Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/L0PVewO4k-_O2_CP-1VN0O9o5Aw.roa
File:                     L0PVewO4k-_O2_CP-1VN0O9o5Aw.roa (raw, json)
Hash identifier:          /mQeYONhkpbPyBThNS3NbYdp9cI0QKg7VEqMB25Rh+s=
Subject key identifier:   2F:43:D5:7B:03:B8:93:EF:CE:DB:F0:8F:FB:55:4D:D0:EF:68:E4:0C
Certificate issuer:       /CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
Certificate serial:       019312296084A57ADFF5EB8943B83EF91DA7
Authority key identifier: AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/L0PVewO4k-_O2_CP-1VN0O9o5Aw.roa
Signing time:             Sat 09 Nov 2024 18:22:01 +0000
ROA not before:           Sat 09 Nov 2024 18:22:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202272
IP address blocks:        2a0f:4900::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:12:29:60:84:a5:7a:df:f5:eb:89:43:b8:3e:f9:1d:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
        Validity
            Not Before: Nov  9 18:22:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f43d57b03b893efcedbf08ffb554dd0ef68e40c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:38:f7:43:63:c7:13:9c:18:54:c1:56:45:4b:
                    f1:c8:3f:ce:93:ba:e6:f7:cf:e9:f9:f1:32:bd:f2:
                    c0:1a:40:cd:58:2b:1a:be:dd:e4:a1:cd:d9:23:6a:
                    34:43:9a:53:f6:c4:1c:69:25:fb:0e:b9:87:49:f1:
                    d2:8c:b3:22:42:7d:4d:d4:8e:56:43:2e:0d:c5:c9:
                    22:9b:d0:15:9e:22:ad:20:d9:04:4d:69:2d:e0:d3:
                    b5:51:17:24:3a:b3:89:a6:25:0c:cf:4f:ba:8c:ef:
                    3c:59:00:d3:c5:44:c4:5f:6c:34:09:ea:d2:c2:42:
                    ad:6b:de:29:b6:a5:3b:de:f8:f7:87:37:65:7c:f1:
                    ba:6c:af:d3:d0:d2:b6:56:1f:6d:54:23:2b:ef:cb:
                    03:20:34:39:b9:00:56:f5:91:a7:39:ce:02:0b:b7:
                    5c:c7:c3:e8:85:53:34:7e:26:4c:ab:b4:b4:1f:e7:
                    40:fb:22:1c:e7:6a:38:d0:f2:88:8a:92:28:81:16:
                    70:cb:5c:d3:e4:8a:34:e2:de:9f:20:24:f8:c8:b4:
                    bc:ee:75:b8:9c:08:fb:d7:5f:6b:39:aa:e1:ff:be:
                    82:44:6e:d8:d8:08:1f:84:4f:96:52:cc:e3:1b:80:
                    0d:81:75:88:4d:d7:77:2d:0e:40:43:58:38:8a:04:
                    16:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:43:D5:7B:03:B8:93:EF:CE:DB:F0:8F:FB:55:4D:D0:EF:68:E4:0C
            X509v3 Authority Key Identifier:
                keyid:AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/L0PVewO4k-_O2_CP-1VN0O9o5Aw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:4900::/44

    Signature Algorithm: sha256WithRSAEncryption
         4c:47:cf:72:d4:4e:f2:22:a9:6f:ba:87:11:d7:cb:a4:f1:11:
         27:8d:b6:77:74:ff:71:31:2d:3c:45:14:1a:73:ea:c1:86:0b:
         58:31:d4:bb:20:d6:3c:64:a2:25:79:0c:7c:3b:86:e2:49:5b:
         b8:3e:21:a8:f3:9b:c4:9d:3c:60:b9:53:bf:8f:8e:81:68:1d:
         8a:41:1a:22:0e:34:12:4c:42:87:c6:28:a4:4e:5b:9a:10:8d:
         0a:fc:d7:e1:78:d7:d6:ae:b6:94:7e:4b:24:bd:f8:e1:34:16:
         6d:df:92:64:1b:b9:13:02:17:59:af:52:11:45:93:5f:5f:ca:
         a9:26:bf:65:c7:54:1e:c2:68:32:52:a1:96:02:64:3e:54:77:
         15:ef:5d:ed:63:0e:22:8f:6c:41:8c:51:88:02:07:04:a9:e9:
         77:f7:a4:a0:ae:f4:c7:7e:5d:3f:22:80:3e:6d:c2:90:f6:58:
         4b:4d:06:d6:30:72:79:cb:ce:ff:37:59:bd:20:a4:78:50:32:
         54:8a:b7:24:a8:db:86:a1:1b:7e:0a:ac:49:cb:af:06:44:b0:
         a1:47:23:e9:ed:0e:1b:72:12:44:31:f8:17:40:5b:0f:7e:1f:
         97:3e:af:e7:06:59:5c:64:78:31:01:be:5a:52:2b:7a:df:3a:
         c2:cb:ba:9f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZMSKWCEpXrf9euJQ7g++R2nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZjQ5Njk4NDJkZTljNGMxZTFhNTc1OWQ5OGQxZWQ1YzBk
NjJlZjgwHhcNMjQxMTA5MTgyMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjQzZDU3YjAzYjg5M2VmY2VkYmYwOGZmYjU1NGRkMGVmNjhlNDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTj3Q2PHE5wYVMFWRUvxyD/Ok7rm
98/p+fEyvfLAGkDNWCsavt3koc3ZI2o0Q5pT9sQcaSX7DrmHSfHSjLMiQn1N1I5W
Qy4Nxckim9AVniKtINkETWkt4NO1URckOrOJpiUMz0+6jO88WQDTxUTEX2w0CerS
wkKta94ptqU73vj3hzdlfPG6bK/T0NK2Vh9tVCMr78sDIDQ5uQBW9ZGnOc4CC7dc
x8PohVM0fiZMq7S0H+dA+yIc52o40PKIipIogRZwy1zT5Io04t6fICT4yLS87nW4
nAj7119rOarh/76CRG7Y2AgfhE+WUszjG4ANgXWITdd3LQ5AQ1g4igQWXwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC9D1XsDuJPvztvwj/tVTdDvaOQMMB8GA1UdIwQY
MBaAFKr0lphC3pxMHhpXWdmNHtXA1i74MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXZTV21FTGVuRXdlR2xkWjJZMGUxY0RXTHZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MjBmOWYtZjBiOC00NGQyLTgzNjct
ZjgxZmRmNzRlNjU1LzEvTDBQVmV3TzRrLV9PMl9DUC0xVk4wTzlvNUF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MjBmOWYtZjBiOC00NGQyLTgzNjctZjgxZmRmNzRlNjU1
LzEvcXZTV21FTGVuRXdlR2xkWjJZMGUxY0RXTHZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9JAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBMR89y1E7yIqlvuocR18uk8REnjbZ3dP9xMS08
RRQac+rBhgtYMdS7INY8ZKIleQx8O4biSVu4PiGo85vEnTxguVO/j46BaB2KQRoi
DjQSTEKHxiikTluaEI0K/NfheNfWrraUfkskvfjhNBZt35JkG7kTAhdZr1IRRZNf
X8qpJr9lx1QewmgyUqGWAmQ+VHcV713tYw4ij2xBjFGIAgcEqel396SgrvTHfl0/
IoA+bcKQ9lhLTQbWMHJ5y87/N1m9IKR4UDJUirckqNuGoRt+CqxJy68GRLChRyPp
7Q4bchJEMfgXQFsPfh+XPq/nBllcZHgxAb5aUit63zrCy7qf
-----END CERTIFICATE-----