0b:4b:6b:65:cc:ae:09:63:8b:8c:02:
                    d0:2a:ac:94:a6:27:f1:a9:62:cf:9d:ad:ec:45:ba:
                    4e:b4:29:41:ec:93:35:00:92:c4:44:71:1c:f5:4c:
                    71:5d:b3:22:80:1c:9f:34:e7:6d:ff:b3:0c:b2:c0:
                    6d:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:44:6C:94:83:E8:0B:39:AE:17:D7:15:06:CF:75:48:5F:E3:7D:9B
            X509v3 Authority Key Identifier:
                keyid:3F:3B:F5:11:77:4B:6E:1D:70:6B:B2:72:7B:3D:31:25:77:5A:91:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pzv1EXdLbh1wa7Jyez0xJXdakS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/zURslIPoCzmuF9cVBs91SF_jfZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/Pzv1EXdLbh1wa7Jyez0xJXdakS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:144::/35

    Signature Algorithm: sha256WithRSAEncryption
         44:73:d3:c5:e1:66:65:3b:f8:04:9a:14:e6:62:fc:7a:90:a9:
         a4:1e:41:24:28:39:c6:2c:17:f2:54:54:91:af:a7:17:ce:a9:
         e7:aa:7c:e4:cd:6e:0c:2a:91:f4:d9:32:30:d3:e2:98:ef:94:
         da:17:b0:7e:68:74:8e:b9:25:25:db:c6:a9:7f:c0:54:37:9b:
         88:85:b1:34:6e:9b:70:b1:ff:ea:c3:9d:8d:ed:b5:41:e0:b9:
         27:3d:5e:94:f5:be:f8:b7:bb:24:88:75:63:e6:5c:54:b7:68:
         8b:6f:1b:39:71:8a:02:cd:1c:c2:19:a1:1b:ab:8d:da:aa:9a:
         4f:96:dc:9d:9a:33:dc:0d:5c:ca:e8:4a:bb:0b:fc:4e:9e:6e:
         b8:05:08:a8:04:03:91:6d:e1:5d:18:b4:34:17:7d:c7:d9:12:
         ca:50:9b:03:e4:93:4c:2c:a5:fd:3f:9b:2b:58:06:c1:dd:81:
         6b:45:9c:50:c0:53:f8:6e:81:1f:d0:15:b0:d8:aa:6c:89:89:
         97:5d:ff:f9:f9:18:ca:d2:c5:54:40:dc:77:e3:8d:43:d4:85:
         33:f3:6b:d2:42:c3:dd:b0:a6:0d:ad:33:38:5f:b7:ce:9e:9c:
         81:aa:b2:c4:16:cd:19:e9:61:44:46:20:9b:79:2b:68:6e:92:
         df:cf:4c:e0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQmaf3/DLTlg3q3yoIaTHHiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmM2JmNTExNzc0YjZlMWQ3MDZiYjI3MjdiM2QzMTI1Nzc1
YTkxMmYwHhcNMjUwMTAyMDk0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDQ0NmM5NDgzZTgwYjM5YWUxN2Q3MTUwNmNmNzU0ODVmZTM3ZDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQzxovoplY8Qvaq9K0gNR1T0DIwf
sb7bfda8eAxXDpDUdfru4L/kq2kC1aWd7r4g1Wv9RMRgio5xnpvKLUn+RRZyZ8wc
FeSpQIgI2awanogIkRVcmYyfmic8lkZFSj93AtYQ2DcEDnhpc7M8urP1/DyJiO2+
e2WJDVEDlPAfGsyMcAN693j+lSPxVA+2T0RxkmHa/+oqcCBvVpNo/E2ByE+9O3uV
RBw7qTYYvDBvPI7PIR9NIZcgXeWezT1ChPAOqUKvn3LlC0trZcyuCWOLjALQKqyU
pifxqWLPna3sRbpOtClB7JM1AJLERHEc9UxxXbMigByfNOdt/7MMssBtuQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFM1EbJSD6As5rhfXFQbPdUhf432bMB8GA1UdIwQY
MBaAFD879RF3S24dcGuycns9MSV3WpEvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHp2MUVYZExiaDF3YTdKeWV6MHhKWGRha1M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9mNTU3NTctNTk2NS00MjcwLWJlYWIt
YTBkNmRiZmFjNmViLzEvelVSc2xJUG9Dem11RjljVkJzOTFTRl9qZlpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9mNTU3NTctNTk2NS00MjcwLWJlYWItYTBkNmRiZmFjNmVi
LzEvUHp2MUVYZExiaDF3YTdKeWV6MHhKWGRha1M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYFKgoBRAAw
DQYJKoZIhvcNAQELBQADggEBAERz08XhZmU7+ASaFOZi/HqQqaQeQSQoOcYsF/JU
VJGvpxfOqeeqfOTNbgwqkfTZMjDT4pjvlNoXsH5odI65JSXbxql/wFQ3m4iFsTRu
m3Cx/+rDnY3ttUHguSc9XpT1vvi3uySIdWPmXFS3aItvGzlxigLNHMIZoRurjdqq
mk+W3J2aM9wNXMroSrsL/E6ebrgFCKgEA5Ft4V0YtDQXfcfZEspQmwPkk0wspf0/
mytYBsHdgWtFnFDAU/hugR/QFbDYqmyJiZdd//n5GMrSxVRA3HfjjUPUhTPza9JC
w92wpg2tMzhft86enIGqssQWzRnpYURGIJt5K2hukt/PTOA=
-----END CERTIFICATE-----