Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/b18d38-9cf9-4519-911e-df2ac13cdb8b/1/F9lmKwX1Rv7KxzRjDe05KgJ-DkA.roa
File:                     F9lmKwX1Rv7KxzRjDe05KgJ-DkA.roa (raw, json)
Hash identifier:          TnsxpjEDKRc4VqcW5gnxxZtGuFFQXcJnJi7MTCf/xJQ=
Subject key identifier:   17:D9:66:2B:05:F5:46:FE:CA:C7:34:63:0D:ED:39:2A:02:7E:0E:40
Certificate issuer:       /CN=379d103b953071caa9e1a8973808904096e793d8
Certificate serial:       019427B599139AED619D4835F848FC4B68C9
Authority key identifier: 37:9D:10:3B:95:30:71:CA:A9:E1:A8:97:38:08:90:40:96:E7:93:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N50QO5Uwccqp4aiXOAiQQJbnk9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/b18d38-9cf9-4519-911e-df2ac13cdb8b/1/F9lmKwX1Rv7KxzRjDe05KgJ-DkA.roa
Signing time:             Thu 02 Jan 2025 15:50:00 +0000
ROA not before:           Thu 02 Jan 2025 15:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396356
IP address blocks:        2a06:fcc0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/b18d38-9cf9-4519-911e-df2ac13cdb8b/1/N50QO5Uwccqp4aiXOAiQQJbnk9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/b18d38-9cf9-4519-911e-df2ac13cdb8b/1/N50QO5Uwccqp4aiXOAiQQJbnk9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N50QO5Uwccqp4aiXOAiQQJbnk9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:99:13:9a:ed:61:9d:48:35:f8:48:fc:4b:68:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=379d103b953071caa9e1a8973808904096e793d8
        Validity
            Not Before: Jan  2 15:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17d9662b05f546fecac734630ded392a027e0e40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:cd:0e:b3:e5:ac:79:92:42:72:09:3e:53:0c:
                    16:f9:f7:b6:5e:b9:33:5c:37:74:8e:d3:9d:44:65:
                    47:70:a8:8d:55:6f:0f:0f:c2:3f:43:73:3a:e6:5a:
                    62:18:b3:b8:9f:4e:07:91:36:87:32:ce:c7:9a:ef:
                    91:3a:64:da:cd:3c:27:00:07:69:e0:95:d4:1c:56:
                    e2:72:1d:56:4a:46:9e:3f:87:ba:f2:b9:dd:bd:be:
                    22:d8:d3:a1:5e:59:96:85:ee:3c:db:da:98:12:5a:
                    57:25:d9:7c:51:36:cf:97:3b:77:63:2a:17:b7:15:
                    f1:dd:0b:c0:80:8e:be:06:bc:6c:59:90:0c:c4:53:
                    cb:06:08:9b:61:7a:15:04:dc:de:38:26:67:51:dc:
                    4d:ad:67:4b:c8:f9:54:02:c4:db:99:f5:1a:78:ce:
                    f1:30:05:ff:98:71:b9:f4:73:fb:8b:f0:a2:15:4f:
                    0b:73:a1:61:d7:07:fc:71:7d:51:f7:ac:f2:76:3a:
                    62:a2:4f:7f:0f:00:3e:b5:a6:b6:51:db:21:3c:e6:
                    c9:59:bb:1a:93:9e:8d:d3:36:e0:f6:3d:3a:10:96:
                    b1:c9:d8:bf:fc:ce:bf:b1:8b:9a:f9:94:98:e9:89:
                    a9:11:75:d5:38:06:8d:f9:ee:94:17:1f:36:3e:7c:
                    16:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:D9:66:2B:05:F5:46:FE:CA:C7:34:63:0D:ED:39:2A:02:7E:0E:40
            X509v3 Authority Key Identifier:
