Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/CqDJMwhk_2ZntneCBIrl8rISUzU.roa
File:                     CqDJMwhk_2ZntneCBIrl8rISUzU.roa (raw, json)
Hash identifier:          teH4nNPcFC2KB+iHlZtvEBZsM/KhqphCacjVGmTOb88=
Subject key identifier:   0A:A0:C9:33:08:64:FF:66:67:B6:77:82:04:8A:E5:F2:B2:12:53:35
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019422FBCAA4969A2CD09AA0A5FC7526868A
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/CqDJMwhk_2ZntneCBIrl8rISUzU.roa
Signing time:             Wed 01 Jan 2025 17:48:34 +0000
ROA not before:           Wed 01 Jan 2025 17:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     134090
IP address blocks:        2a0c:9a40:8cb0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ca:a4:96:9a:2c:d0:9a:a0:a5:fc:75:26:86:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 17:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0aa0c9330864ff6667b67782048ae5f2b2125335
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:8b:63:45:73:2d:77:79:a0:9e:e3:48:1c:8b:
                    fa:d0:60:30:ea:f9:18:9d:57:82:0d:0c:17:64:e3:
                    9b:12:83:fd:d9:6d:af:92:6e:85:be:bc:f4:0a:ad:
                    f4:e4:17:a0:8b:f5:7b:9d:1b:9e:19:68:08:2c:4b:
                    03:fd:6b:21:a4:0d:85:19:05:68:e0:3f:aa:7e:c8:
                    f2:f2:a1:5d:73:7d:4d:e7:c3:86:1f:54:64:87:41:
                    d3:99:d2:17:c8:92:e6:35:60:fc:ec:0c:00:33:09:
                    d5:1e:3f:2c:34:b1:fb:19:64:2c:00:f5:0d:03:ee:
                    e1:46:5e:8e:b6:33:17:6e:95:32:cc:1e:82:ae:44:
                    81:cb:a0:12:47:c5:b9:01:73:d6:93:83:9a:3b:47:
                    79:b8:d2:6f:db:50:84:95:82:d0:32:9d:14:8b:c9:
                    4a:d7:e1:b9:6f:92:76:d5:36:20:cf:fb:f1:25:0a:
                    19:58:7e:40:ce:eb:72:42:38:11:c6:fd:72:13:10:
                    59:35:06:e4:18:b8:48:48:6d:40:e3:da:b2:69:7b:
                    52:65:10:0c:6f:cb:19:ea:b0:f0:cf:df:99:23:02:
                    1f:9e:83:ec:6d:08:8e:2d:2d:53:90:11:ff:f5:53:
                    52:5b:8b:2f:8e:cf:a2:7c:6e:d5:6b:e4:1f:58:d2:
                    ea:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:A0:C9:33:08:64:FF:66:67:B6:77:82:04:8A:E5:F2:B2:12:53:35
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/CqDJMwhk_2ZntneCBIrl8rISUzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8cb0::/48

    Signature Algorithm: sha256WithRSAEncryption
         b7:ee:7f:12:22:be:77:f4:02:e3:be:ae:6b:7c:ff:57:ac:4d:
         15:4a:92:9b:14:93:74:c0:50:55:f5:36:62:0f:2c:4a:c0:51:
         dc:f6:b1:a9:85:9c:31:37:cc:05:9e:d2:9f:bd:08:31:22:55:
         c8:46:54:5f:24:00:13:75:05:2f:e9:07:41:21:a8:9a:45:a4:
         82:d7:2a:93:1c:88:72:37:9a:64:ff:79:98:e5:f9:f5:b3:49:
         34:9c:61:6b:76:47:8a:61:98:a4:e5:51:f3:f6:42:b8:c0:c1:
         57:7c:75:0c:c2:ef:ec:e8:87:08:db:d4:a4:40:a0:5a:ff:f6:
         c9:d7:69:85:7f:0f:0a:df:25:a5:1e:6a:39:b5:2c:9f:e3:66:
         f7:1e:27:32:56:16:14:67:72:94:ea:5c:ea:c3:67:30:91:a7:
         d2:14:41:04:b8:48:86:f6:58:26:48:14:4d:3b:e5:f3:d5:62:
         3c:ca:be:b6:8b:4a:5f:65:a2:ab:83:43:08:c9:26:e1:4d:a6:
         c7:51:0b:d3:73:8f:75:b7:2a:d9:26:1f:12:31:ed:ab:8e:e2:
         c6:8c:c1:3a:ca:94:9e:4a:91:31:06:d0:68:05:2f:2e:01:8c:
         f0:7d:e1:66:82:76:9c:ce:fc:ce:d1:09:cc:9a:2f:57:4c:32:
         fc:aa:4f:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi+8qklpos0Jqgpfx1JoaKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwMTAxMTc0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWEwYzkzMzA4NjRmZjY2NjdiNjc3ODIwNDhhZTVmMmIyMTI1MzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuItjRXMtd3mgnuNIHIv60GAw6vkY
nVeCDQwXZOObEoP92W2vkm6Fvrz0Cq305Begi/V7nRueGWgILEsD/WshpA2FGQVo
4D+qfsjy8qFdc31N58OGH1Rkh0HTmdIXyJLmNWD87AwAMwnVHj8sNLH7GWQsAPUN
A+7hRl6OtjMXbpUyzB6CrkSBy6ASR8W5AXPWk4OaO0d5uNJv21CElYLQMp0Ui8lK
1+G5b5J21TYgz/vxJQoZWH5AzutyQjgRxv1yExBZNQbkGLhISG1A49qyaXtSZRAM
b8sZ6rDwz9+ZIwIfnoPsbQiOLS1TkBH/9VNSW4svjs+ifG7Va+QfWNLqEQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAqgyTMIZP9mZ7Z3ggSK5fKyElM1MB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvQ3FESk13aGtfMlpudG5lQ0JJcmw4cklTVXpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIyw
MA0GCSqGSIb3DQEBCwUAA4IBAQC37n8SIr539ALjvq5rfP9XrE0VSpKbFJN0wFBV
9TZiDyxKwFHc9rGphZwxN8wFntKfvQgxIlXIRlRfJAATdQUv6QdBIaiaRaSC1yqT
HIhyN5pk/3mY5fn1s0k0nGFrdkeKYZik5VHz9kK4wMFXfHUMwu/s6IcI29SkQKBa
//bJ12mFfw8K3yWlHmo5tSyf42b3HicyVhYUZ3KU6lzqw2cwkafSFEEEuEiG9lgm
SBRNO+Xz1WI8yr62i0pfZaKrg0MIySbhTabHUQvTc491tyrZJh8SMe2rjuLGjME6
ypSeSpExBtBoBS8uAYzwfeFmgnaczvzO0QnMmi9XTDL8qk9Q
-----END CERTIFICATE-----