Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/5pBLW9ygxJjvYDbxGdIbHFnDqbI.roa
File:                     5pBLW9ygxJjvYDbxGdIbHFnDqbI.roa (raw, json)
Hash identifier:          nwLH9LjWzIZxRa5xYvKr5yaaEw5QFrTusMRGpRND994=
Subject key identifier:   E6:90:4B:5B:DC:A0:C4:98:EF:60:36:F1:19:D2:1B:1C:59:C3:A9:B2
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019422FBD17112DAA983BABD82D0EA266599
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/5pBLW9ygxJjvYDbxGdIbHFnDqbI.roa
Signing time:             Wed 01 Jan 2025 17:48:35 +0000
ROA not before:           Wed 01 Jan 2025 17:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198079
IP address blocks:        2a0c:9a40:83b0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:d1:71:12:da:a9:83:ba:bd:82:d0:ea:26:65:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 17:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6904b5bdca0c498ef6036f119d21b1c59c3a9b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:23:8e:4c:75:ac:28:40:74:a8:d7:3a:3d:88:
                    25:f9:fa:e3:e4:59:ab:7c:4a:17:76:69:0a:36:9b:
                    bd:4c:eb:54:25:65:dd:21:ce:6b:f2:4d:2f:7e:3f:
                    98:3c:32:0a:97:cd:f4:b8:91:3a:3c:7c:59:19:fb:
                    02:fe:bb:cf:b0:50:dc:ba:7a:43:2e:d2:d9:9c:77:
                    15:aa:f1:01:be:f0:7a:7f:ef:30:16:13:b1:28:4b:
                    2e:32:db:3d:fc:fa:53:47:9c:a4:74:3b:a4:1b:b9:
                    2e:9c:2d:21:25:c7:93:b3:53:2a:c1:71:1f:44:96:
                    5c:03:d1:f5:86:b9:74:49:a4:36:ae:32:23:a1:c9:
                    70:c1:b3:e5:2e:48:48:a3:00:c7:23:d9:a5:f7:e9:
                    6f:11:08:f0:e6:aa:e3:01:ec:9a:57:51:fc:f6:08:
                    a1:be:9c:75:7f:79:0f:34:b0:aa:37:36:51:36:5b:
                    3f:c2:ce:95:d5:a6:19:cb:6f:15:6a:d0:bc:6b:d0:
                    cf:a7:a2:3a:3a:db:13:ea:c9:08:a8:5f:cb:f4:49:
                    ca:fc:60:b6:c2:85:3b:a1:ad:be:ba:b5:7d:54:a3:
                    ba:f0:18:1b:b5:65:67:f0:f7:54:96:e0:7a:49:bd:
                    63:b7:9e:1f:09:fc:30:df:59:85:38:52:bd:1a:c3:
                    3b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:90:4B:5B:DC:A0:C4:98:EF:60:36:F1:19:D2:1B:1C:59:C3:A9:B2
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/5pBLW9ygxJjvYDbxGdIbHFnDqbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:83b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:84:09:99:d6:85:04:46:57:a7:63:88:ac:ba:9b:b7:7f:03:
         5c:c2:71:1f:75:8a:b1:91:64:f4:67:f5:b3:64:8a:0b:4a:0b:
         76:35:9b:b9:05:5e:80:10:0a:bb:94:d3:76:59:d2:a7:dd:d7:
         47:eb:7e:07:a1:3a:e3:79:44:79:9c:e4:59:98:a4:fe:c8:91:
         27:21:7e:dc:66:63:58:f8:a4:71:6a:5e:3e:6a:48:62:74:df:
         e1:7d:96:61:01:4d:73:ef:41:53:8a:10:9c:05:38:96:82:df:
         ab:c8:80:76:0a:bf:eb:b1:fc:fa:b1:a3:04:62:4c:57:63:44:
         ec:e6:fc:8a:12:70:53:26:b1:43:73:e0:8e:3e:c9:fc:05:7d:
         b1:73:ed:cd:c9:20:74:67:c0:fc:d5:c8:29:9b:f6:e9:07:aa:
         d6:f3:6b:e4:58:d5:94:6c:f9:e5:52:f1:95:78:dc:e0:be:c0:
         bd:80:64:20:48:e0:6b:20:1f:01:e6:25:a3:da:06:f6:d4:ea:
         19:42:a7:e6:df:7e:ec:d1:93:2c:e8:73:9b:fd:0b:1e:40:e0:
         67:d8:29:a2:76:96:59:cf:18:d2:bf:5e:fd:31:e2:f1:1b:05:
         ab:94:47:05:1c:55:6f:85:c9:7f:be:87:eb:bc:d5:76:5e:87:
         3f:2c:24:a3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi+9FxEtqpg7q9gtDqJmWZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwMTAxMTc0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjkwNGI1YmRjYTBjNDk4ZWY2MDM2ZjExOWQyMWIxYzU5YzNhOWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyOOTHWsKEB0qNc6PYgl+frj5Fmr
fEoXdmkKNpu9TOtUJWXdIc5r8k0vfj+YPDIKl830uJE6PHxZGfsC/rvPsFDcunpD
LtLZnHcVqvEBvvB6f+8wFhOxKEsuMts9/PpTR5ykdDukG7kunC0hJceTs1MqwXEf
RJZcA9H1hrl0SaQ2rjIjoclwwbPlLkhIowDHI9ml9+lvEQjw5qrjAeyaV1H89gih
vpx1f3kPNLCqNzZRNls/ws6V1aYZy28VatC8a9DPp6I6OtsT6skIqF/L9EnK/GC2
woU7oa2+urV9VKO68BgbtWVn8PdUluB6Sb1jt54fCfww31mFOFK9GsM7owIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOaQS1vcoMSY72A28RnSGxxZw6myMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvNXBCTFc5eWd4Smp2WURieEdkSWJIRm5EcWJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIOw
MA0GCSqGSIb3DQEBCwUAA4IBAQAnhAmZ1oUERlenY4isupu3fwNcwnEfdYqxkWT0
Z/WzZIoLSgt2NZu5BV6AEAq7lNN2WdKn3ddH634HoTrjeUR5nORZmKT+yJEnIX7c
ZmNY+KRxal4+akhidN/hfZZhAU1z70FTihCcBTiWgt+ryIB2Cr/rsfz6saMEYkxX
Y0Ts5vyKEnBTJrFDc+COPsn8BX2xc+3NySB0Z8D81cgpm/bpB6rW82vkWNWUbPnl
UvGVeNzgvsC9gGQgSOBrIB8B5iWj2gb21OoZQqfm337s0ZMs6HOb/QseQOBn2Cmi
dpZZzxjSv179MeLxGwWrlEcFHFVvhcl/vofrvNV2Xoc/LCSj
-----END CERTIFICATE-----