Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/Zi1QbNVUNm3mfz1CTqhQtalYVwM.roa
File:                     Zi1QbNVUNm3mfz1CTqhQtalYVwM.roa (raw, json)
Hash identifier:          gT07hI4kfkPaZsHUUATtMtjxeDaYW50HEiIkbWM7BGA=
Subject key identifier:   66:2D:50:6C:D5:54:36:6D:E6:7F:3D:42:4E:A8:50:B5:A9:58:57:03
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       01941F8C646D48E0E90E773EA4264F944EA8
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/Zi1QbNVUNm3mfz1CTqhQtalYVwM.roa
Signing time:             Wed 01 Jan 2025 01:48:01 +0000
ROA not before:           Wed 01 Jan 2025 01:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50498
IP address blocks:        2a02:2698:3c00::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:64:6d:48:e0:e9:0e:77:3e:a4:26:4f:94:4e:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  1 01:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=662d506cd554366de67f3d424ea850b5a9585703
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:23:bf:3a:5c:f0:16:be:65:5a:5d:b0:b8:c2:
                    0b:0f:e1:35:90:69:49:cc:3d:c9:fe:f3:b5:6d:16:
                    87:99:59:59:22:85:35:85:8b:c9:50:fa:80:52:57:
                    a4:82:46:ec:07:0a:b4:2f:3c:4b:1d:2b:6f:3c:d5:
                    33:fb:a8:6d:1d:7e:e8:6d:89:a0:37:df:05:29:9a:
                    e4:cd:97:6f:ca:8d:3d:ad:44:0b:28:49:d6:08:73:
                    52:eb:50:e4:84:bf:80:65:22:c0:61:5d:8a:15:a0:
                    60:e1:75:1d:ed:e1:bb:25:c3:55:80:c9:70:3b:b6:
                    b2:50:f3:68:3a:62:9a:59:97:c1:a3:89:f6:43:a6:
                    a4:cc:6e:cd:ec:c7:04:8c:62:16:fc:60:74:8e:40:
                    f7:87:db:2a:b7:22:ca:3e:71:8f:ff:31:9e:92:8b:
                    d4:9f:63:e6:75:d5:8b:00:8f:7f:af:8e:29:9c:11:
                    0e:a3:7b:39:e5:59:a1:fa:4a:61:c5:c0:c5:a1:92:
                    c9:34:7a:6a:ea:81:47:c8:7c:c7:fb:65:03:eb:80:
                    60:06:05:e3:16:f2:dc:94:7b:f5:d5:0e:bf:a3:9c:
                    23:cf:18:a0:60:83:b9:1f:0d:11:59:f1:1b:ec:a9:
                    1a:a0:bd:cd:a7:f5:f3:d9:fc:b9:0f:0b:b4:88:f2:
                    f6:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:2D:50:6C:D5:54:36:6D:E6:7F:3D:42:4E:A8:50:B5:A9:58:57:03
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/Zi1QbNVUNm3mfz1CTqhQtalYVwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:3c00::/38

    Signature Algorithm: sha256WithRSAEncryption
         b1:a3:40:1c:b7:f4:46:99:1e:6e:a6:4d:6a:cd:28:87:36:f6:
         d7:23:cc:65:c7:e3:e1:91:1c:72:96:df:80:6a:29:09:7a:db:
         dc:ff:4a:9c:0f:3a:78:82:f1:77:70:4d:68:79:38:0b:ed:43:
         50:0e:79:4d:9d:43:f2:29:97:b1:2f:a0:bb:d8:20:ba:5d:51:
         40:99:37:5c:d6:61:74:df:02:2d:28:f6:4c:e5:f6:fb:23:6f:
         2f:74:51:50:d7:82:b8:5f:cc:4c:fb:96:91:0b:54:d7:93:c3:
         f0:9f:5b:ab:49:a7:d3:80:d5:2a:e9:4f:68:8c:cc:f5:79:78:
         1f:5a:91:f6:de:09:5d:27:1a:a6:02:34:92:63:56:1b:b9:f6:
         71:65:04:e4:56:f0:9a:a2:fe:9b:ec:87:25:99:37:a8:2e:a3:
         b2:9b:fb:b3:24:3d:fe:ec:bb:18:d7:53:9e:54:c6:56:a1:4c:
         9d:d8:68:ab:0c:13:24:b8:ab:de:94:b6:c0:61:0b:23:cc:a3:
         88:bc:97:fb:cc:5c:2e:38:b9:42:77:c1:6a:6b:30:f9:d2:8d:
         78:84:69:2c:6e:3c:19:88:3c:99:12:38:f9:ff:59:03:54:74:
         8c:9a:ea:22:2c:f9:1f:14:5f:c8:11:9e:ac:97:f3:88:31:4a:
         f0:07:bb:ce
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQfjGRtSODpDnc+pCZPlE6oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjUwMTAxMDE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjJkNTA2Y2Q1NTQzNjZkZTY3ZjNkNDI0ZWE4NTBiNWE5NTg1NzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCO/OlzwFr5lWl2wuMILD+E1kGlJ
zD3J/vO1bRaHmVlZIoU1hYvJUPqAUlekgkbsBwq0LzxLHStvPNUz+6htHX7obYmg
N98FKZrkzZdvyo09rUQLKEnWCHNS61DkhL+AZSLAYV2KFaBg4XUd7eG7JcNVgMlw
O7ayUPNoOmKaWZfBo4n2Q6akzG7N7McEjGIW/GB0jkD3h9sqtyLKPnGP/zGekovU
n2PmddWLAI9/r44pnBEOo3s55Vmh+kphxcDFoZLJNHpq6oFHyHzH+2UD64BgBgXj
FvLclHv11Q6/o5wjzxigYIO5Hw0RWfEb7KkaoL3Np/Xz2fy5Dwu0iPL2+QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGYtUGzVVDZt5n89Qk6oULWpWFcDMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvWmkxUWJOVlVObTNtZnoxQ1RxaFF0YWxZVndNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmDww
DQYJKoZIhvcNAQELBQADggEBALGjQBy39EaZHm6mTWrNKIc29tcjzGXH4+GRHHKW
34BqKQl629z/SpwPOniC8XdwTWh5OAvtQ1AOeU2dQ/Ipl7EvoLvYILpdUUCZN1zW
YXTfAi0o9kzl9vsjby90UVDXgrhfzEz7lpELVNeTw/CfW6tJp9OA1SrpT2iMzPV5
eB9akfbeCV0nGqYCNJJjVhu59nFlBORW8Jqi/pvshyWZN6guo7Kb+7MkPf7suxjX
U55UxlahTJ3YaKsMEyS4q96UtsBhCyPMo4i8l/vMXC44uUJ3wWprMPnSjXiEaSxu
PBmIPJkSOPn/WQNUdIya6iIs+R8UX8gRnqyX84gxSvAHu84=
-----END CERTIFICATE-----