Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/8d939f-9ef9-4076-a8f3-7a70b787d2ef/1/1hM339koaZ1Fc_f1svTZWLqGQW0.roa
File:                     1hM339koaZ1Fc_f1svTZWLqGQW0.roa (raw, json)
Hash identifier:          NC6qjORYVmzCZ4JBS9FMakUvHJDgr6iCjI7kRUYNPYY=
Subject key identifier:   D6:13:37:DF:D9:28:69:9D:45:73:F7:F5:B2:F4:D9:58:BA:86:41:6D
Certificate issuer:       /CN=e9bfd0410c7bf3bb1d75b18acb1e96393ad21b26
Certificate serial:       019427B66597812A6B40CF3B6ADBF9E85A01
Authority key identifier: E9:BF:D0:41:0C:7B:F3:BB:1D:75:B1:8A:CB:1E:96:39:3A:D2:1B:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6b_QQQx787sddbGKyx6WOTrSGyY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/8d939f-9ef9-4076-a8f3-7a70b787d2ef/1/1hM339koaZ1Fc_f1svTZWLqGQW0.roa
Signing time:             Thu 02 Jan 2025 15:50:52 +0000
ROA not before:           Thu 02 Jan 2025 15:50:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16086
IP address blocks:        2a0a:62c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/8d939f-9ef9-4076-a8f3-7a70b787d2ef/1/6b_QQQx787sddbGKyx6WOTrSGyY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/8d939f-9ef9-4076-a8f3-7a70b787d2ef/1/6b_QQQx787sddbGKyx6WOTrSGyY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6b_QQQx787sddbGKyx6WOTrSGyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:65:97:81:2a:6b:40:cf:3b:6a:db:f9:e8:5a:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9bfd0410c7bf3bb1d75b18acb1e96393ad21b26
        Validity
            Not Before: Jan  2 15:50:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d61337dfd928699d4573f7f5b2f4d958ba86416d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:9d:a6:a9:ad:79:88:30:40:5c:2b:69:dc:7a:
                    75:35:38:4d:32:06:63:b7:95:4f:fc:10:e7:fa:b3:
                    8f:21:46:e6:bf:dc:16:7a:21:60:a9:12:e5:0b:ed:
                    59:82:d5:11:3c:96:8f:4c:39:53:76:2b:60:23:60:
                    d9:c2:5a:b5:d8:45:2b:47:0e:67:74:e5:fc:0d:66:
                    b8:9d:a6:97:7e:6d:3e:82:1a:a3:dd:07:fb:46:f8:
                    2b:13:0d:fd:a2:23:b0:c4:3e:84:08:37:03:bb:c8:
                    1f:ae:2e:d6:89:87:04:d0:78:e6:c5:6a:72:c5:1b:
                    4a:fd:c5:60:53:12:3e:17:9e:8d:2b:15:69:4f:ea:
                    52:05:ce:c1:9f:84:3f:8d:3f:72:d2:26:04:45:d0:
                    06:c3:8c:ea:07:74:fb:e7:2d:23:22:b1:ba:64:95:
                    9c:fa:89:d3:9d:c4:27:2a:89:ef:77:98:42:d8:a3:
                    6c:42:0b:17:0e:78:24:d0:f2:62:51:ad:d5:f1:a6:
                    51:1d:a8:66:c2:97:b7:3d:5c:cf:f7:7b:f9:fd:df:
                    34:f0:21:fe:7b:d8:29:65:93:60:3f:57:eb:fc:ff:
                    c8:40:b8:d6:29:87:06:ad:ff:25:7e:a5:06:b7:a0:
                    99:6c:9c:12:ea:af:0e:a8:09:97:9a:9a:2f:a7:79:
                    ae:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:13:37:DF:D9:28:69:9D:45:73:F7:F5:B2:F4:D9:58:BA:86:41:6D
            X509v3 Authority Key Identifier:
