Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/h4Wdvms4wuQVg2v8lAhl_FvWiDU.roa
File:                     h4Wdvms4wuQVg2v8lAhl_FvWiDU.roa (raw, json)
Hash identifier:          qgpyjP3KxvlInp3FHrdBXgF7d6QXTNIjbw3bJgQTHgw=
Subject key identifier:   87:85:9D:BE:6B:38:C2:E4:15:83:6B:FC:94:08:65:FC:5B:D6:88:35
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       01946E7B10A1F815B1BABFEE20B560AF4FEB
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/h4Wdvms4wuQVg2v8lAhl_FvWiDU.roa
Signing time:             Thu 16 Jan 2025 09:39:06 +0000
ROA not before:           Thu 16 Jan 2025 09:39:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     150249
IP address blocks:        2a0a:280:2a00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:6e:7b:10:a1:f8:15:b1:ba:bf:ee:20:b5:60:af:4f:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan 16 09:39:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87859dbe6b38c2e415836bfc940865fc5bd68835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:4a:1b:d3:17:d5:9d:12:be:5f:51:17:68:14:
                    06:b6:1c:e9:36:29:a8:11:ac:63:e5:24:d4:a7:ea:
                    c9:44:67:b6:5e:79:01:6a:a4:9b:6b:1c:4a:95:32:
                    73:95:2b:ec:c8:b0:ed:92:33:1c:bd:c9:32:04:3c:
                    3f:f9:4a:01:d3:d2:36:d9:f7:3e:40:66:80:1f:84:
                    d6:04:ee:dd:0b:b4:e3:c6:55:2d:ce:20:28:06:f7:
                    99:f3:02:ff:8e:0a:2b:2c:c9:ba:cc:ff:27:cb:9a:
                    bc:35:51:0d:05:ff:a3:57:a4:b3:a6:c0:e0:4c:9c:
                    c6:93:0f:9a:14:9e:a2:05:3b:9e:66:ef:b6:b7:cc:
                    6f:78:b3:38:34:1d:40:c5:9d:92:38:8a:96:1f:fe:
                    1e:64:21:7f:04:7d:72:5d:88:7a:9e:e5:9c:6d:de:
                    88:19:87:67:ca:ad:2a:39:40:5d:08:06:16:9a:20:
                    e6:b6:2c:0b:ea:91:d1:02:eb:18:b4:45:64:61:f8:
                    13:5c:21:c9:fd:ff:65:09:74:f0:8a:20:7a:36:ec:
                    54:5d:7b:c3:77:70:f3:2e:cc:0e:96:5c:ad:8d:c2:
                    2d:c5:b9:f7:70:4a:de:e3:0b:ba:e3:fa:2b:42:65:
                    fe:27:ce:2e:02:78:d2:0d:80:d4:fc:c4:48:a3:25:
                    65:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:85:9D:BE:6B:38:C2:E4:15:83:6B:FC:94:08:65:FC:5B:D6:88:35
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/h4Wdvms4wuQVg2v8lAhl_FvWiDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:2a00::/40

    Signature Algorithm: sha256WithRSAEncryption
         af:95:89:d4:bc:2a:ca:2b:7b:c3:85:c5:ec:23:d2:04:e7:ae:
         90:3b:22:6b:f8:58:73:ef:04:d8:9e:e0:d7:ac:e0:e9:4a:95:
         21:aa:3d:5d:7f:3e:6f:b8:b9:4a:b8:bc:10:a4:d2:f7:07:78:
         d7:50:b8:dd:4b:73:b7:3b:34:fe:66:c6:09:44:68:52:8b:3f:
         b0:3d:5d:a3:ee:30:08:09:bf:97:d0:2c:c0:26:79:71:8d:05:
         94:9e:1f:1a:6c:9a:0c:f7:4c:c8:5f:5f:08:3d:d9:6d:b7:25:
         7d:d0:7d:86:76:be:4e:8d:96:5a:6e:34:e3:7f:9b:40:4e:60:
         9d:15:11:31:4d:d1:49:22:77:14:bf:f7:5b:c2:d9:62:f0:08:
         67:43:2d:9b:f8:5d:8e:a5:29:f8:05:2f:a1:d4:ac:0d:63:0b:
         30:14:7b:7a:e9:4a:4c:21:f8:0e:7b:f4:bd:de:21:8b:4f:8c:
         7c:af:87:bc:7f:63:55:8c:b5:62:07:fa:e1:91:32:b4:0f:18:
         35:b7:29:8e:8e:d7:35:65:4b:97:81:ea:1b:54:e2:6e:7d:89:
         df:7a:98:5d:66:d7:75:fe:77:9c:5b:1f:da:8f:16:68:99:9b:
         51:5f:c8:ab:11:01:c3:f7:ab:0f:f1:05:10:bd:a1:91:4b:63:
         c3:47:e5:f4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZRuexCh+BWxur/uILVgr0/rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjUwMTE2MDkzOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Nzg1OWRiZTZiMzhjMmU0MTU4MzZiZmM5NDA4NjVmYzViZDY4ODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0ob0xfVnRK+X1EXaBQGthzpNimo
Eaxj5STUp+rJRGe2XnkBaqSbaxxKlTJzlSvsyLDtkjMcvckyBDw/+UoB09I22fc+
QGaAH4TWBO7dC7TjxlUtziAoBveZ8wL/jgorLMm6zP8ny5q8NVENBf+jV6SzpsDg
TJzGkw+aFJ6iBTueZu+2t8xveLM4NB1AxZ2SOIqWH/4eZCF/BH1yXYh6nuWcbd6I
GYdnyq0qOUBdCAYWmiDmtiwL6pHRAusYtEVkYfgTXCHJ/f9lCXTwiiB6NuxUXXvD
d3DzLswOllytjcItxbn3cEre4wu64/orQmX+J84uAnjSDYDU/MRIoyVlgwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIeFnb5rOMLkFYNr/JQIZfxb1og1MB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvaDRXZHZtczR3dVFWZzJ2OGxBaGxfRnZXaURVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgCow
DQYJKoZIhvcNAQELBQADggEBAK+VidS8Ksore8OFxewj0gTnrpA7Imv4WHPvBNie
4Nes4OlKlSGqPV1/Pm+4uUq4vBCk0vcHeNdQuN1Lc7c7NP5mxglEaFKLP7A9XaPu
MAgJv5fQLMAmeXGNBZSeHxpsmgz3TMhfXwg92W23JX3QfYZ2vk6NllpuNON/m0BO
YJ0VETFN0UkidxS/91vC2WLwCGdDLZv4XY6lKfgFL6HUrA1jCzAUe3rpSkwh+A57
9L3eIYtPjHyvh7x/Y1WMtWIH+uGRMrQPGDW3KY6O1zVlS5eB6htU4m59id96mF1m
13X+d5xbH9qPFmiZm1FfyKsRAcP3qw/xBRC9oZFLY8NH5fQ=
-----END CERTIFICATE-----