Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/02cdc2-40a8-4781-860b-2388c906bc62/1/S7ra6Ov-UpB_vWrQKASj1i2bpWU.roa
File:                     S7ra6Ov-UpB_vWrQKASj1i2bpWU.roa (raw, json)
Hash identifier:          kepYC+QCOG1xoHVARWHcfGe1QSDNXlo9WvXDhx0i4AA=
Subject key identifier:   4B:BA:DA:E8:EB:FE:52:90:7F:BD:6A:D0:28:04:A3:D6:2D:9B:A5:65
Certificate issuer:       /CN=63d5b48848107b86e142d1c06c29d4b70e7394d3
Certificate serial:       019426D9D080817A1C53A9173A7AB14C8DED
Authority key identifier: 63:D5:B4:88:48:10:7B:86:E1:42:D1:C0:6C:29:D4:B7:0E:73:94:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y9W0iEgQe4bhQtHAbCnUtw5zlNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/02cdc2-40a8-4781-860b-2388c906bc62/1/S7ra6Ov-UpB_vWrQKASj1i2bpWU.roa
Signing time:             Thu 02 Jan 2025 11:49:56 +0000
ROA not before:           Thu 02 Jan 2025 11:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43350
IP address blocks:        2a0f:2b86:10::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/02cdc2-40a8-4781-860b-2388c906bc62/1/Y9W0iEgQe4bhQtHAbCnUtw5zlNM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/02cdc2-40a8-4781-860b-2388c906bc62/1/Y9W0iEgQe4bhQtHAbCnUtw5zlNM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y9W0iEgQe4bhQtHAbCnUtw5zlNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 11:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:d0:80:81:7a:1c:53:a9:17:3a:7a:b1:4c:8d:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63d5b48848107b86e142d1c06c29d4b70e7394d3
        Validity
            Not Before: Jan  2 11:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4bbadae8ebfe52907fbd6ad02804a3d62d9ba565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a5:c9:b8:d2:e7:79:c9:e7:ef:92:12:a8:2e:
                    52:27:62:b5:36:a3:c7:a8:03:e8:c0:7f:ce:b6:79:
                    c2:1c:62:20:29:b5:7a:65:e3:c4:92:fc:37:83:f2:
                    53:f1:6e:7d:2f:d7:18:4b:7a:35:f4:f5:67:a8:f1:
                    41:86:be:83:72:ef:5d:55:42:bd:2f:e5:c6:49:df:
                    47:c5:7e:9e:69:da:c7:dc:1f:4c:06:4c:45:98:30:
                    8a:77:63:27:0d:79:c6:ba:ee:c3:93:9e:88:f3:3e:
                    c4:6d:f9:fe:8f:6f:d6:1f:a5:12:f2:f6:33:36:a2:
                    89:e5:50:49:35:95:28:62:5d:d2:8c:21:2d:c5:fa:
                    34:41:1c:07:a3:9a:72:b1:80:bb:60:02:c4:81:69:
                    08:f9:cd:51:93:e4:3f:df:46:aa:ec:f9:55:ee:2f:
                    aa:1e:1d:95:d2:51:11:9a:80:2d:86:6c:51:9f:73:
                    5a:12:15:99:a1:04:e9:9b:14:8b:3a:79:18:be:3d:
                    c3:79:f1:bc:e5:44:cf:de:56:cd:ed:5b:22:a6:02:
                    42:aa:db:43:d3:f9:56:bf:0a:0f:35:12:94:61:28:
                    59:dd:80:2f:c3:98:e9:e3:da:c5:35:5d:1a:83:76:
                    cc:8e:ca:16:21:f0:e7:a5:62:47:e0:55:6e:37:c4:
                    bf:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:BA:DA:E8:EB:FE:52:90:7F:BD:6A:D0:28:04:A3:D6:2D:9B:A5:65
            X509v3 Authority Key Identifier:
