Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/lNT0QAKDoc_pF4sN7ktpxeNligw.roa
File:                     lNT0QAKDoc_pF4sN7ktpxeNligw.roa (raw, json)
Hash identifier:          UL6bjkqSq5/i9FkvzuyrRMAytZykFIEkdP49O6qL1cU=
Subject key identifier:   94:D4:F4:40:02:83:A1:CF:E9:17:8B:0D:EE:4B:69:C5:E3:65:8A:0C
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       0193468DFA37B1F2329595554EF2BB28715A
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/lNT0QAKDoc_pF4sN7ktpxeNligw.roa
Signing time:             Tue 19 Nov 2024 22:32:10 +0000
ROA not before:           Tue 19 Nov 2024 22:32:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215443
IP address blocks:        2a0d:d940:9006::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:46:8d:fa:37:b1:f2:32:95:95:55:4e:f2:bb:28:71:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Nov 19 22:32:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94d4f4400283a1cfe9178b0dee4b69c5e3658a0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c1:43:6e:09:e5:10:60:8e:fd:b3:20:c3:83:
                    82:55:5e:27:34:6f:07:a3:e2:7c:ae:ef:d6:b0:49:
                    e7:9a:de:70:07:1e:c3:9d:02:93:7e:43:5f:46:01:
                    9f:8d:fa:64:29:32:e6:35:18:f7:6c:aa:82:dd:67:
                    ec:48:e0:46:c1:e4:5f:87:ca:8b:1f:f1:94:bf:d0:
                    90:02:aa:18:6f:b8:59:67:07:46:d5:b5:f8:a0:40:
                    ab:01:db:44:cf:1d:91:e9:93:02:56:d7:7d:0c:07:
                    d8:2d:38:22:50:12:45:7b:33:f2:3e:bd:3f:fa:58:
                    c6:28:04:f7:90:c3:18:f0:cc:c3:04:d8:e0:91:cb:
                    af:7b:05:32:97:e1:12:f1:ff:35:2c:39:d8:8b:c9:
                    2d:74:8f:a7:26:97:be:d3:1a:d7:bd:54:c1:fa:3f:
                    9d:67:fd:f5:bd:89:c1:1f:61:f1:38:f5:9f:ac:99:
                    f2:8c:c4:d3:aa:94:36:a7:91:27:b2:45:97:dc:7f:
                    ca:85:4a:9d:b2:01:59:cc:b2:74:5a:a2:59:ca:e4:
                    b0:e7:cc:94:33:57:84:54:5e:49:6e:90:95:73:14:
                    67:4c:4b:1e:22:e5:ae:b4:bd:fc:7c:5b:1b:3d:31:
                    01:59:68:c1:61:c7:2d:cb:f7:00:cb:65:df:55:03:
                    b8:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:D4:F4:40:02:83:A1:CF:E9:17:8B:0D:EE:4B:69:C5:E3:65:8A:0C
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/lNT0QAKDoc_pF4sN7ktpxeNligw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:9006::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:3b:98:94:78:14:6c:9a:e7:bf:1c:80:14:6f:01:9c:bf:c9:
         a9:6f:91:d5:2b:12:0d:21:dd:ee:62:fc:2b:ae:09:6c:b3:dc:
         81:b2:91:55:3a:73:9e:5d:43:58:d0:26:dc:bb:0c:e4:42:06:
         56:40:19:d1:f2:cd:fc:7c:74:9a:33:59:ff:0c:43:4a:00:8f:
         4e:b3:6c:93:3e:ac:90:5a:e2:20:0b:76:df:8f:fb:71:51:a8:
         13:b2:cb:a1:06:12:02:2a:49:95:32:8d:40:91:21:96:30:94:
         e9:bd:2d:7c:7f:35:71:66:8f:1e:46:f2:11:12:99:ad:e7:3f:
         76:fb:f2:85:d6:e7:04:4c:73:8e:fa:a7:42:ad:34:aa:fb:69:
         92:c1:b3:ee:75:2f:7e:6f:03:17:c8:ea:59:0e:9d:8c:a7:31:
         da:30:12:84:0b:3c:d9:8b:36:2a:aa:82:32:75:58:26:cc:98:
         44:6e:82:36:54:83:f0:67:55:fa:24:4e:f1:1b:ce:23:0d:51:
         c3:78:a4:06:df:e2:c8:15:72:93:36:da:92:96:cb:a2:88:62:
         db:72:bc:67:c0:5e:aa:af:6c:3d:94:e6:a9:3b:6a:42:c3:16:
         76:24:14:62:5e:7f:19:27:c8:33:37:5c:46:7c:b7:9b:fc:25:
         43:36:ec:f6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZNGjfo3sfIylZVVTvK7KHFaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjQxMTE5MjIzMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGQ0ZjQ0MDAyODNhMWNmZTkxNzhiMGRlZTRiNjljNWUzNjU4YTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcFDbgnlEGCO/bMgw4OCVV4nNG8H
o+J8ru/WsEnnmt5wBx7DnQKTfkNfRgGfjfpkKTLmNRj3bKqC3WfsSOBGweRfh8qL
H/GUv9CQAqoYb7hZZwdG1bX4oECrAdtEzx2R6ZMCVtd9DAfYLTgiUBJFezPyPr0/
+ljGKAT3kMMY8MzDBNjgkcuvewUyl+ES8f81LDnYi8ktdI+nJpe+0xrXvVTB+j+d
Z/31vYnBH2HxOPWfrJnyjMTTqpQ2p5EnskWX3H/KhUqdsgFZzLJ0WqJZyuSw58yU
M1eEVF5JbpCVcxRnTEseIuWutL38fFsbPTEBWWjBYccty/cAy2XfVQO45QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJTU9EACg6HP6ReLDe5LacXjZYoMMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvbE5UMFFBS0RvY19wRjRzTjdrdHB4ZU5saWd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg3ZQJAG
MA0GCSqGSIb3DQEBCwUAA4IBAQAcO5iUeBRsmue/HIAUbwGcv8mpb5HVKxINId3u
Yvwrrglss9yBspFVOnOeXUNY0CbcuwzkQgZWQBnR8s38fHSaM1n/DENKAI9Os2yT
PqyQWuIgC3bfj/txUagTssuhBhICKkmVMo1AkSGWMJTpvS18fzVxZo8eRvIREpmt
5z92+/KF1ucETHOO+qdCrTSq+2mSwbPudS9+bwMXyOpZDp2MpzHaMBKECzzZizYq
qoIydVgmzJhEboI2VIPwZ1X6JE7xG84jDVHDeKQG3+LIFXKTNtqSlsuiiGLbcrxn
wF6qr2w9lOapO2pCwxZ2JBRiXn8ZJ8gzN1xGfLeb/CVDNuz2
-----END CERTIFICATE-----