                keyid:E9:BF:D0:41:0C:7B:F3:BB:1D:75:B1:8A:CB:1E:96:39:3A:D2:1B:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b_QQQx787sddbGKyx6WOTrSGyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/8d939f-9ef9-4076-a8f3-7a70b787d2ef/1/1hM339koaZ1Fc_f1svTZWLqGQW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/8d939f-9ef9-4076-a8f3-7a70b787d2ef/1/6b_QQQx787sddbGKyx6WOTrSGyY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:62c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:67:54:43:48:76:97:2c:bc:ed:94:a2:03:9f:49:46:00:54:
         ee:6b:02:55:d9:d8:e1:1c:78:f3:38:c4:fa:67:04:9c:39:a8:
         da:c3:69:c3:ff:b1:ed:e2:b2:42:9e:88:0b:45:3f:68:78:a7:
         d0:fb:08:5b:a5:73:e6:ce:3f:46:5e:3d:e5:f4:5c:2f:cd:53:
         5e:5f:aa:cd:6c:60:f3:f8:74:79:f4:c9:45:15:85:63:97:7a:
         e2:32:b9:a8:9c:85:57:c6:af:df:93:85:f7:10:6f:04:f2:e5:
         77:c0:81:67:c4:05:09:04:cc:e6:24:b2:c5:55:32:d8:ec:3b:
         67:57:ef:85:cf:18:38:c2:87:ef:6c:8d:9f:98:0a:75:95:69:
         24:b6:4f:bc:c8:5e:49:69:95:00:34:1c:51:56:9b:fb:3f:81:
         09:7a:b6:11:fe:48:88:fa:a9:cb:d6:ec:df:1a:94:ac:0c:69:
         c3:72:9c:65:3f:54:e7:42:d0:1d:d4:5c:f3:90:c8:02:0e:de:
         a3:04:0e:87:fa:f0:e7:fd:ca:d9:7e:9c:87:6c:92:26:81:df:
         83:a9:a7:fc:dd:27:2a:13:7c:91:67:72:69:3c:5c:8d:e9:0a:
         c2:7a:99:4f:00:2f:bc:c4:29:f2:3a:8c:4c:23:b2:2b:2c:1a:
         39:87:a2:df
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQntmWXgSprQM87atv56FoBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YmZkMDQxMGM3YmYzYmIxZDc1YjE4YWNiMWU5NjM5M2Fk
MjFiMjYwHhcNMjUwMTAyMTU1MDUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjEzMzdkZmQ5Mjg2OTlkNDU3M2Y3ZjViMmY0ZDk1OGJhODY0MTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwp2mqa15iDBAXCtp3Hp1NThNMgZj
t5VP/BDn+rOPIUbmv9wWeiFgqRLlC+1ZgtURPJaPTDlTditgI2DZwlq12EUrRw5n
dOX8DWa4naaXfm0+ghqj3Qf7RvgrEw39oiOwxD6ECDcDu8gfri7WiYcE0HjmxWpy
xRtK/cVgUxI+F56NKxVpT+pSBc7Bn4Q/jT9y0iYERdAGw4zqB3T75y0jIrG6ZJWc
+onTncQnKonvd5hC2KNsQgsXDngk0PJiUa3V8aZRHahmwpe3PVzP93v5/d808CH+
e9gpZZNgP1fr/P/IQLjWKYcGrf8lfqUGt6CZbJwS6q8OqAmXmpovp3muCwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNYTN9/ZKGmdRXP39bL02Vi6hkFtMB8GA1UdIwQY
MBaAFOm/0EEMe/O7HXWxisseljk60hsmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmJfUVFReDc4N3NkZGJHS3l4NldPVHJTR3lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi84ZDkzOWYtOWVmOS00MDc2LWE4ZjMt
N2E3MGI3ODdkMmVmLzEvMWhNMzM5a29hWjFGY19mMXN2VFpXTHFHUVcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi84ZDkzOWYtOWVmOS00MDc2LWE4ZjMtN2E3MGI3ODdkMmVm
LzEvNmJfUVFReDc4N3NkZGJHS3l4NldPVHJTR3lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgpiwDAN
BgkqhkiG9w0BAQsFAAOCAQEAnWdUQ0h2lyy87ZSiA59JRgBU7msCVdnY4Rx48zjE
+mcEnDmo2sNpw/+x7eKyQp6IC0U/aHin0PsIW6Vz5s4/Rl495fRcL81TXl+qzWxg
8/h0efTJRRWFY5d64jK5qJyFV8av35OF9xBvBPLld8CBZ8QFCQTM5iSyxVUy2Ow7
Z1fvhc8YOMKH72yNn5gKdZVpJLZPvMheSWmVADQcUVab+z+BCXq2Ef5IiPqpy9bs
3xqUrAxpw3KcZT9U50LQHdRc85DIAg7eowQOh/rw5/3K2X6ch2ySJoHfg6mn/N0n
KhN8kWdyaTxcjekKwnqZTwAvvMQp8jqMTCOyKywaOYei3w==
-----END CERTIFICATE-----