Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/1MGUnVina1NjRFUFYqcInNUpw2E.roa
File:                     1MGUnVina1NjRFUFYqcInNUpw2E.roa (raw, json)
Hash identifier:          Tz/mK7+290D5pQoeqWZVtnUMlyQyYCJ5RyepWXOy/2w=
Subject key identifier:   D4:C1:94:9D:58:A7:6B:53:63:44:55:05:62:A7:08:9C:D5:29:C3:61
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019422FBE0C22D725A65E2798B4E2EE1D9B6
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/1MGUnVina1NjRFUFYqcInNUpw2E.roa
Signing time:             Wed 01 Jan 2025 17:48:39 +0000
ROA not before:           Wed 01 Jan 2025 17:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206292
IP address blocks:        2a0c:9a40:8a10::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:e0:c2:2d:72:5a:65:e2:79:8b:4e:2e:e1:d9:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 17:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4c1949d58a76b536344550562a7089cd529c361
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c2:f7:ef:e3:8a:d2:de:81:5d:a0:5d:f7:6b:
                    35:b7:b1:a5:5c:48:e0:80:db:ac:38:e0:3c:2d:31:
                    0b:9b:53:03:9a:55:a7:c4:f3:71:d9:fc:c3:f1:e9:
                    a6:83:44:c3:24:41:e4:34:e2:f6:48:27:5a:db:c1:
                    9f:0b:3a:81:95:96:98:7d:7f:a5:5f:d1:2d:ae:80:
                    fa:dd:2f:ba:56:d7:73:5a:c7:b3:21:24:d0:7e:44:
                    d4:e8:60:a2:68:ee:18:bb:3e:9d:8e:c6:e7:5a:1d:
                    0e:04:3a:38:f6:6f:cd:88:84:c0:67:70:0b:36:83:
                    4f:2d:e9:be:ac:11:d9:fb:5d:6a:a5:f0:00:0b:1f:
                    93:d4:98:bc:67:e8:23:b1:13:da:71:cf:b7:a7:e4:
                    c5:67:2a:26:99:67:e7:e9:eb:28:44:24:db:28:f3:
                    e6:95:39:46:c2:af:f3:89:d1:91:57:36:13:8e:2c:
                    ba:48:2a:ee:a7:43:90:f3:cc:e8:31:fe:b4:4d:d5:
                    04:f4:a9:5d:ac:34:2e:ec:96:26:e1:2b:8f:03:f5:
                    58:32:19:af:5b:a0:29:89:e9:2e:80:e4:25:46:8f:
                    cf:5d:f5:55:65:56:43:c2:e1:94:5b:e1:4f:f6:ad:
                    d1:57:cc:da:39:cd:55:b6:fe:6d:cc:19:46:dc:33:
                    21:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:C1:94:9D:58:A7:6B:53:63:44:55:05:62:A7:08:9C:D5:29:C3:61
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/1MGUnVina1NjRFUFYqcInNUpw2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8a10::/44

    Signature Algorithm: sha256WithRSAEncryption
         3c:6a:eb:4c:66:d9:53:f8:18:17:c6:86:48:14:d2:a1:e6:6c:
         a0:d6:0f:07:4f:93:32:48:7d:2e:8e:84:94:7e:81:53:b1:6d:
         a9:e1:ec:f3:87:32:3c:ef:99:04:5a:37:84:4c:8c:46:23:90:
         79:95:e4:83:a8:88:ac:d2:ec:2a:bb:df:ae:4c:9f:4e:b4:c1:
         98:33:1f:00:0c:fe:df:88:a3:4a:6a:38:25:91:00:f1:34:fe:
         b1:c6:ab:25:94:66:2a:a7:e3:7f:6b:c3:11:a0:fd:84:b9:e3:
         bf:71:b1:f4:89:31:e4:b3:09:e8:52:6c:f7:f3:63:a1:aa:5b:
         6e:dc:74:ce:71:a5:05:58:07:bf:c6:5a:00:bd:3c:e7:6e:21:
         b9:5a:15:02:08:bb:12:99:72:d6:04:34:fc:a0:05:14:76:01:
         40:18:ad:4c:04:ec:b8:6b:3e:37:ed:52:b1:39:97:c4:b4:91:
         55:a1:8e:f7:29:e1:3f:41:bf:65:e3:0f:3d:54:9e:18:d1:2d:
         69:a3:d7:9c:7b:87:7f:f8:36:ea:fc:97:16:93:8e:8a:0a:7b:
         15:db:37:ab:a9:2b:77:8e:83:a1:01:85:60:b5:e6:bc:48:a3:
         22:51:e8:44:24:6f:b0:7f:85:16:d8:af:d9:41:7a:1b:0e:be:
         24:ad:f2:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi++DCLXJaZeJ5i04u4dm2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwMTAxMTc0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGMxOTQ5ZDU4YTc2YjUzNjM0NDU1MDU2MmE3MDg5Y2Q1MjljMzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqML37+OK0t6BXaBd92s1t7GlXEjg
gNusOOA8LTELm1MDmlWnxPNx2fzD8emmg0TDJEHkNOL2SCda28GfCzqBlZaYfX+l
X9EtroD63S+6VtdzWsezISTQfkTU6GCiaO4Yuz6djsbnWh0OBDo49m/NiITAZ3AL
NoNPLem+rBHZ+11qpfAACx+T1Ji8Z+gjsRPacc+3p+TFZyommWfn6esoRCTbKPPm
lTlGwq/zidGRVzYTjiy6SCrup0OQ88zoMf60TdUE9KldrDQu7JYm4SuPA/VYMhmv
W6ApiekugOQlRo/PXfVVZVZDwuGUW+FP9q3RV8zaOc1Vtv5tzBlG3DMh2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNTBlJ1Yp2tTY0RVBWKnCJzVKcNhMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvMU1HVW5WaW5hMU5qUkZVRllxY0luTlVwdzJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIoQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA8autMZtlT+BgXxoZIFNKh5myg1g8HT5MySH0u
joSUfoFTsW2p4ezzhzI875kEWjeETIxGI5B5leSDqIis0uwqu9+uTJ9OtMGYMx8A
DP7fiKNKajglkQDxNP6xxqsllGYqp+N/a8MRoP2EueO/cbH0iTHkswnoUmz382Oh
qltu3HTOcaUFWAe/xloAvTznbiG5WhUCCLsSmXLWBDT8oAUUdgFAGK1MBOy4az43
7VKxOZfEtJFVoY73KeE/Qb9l4w89VJ4Y0S1po9ece4d/+Dbq/JcWk46KCnsV2zer
qSt3joOhAYVgtea8SKMiUehEJG+wf4UW2K/ZQXobDr4krfKl
-----END CERTIFICATE-----