Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/hI46h1AVRwpuweR_qkjPXkw0O2k.roa
File:                     hI46h1AVRwpuweR_qkjPXkw0O2k.roa (raw, json)
Hash identifier:          iVTQ7975a1sIHisxSW/MFIVcaf8MKzOpFRhCojtRDhg=
Subject key identifier:   84:8E:3A:87:50:15:47:0A:6E:C1:E4:7F:AA:48:CF:5E:4C:34:3B:69
Certificate issuer:       /CN=b2c0bdafadea78dce312f862ddf42b1bd4c4f645
Certificate serial:       019427B582497BAA5B51E878FA6CDE2576E0
Authority key identifier: B2:C0:BD:AF:AD:EA:78:DC:E3:12:F8:62:DD:F4:2B:1B:D4:C4:F6:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ssC9r63qeNzjEvhi3fQrG9TE9kU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/hI46h1AVRwpuweR_qkjPXkw0O2k.roa
Signing time:             Thu 02 Jan 2025 15:49:54 +0000
ROA not before:           Thu 02 Jan 2025 15:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207459
IP address blocks:        2a10:9f80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/ssC9r63qeNzjEvhi3fQrG9TE9kU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/ssC9r63qeNzjEvhi3fQrG9TE9kU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ssC9r63qeNzjEvhi3fQrG9TE9kU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:82:49:7b:aa:5b:51:e8:78:fa:6c:de:25:76:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2c0bdafadea78dce312f862ddf42b1bd4c4f645
        Validity
            Not Before: Jan  2 15:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=848e3a875015470a6ec1e47faa48cf5e4c343b69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:aa:af:b3:32:3a:c1:b4:ad:41:c4:b9:d0:6d:
                    2a:59:1d:cb:3e:74:c5:43:14:cc:25:cf:9e:a7:99:
                    b4:1e:73:5f:92:29:22:2a:6b:14:ec:b2:13:20:28:
                    ad:65:de:5f:59:da:3b:0e:c1:6a:49:47:66:23:77:
                    f9:d5:50:a6:1b:5d:e6:6b:85:d7:92:e8:c6:9c:56:
                    d0:21:c7:d7:1d:be:8c:d5:cf:87:40:50:c5:a0:d1:
                    81:2c:d1:37:af:2b:84:1b:e0:9c:62:d4:7b:6a:a8:
                    91:4f:4a:cd:b4:77:f5:7c:ca:50:db:5a:94:8f:98:
                    14:bb:56:6d:b6:72:8a:22:c2:7a:ed:0b:81:ea:c8:
                    f8:37:cb:d6:c7:12:a5:bc:8e:6a:94:b1:a1:43:e0:
                    88:de:e7:e2:9c:72:a1:be:3a:3b:6a:90:ff:e6:2c:
                    98:85:ae:5d:b4:d1:3f:45:39:f4:aa:a1:43:5c:f8:
                    7c:b8:dd:69:e0:3f:ad:ce:b9:98:69:42:82:47:7a:
                    b2:1f:7b:14:0c:6a:3a:44:77:0e:db:d6:70:03:7f:
                    65:93:75:6b:07:36:a7:53:17:11:d2:f4:5f:e5:92:
                    7e:b5:79:81:74:e6:07:05:5b:83:5f:95:d6:61:0f:
                    f6:82:69:c7:80:9e:d6:37:f6:8d:76:7d:62:d3:e9:
                    21:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:8E:3A:87:50:15:47:0A:6E:C1:E4:7F:AA:48:CF:5E:4C:34:3B:69
            X509v3 Authority Key Identifier:
