Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/ZMGiCYqIYbLxIDFLGSrZr7x3AKA.roa
File:                     ZMGiCYqIYbLxIDFLGSrZr7x3AKA.roa (raw, json)
Hash identifier:          WLL9B2mOtaR0OnLgCRktu1TUID/GGlBWdDeo/4knmL4=
Subject key identifier:   64:C1:A2:09:8A:88:61:B2:F1:20:31:4B:19:2A:D9:AF:BC:77:00:A0
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       01941F8C5C714191487C6680B91D6F516ECA
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/ZMGiCYqIYbLxIDFLGSrZr7x3AKA.roa
Signing time:             Wed 01 Jan 2025 01:47:59 +0000
ROA not before:           Wed 01 Jan 2025 01:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41727
IP address blocks:        2a02:2698:2c00::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:5c:71:41:91:48:7c:66:80:b9:1d:6f:51:6e:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  1 01:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=64c1a2098a8861b2f120314b192ad9afbc7700a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b3:fa:e4:af:98:b8:cd:82:70:a1:5c:d0:b5:
                    53:15:79:88:b7:97:db:e0:0f:d2:06:69:6d:eb:a6:
                    9f:be:87:00:3a:c8:70:be:d6:5f:c4:72:39:d4:be:
                    f2:63:c1:2f:59:94:39:60:83:76:eb:8e:b9:48:70:
                    ce:01:3f:a0:2b:75:3c:40:b1:66:f0:4c:b8:d2:13:
                    b5:28:eb:84:a6:89:92:53:9e:94:2f:50:96:57:26:
                    ab:26:e1:4c:1f:92:a3:00:c1:98:21:73:ea:56:b1:
                    e5:0f:81:f7:e1:d1:23:dc:c2:9a:8b:fb:03:0c:d5:
                    36:86:26:15:dd:39:24:d6:cc:3c:e9:ad:fc:1b:3e:
                    b7:86:bd:ad:45:f1:70:b1:bd:f9:0a:0d:d2:8a:e8:
                    2b:9c:b1:fe:c3:45:3b:5e:b4:96:04:45:a9:8a:e9:
                    87:ca:81:f5:3a:e9:53:f1:0a:8d:df:cf:f0:e8:f1:
                    6f:16:5c:02:ca:70:28:52:56:10:82:27:02:c5:16:
                    e0:9a:47:a7:0b:4d:d8:e8:0e:ee:1d:ec:36:0b:e2:
                    7f:20:66:ad:b5:01:1d:b9:88:7b:7a:ef:e5:15:86:
                    c9:0f:a8:87:68:69:49:94:ad:81:30:8a:0b:dc:87:
                    c7:30:76:90:18:f6:05:d1:69:b6:ec:15:22:97:30:
                    1a:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:C1:A2:09:8A:88:61:B2:F1:20:31:4B:19:2A:D9:AF:BC:77:00:A0
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/ZMGiCYqIYbLxIDFLGSrZr7x3AKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:2c00::/38

    Signature Algorithm: sha256WithRSAEncryption
         13:26:9d:4d:08:b3:5c:25:2a:d8:81:fe:60:1d:64:ee:63:d8:
         5f:ad:d2:b5:70:14:2f:2b:21:0d:c1:41:e7:7a:68:d5:dc:e6:
         a5:ef:9c:f8:0b:eb:1d:ee:51:7a:c4:9f:18:b4:b7:7f:7b:b7:
         1e:74:47:b1:f1:c1:3b:37:95:da:4d:fb:5c:b5:bd:92:3c:06:
         ce:ee:01:d3:e0:e8:d9:c1:9a:c6:65:5d:d5:d6:9c:fa:e7:e9:
         a7:75:7f:ed:79:40:9c:94:e5:6c:9d:5d:d2:18:eb:8d:c6:10:
         6d:de:5f:7a:12:d1:61:81:74:f7:d1:ee:9c:2b:86:a9:38:da:
         68:ee:06:a2:fa:6e:ee:b3:bf:d3:a0:25:93:11:85:df:19:98:
         46:1f:c4:63:d3:4b:6c:5b:c2:9c:05:1e:c8:4b:65:19:53:22:
         29:f0:17:58:35:7c:6d:fb:5a:20:07:c5:e8:7f:87:29:32:bf:
         99:66:25:22:56:62:ee:39:0e:c1:cd:c1:05:83:84:7f:17:73:
         d0:7a:b5:a9:66:ed:53:34:7f:68:e0:cd:40:d4:21:9e:f4:35:
         c7:3b:99:0d:05:ed:16:6c:f1:20:1e:63:d9:00:b8:0f:55:3d:
         be:ce:bc:77:ef:66:54:30:40:cf:57:61:92:da:14:0c:f8:6b:
         77:46:82:b0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQfjFxxQZFIfGaAuR1vUW7KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjUwMTAxMDE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGMxYTIwOThhODg2MWIyZjEyMDMxNGIxOTJhZDlhZmJjNzcwMGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurP65K+YuM2CcKFc0LVTFXmIt5fb
4A/SBmlt66afvocAOshwvtZfxHI51L7yY8EvWZQ5YIN26465SHDOAT+gK3U8QLFm
8Ey40hO1KOuEpomSU56UL1CWVyarJuFMH5KjAMGYIXPqVrHlD4H34dEj3MKai/sD
DNU2hiYV3Tkk1sw86a38Gz63hr2tRfFwsb35Cg3SiugrnLH+w0U7XrSWBEWpiumH
yoH1OulT8QqN38/w6PFvFlwCynAoUlYQgicCxRbgmkenC03Y6A7uHew2C+J/IGat
tQEduYh7eu/lFYbJD6iHaGlJlK2BMIoL3IfHMHaQGPYF0Wm27BUilzAamQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGTBogmKiGGy8SAxSxkq2a+8dwCgMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvWk1HaUNZcUlZYkx4SURGTEdTclpyN3gzQUtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmCww
DQYJKoZIhvcNAQELBQADggEBABMmnU0Is1wlKtiB/mAdZO5j2F+t0rVwFC8rIQ3B
Qed6aNXc5qXvnPgL6x3uUXrEnxi0t397tx50R7HxwTs3ldpN+1y1vZI8Bs7uAdPg
6NnBmsZlXdXWnPrn6ad1f+15QJyU5WydXdIY643GEG3eX3oS0WGBdPfR7pwrhqk4
2mjuBqL6bu6zv9OgJZMRhd8ZmEYfxGPTS2xbwpwFHshLZRlTIinwF1g1fG37WiAH
xeh/hykyv5lmJSJWYu45DsHNwQWDhH8Xc9B6talm7VM0f2jgzUDUIZ70Ncc7mQ0F
7RZs8SAeY9kAuA9VPb7OvHfvZlQwQM9XYZLaFAz4a3dGgrA=
-----END CERTIFICATE-----