Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/7vlx3qh5NRG6zzRCkYfEvp0qDIY.roa
File:                     7vlx3qh5NRG6zzRCkYfEvp0qDIY.roa (raw, json)
Hash identifier:          z6ZOKY2P70W4ZI2B/B2DzFS7MP5T+0umpBI7pc1gpao=
Subject key identifier:   EE:F9:71:DE:A8:79:35:11:BA:CF:34:42:91:87:C4:BE:9D:2A:0C:86
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019519A42684851F20D086C779E2A3D757DC
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/7vlx3qh5NRG6zzRCkYfEvp0qDIY.roa
Signing time:             Tue 18 Feb 2025 15:19:02 +0000
ROA not before:           Tue 18 Feb 2025 15:19:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201949
IP address blocks:        2a0c:9a40:86c0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:19:a4:26:84:85:1f:20:d0:86:c7:79:e2:a3:d7:57:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Feb 18 15:19:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eef971dea8793511bacf34429187c4be9d2a0c86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:6d:e9:19:f3:94:4f:28:cc:00:4a:ab:87:65:
                    f4:37:c4:2e:e0:05:4d:95:74:ea:6b:ed:77:64:d8:
                    d4:eb:16:22:98:02:b2:61:89:9b:67:58:ab:59:c0:
                    a7:15:ff:c8:23:1b:15:ef:60:cf:09:d0:8f:e4:2f:
                    d9:46:e4:18:42:58:89:b8:ca:a4:12:6e:f6:5b:db:
                    6f:73:aa:75:96:22:6e:8c:6f:b9:f8:0a:21:e4:78:
                    06:9b:2e:0c:9c:31:30:6f:f2:62:dc:65:63:be:6a:
                    4d:8c:f9:d9:7c:f0:a3:1e:d3:93:cc:27:46:d7:46:
                    20:16:22:2b:1d:43:94:f2:bb:90:3b:7c:29:bc:50:
                    e2:a8:c4:c7:ac:2e:55:d6:e2:1f:a4:4b:35:8a:8f:
                    bf:2f:6f:50:96:c0:14:9a:7c:d5:23:d4:05:10:33:
                    30:6d:4a:1a:7f:e8:a1:85:9c:7e:8a:da:1d:48:f7:
                    e9:6f:1f:7b:34:72:28:86:4f:1a:89:ad:c1:59:f7:
                    7c:a1:54:e6:0b:9c:83:89:79:21:ba:54:5f:ac:5f:
                    dc:4a:b7:99:fe:ed:47:0b:56:08:0a:13:90:fb:01:
                    6e:97:81:d4:7b:a7:e7:02:04:82:f1:8c:17:b8:4f:
                    99:76:92:d4:74:18:2e:8f:28:94:2f:d9:f8:cc:3b:
                    e2:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:F9:71:DE:A8:79:35:11:BA:CF:34:42:91:87:C4:BE:9D:2A:0C:86
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/7vlx3qh5NRG6zzRCkYfEvp0qDIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:86c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         1e:53:63:ae:36:7b:81:84:d5:00:5b:0c:53:91:97:71:b4:e6:
         db:2d:0c:4f:64:42:07:87:77:cd:d2:3d:23:f6:eb:f0:04:88:
         72:7b:46:78:f9:61:50:be:d4:f8:94:ee:37:c3:cb:56:5c:17:
         11:21:7d:48:46:a3:76:7c:43:da:2f:15:40:de:5d:1d:0d:d7:
         0a:d9:14:92:9d:30:7a:f5:31:02:d4:90:ce:09:c8:16:ec:69:
         d5:f0:fd:26:84:b3:8d:a9:f0:63:87:8c:a5:2d:37:fd:06:7a:
         30:71:c6:2d:49:cf:f8:00:37:e6:ce:6d:71:f1:1c:5b:61:9a:
         1b:80:8a:1e:25:60:ec:8c:8f:26:62:b5:97:2d:69:42:15:b7:
         0a:f3:b8:0f:fb:76:f1:f7:b5:3e:44:3e:c6:0f:21:ba:df:c6:
         b3:21:ab:de:a1:22:cc:8f:29:ad:70:85:18:4e:0d:06:04:16:
         f1:6e:8e:1f:03:d4:03:8e:5d:dd:a0:ba:59:77:3b:63:75:c3:
         26:ac:4d:d4:f5:09:ab:ef:6e:28:57:a6:7b:20:56:0e:b6:c2:
         d6:13:52:60:88:c0:c0:01:f2:ba:d4:5e:eb:7b:75:8b:d6:37:
         fe:06:8c:b7:18:66:2b:56:b5:d2:d5:db:47:12:a0:b7:e0:e8:
         07:57:6d:22
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZUZpCaEhR8g0IbHeeKj11fcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwMjE4MTUxOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWY5NzFkZWE4NzkzNTExYmFjZjM0NDI5MTg3YzRiZTlkMmEwYzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm3pGfOUTyjMAEqrh2X0N8Qu4AVN
lXTqa+13ZNjU6xYimAKyYYmbZ1irWcCnFf/IIxsV72DPCdCP5C/ZRuQYQliJuMqk
Em72W9tvc6p1liJujG+5+Aoh5HgGmy4MnDEwb/Ji3GVjvmpNjPnZfPCjHtOTzCdG
10YgFiIrHUOU8ruQO3wpvFDiqMTHrC5V1uIfpEs1io+/L29QlsAUmnzVI9QFEDMw
bUoaf+ihhZx+itodSPfpbx97NHIohk8aia3BWfd8oVTmC5yDiXkhulRfrF/cSreZ
/u1HC1YIChOQ+wFul4HUe6fnAgSC8YwXuE+ZdpLUdBgujyiUL9n4zDvigwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO75cd6oeTURus80QpGHxL6dKgyGMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvN3ZseDNxaDVOUkc2enpSQ2tZZkV2cDBxRElZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIbA
MA0GCSqGSIb3DQEBCwUAA4IBAQAeU2OuNnuBhNUAWwxTkZdxtObbLQxPZEIHh3fN
0j0j9uvwBIhye0Z4+WFQvtT4lO43w8tWXBcRIX1IRqN2fEPaLxVA3l0dDdcK2RSS
nTB69TEC1JDOCcgW7GnV8P0mhLONqfBjh4ylLTf9BnowccYtSc/4ADfmzm1x8Rxb
YZobgIoeJWDsjI8mYrWXLWlCFbcK87gP+3bx97U+RD7GDyG638azIaveoSLMjymt
cIUYTg0GBBbxbo4fA9QDjl3doLpZdztjdcMmrE3U9Qmr724oV6Z7IFYOtsLWE1Jg
iMDAAfK61F7re3WL1jf+Boy3GGYrVrXS1dtHEqC34OgHV20i
-----END CERTIFICATE-----