                keyid:B2:C0:BD:AF:AD:EA:78:DC:E3:12:F8:62:DD:F4:2B:1B:D4:C4:F6:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ssC9r63qeNzjEvhi3fQrG9TE9kU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/hI46h1AVRwpuweR_qkjPXkw0O2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/ssC9r63qeNzjEvhi3fQrG9TE9kU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:9f80::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:49:1d:07:41:26:2c:43:e1:a3:6c:e7:4c:e4:f2:dd:88:4b:
         61:3b:96:e6:c0:c3:72:f3:64:33:4f:43:27:36:92:0d:6c:4a:
         ca:d8:c8:78:48:a1:5b:2b:42:4d:18:be:80:3e:1c:e2:4e:26:
         c8:af:cc:48:31:25:43:47:f3:40:c6:30:e9:2a:ed:5a:d6:93:
         8e:67:86:af:ed:32:84:61:3a:7c:56:54:e8:aa:0d:c3:1c:f3:
         3f:89:d0:54:82:fd:be:bb:fe:ef:27:b3:39:2e:26:a1:df:54:
         6e:b1:9b:8a:0b:73:67:1c:ed:56:a3:a3:bc:e8:50:dc:3e:83:
         15:fb:68:71:86:6a:d2:35:02:0a:e4:68:d8:f2:41:49:60:25:
         3a:44:28:45:64:ae:0a:89:23:18:39:d2:6f:4f:7a:6d:d2:31:
         d1:5b:76:23:4e:0f:dc:5c:18:50:8a:02:97:da:15:8b:e0:95:
         73:4f:38:cf:d8:36:df:f1:78:b1:8e:7a:3a:c3:21:fc:00:b3:
         e1:91:34:af:80:f2:5f:a7:8a:2f:a0:ec:c5:31:03:10:24:aa:
         93:fc:95:71:c3:da:aa:dd:43:1c:e9:4d:96:46:7a:2c:11:ac:
         5c:ad:32:99:85:a2:ec:73:91:51:4e:31:f4:7f:04:fa:e1:cb:
         40:86:36:c4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQntYJJe6pbUeh4+mzeJXbgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYzBiZGFmYWRlYTc4ZGNlMzEyZjg2MmRkZjQyYjFiZDRj
NGY2NDUwHhcNMjUwMTAyMTU0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDhlM2E4NzUwMTU0NzBhNmVjMWU0N2ZhYTQ4Y2Y1ZTRjMzQzYjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qqvszI6wbStQcS50G0qWR3LPnTF
QxTMJc+ep5m0HnNfkikiKmsU7LITICitZd5fWdo7DsFqSUdmI3f51VCmG13ma4XX
kujGnFbQIcfXHb6M1c+HQFDFoNGBLNE3ryuEG+CcYtR7aqiRT0rNtHf1fMpQ21qU
j5gUu1ZttnKKIsJ67QuB6sj4N8vWxxKlvI5qlLGhQ+CI3ufinHKhvjo7apD/5iyY
ha5dtNE/RTn0qqFDXPh8uN1p4D+tzrmYaUKCR3qyH3sUDGo6RHcO29ZwA39lk3Vr
BzanUxcR0vRf5ZJ+tXmBdOYHBVuDX5XWYQ/2gmnHgJ7WN/aNdn1i0+khgQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFISOOodQFUcKbsHkf6pIz15MNDtpMB8GA1UdIwQY
MBaAFLLAva+t6njc4xL4Yt30KxvUxPZFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3NDOXI2M3FlTnpqRXZoaTNmUXJHOVRFOWtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8xZjM3MTItY2YyYy00ODZlLTk1YjMt
ZmNjMzM2ZWVkOGQ3LzEvaEk0NmgxQVZSd3B1d2VSX3FralBYa3cwTzJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8xZjM3MTItY2YyYy00ODZlLTk1YjMtZmNjMzM2ZWVkOGQ3
LzEvc3NDOXI2M3FlTnpqRXZoaTNmUXJHOVRFOWtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhCfgDAN
BgkqhkiG9w0BAQsFAAOCAQEAmUkdB0EmLEPho2znTOTy3YhLYTuW5sDDcvNkM09D
JzaSDWxKytjIeEihWytCTRi+gD4c4k4myK/MSDElQ0fzQMYw6SrtWtaTjmeGr+0y
hGE6fFZU6KoNwxzzP4nQVIL9vrv+7yezOS4mod9UbrGbigtzZxztVqOjvOhQ3D6D
FftocYZq0jUCCuRo2PJBSWAlOkQoRWSuCokjGDnSb096bdIx0Vt2I04P3FwYUIoC
l9oVi+CVc084z9g23/F4sY56OsMh/ACz4ZE0r4DyX6eKL6DsxTEDECSqk/yVccPa
qt1DHOlNlkZ6LBGsXK0ymYWi7HORUU4x9H8E+uHLQIY2xA==
-----END CERTIFICATE-----