Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/zi2CsOQFQzmgiLW7XatRJneVyvk.roa
File:                     zi2CsOQFQzmgiLW7XatRJneVyvk.roa (raw, json)
Hash identifier:          LCCebHkeAI8Z2rW65Ct3fL2GsXp8CY2YAfMf32+b5Lw=
Subject key identifier:   CE:2D:82:B0:E4:05:43:39:A0:88:B5:BB:5D:AB:51:26:77:95:CA:F9
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019422FC03DFC118286E2097F4C75670A88E
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/zi2CsOQFQzmgiLW7XatRJneVyvk.roa
Signing time:             Wed 01 Jan 2025 17:48:48 +0000
ROA not before:           Wed 01 Jan 2025 17:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399646
IP address blocks:        2a0c:9a40:908f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:03:df:c1:18:28:6e:20:97:f4:c7:56:70:a8:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 17:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce2d82b0e4054339a088b5bb5dab51267795caf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:12:0d:08:0f:47:3a:cf:f2:4d:51:40:4a:2a:
                    1e:8e:a0:70:67:73:9f:f2:1c:f0:e1:ed:b1:7d:e3:
                    4d:f0:cd:e9:56:78:77:68:ba:fb:1a:5a:cb:e4:57:
                    24:30:10:10:16:ef:71:cc:96:e4:a2:01:c8:5e:23:
                    7b:f0:7d:ea:cc:d1:8b:50:8b:b6:00:6d:d9:70:44:
                    f7:4a:93:7a:ce:8f:23:47:14:2a:d2:4e:81:17:06:
                    1b:10:58:31:7f:69:5c:a1:81:ef:cb:be:f7:17:a7:
                    d3:ae:81:27:97:ee:18:e5:24:e7:0a:6b:9f:e6:71:
                    eb:3b:12:6b:ed:8a:90:61:fa:66:bd:4b:21:bb:42:
                    ae:9a:f9:68:49:a2:65:e7:cf:52:d8:91:89:14:65:
                    03:9f:b8:be:b7:c4:86:28:46:52:89:74:50:72:cf:
                    de:86:2c:be:45:45:f2:38:08:a6:5d:98:b2:65:40:
                    9f:ed:3a:af:44:7d:a7:58:c4:fc:c3:40:fe:fd:99:
                    7e:0d:fe:a7:52:a5:c2:86:d9:17:04:f8:77:38:5c:
                    e6:14:0e:3a:c2:fc:8e:23:c4:3d:ea:4f:1a:7a:86:
                    d3:74:24:66:67:c8:f9:c3:23:34:53:53:97:a7:8f:
                    43:25:80:a3:f2:60:49:bf:27:b4:36:52:97:69:c0:
                    f6:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:2D:82:B0:E4:05:43:39:A0:88:B5:BB:5D:AB:51:26:77:95:CA:F9
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/zi2CsOQFQzmgiLW7XatRJneVyvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:908f::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:75:8d:e4:15:c2:9c:86:8c:bf:53:b4:71:21:46:63:ed:be:
         af:8b:5e:d1:04:29:92:8e:93:b8:22:e9:d9:3e:c5:9a:8b:86:
         22:2c:66:d6:ca:8a:0e:bc:d8:6d:e4:8c:78:d8:83:7b:c1:53:
         37:23:86:5e:2b:5a:aa:18:df:ba:af:04:77:24:61:7e:65:19:
         82:fb:da:60:ae:81:eb:80:8d:60:e6:04:78:c3:8f:9e:ca:3b:
         98:98:f7:5e:f7:59:a0:e3:f7:9e:fb:85:91:d3:d7:17:46:6f:
         1a:5a:70:d5:3c:2c:aa:98:42:96:d0:e1:bf:8e:04:59:6a:dc:
         80:2b:46:79:43:6d:49:9d:bf:d8:2f:84:52:20:0c:12:e1:68:
         d4:dc:26:6c:44:59:61:ad:1d:b8:6c:f6:dd:04:d1:86:f9:2c:
         6a:dd:e8:de:84:c4:a5:bf:d9:67:c5:6a:00:e2:81:4b:57:88:
         37:27:b3:ae:81:92:3c:ee:dc:4f:cf:7d:a9:3d:17:de:b7:55:
         bb:41:b7:de:4c:74:ec:8a:13:3a:00:31:c8:ae:20:c4:a8:bf:
         b1:e0:d1:92:e6:43:e9:f7:40:3c:de:e6:5c:38:cc:ee:2e:19:
         de:05:3d:83:59:92:e6:b3:24:e3:d3:11:63:d2:43:cd:c4:12:
         7f:93:7b:51
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi/APfwRgobiCX9MdWcKiOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwMTAxMTc0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTJkODJiMGU0MDU0MzM5YTA4OGI1YmI1ZGFiNTEyNjc3OTVjYWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxINCA9HOs/yTVFASioejqBwZ3Of
8hzw4e2xfeNN8M3pVnh3aLr7GlrL5FckMBAQFu9xzJbkogHIXiN78H3qzNGLUIu2
AG3ZcET3SpN6zo8jRxQq0k6BFwYbEFgxf2lcoYHvy773F6fTroEnl+4Y5STnCmuf
5nHrOxJr7YqQYfpmvUshu0KumvloSaJl589S2JGJFGUDn7i+t8SGKEZSiXRQcs/e
hiy+RUXyOAimXZiyZUCf7TqvRH2nWMT8w0D+/Zl+Df6nUqXChtkXBPh3OFzmFA46
wvyOI8Q96k8aeobTdCRmZ8j5wyM0U1OXp49DJYCj8mBJvye0NlKXacD2fQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM4tgrDkBUM5oIi1u12rUSZ3lcr5MB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvemkyQ3NPUUZRem1naUxXN1hhdFJKbmVWeXZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQJCP
MA0GCSqGSIb3DQEBCwUAA4IBAQCFdY3kFcKchoy/U7RxIUZj7b6vi17RBCmSjpO4
IunZPsWai4YiLGbWyooOvNht5Ix42IN7wVM3I4ZeK1qqGN+6rwR3JGF+ZRmC+9pg
roHrgI1g5gR4w4+eyjuYmPde91mg4/ee+4WR09cXRm8aWnDVPCyqmEKW0OG/jgRZ
atyAK0Z5Q21Jnb/YL4RSIAwS4WjU3CZsRFlhrR24bPbdBNGG+Sxq3ejehMSlv9ln
xWoA4oFLV4g3J7OugZI87txPz32pPRfet1W7QbfeTHTsihM6ADHIriDEqL+x4NGS
5kPp90A83uZcOMzuLhneBT2DWZLmsyTj0xFj0kPNxBJ/k3tR
-----END CERTIFICATE-----