Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/1IrWAk2U6i1dMm8R9aGFrAzmbvQ.roa
File:                     1IrWAk2U6i1dMm8R9aGFrAzmbvQ.roa (raw, json)
Hash identifier:          hucJ3cIHLhiOFI+xi0dYhmiaEGc+ND9tSFu9uBy3r0o=
Subject key identifier:   D4:8A:D6:02:4D:94:EA:2D:5D:32:6F:11:F5:A1:85:AC:0C:E6:6E:F4
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019422FBDBAD05FCAD023D494381E8E5BC38
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/1IrWAk2U6i1dMm8R9aGFrAzmbvQ.roa
Signing time:             Wed 01 Jan 2025 17:48:38 +0000
ROA not before:           Wed 01 Jan 2025 17:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202776
IP address blocks:        2a0c:9a40:8c30::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:db:ad:05:fc:ad:02:3d:49:43:81:e8:e5:bc:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 17:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d48ad6024d94ea2d5d326f11f5a185ac0ce66ef4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:6c:9e:74:b5:10:03:87:8b:2c:0f:53:df:51:
                    f0:8c:96:bd:0e:ed:6a:cc:b1:aa:4d:2e:6d:9a:04:
                    ac:f5:ec:b4:43:1e:b3:71:f2:df:3e:67:55:79:f8:
                    80:21:8d:53:6c:e8:20:6c:82:d0:21:ce:35:7d:8f:
                    e1:20:a9:0d:2a:cc:1e:b3:d0:ee:cc:f6:c7:6c:05:
                    77:a2:0b:3e:68:dc:e1:0f:ce:30:7d:9f:d4:89:53:
                    9f:4c:88:c2:05:0a:c8:47:97:d9:a7:04:3d:ff:72:
                    fe:77:df:10:19:0b:03:11:08:79:a0:31:a1:11:1d:
                    10:06:ad:eb:b2:ab:27:a1:f6:11:5f:f9:4f:0a:c9:
                    e3:cd:9a:30:e8:13:c4:91:5b:3c:14:01:7c:ab:83:
                    5c:d1:81:f4:7f:dd:e6:fe:0f:f0:ac:b2:ac:fd:5f:
                    2a:0b:4f:33:73:65:e8:56:32:b6:d8:6f:9d:be:5e:
                    7e:69:34:44:1f:18:c4:be:9d:5f:4a:07:ed:da:00:
                    a7:57:f8:78:a7:44:e1:69:6b:11:9b:3d:81:8b:99:
                    fe:a2:f3:ab:3b:4f:fa:7b:45:27:12:5b:1c:a5:c1:
                    e2:a5:51:d2:d9:ac:4d:2b:52:5d:00:61:93:8d:af:
                    74:be:53:45:7d:c3:ae:89:ca:ff:67:26:87:cf:5b:
                    72:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:8A:D6:02:4D:94:EA:2D:5D:32:6F:11:F5:A1:85:AC:0C:E6:6E:F4
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/1IrWAk2U6i1dMm8R9aGFrAzmbvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8c30::/48

    Signature Algorithm: sha256WithRSAEncryption
         ca:9f:4b:83:f0:8e:89:eb:58:33:67:37:a1:ce:fe:ce:ac:57:
         64:13:b2:71:de:01:d6:4d:a2:89:de:7a:48:1b:65:46:7a:a0:
         7e:4e:e9:d1:bb:ac:b9:4c:a4:a6:35:a2:38:63:b7:d5:74:aa:
         34:58:4c:ef:cd:0d:01:f8:e9:9e:b1:d2:fe:7f:bb:46:10:4d:
         81:71:56:7e:50:82:4f:44:18:f8:ed:92:59:d0:b4:6a:0f:14:
         71:c3:a6:f2:69:fa:a9:60:44:62:05:1d:98:50:db:3e:34:d2:
         13:09:9c:90:41:95:77:d3:44:4e:d1:54:3a:6e:15:69:d2:cd:
         90:d7:22:fd:cb:37:22:42:a6:ca:59:d1:7f:3f:39:ac:4b:75:
         e5:42:0b:99:f9:6e:ec:7f:d7:31:d8:f1:3a:46:ca:2e:76:44:
         86:28:c9:9d:0a:ec:ad:92:5d:da:f1:db:de:70:ba:37:7e:a2:
         dd:12:d7:0e:6f:8b:fe:a2:a8:33:f6:33:7b:8e:c3:83:b3:58:
         6b:dc:ce:35:f7:3f:75:c8:93:a2:ad:cd:a9:3c:f0:75:d7:c1:
         f1:ba:3f:df:6c:d5:90:43:ba:a2:7f:9d:7c:21:5d:f0:d4:22:
         1d:eb:3e:4c:ba:29:c2:c9:b0:e5:13:d8:5d:64:23:84:88:5a:
         4b:4d:da:a2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi+9utBfytAj1JQ4Ho5bw4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwMTAxMTc0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDhhZDYwMjRkOTRlYTJkNWQzMjZmMTFmNWExODVhYzBjZTY2ZWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGyedLUQA4eLLA9T31HwjJa9Du1q
zLGqTS5tmgSs9ey0Qx6zcfLfPmdVefiAIY1TbOggbILQIc41fY/hIKkNKswes9Du
zPbHbAV3ogs+aNzhD84wfZ/UiVOfTIjCBQrIR5fZpwQ9/3L+d98QGQsDEQh5oDGh
ER0QBq3rsqsnofYRX/lPCsnjzZow6BPEkVs8FAF8q4Nc0YH0f93m/g/wrLKs/V8q
C08zc2XoVjK22G+dvl5+aTREHxjEvp1fSgft2gCnV/h4p0ThaWsRmz2Bi5n+ovOr
O0/6e0UnElscpcHipVHS2axNK1JdAGGTja90vlNFfcOuicr/ZyaHz1tyTwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNSK1gJNlOotXTJvEfWhhawM5m70MB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvMUlyV0FrMlU2aTFkTW04UjlhR0ZyQXptYnZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIww
MA0GCSqGSIb3DQEBCwUAA4IBAQDKn0uD8I6J61gzZzehzv7OrFdkE7Jx3gHWTaKJ
3npIG2VGeqB+TunRu6y5TKSmNaI4Y7fVdKo0WEzvzQ0B+OmesdL+f7tGEE2BcVZ+
UIJPRBj47ZJZ0LRqDxRxw6byafqpYERiBR2YUNs+NNITCZyQQZV300RO0VQ6bhVp
0s2Q1yL9yzciQqbKWdF/PzmsS3XlQguZ+W7sf9cx2PE6RsoudkSGKMmdCuytkl3a
8dvecLo3fqLdEtcOb4v+oqgz9jN7jsODs1hr3M419z91yJOirc2pPPB118Hxuj/f
bNWQQ7qif518IV3w1CId6z5MuinCybDlE9hdZCOEiFpLTdqi
-----END CERTIFICATE-----