Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/zgMzIdhRlx-sM532UYZ-ab0aXII.roa
File:                     zgMzIdhRlx-sM532UYZ-ab0aXII.roa (raw, json)
Hash identifier:          DccIHmb2BgsXvdBuA8mWTiKispMrxrNFl+zv/Fzyie4=
Subject key identifier:   CE:03:33:21:D8:51:97:1F:AC:33:9D:F6:51:86:7E:69:BD:1A:5C:82
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       01941F8C6322D1A62637D3D7DAEEDEE7C29D
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/zgMzIdhRlx-sM532UYZ-ab0aXII.roa
Signing time:             Wed 01 Jan 2025 01:48:01 +0000
ROA not before:           Wed 01 Jan 2025 01:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49048
IP address blocks:        2a02:2698:7400::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:63:22:d1:a6:26:37:d3:d7:da:ee:de:e7:c2:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  1 01:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce033321d851971fac339df651867e69bd1a5c82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ae:36:9d:43:ae:f6:f8:73:e8:29:34:a8:05:
                    ed:14:22:cb:ed:4d:f4:5e:64:e0:01:42:bd:61:f1:
                    86:33:fb:f0:d8:51:c7:23:44:09:25:bf:6e:2f:f4:
                    f2:fc:db:b6:bb:ec:06:47:ad:bd:f7:bf:0b:15:1c:
                    52:ac:d9:23:3d:d3:a4:92:51:0c:57:2b:84:4c:3c:
                    18:58:33:d8:fc:51:4b:bc:0c:76:da:10:68:5f:7e:
                    79:52:f0:1f:96:0d:d9:48:8b:38:d3:9b:89:ab:15:
                    25:7a:84:4a:de:fd:4d:a3:90:fc:be:5c:61:10:b4:
                    5b:c4:ba:1b:05:d9:ab:cd:bf:a5:8b:69:c0:6c:41:
                    89:5b:ec:3a:b4:90:3e:6f:57:29:a3:d0:ee:a4:bd:
                    3a:51:9c:0a:6e:45:0f:06:cf:66:b6:c6:a7:81:ae:
                    72:0e:b7:9c:76:8a:0c:7a:a4:3f:a2:34:d3:d9:1e:
                    0e:82:42:95:2f:1e:4d:2c:29:45:c3:d7:a3:33:78:
                    8f:c9:a8:9e:74:06:7c:89:93:f6:03:e2:66:ad:f8:
                    78:3b:b6:1c:6c:94:58:2c:16:21:22:bc:c3:0f:ed:
                    05:a0:f2:ad:90:34:f8:39:71:6a:c3:ac:b9:80:55:
                    e1:af:26:fc:70:33:9a:a6:d2:d6:7b:7f:24:4d:bb:
                    a9:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:03:33:21:D8:51:97:1F:AC:33:9D:F6:51:86:7E:69:BD:1A:5C:82
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/zgMzIdhRlx-sM532UYZ-ab0aXII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:7400::/38

    Signature Algorithm: sha256WithRSAEncryption
         b7:fd:22:89:b5:45:1a:d9:f1:88:5e:69:47:6c:f6:40:d9:27:
         0a:1d:5e:62:86:03:4e:98:31:25:39:6a:cc:b2:a8:75:24:21:
         ec:2b:08:36:a7:18:f1:ed:88:55:0e:60:d1:26:c6:4e:e1:13:
         fb:cf:f4:13:27:fa:04:e4:ff:01:1e:cf:12:59:cd:2c:ec:72:
         fb:7b:8a:9c:32:3d:84:17:55:1f:8f:8f:9f:0c:2f:0a:ff:34:
         d8:ff:59:a3:71:ba:5d:8d:f9:a1:90:11:5b:4e:bd:1a:75:76:
         01:73:cd:2e:0c:27:bc:2a:b6:5e:95:ab:ba:df:14:b3:d1:79:
         20:3a:1a:d7:96:c2:87:ce:1a:88:98:a3:ad:8e:ca:4e:4f:ce:
         87:19:f9:a2:a7:27:00:17:46:12:b9:9f:ee:f3:79:55:ed:26:
         c5:27:a5:98:d1:27:ab:28:63:9d:89:27:d4:f3:f3:59:d4:09:
         ac:43:79:93:6d:d4:c6:5e:ee:9f:8a:29:50:c8:c8:3a:6a:99:
         fc:8a:c2:5f:6b:72:ed:2b:71:28:da:b6:fb:12:0d:b9:84:86:
         c8:f9:b1:a6:97:ce:56:68:28:b5:68:69:75:af:eb:bd:96:ac:
         3b:dc:e1:8b:57:90:03:46:99:f0:ac:dd:a8:c7:fc:cf:96:5f:
         4c:c4:06:d2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQfjGMi0aYmN9PX2u7e58KdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjUwMTAxMDE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTAzMzMyMWQ4NTE5NzFmYWMzMzlkZjY1MTg2N2U2OWJkMWE1YzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApq42nUOu9vhz6Ck0qAXtFCLL7U30
XmTgAUK9YfGGM/vw2FHHI0QJJb9uL/Ty/Nu2u+wGR629978LFRxSrNkjPdOkklEM
VyuETDwYWDPY/FFLvAx22hBoX355UvAflg3ZSIs405uJqxUleoRK3v1No5D8vlxh
ELRbxLobBdmrzb+li2nAbEGJW+w6tJA+b1cpo9DupL06UZwKbkUPBs9mtsanga5y
DrecdooMeqQ/ojTT2R4OgkKVLx5NLClFw9ejM3iPyaiedAZ8iZP2A+Jmrfh4O7Yc
bJRYLBYhIrzDD+0FoPKtkDT4OXFqw6y5gFXhryb8cDOaptLWe38kTbup2wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFM4DMyHYUZcfrDOd9lGGfmm9GlyCMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvemdNeklkaFJseC1zTTUzMlVZWi1hYjBhWElJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmHQw
DQYJKoZIhvcNAQELBQADggEBALf9Iom1RRrZ8YheaUds9kDZJwodXmKGA06YMSU5
asyyqHUkIewrCDanGPHtiFUOYNEmxk7hE/vP9BMn+gTk/wEezxJZzSzscvt7ipwy
PYQXVR+Pj58MLwr/NNj/WaNxul2N+aGQEVtOvRp1dgFzzS4MJ7wqtl6Vq7rfFLPR
eSA6GteWwofOGoiYo62Oyk5PzocZ+aKnJwAXRhK5n+7zeVXtJsUnpZjRJ6soY52J
J9Tz81nUCaxDeZNt1MZe7p+KKVDIyDpqmfyKwl9rcu0rcSjatvsSDbmEhsj5saaX
zlZoKLVoaXWv672WrDvc4YtXkANGmfCs3ajH/M+WX0zEBtI=
-----END CERTIFICATE-----