Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/PLlM-caQciClvP4vmCR1thJm2Qg.roa
File:                     PLlM-caQciClvP4vmCR1thJm2Qg.roa (raw, json)
Hash identifier:          483jEz1mqdgxRO/yMJ0BYxcE+ZWZtXLMbpw6xeoN81k=
Subject key identifier:   3C:B9:4C:F9:C6:90:72:20:A5:BC:FE:2F:98:24:75:B6:12:66:D9:08
Certificate issuer:       /CN=93503061e1ae503ec63d970b30875dd93ffabbdf
Certificate serial:       019425FBF333FA5DAA3E5C6113797088C473
Authority key identifier: 93:50:30:61:E1:AE:50:3E:C6:3D:97:0B:30:87:5D:D9:3F:FA:BB:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k1AwYeGuUD7GPZcLMIdd2T_6u98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/PLlM-caQciClvP4vmCR1thJm2Qg.roa
Signing time:             Thu 02 Jan 2025 07:47:36 +0000
ROA not before:           Thu 02 Jan 2025 07:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2a01:bb20::/29 maxlen: 29
                          2a01:bb22::/33 maxlen: 33
                          2a01:bb22:8000::/33 maxlen: 33
                          2a01:bb24::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/k1AwYeGuUD7GPZcLMIdd2T_6u98.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/k1AwYeGuUD7GPZcLMIdd2T_6u98.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k1AwYeGuUD7GPZcLMIdd2T_6u98.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fb:f3:33:fa:5d:aa:3e:5c:61:13:79:70:88:c4:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93503061e1ae503ec63d970b30875dd93ffabbdf
        Validity
            Not Before: Jan  2 07:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3cb94cf9c6907220a5bcfe2f982475b61266d908
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:40:6e:51:1a:6b:60:5b:e2:85:40:f9:7a:d7:
                    43:5b:58:7a:f9:1d:d9:89:39:69:14:c4:26:e3:b8:
                    62:96:98:75:7d:4c:e1:4e:f3:bc:a8:e5:c0:29:3e:
                    8c:a7:93:43:c0:f3:b7:ea:9d:64:13:0f:07:c7:85:
                    8f:fe:7a:e5:3c:81:c6:fc:60:8d:0a:ab:45:d0:11:
                    d6:7a:39:47:08:02:a6:e0:12:6f:80:f3:3e:68:a4:
                    38:29:45:51:d1:6b:93:6c:8d:92:6c:df:ea:99:1a:
                    ee:4c:5f:ce:7e:62:a1:36:29:5c:e2:d9:80:4b:db:
                    34:e6:2c:45:e9:39:03:bc:28:31:d2:79:81:8e:de:
                    ae:4b:3d:dd:a0:9d:13:4e:77:ae:ff:fb:02:1f:50:
                    9e:ca:ce:77:ba:5a:a9:0a:81:64:79:20:f6:d4:e7:
                    21:35:96:3f:3b:2c:17:ef:bc:6a:c0:20:c6:b6:cb:
                    78:62:10:d8:7a:c9:3f:97:6c:e2:33:28:57:e4:d9:
                    06:5f:31:ed:a7:be:02:32:b8:5b:fa:37:5e:84:01:
                    bf:5e:01:20:9b:75:c2:13:3d:ff:b8:54:c0:66:38:
                    89:4d:70:b9:59:87:38:71:e7:f2:f2:da:2a:62:8f:
                    73:09:63:b8:b2:b8:00:0e:f6:3f:00:c5:e3:b8:ee:
                    c4:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:B9:4C:F9:C6:90:72:20:A5:BC:FE:2F:98:24:75:B6:12:66:D9:08
            X509v3 Authority Key Identifier:
