Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/oHUjMpSWYEKGoPzs1yOTGXflGJI.roa
File:                     oHUjMpSWYEKGoPzs1yOTGXflGJI.roa (raw, json)
Hash identifier:          sxwq1WlD+KomLOLU3YRVbmLgXFXQa6KgVfqiKpbpg/E=
Subject key identifier:   A0:75:23:32:94:96:60:42:86:A0:FC:EC:D7:23:93:19:77:E5:18:92
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019422FBDAFE3EBFD12DAC2715D10356B9C7
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/oHUjMpSWYEKGoPzs1yOTGXflGJI.roa
Signing time:             Wed 01 Jan 2025 17:48:38 +0000
ROA not before:           Wed 01 Jan 2025 17:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202297
IP address blocks:        2a0c:9a40:8089::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:da:fe:3e:bf:d1:2d:ac:27:15:d1:03:56:b9:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 17:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a07523329496604286a0fcecd723931977e51892
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0c:82:9b:85:13:81:5b:55:ce:df:36:44:01:
                    19:71:ee:b7:77:1b:14:92:c2:92:6b:c7:aa:7c:ee:
                    d9:74:57:20:a7:93:a5:2c:11:eb:1f:e6:29:e9:a5:
                    bd:e3:d3:49:e7:1e:80:6b:64:7f:49:54:03:11:60:
                    c4:4e:1d:22:ff:82:18:42:fd:e1:e1:b0:8e:1e:b3:
                    38:52:e0:d4:fe:fa:33:0c:51:b5:8e:a1:f4:a5:be:
                    18:76:df:b8:ac:d5:7e:0f:ab:07:eb:0b:21:37:6a:
                    5f:5b:e4:0a:7c:44:35:17:6f:4d:f4:7f:99:48:e7:
                    b1:07:f7:64:7e:89:37:d0:d2:f3:dd:1d:d1:03:fe:
                    74:b6:88:68:3f:e8:6b:48:9c:15:5d:b3:41:dd:0f:
                    cb:5b:8c:c6:19:2b:7e:67:39:bc:3b:98:59:54:d5:
                    68:b0:9b:ec:1c:bb:e0:5f:27:4b:64:0f:a1:d8:ae:
                    d2:40:38:70:2e:80:94:c6:e0:29:b0:11:be:1a:ae:
                    dc:8b:76:19:91:5d:64:00:af:65:5f:fc:4c:8d:c0:
                    53:7c:7d:cb:a8:05:1f:49:4c:a9:9e:16:8e:a9:46:
                    a3:a6:d5:b5:44:75:c3:b0:7a:ed:58:a3:02:07:cc:
                    40:c5:74:57:c9:7c:7a:66:75:99:50:78:db:3f:c6:
                    f7:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:75:23:32:94:96:60:42:86:A0:FC:EC:D7:23:93:19:77:E5:18:92
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/oHUjMpSWYEKGoPzs1yOTGXflGJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8089::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:49:88:70:6c:2b:8d:30:d5:a6:b7:dd:25:d4:90:dd:08:1c:
         1f:44:98:4a:8c:7d:a7:62:2c:11:7f:1e:15:91:20:3e:47:0d:
         a3:2b:25:5d:11:83:11:99:8e:82:ab:cf:4a:a3:60:2e:b9:14:
         01:8e:2f:af:95:8f:5b:f5:fe:1e:da:3e:94:43:3f:e3:55:db:
         aa:7a:e4:f1:b2:c0:ef:47:e1:e5:02:ba:a3:b6:86:4a:bf:95:
         43:9f:36:53:f0:18:c1:24:74:1d:6a:ad:96:74:3d:7e:70:ef:
         fe:60:d5:05:7a:05:ce:2c:9c:b8:c2:a5:5d:bf:57:ea:1a:f6:
         c5:f2:14:cd:b8:81:39:3f:65:8f:40:5b:ef:93:d9:29:56:ba:
         13:c3:30:5e:2c:5e:3e:a7:4e:39:f1:74:41:48:76:e8:1e:f9:
         40:d2:c7:b1:f6:1d:2c:80:10:ed:f5:77:77:b0:9a:d7:93:b3:
         27:be:d2:71:f2:8e:62:1a:de:83:dc:19:a7:8d:f1:d9:ae:2a:
         de:4d:24:d2:ff:a3:41:8b:79:fd:0b:65:be:e5:e6:d2:4c:40:
         67:25:cf:06:02:aa:b0:79:3c:d3:8a:f0:99:71:34:67:c1:39:
         1d:80:8a:c7:8f:3b:a0:f9:76:e0:f5:9b:de:ee:7d:54:99:2e:
         3a:a7:90:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi+9r+Pr/RLawnFdEDVrnHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwMTAxMTc0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDc1MjMzMjk0OTY2MDQyODZhMGZjZWNkNzIzOTMxOTc3ZTUxODkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQyCm4UTgVtVzt82RAEZce63dxsU
ksKSa8eqfO7ZdFcgp5OlLBHrH+Yp6aW949NJ5x6Aa2R/SVQDEWDETh0i/4IYQv3h
4bCOHrM4UuDU/vozDFG1jqH0pb4Ydt+4rNV+D6sH6wshN2pfW+QKfEQ1F29N9H+Z
SOexB/dkfok30NLz3R3RA/50tohoP+hrSJwVXbNB3Q/LW4zGGSt+Zzm8O5hZVNVo
sJvsHLvgXydLZA+h2K7SQDhwLoCUxuApsBG+Gq7ci3YZkV1kAK9lX/xMjcBTfH3L
qAUfSUypnhaOqUajptW1RHXDsHrtWKMCB8xAxXRXyXx6ZnWZUHjbP8b3HQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKB1IzKUlmBChqD87Ncjkxl35RiSMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvb0hVak1wU1dZRUtHb1B6czF5T1RHWGZsR0pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQICJ
MA0GCSqGSIb3DQEBCwUAA4IBAQAtSYhwbCuNMNWmt90l1JDdCBwfRJhKjH2nYiwR
fx4VkSA+Rw2jKyVdEYMRmY6Cq89Ko2AuuRQBji+vlY9b9f4e2j6UQz/jVduqeuTx
ssDvR+HlArqjtoZKv5VDnzZT8BjBJHQdaq2WdD1+cO/+YNUFegXOLJy4wqVdv1fq
GvbF8hTNuIE5P2WPQFvvk9kpVroTwzBeLF4+p0458XRBSHboHvlA0sex9h0sgBDt
9Xd3sJrXk7MnvtJx8o5iGt6D3BmnjfHZrireTSTS/6NBi3n9C2W+5ebSTEBnJc8G
AqqweTzTivCZcTRnwTkdgIrHjzug+Xbg9Zve7n1UmS46p5D/
-----END CERTIFICATE-----