Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/QiWAHKME9j6jXWoDWmLBMtajJvE.roa
File:                     QiWAHKME9j6jXWoDWmLBMtajJvE.roa (raw, json)
Hash identifier:          aMoyecQaaEfNleHM1MRWgY3enB8c6H07Bf7pHPlVlXU=
Subject key identifier:   42:25:80:1C:A3:04:F6:3E:A3:5D:6A:03:5A:62:C1:32:D6:A3:26:F1
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019534FFEDC9AC3A0E7795AEFB05FD13D806
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/QiWAHKME9j6jXWoDWmLBMtajJvE.roa
Signing time:             Sun 23 Feb 2025 22:49:02 +0000
ROA not before:           Sun 23 Feb 2025 22:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213911
IP address blocks:        2a0d:d940:17::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 13:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:34:ff:ed:c9:ac:3a:0e:77:95:ae:fb:05:fd:13:d8:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Feb 23 22:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4225801ca304f63ea35d6a035a62c132d6a326f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:65:23:fd:63:6a:fe:d4:d9:8c:7e:70:e4:6f:
                    56:e3:09:48:aa:25:b9:8a:1a:d0:20:fb:f0:eb:1c:
                    da:21:34:84:04:61:ce:42:81:84:56:d5:9d:10:06:
                    32:5e:2c:7e:08:ef:66:a6:36:5b:7c:2d:d4:6b:d5:
                    a5:98:21:eb:d5:e6:13:ac:85:e0:a1:50:bb:e3:5c:
                    73:1a:fb:70:cf:91:d6:35:3a:a9:84:b8:6b:26:b8:
                    a2:54:f5:5e:3c:7e:f3:16:a5:5c:d9:cf:a5:41:13:
                    91:4d:58:88:42:2e:57:c9:7a:71:09:23:92:64:8c:
                    e1:75:dc:42:75:1c:fd:f9:2b:be:23:b9:d6:1b:b0:
                    e7:1d:f2:e1:62:aa:26:b3:9e:96:eb:84:46:1f:31:
                    d8:ab:e8:bd:82:b4:bd:a3:b1:b5:a9:0f:34:a5:8c:
                    38:03:43:52:ea:10:8a:c1:4a:d2:ac:ff:46:31:f8:
                    30:83:8c:1e:18:58:c8:fe:b0:0f:2f:be:7d:a0:be:
                    ab:90:b6:ad:c7:d0:a9:c6:21:ae:b6:be:ed:ae:b6:
                    ed:c9:f1:c3:37:28:4c:04:ed:d5:6a:c5:b5:73:82:
                    05:9c:26:ca:49:88:00:f3:4e:f3:18:5a:0a:06:e4:
                    8c:86:4f:4e:ad:fa:e5:7f:9d:3d:2a:65:38:ca:ca:
                    60:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:25:80:1C:A3:04:F6:3E:A3:5D:6A:03:5A:62:C1:32:D6:A3:26:F1
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/QiWAHKME9j6jXWoDWmLBMtajJvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:17::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:5f:d4:b1:b5:20:21:98:f4:2c:86:34:01:09:7a:96:31:73:
         15:4e:1b:ad:86:d0:39:d9:6b:42:87:c4:8d:b9:28:06:ca:64:
         3b:e6:22:08:f4:22:ff:8a:3e:fe:a1:9c:16:3c:59:ce:ec:4a:
         50:98:43:ac:e0:2a:93:32:c1:27:48:dd:3f:e1:d7:02:20:4c:
         fa:44:72:d5:b8:21:99:3a:30:6d:74:17:dc:f2:22:b7:e6:fa:
         ca:1a:a8:9c:66:b0:4f:ab:5c:2e:a9:4e:57:a7:54:5a:51:cc:
         49:3e:c5:37:9e:14:7f:3c:af:02:86:f1:cf:3e:29:51:72:a6:
         2a:2e:92:fe:3c:f4:a9:03:7e:57:04:e6:a1:77:d4:98:b3:43:
         0c:3b:fe:2a:fb:f0:b2:21:03:54:77:9a:8e:22:08:c5:f4:90:
         36:ef:61:7f:44:fe:b1:88:f6:8d:7f:e9:9a:3f:96:36:2b:a2:
         9a:55:a8:b0:30:a1:f9:4a:b6:44:98:63:71:d0:a8:8f:84:98:
         89:e8:51:ea:4d:b8:c6:d6:1a:c3:e2:ee:fc:79:68:2b:b4:fb:
         14:2f:a2:fe:c1:23:7a:51:7c:0e:8a:76:a6:9c:3d:6c:83:7e:
         92:4b:30:75:be:bf:a3:95:ee:2d:90:70:c3:a1:bd:47:76:18:
         ca:dc:c2:91
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZU0/+3JrDoOd5Wu+wX9E9gGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwMjIzMjI0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjI1ODAxY2EzMDRmNjNlYTM1ZDZhMDM1YTYyYzEzMmQ2YTMyNmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWUj/WNq/tTZjH5w5G9W4wlIqiW5
ihrQIPvw6xzaITSEBGHOQoGEVtWdEAYyXix+CO9mpjZbfC3Ua9WlmCHr1eYTrIXg
oVC741xzGvtwz5HWNTqphLhrJriiVPVePH7zFqVc2c+lQRORTViIQi5XyXpxCSOS
ZIzhddxCdRz9+Su+I7nWG7DnHfLhYqoms56W64RGHzHYq+i9grS9o7G1qQ80pYw4
A0NS6hCKwUrSrP9GMfgwg4weGFjI/rAPL759oL6rkLatx9CpxiGutr7trrbtyfHD
NyhMBO3VasW1c4IFnCbKSYgA807zGFoKBuSMhk9Orfrlf509KmU4yspgjQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEIlgByjBPY+o11qA1piwTLWoybxMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvUWlXQUhLTUU5ajZqWFdvRFdtTEJNdGFqSnZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg3ZQAAX
MA0GCSqGSIb3DQEBCwUAA4IBAQCoX9SxtSAhmPQshjQBCXqWMXMVThuthtA52WtC
h8SNuSgGymQ75iII9CL/ij7+oZwWPFnO7EpQmEOs4CqTMsEnSN0/4dcCIEz6RHLV
uCGZOjBtdBfc8iK35vrKGqicZrBPq1wuqU5Xp1RaUcxJPsU3nhR/PK8ChvHPPilR
cqYqLpL+PPSpA35XBOahd9SYs0MMO/4q+/CyIQNUd5qOIgjF9JA272F/RP6xiPaN
f+maP5Y2K6KaVaiwMKH5SrZEmGNx0KiPhJiJ6FHqTbjG1hrD4u78eWgrtPsUL6L+
wSN6UXwOinamnD1sg36SSzB1vr+jle4tkHDDob1HdhjK3MKR
-----END CERTIFICATE-----