Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/tL3pyqTZYxZ_qa_b9yKLSwMs1Lg.roa
File:                     tL3pyqTZYxZ_qa_b9yKLSwMs1Lg.roa (raw, json)
Hash identifier:          SsXg6ved3DVD1cm5Ub2RsjhFyBtNYOQEL6bzZhTfGBg=
Subject key identifier:   B4:BD:E9:CA:A4:D9:63:16:7F:A9:AF:DB:F7:22:8B:4B:03:2C:D4:B8
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       0195346E5D6B11769FE7C35F2C3427364B15
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/tL3pyqTZYxZ_qa_b9yKLSwMs1Lg.roa
Signing time:             Sun 23 Feb 2025 20:10:02 +0000
ROA not before:           Sun 23 Feb 2025 20:10:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213437
IP address blocks:        2a0c:9a40:8f00::/48 maxlen: 48
                          2a0c:9a40:8f10::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:34:6e:5d:6b:11:76:9f:e7:c3:5f:2c:34:27:36:4b:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Feb 23 20:10:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4bde9caa4d963167fa9afdbf7228b4b032cd4b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ca:cc:52:33:96:65:25:ef:30:fc:11:72:72:
                    36:fe:fb:18:8c:9d:65:83:d3:c3:3c:ac:4f:e1:14:
                    88:b0:aa:e3:90:89:34:8c:15:23:57:3f:34:f7:2a:
                    b9:8e:1d:c3:e5:7d:6d:50:7d:08:6c:43:c7:e5:28:
                    d1:78:b1:a9:d9:36:5a:5d:54:dc:e2:65:1e:b9:d4:
                    86:a8:84:56:0b:33:2a:cb:c3:d2:05:38:ba:64:73:
                    ef:c0:ca:34:a2:34:46:a4:27:53:83:0e:f1:44:57:
                    98:48:aa:d4:6a:a8:96:d4:b7:98:27:73:6e:fc:ba:
                    ee:bc:76:5b:d1:92:55:65:f3:cd:6f:a2:2a:5e:f2:
                    e7:e2:12:3e:46:43:97:48:98:41:6d:b9:d6:e9:43:
                    be:0b:bd:64:5a:1d:f2:90:69:44:ef:f0:8c:ef:b6:
                    c6:8a:f8:8f:ea:b0:99:8e:91:61:f9:ac:51:80:c5:
                    ef:52:29:17:a6:1d:77:e8:cf:d7:d3:0f:5f:27:20:
                    27:46:ec:49:1e:d4:45:d2:e8:f7:c2:ac:fc:75:22:
                    0e:42:b6:17:b6:c8:fd:c1:69:33:0c:2b:c0:2c:a1:
                    d4:96:a5:1e:fd:ae:07:08:62:42:dd:c5:27:74:96:
                    fe:87:ca:b4:8e:d8:cc:48:55:ff:76:0d:87:11:d6:
                    fa:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:BD:E9:CA:A4:D9:63:16:7F:A9:AF:DB:F7:22:8B:4B:03:2C:D4:B8
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/tL3pyqTZYxZ_qa_b9yKLSwMs1Lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8f00::/48
                  2a0c:9a40:8f10::/44

    Signature Algorithm: sha256WithRSAEncryption
         70:e1:cf:ab:91:0d:0b:ee:0b:36:54:2f:3e:c9:60:f0:60:0b:
         99:df:7c:1f:61:8e:2b:10:22:da:3d:d0:6c:3e:69:15:a6:bd:
         ec:7c:53:b0:f6:63:59:2e:ba:96:15:c6:d0:ce:f6:d0:20:42:
         5e:6b:1c:62:83:ef:e8:f2:32:c7:4f:67:04:2d:38:5b:ed:82:
         63:79:f1:20:6e:9c:74:c5:af:11:7b:e1:98:4b:28:0a:a0:89:
         f9:62:8b:ce:ca:1d:95:c8:08:36:8b:53:c6:06:54:b1:57:74:
         1c:3b:09:a0:0a:c5:ca:f2:fd:b1:e2:8a:3c:bc:3d:d0:8b:01:
         62:55:c3:0d:32:88:c4:e6:40:68:be:c9:ce:13:b1:3c:a3:de:
         95:7e:e5:a2:9b:bb:6e:32:97:ca:e2:fc:37:c1:53:df:78:3f:
         4f:1d:e6:e5:c1:02:09:5b:9f:59:37:34:8f:43:6e:68:11:a6:
         ec:8a:f6:65:98:b4:5f:7e:6e:a0:b9:39:61:ee:39:60:60:5b:
         7f:88:96:5d:91:17:3e:10:df:2d:af:4e:f6:33:e2:50:56:06:
         08:cc:55:72:72:0c:28:a8:d1:df:e8:22:d1:a2:8a:80:73:f3:
         76:53:6e:54:8d:cd:df:21:1f:a9:ca:01:61:80:15:a5:46:47:
         67:30:c0:05
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZU0bl1rEXaf58NfLDQnNksVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwMjIzMjAxMDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGJkZTljYWE0ZDk2MzE2N2ZhOWFmZGJmNzIyOGI0YjAzMmNkNGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMrMUjOWZSXvMPwRcnI2/vsYjJ1l
g9PDPKxP4RSIsKrjkIk0jBUjVz809yq5jh3D5X1tUH0IbEPH5SjReLGp2TZaXVTc
4mUeudSGqIRWCzMqy8PSBTi6ZHPvwMo0ojRGpCdTgw7xRFeYSKrUaqiW1LeYJ3Nu
/LruvHZb0ZJVZfPNb6IqXvLn4hI+RkOXSJhBbbnW6UO+C71kWh3ykGlE7/CM77bG
iviP6rCZjpFh+axRgMXvUikXph136M/X0w9fJyAnRuxJHtRF0uj3wqz8dSIOQrYX
tsj9wWkzDCvALKHUlqUe/a4HCGJC3cUndJb+h8q0jtjMSFX/dg2HEdb6ywIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLS96cqk2WMWf6mv2/cii0sDLNS4MB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvdEwzcHlxVFpZeFpfcWFfYjl5S0xTd01zMUxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgyaQI8A
AwcEKgyaQI8QMA0GCSqGSIb3DQEBCwUAA4IBAQBw4c+rkQ0L7gs2VC8+yWDwYAuZ
33wfYY4rECLaPdBsPmkVpr3sfFOw9mNZLrqWFcbQzvbQIEJeaxxig+/o8jLHT2cE
LThb7YJjefEgbpx0xa8Re+GYSygKoIn5YovOyh2VyAg2i1PGBlSxV3QcOwmgCsXK
8v2x4oo8vD3QiwFiVcMNMojE5kBovsnOE7E8o96VfuWim7tuMpfK4vw3wVPfeD9P
HeblwQIJW59ZNzSPQ25oEabsivZlmLRffm6guTlh7jlgYFt/iJZdkRc+EN8tr072
M+JQVgYIzFVycgwoqNHf6CLRooqAc/N2U25Ujc3fIR+pygFhgBWlRkdnMMAF
-----END CERTIFICATE-----