                keyid:63:D5:B4:88:48:10:7B:86:E1:42:D1:C0:6C:29:D4:B7:0E:73:94:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y9W0iEgQe4bhQtHAbCnUtw5zlNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/02cdc2-40a8-4781-860b-2388c906bc62/1/S7ra6Ov-UpB_vWrQKASj1i2bpWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/02cdc2-40a8-4781-860b-2388c906bc62/1/Y9W0iEgQe4bhQtHAbCnUtw5zlNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:2b86:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:9d:8e:fa:d3:63:b8:74:3e:6f:1c:fa:6b:26:f5:e0:27:35:
         a3:d9:36:31:d7:6d:b7:5a:e8:e6:e0:2d:bd:12:70:a4:79:91:
         4c:a4:3a:9a:0e:8f:3d:4b:c7:d0:a9:da:f1:a4:f9:20:fd:1b:
         2d:77:a7:e3:37:c3:8f:2f:37:ee:63:d4:1c:ab:7b:97:32:dc:
         46:b6:3c:69:01:dd:40:02:e1:61:40:ef:a6:f6:77:6f:b6:84:
         01:f1:5c:dc:e4:e9:ab:b2:32:64:aa:c5:20:1b:e4:02:87:0f:
         bf:ef:22:cb:89:e2:63:bb:75:53:cf:da:fc:24:be:b2:e1:c1:
         a9:2e:f5:01:4b:f8:dd:70:ba:71:8f:75:5d:ff:2e:28:70:37:
         3e:0b:2a:5e:a9:36:d9:c6:b1:2f:5a:7c:bb:f7:6d:66:1b:fe:
         bb:b0:1f:e0:0e:5a:a7:04:c5:4a:ca:12:00:19:9c:66:77:90:
         62:d8:73:e7:01:f5:6a:7e:a9:e5:12:87:c1:2f:7c:36:7d:58:
         0c:ab:2c:1f:8c:23:38:91:3b:30:68:6b:2a:9a:ec:e0:ef:dc:
         cd:bc:61:29:d2:68:21:89:4b:6f:16:40:13:1f:fc:da:d1:12:
         63:16:ea:fe:c4:48:10:ff:cd:4b:a8:0e:e5:bd:ab:e3:dc:27:
         81:ef:4f:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQm2dCAgXocU6kXOnqxTI3tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZDViNDg4NDgxMDdiODZlMTQyZDFjMDZjMjlkNGI3MGU3
Mzk0ZDMwHhcNMjUwMTAyMTE0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmJhZGFlOGViZmU1MjkwN2ZiZDZhZDAyODA0YTNkNjJkOWJhNTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKXJuNLnecnn75ISqC5SJ2K1NqPH
qAPowH/OtnnCHGIgKbV6ZePEkvw3g/JT8W59L9cYS3o19PVnqPFBhr6Dcu9dVUK9
L+XGSd9HxX6eadrH3B9MBkxFmDCKd2MnDXnGuu7Dk56I8z7Ebfn+j2/WH6US8vYz
NqKJ5VBJNZUoYl3SjCEtxfo0QRwHo5pysYC7YALEgWkI+c1Rk+Q/30aq7PlV7i+q
Hh2V0lERmoAthmxRn3NaEhWZoQTpmxSLOnkYvj3DefG85UTP3lbN7VsipgJCqttD
0/lWvwoPNRKUYShZ3YAvw5jp49rFNV0ag3bMjsoWIfDnpWJH4FVuN8S/kQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEu62ujr/lKQf71q0CgEo9Ytm6VlMB8GA1UdIwQY
MBaAFGPVtIhIEHuG4ULRwGwp1LcOc5TTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTlXMGlFZ1FlNGJoUXRIQWJDblV0dzV6bE5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS8wMmNkYzItNDBhOC00NzgxLTg2MGIt
MjM4OGM5MDZiYzYyLzEvUzdyYTZPdi1VcEJfdldyUUtBU2oxaTJicFdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS8wMmNkYzItNDBhOC00NzgxLTg2MGItMjM4OGM5MDZiYzYy
LzEvWTlXMGlFZ1FlNGJoUXRIQWJDblV0dzV6bE5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg8rhgAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCHnY7602O4dD5vHPprJvXgJzWj2TYx1223Wujm
4C29EnCkeZFMpDqaDo89S8fQqdrxpPkg/Rstd6fjN8OPLzfuY9Qcq3uXMtxGtjxp
Ad1AAuFhQO+m9ndvtoQB8Vzc5OmrsjJkqsUgG+QChw+/7yLLieJju3VTz9r8JL6y
4cGpLvUBS/jdcLpxj3Vd/y4ocDc+CypeqTbZxrEvWny7921mG/67sB/gDlqnBMVK
yhIAGZxmd5Bi2HPnAfVqfqnlEofBL3w2fVgMqywfjCM4kTswaGsqmuzg79zNvGEp
0mghiUtvFkATH/za0RJjFur+xEgQ/81LqA7lvavj3CeB70/R
-----END CERTIFICATE-----