                keyid:93:50:30:61:E1:AE:50:3E:C6:3D:97:0B:30:87:5D:D9:3F:FA:BB:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k1AwYeGuUD7GPZcLMIdd2T_6u98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/PLlM-caQciClvP4vmCR1thJm2Qg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/k1AwYeGuUD7GPZcLMIdd2T_6u98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:bb20::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:0e:4f:b6:d7:39:d1:c0:f7:cf:9d:a6:32:9b:7a:8c:07:c5:
         15:fd:0e:9a:98:6b:56:27:1a:d2:b6:c9:31:e7:5d:aa:0a:9a:
         93:4f:5c:ea:5f:71:6c:cc:ae:ec:b5:63:8f:89:f2:2b:f6:64:
         a3:0c:28:1d:f9:21:ed:67:f6:ae:ea:a3:3c:b7:c3:fa:cf:4f:
         7f:bb:f9:40:af:01:a4:c9:43:8c:49:46:8b:86:c7:b0:65:e5:
         3b:30:65:2c:8a:03:01:9b:bf:98:9f:23:a8:2a:a3:ab:c5:a1:
         60:db:0b:5c:9d:cb:66:20:6a:aa:17:c2:7f:45:69:0d:55:0e:
         f4:b7:55:84:0b:77:dc:4b:f2:cf:51:db:5f:5c:1e:a7:fc:1c:
         10:7a:1c:12:bd:8f:0d:7d:fb:81:61:c1:04:2e:b9:0a:65:76:
         2c:00:c3:cd:37:38:d4:e3:f7:5b:d3:84:eb:12:d4:c1:96:f7:
         ba:94:e6:49:d7:b0:bd:08:10:ee:a3:4d:34:cd:ac:72:fc:29:
         f8:b8:54:e5:b4:6d:3a:9d:38:f4:61:8a:bf:27:b1:bf:e1:bb:
         21:3c:25:e4:33:17:b2:23:90:ae:77:1a:c6:dd:5f:bc:2a:93:
         a3:3a:8c:b0:7f:3b:cd:12:52:7e:4a:1c:ad:23:7b:bb:b0:06:
         83:4d:a6:94
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQl+/Mz+l2qPlxhE3lwiMRzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNTAzMDYxZTFhZTUwM2VjNjNkOTcwYjMwODc1ZGQ5M2Zm
YWJiZGYwHhcNMjUwMTAyMDc0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2I5NGNmOWM2OTA3MjIwYTViY2ZlMmY5ODI0NzViNjEyNjZkOTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUBuURprYFvihUD5etdDW1h6+R3Z
iTlpFMQm47hilph1fUzhTvO8qOXAKT6Mp5NDwPO36p1kEw8Hx4WP/nrlPIHG/GCN
CqtF0BHWejlHCAKm4BJvgPM+aKQ4KUVR0WuTbI2SbN/qmRruTF/OfmKhNilc4tmA
S9s05ixF6TkDvCgx0nmBjt6uSz3doJ0TTneu//sCH1Ceys53ulqpCoFkeSD21Och
NZY/OywX77xqwCDGtst4YhDYesk/l2ziMyhX5NkGXzHtp74CMrhb+jdehAG/XgEg
m3XCEz3/uFTAZjiJTXC5WYc4cefy8toqYo9zCWO4srgADvY/AMXjuO7EmQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDy5TPnGkHIgpbz+L5gkdbYSZtkIMB8GA1UdIwQY
MBaAFJNQMGHhrlA+xj2XCzCHXdk/+rvfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazFBd1llR3VVRDdHUFpjTE1JZGQyVF82dTk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9hNzZhYzEtNWYyMi00N2QxLWI4YzEt
YzYyM2VkOGYyZjI4LzEvUExsTS1jYVFjaUNsdlA0dm1DUjF0aEptMlFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9hNzZhYzEtNWYyMi00N2QxLWI4YzEtYzYyM2VkOGYyZjI4
LzEvazFBd1llR3VVRDdHUFpjTE1JZGQyVF82dTk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgG7IDAN
BgkqhkiG9w0BAQsFAAOCAQEAkQ5Pttc50cD3z52mMpt6jAfFFf0OmphrVica0rbJ
Meddqgqak09c6l9xbMyu7LVjj4nyK/ZkowwoHfkh7Wf2ruqjPLfD+s9Pf7v5QK8B
pMlDjElGi4bHsGXlOzBlLIoDAZu/mJ8jqCqjq8WhYNsLXJ3LZiBqqhfCf0VpDVUO
9LdVhAt33Evyz1HbX1wep/wcEHocEr2PDX37gWHBBC65CmV2LADDzTc41OP3W9OE
6xLUwZb3upTmSdewvQgQ7qNNNM2scvwp+LhU5bRtOp049GGKvyexv+G7ITwl5DMX
siOQrncaxt1fvCqTozqMsH87zRJSfkocrSN7u7AGg02mlA==
-----END CERTIFICATE-----