Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/SmBWFs2JZp-Kija2c7xPvzisjqY.roa
File:                     SmBWFs2JZp-Kija2c7xPvzisjqY.roa (raw, json)
Hash identifier:          hKlLzT2Dg4Xh1iL/3d5i5HLxDI7Ai252L90EvULpFjk=
Subject key identifier:   4A:60:56:16:CD:89:66:9F:8A:8A:36:B6:73:BC:4F:BF:38:AC:8E:A6
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01942369FFF33CBBE79E0180ADFEC8B57E01
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/SmBWFs2JZp-Kija2c7xPvzisjqY.roa
Signing time:             Wed 01 Jan 2025 19:48:56 +0000
ROA not before:           Wed 01 Jan 2025 19:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216349
IP address blocks:        2a0f:9ac0::/29 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:ff:f3:3c:bb:e7:9e:01:80:ad:fe:c8:b5:7e:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 19:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a605616cd89669f8a8a36b673bc4fbf38ac8ea6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:7e:91:5d:b3:9e:68:9d:4a:99:13:4f:56:70:
                    b5:1c:64:a6:4d:63:5b:d1:15:fa:34:a6:dd:f8:19:
                    10:ff:21:44:aa:fa:52:ac:77:85:66:77:ac:8f:90:
                    a5:ff:55:7b:c1:47:37:8f:f2:c8:b0:9b:83:4c:4d:
                    19:a8:8d:ee:1a:73:45:b5:c5:57:54:50:89:49:0e:
                    9d:52:8f:b2:87:92:55:6f:21:8d:12:2f:f2:86:99:
                    65:c1:e3:1b:98:ca:64:a5:88:86:23:3d:32:df:d6:
                    00:64:f4:1d:6b:9f:b9:c0:86:d1:40:78:c1:c4:d2:
                    38:6f:5e:ec:05:3d:34:48:99:e3:e2:4b:05:01:1f:
                    e6:e2:d8:03:07:96:97:9d:82:35:c5:f9:a6:34:76:
                    0f:9e:04:a1:93:64:34:28:6f:24:ef:72:41:7d:5c:
                    2d:89:19:5f:95:f6:10:fa:a4:be:45:8d:43:1a:29:
                    04:53:32:5f:c4:ce:0f:15:e7:aa:0c:31:c9:a1:8e:
                    4f:63:db:1a:fb:29:53:2c:21:5e:07:32:6f:14:da:
                    6a:4c:b3:1f:88:82:1a:06:55:ff:0e:c2:11:4c:56:
                    f2:a5:67:64:78:b2:50:4f:f8:4a:b5:64:9c:d4:e8:
                    e3:35:e5:c2:67:af:46:2c:8c:19:25:a5:04:64:e6:
                    1c:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:60:56:16:CD:89:66:9F:8A:8A:36:B6:73:BC:4F:BF:38:AC:8E:A6
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/SmBWFs2JZp-Kija2c7xPvzisjqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:9ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:36:26:5a:2f:72:0b:44:18:8a:b2:0d:4c:2f:f3:55:10:95:
         ba:fb:33:00:ab:d9:bd:1a:45:fe:9f:69:5b:4f:99:46:aa:51:
         66:c1:73:1c:2b:cf:0b:50:61:29:b8:c6:d4:29:77:4b:a9:70:
         3e:1b:30:9f:60:62:5f:58:79:63:14:15:dc:0a:48:a0:d6:33:
         3e:2f:04:bc:c9:48:c6:e1:df:2e:a5:51:6d:69:51:04:51:36:
         85:1b:92:4f:23:13:de:02:e1:08:8c:43:ab:e2:3d:32:d6:06:
         18:4c:99:f2:6c:42:a9:13:46:71:e8:a5:27:19:25:f7:61:66:
         e2:fd:73:8d:96:b9:f9:68:c5:1a:12:02:e5:78:d5:7b:27:7c:
         e7:e1:85:3c:14:98:6d:d6:ec:46:14:ba:00:b5:b7:d5:c5:4f:
         cf:d5:00:1b:bf:70:47:d3:5e:1d:bd:5d:7a:ae:29:d2:be:8f:
         26:2d:fb:86:91:1e:ce:2b:4b:c4:e7:82:d7:22:33:b7:7e:53:
         5e:1b:7e:11:5c:5d:1f:89:f4:d3:3e:cf:1c:2d:2b:92:ff:4d:
         ee:da:59:01:b4:f8:36:a3:a0:9e:05:fb:01:92:f9:23:27:3a:
         50:73:53:3c:62:7b:09:1a:55:da:65:9c:e7:1f:a7:d1:1c:a7:
         88:c5:e0:05
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQjaf/zPLvnngGArf7ItX4BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTAxMTk0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTYwNTYxNmNkODk2NjlmOGE4YTM2YjY3M2JjNGZiZjM4YWM4ZWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzH6RXbOeaJ1KmRNPVnC1HGSmTWNb
0RX6NKbd+BkQ/yFEqvpSrHeFZnesj5Cl/1V7wUc3j/LIsJuDTE0ZqI3uGnNFtcVX
VFCJSQ6dUo+yh5JVbyGNEi/yhpllweMbmMpkpYiGIz0y39YAZPQda5+5wIbRQHjB
xNI4b17sBT00SJnj4ksFAR/m4tgDB5aXnYI1xfmmNHYPngShk2Q0KG8k73JBfVwt
iRlflfYQ+qS+RY1DGikEUzJfxM4PFeeqDDHJoY5PY9sa+ylTLCFeBzJvFNpqTLMf
iIIaBlX/DsIRTFbypWdkeLJQT/hKtWSc1OjjNeXCZ69GLIwZJaUEZOYcEwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEpgVhbNiWafioo2tnO8T784rI6mMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvU21CV0ZzMkpacC1LaWphMmM3eFB2emlzanFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg+awDAN
BgkqhkiG9w0BAQsFAAOCAQEAJDYmWi9yC0QYirINTC/zVRCVuvszAKvZvRpF/p9p
W0+ZRqpRZsFzHCvPC1BhKbjG1Cl3S6lwPhswn2BiX1h5YxQV3ApIoNYzPi8EvMlI
xuHfLqVRbWlRBFE2hRuSTyMT3gLhCIxDq+I9MtYGGEyZ8mxCqRNGceilJxkl92Fm
4v1zjZa5+WjFGhIC5XjVeyd85+GFPBSYbdbsRhS6ALW31cVPz9UAG79wR9NeHb1d
eq4p0r6PJi37hpEezitLxOeC1yIzt35TXht+EVxdH4n00z7PHC0rkv9N7tpZAbT4
NqOgngX7AZL5Iyc6UHNTPGJ7CRpV2mWc5x+n0RyniMXgBQ==
-----END CERTIFICATE-----