Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/1-0qhRjjRjf6-S2XN6yAg36RcC7Q.roa
File:                     1-0qhRjjRjf6-S2XN6yAg36RcC7Q.roa (raw, json)
Hash identifier:          R8QoOC5MMZ50FcpQHaGyOyfipZTsjyC9V597NsV95G0=
Subject key identifier:   FB:4A:A1:46:38:D1:8D:FE:BE:4B:65:CD:EB:20:20:DF:A4:5C:0B:B4
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019422FBE8BCB36D4FBA46D755D74F7E4188
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/1-0qhRjjRjf6-S2XN6yAg36RcC7Q.roa
Signing time:             Wed 01 Jan 2025 17:48:41 +0000
ROA not before:           Wed 01 Jan 2025 17:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212925
IP address blocks:        2a0c:9a40:8020::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:e8:bc:b3:6d:4f:ba:46:d7:55:d7:4f:7e:41:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 17:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb4aa14638d18dfebe4b65cdeb2020dfa45c0bb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:47:be:c6:00:16:d9:8c:6c:98:8b:32:7c:48:
                    3a:0d:52:25:65:d0:fc:1c:60:ce:df:29:67:71:33:
                    11:a2:e4:40:74:3d:bb:d6:b8:81:49:64:e5:8b:dd:
                    ba:b4:26:7f:93:db:63:4e:4e:16:51:dc:e7:cb:e2:
                    16:f2:59:42:e9:d3:fc:ee:6a:37:2e:79:81:23:e9:
                    93:32:56:ec:29:6f:03:00:0f:1d:d7:06:e2:79:9f:
                    64:a2:a9:9b:e9:25:f1:15:83:d3:5b:4b:03:71:2c:
                    b7:f1:dc:93:7c:4a:e0:ff:3a:aa:d7:7a:dd:1b:47:
                    0d:43:f8:11:bf:b5:e0:6d:1f:6b:65:11:36:e4:98:
                    7d:b8:65:eb:4b:ef:60:30:d4:e9:f4:e0:23:f8:6d:
                    8f:e7:de:11:ba:44:24:89:61:7f:26:6b:91:b0:ba:
                    42:0d:7b:22:37:89:64:37:1c:da:fb:a9:c4:a4:a2:
                    60:5e:b6:c1:17:9b:4c:41:a7:cb:8b:18:ed:ae:9a:
                    b9:dd:6f:fe:e7:7f:39:4a:1e:b5:eb:39:76:db:cd:
                    0b:17:ed:85:6b:09:fc:ed:ae:d4:51:90:cc:5a:be:
                    f0:63:bc:95:09:5e:3d:ba:91:bb:69:8c:de:a0:c3:
                    92:10:a3:7b:37:e7:9b:94:d3:da:b5:85:64:c6:21:
                    ed:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:4A:A1:46:38:D1:8D:FE:BE:4B:65:CD:EB:20:20:DF:A4:5C:0B:B4
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/1-0qhRjjRjf6-S2XN6yAg36RcC7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8020::/44

    Signature Algorithm: sha256WithRSAEncryption
         cf:82:a9:a3:d2:1c:5b:27:9c:fd:e2:32:43:17:5c:31:ad:c2:
         fd:73:30:da:22:17:86:0e:9a:ad:55:f8:88:7a:63:cf:d4:8e:
         9e:2b:0a:68:fd:74:c3:f5:ee:24:0a:b0:69:67:91:68:1b:3c:
         6c:b8:c9:60:b7:e4:85:38:c8:d2:8b:eb:39:f6:fe:37:d8:cc:
         d0:dd:e1:77:68:ac:fe:b0:52:af:ce:53:c4:b5:6f:9b:5f:7d:
         fe:6c:b5:22:0f:82:a7:83:b0:67:b8:8c:4e:df:56:d9:67:4f:
         18:7b:da:75:e4:b9:aa:6f:96:e7:ce:03:3b:55:77:ae:cc:2e:
         2a:5b:7f:bc:e0:57:63:ab:02:c1:ca:3f:cc:9d:7b:90:30:4e:
         c7:50:1d:d6:46:a9:6d:92:b6:c4:b2:b4:93:be:e0:68:04:ea:
         d9:bb:3a:aa:5d:fa:24:5f:23:b5:68:32:ef:f7:ad:7b:04:f1:
         39:b1:75:7c:93:31:fa:23:49:cf:76:9f:84:e9:98:d8:d2:9b:
         f7:58:05:2d:53:40:7d:10:05:57:94:a6:40:e1:a1:36:b8:de:
         59:f2:dc:73:8c:b1:db:75:39:d6:2e:2e:1c:67:91:e9:05:00:
         62:1b:56:e2:97:80:91:89:2b:fb:f4:aa:17:53:5d:ff:64:f5:
         d9:04:af:90
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAZQi++i8s21PukbXVddPfkGIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwMTAxMTc0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjRhYTE0NjM4ZDE4ZGZlYmU0YjY1Y2RlYjIwMjBkZmE0NWMwYmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUe+xgAW2YxsmIsyfEg6DVIlZdD8
HGDO3ylncTMRouRAdD271riBSWTli926tCZ/k9tjTk4WUdzny+IW8llC6dP87mo3
LnmBI+mTMlbsKW8DAA8d1wbieZ9koqmb6SXxFYPTW0sDcSy38dyTfErg/zqq13rd
G0cNQ/gRv7XgbR9rZRE25Jh9uGXrS+9gMNTp9OAj+G2P594RukQkiWF/JmuRsLpC
DXsiN4lkNxza+6nEpKJgXrbBF5tMQafLixjtrpq53W/+5385Sh616zl2280LF+2F
awn87a7UUZDMWr7wY7yVCV49upG7aYzeoMOSEKN7N+eblNPatYVkxiHtowIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPtKoUY40Y3+vktlzesgIN+kXAu0MB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvMS0wcWhSampSamY2LVMyWE42eUFnMzZSY0M3US5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDIvZjk2ZjczLTY2ODYtNDE2NC1iMjNmLWJmNGU1MjdiOWZh
OC8xL25wV2pZZjRyTEZLU1ltdWt4V3BscUJUa2dBZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoMmkCA
IDANBgkqhkiG9w0BAQsFAAOCAQEAz4Kpo9IcWyec/eIyQxdcMa3C/XMw2iIXhg6a
rVX4iHpjz9SOnisKaP10w/XuJAqwaWeRaBs8bLjJYLfkhTjI0ovrOfb+N9jM0N3h
d2is/rBSr85TxLVvm199/my1Ig+Cp4OwZ7iMTt9W2WdPGHvadeS5qm+W584DO1V3
rswuKlt/vOBXY6sCwco/zJ17kDBOx1Ad1kapbZK2xLK0k77gaATq2bs6ql36JF8j
tWgy7/etewTxObF1fJMx+iNJz3afhOmY2NKb91gFLVNAfRAFV5SmQOGhNrjeWfLc
c4yx23U51i4uHGeR6QUAYhtW4peAkYkr+/SqF1Nd/2T12QSvkA==
-----END CERTIFICATE-----