                keyid:37:9D:10:3B:95:30:71:CA:A9:E1:A8:97:38:08:90:40:96:E7:93:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N50QO5Uwccqp4aiXOAiQQJbnk9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/b18d38-9cf9-4519-911e-df2ac13cdb8b/1/F9lmKwX1Rv7KxzRjDe05KgJ-DkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/b18d38-9cf9-4519-911e-df2ac13cdb8b/1/N50QO5Uwccqp4aiXOAiQQJbnk9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:fcc0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:f0:63:6a:d2:bf:fe:f9:b1:26:5c:b3:c4:b7:01:36:40:96:
         1c:aa:f2:e1:8f:7b:7c:5d:4f:1c:92:c8:f4:9a:3b:4c:d7:ca:
         22:5a:5d:2b:ac:4a:e7:fb:c9:7b:20:90:31:33:31:a2:f2:bd:
         8d:43:3c:ad:b5:d6:77:b6:9a:44:df:b8:47:17:f7:58:9c:88:
         28:a7:86:c8:70:83:fe:d9:34:84:66:9b:4b:45:20:05:82:d6:
         d2:4b:3e:d0:87:10:32:e2:9d:38:b7:44:8a:79:dd:56:4b:2d:
         b3:ae:e9:c7:4e:42:95:0b:3a:79:59:c5:32:6c:ac:dc:04:d3:
         be:b0:fb:6a:1b:0f:84:cd:e3:e7:9a:11:09:f9:30:2b:43:9c:
         8d:a5:62:ca:cd:9e:3f:b7:62:12:a3:0e:79:d7:c6:96:fe:b3:
         9a:57:24:e5:b4:0c:03:b3:c7:94:4c:7e:5e:a1:35:5d:fb:8f:
         81:50:e0:45:b5:1a:99:62:e6:d4:24:7e:23:0c:2d:22:87:36:
         24:14:bb:85:af:74:0e:00:00:1b:b5:40:a7:80:82:86:1b:ce:
         d4:1d:bd:3c:36:e2:98:e6:88:a2:fb:f9:a8:0b:55:14:f6:20:
         17:4e:b3:9f:27:3d:be:5c:87:45:75:e2:f6:6d:7b:57:ba:29:
         12:d7:0d:f7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntZkTmu1hnUg1+Ej8S2jJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3OWQxMDNiOTUzMDcxY2FhOWUxYTg5NzM4MDg5MDQwOTZl
NzkzZDgwHhcNMjUwMTAyMTU1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2Q5NjYyYjA1ZjU0NmZlY2FjNzM0NjMwZGVkMzkyYTAyN2UwZTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAts0Os+WseZJCcgk+UwwW+fe2Xrkz
XDd0jtOdRGVHcKiNVW8PD8I/Q3M65lpiGLO4n04HkTaHMs7Hmu+ROmTazTwnAAdp
4JXUHFbich1WSkaeP4e68rndvb4i2NOhXlmWhe4829qYElpXJdl8UTbPlzt3YyoX
txXx3QvAgI6+BrxsWZAMxFPLBgibYXoVBNzeOCZnUdxNrWdLyPlUAsTbmfUaeM7x
MAX/mHG59HP7i/CiFU8Lc6Fh1wf8cX1R96zydjpiok9/DwA+taa2UdshPObJWbsa
k56N0zbg9j06EJaxydi//M6/sYua+ZSY6YmpEXXVOAaN+e6UFx82PnwWLwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBfZZisF9Ub+ysc0Yw3tOSoCfg5AMB8GA1UdIwQY
MBaAFDedEDuVMHHKqeGolzgIkECW55PYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjUwUU81VXdjY3FwNGFpWE9BaVFRSmJuazlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9iMThkMzgtOWNmOS00NTE5LTkxMWUt
ZGYyYWMxM2NkYjhiLzEvRjlsbUt3WDFSdjdLeHpSakRlMDVLZ0otRGtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9iMThkMzgtOWNmOS00NTE5LTkxMWUtZGYyYWMxM2NkYjhi
LzEvTjUwUU81VXdjY3FwNGFpWE9BaVFRSmJuazlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgb8wAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQAB8GNq0r/++bEmXLPEtwE2QJYcqvLhj3t8XU8c
ksj0mjtM18oiWl0rrErn+8l7IJAxMzGi8r2NQzyttdZ3tppE37hHF/dYnIgop4bI
cIP+2TSEZptLRSAFgtbSSz7QhxAy4p04t0SKed1WSy2zrunHTkKVCzp5WcUybKzc
BNO+sPtqGw+EzePnmhEJ+TArQ5yNpWLKzZ4/t2ISow5518aW/rOaVyTltAwDs8eU
TH5eoTVd+4+BUOBFtRqZYubUJH4jDC0ihzYkFLuFr3QOAAAbtUCngIKGG87UHb08
NuKY5oii+/moC1UU9iAXTrOfJz2+XIdFdeL2bXtXuikS1w33
-----END CERTIFICATE-----