Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/lsTY6AmWoYOLDn9vJEopaPrCzaE.roa
File:                     lsTY6AmWoYOLDn9vJEopaPrCzaE.roa (raw, json)
Hash identifier:          zdYo35yHHZ9h7IbD1O6eQ0PbAdPIh6AmlbW/iwXvWFw=
Subject key identifier:   96:C4:D8:E8:09:96:A1:83:8B:0E:7F:6F:24:4A:29:68:FA:C2:CD:A1
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       01942521E1F77EE1AE1D7F89CD7BA6B6AA27
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/lsTY6AmWoYOLDn9vJEopaPrCzaE.roa
Signing time:             Thu 02 Jan 2025 03:49:24 +0000
ROA not before:           Thu 02 Jan 2025 03:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203236
IP address blocks:        2a0a:280:1500::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:e1:f7:7e:e1:ae:1d:7f:89:cd:7b:a6:b6:aa:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 03:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96c4d8e80996a1838b0e7f6f244a2968fac2cda1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:79:61:64:ea:79:3a:a8:70:a9:2f:d9:62:99:
                    23:66:aa:18:20:9f:6b:9a:a5:78:aa:27:7a:a1:21:
                    26:ed:be:68:10:fc:40:13:48:08:2b:92:bb:fd:f4:
                    3a:6a:03:fc:00:85:69:77:a1:21:ad:89:9a:17:17:
                    b6:89:96:a3:56:20:26:5f:f9:3f:c2:2d:66:fb:ed:
                    4d:8f:0e:57:58:c2:76:91:52:63:ac:c9:d7:4d:f5:
                    95:5f:c6:fa:8c:1c:d6:be:e5:93:8a:a1:de:07:bf:
                    88:f0:4e:44:fa:6e:1c:56:8a:da:0f:e8:03:65:68:
                    ee:d3:20:df:44:48:16:aa:9c:72:85:00:74:1f:aa:
                    17:f4:d4:3a:79:4e:42:74:e6:58:0e:05:f8:a4:a7:
                    46:e2:2e:13:6b:b8:48:64:2c:ec:69:78:c3:82:1f:
                    79:da:da:f4:04:af:d2:d1:3d:29:a2:f0:d8:5b:82:
                    11:08:3d:cd:d9:7d:88:83:e2:c1:43:1b:74:3f:ce:
                    ba:d5:56:8c:3d:e8:06:52:05:f3:8f:f8:b3:ed:ca:
                    1d:c5:76:05:c5:f6:ba:d8:36:b4:08:b9:75:7f:87:
                    bb:90:f0:9b:b8:7e:f2:9b:c5:3e:3d:01:ba:2f:2c:
                    67:58:02:88:81:5a:91:c8:08:86:41:07:2a:c4:f2:
                    42:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:C4:D8:E8:09:96:A1:83:8B:0E:7F:6F:24:4A:29:68:FA:C2:CD:A1
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/lsTY6AmWoYOLDn9vJEopaPrCzaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:1500::/40

    Signature Algorithm: sha256WithRSAEncryption
         2d:8f:f9:a3:86:7b:c0:ff:31:b5:c0:7a:72:23:92:53:45:57:
         54:be:74:5b:ef:d5:c9:e5:a6:8c:ef:64:ce:5e:12:ee:6a:31:
         87:06:16:98:df:9f:4b:c3:a0:65:22:01:f7:fe:a8:7e:7e:07:
         bd:f7:d8:ba:5e:d9:d2:a0:aa:c1:97:c2:88:5e:a4:72:11:8c:
         de:73:35:86:1d:99:8e:3c:88:19:68:c0:38:56:b4:ad:a5:26:
         62:70:26:03:2f:cd:a2:b9:49:34:08:dc:ae:4f:25:14:d0:93:
         de:89:49:1a:9d:d9:82:9a:93:b1:43:34:f6:63:b4:40:2f:c8:
         5c:0e:29:fb:54:51:f4:46:2e:a5:d8:8c:79:3f:db:94:85:c0:
         0c:8f:75:61:91:a8:11:23:a1:ce:73:f8:fd:38:e4:88:ca:95:
         c1:e6:dc:b2:37:14:34:12:4b:02:f5:0c:e4:1f:b4:8e:eb:81:
         12:56:b8:ad:ef:b6:bd:65:59:72:0c:82:cf:1d:92:c1:b5:89:
         05:b0:4b:85:13:91:83:a2:f9:ba:b8:c4:d6:7a:1e:33:41:33:
         6a:d1:92:e9:24:0b:7c:d3:26:5a:96:34:33:2c:e7:66:f1:ba:
         cf:a0:ff:a3:8a:fb:af:b4:c1:dd:25:dc:4e:cd:e7:a7:9f:24:
         e0:45:f1:47
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQlIeH3fuGuHX+JzXumtqonMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjUwMTAyMDM0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmM0ZDhlODA5OTZhMTgzOGIwZTdmNmYyNDRhMjk2OGZhYzJjZGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3lhZOp5OqhwqS/ZYpkjZqoYIJ9r
mqV4qid6oSEm7b5oEPxAE0gIK5K7/fQ6agP8AIVpd6EhrYmaFxe2iZajViAmX/k/
wi1m++1Njw5XWMJ2kVJjrMnXTfWVX8b6jBzWvuWTiqHeB7+I8E5E+m4cVoraD+gD
ZWju0yDfREgWqpxyhQB0H6oX9NQ6eU5CdOZYDgX4pKdG4i4Ta7hIZCzsaXjDgh95
2tr0BK/S0T0povDYW4IRCD3N2X2Ig+LBQxt0P8661VaMPegGUgXzj/iz7codxXYF
xfa62Da0CLl1f4e7kPCbuH7ym8U+PQG6LyxnWAKIgVqRyAiGQQcqxPJCEwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJbE2OgJlqGDiw5/byRKKWj6ws2hMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvbHNUWTZBbVdvWU9MRG45dkpFb3BhUHJDemFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgBUw
DQYJKoZIhvcNAQELBQADggEBAC2P+aOGe8D/MbXAenIjklNFV1S+dFvv1cnlpozv
ZM5eEu5qMYcGFpjfn0vDoGUiAff+qH5+B7332Lpe2dKgqsGXwohepHIRjN5zNYYd
mY48iBlowDhWtK2lJmJwJgMvzaK5STQI3K5PJRTQk96JSRqd2YKak7FDNPZjtEAv
yFwOKftUUfRGLqXYjHk/25SFwAyPdWGRqBEjoc5z+P045IjKlcHm3LI3FDQSSwL1
DOQftI7rgRJWuK3vtr1lWXIMgs8dksG1iQWwS4UTkYOi+bq4xNZ6HjNBM2rRkukk
C3zTJlqWNDMs52bxus+g/6OK+6+0wd0l3E7N56efJOBF8Uc=
-----END CERTIFICATE-----