Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/9fuYulUVxtgS2OdAoDqw73sL458.roa
File:                     9fuYulUVxtgS2OdAoDqw73sL458.roa (raw, json)
Hash identifier:          4sliq0762rmQYCBsPA1iMqCrKBq5MvjcOahYDnYc2F8=
Subject key identifier:   F5:FB:98:BA:55:15:C6:D8:12:D8:E7:40:A0:3A:B0:EF:7B:0B:E3:9F
Certificate issuer:       /CN=979f5ca8c33f134c3c157d48b9c2ae4e91b630bf
Certificate serial:       019420680BBC5931A7597B5FF23046B39F49
Authority key identifier: 97:9F:5C:A8:C3:3F:13:4C:3C:15:7D:48:B9:C2:AE:4E:91:B6:30:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/9fuYulUVxtgS2OdAoDqw73sL458.roa
Signing time:             Wed 01 Jan 2025 05:47:57 +0000
ROA not before:           Wed 01 Jan 2025 05:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     141193
IP address blocks:        2001:b18:1015::/48 maxlen: 48
                          2a0d:82c7:3000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:0b:bc:59:31:a7:59:7b:5f:f2:30:46:b3:9f:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=979f5ca8c33f134c3c157d48b9c2ae4e91b630bf
        Validity
            Not Before: Jan  1 05:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5fb98ba5515c6d812d8e740a03ab0ef7b0be39f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:bb:9b:02:07:96:55:1e:96:a8:82:2a:9b:bd:
                    5b:1b:c4:45:56:37:2c:85:42:96:8f:5d:4f:0d:14:
                    7e:b6:39:a1:52:64:1b:6e:a2:e9:ef:92:d7:bb:2b:
                    dc:af:16:7e:1b:b3:07:10:b7:75:50:ed:1d:6d:e7:
                    8b:44:a4:c7:f2:91:7b:ac:b1:13:f6:22:12:4d:43:
                    c0:41:db:54:59:d2:59:f8:cf:4e:9c:8c:a1:88:56:
                    5c:23:5d:2e:f1:65:8a:0e:dd:8a:04:24:f7:e2:b0:
                    fd:54:47:14:55:d2:e8:a6:dd:50:7b:60:17:7d:b7:
                    2f:ab:74:10:5e:49:06:2d:27:ca:03:ed:e5:98:43:
                    a3:54:ff:75:19:1d:bf:55:41:3a:7d:f5:67:2e:e7:
                    f6:e6:5e:aa:1c:c8:53:63:07:d7:46:de:98:63:bf:
                    f0:d7:cd:de:9c:43:12:5d:18:fb:69:6c:46:b6:1b:
                    bb:71:35:8e:8c:c7:55:dc:df:e8:67:0b:1d:4c:58:
                    3b:0a:1b:be:db:22:a0:81:c0:df:ad:f6:02:8c:4d:
                    35:41:08:e5:36:d0:e4:a5:3e:4d:ee:52:45:2d:f9:
                    7c:c0:d3:f5:b7:52:87:25:14:4f:fb:e9:a3:00:f6:
                    b3:76:69:cf:9d:53:39:08:17:ab:77:49:59:ae:8a:
                    ef:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:FB:98:BA:55:15:C6:D8:12:D8:E7:40:A0:3A:B0:EF:7B:0B:E3:9F
            X509v3 Authority Key Identifier:
                keyid:97:9F:5C:A8:C3:3F:13:4C:3C:15:7D:48:B9:C2:AE:4E:91:B6:30:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/9fuYulUVxtgS2OdAoDqw73sL458.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:b18:1015::/48
                  2a0d:82c7:3000::/36

    Signature Algorithm: sha256WithRSAEncryption
         07:74:75:4c:53:cd:44:57:53:cb:09:2f:5a:d1:f1:dc:72:cb:
         47:a0:90:a1:f1:d4:4a:5d:e1:23:f3:e4:3b:11:38:60:23:64:
         10:1b:97:f8:05:37:db:b7:09:9a:e6:d7:76:ca:a0:4c:01:ac:
         d9:1c:f2:10:81:6f:aa:83:c0:64:46:0a:73:f5:c0:bd:cf:75:
         ed:77:8e:9d:f6:11:d7:29:bd:81:4f:0e:89:28:fa:4d:b2:9d:
         f0:7c:da:e4:6f:37:2a:12:33:81:36:b0:5a:68:39:27:f5:6c:
         73:ad:b1:59:49:cc:96:39:3a:3b:b5:ba:0f:e4:00:3a:72:a3:
         3c:f4:3c:9b:7b:fc:d0:d7:12:bf:ac:18:2e:20:b4:66:37:1d:
         5d:7e:e3:58:0b:d3:88:19:a2:4a:9a:c5:4f:df:1e:13:f5:ef:
         8e:2f:b6:11:2c:cb:cd:0f:20:69:e5:8d:cd:ce:e0:c8:c7:04:
         c6:f6:c5:78:9f:e1:1a:24:18:a9:ce:61:be:95:02:a7:09:82:
         70:e2:67:f4:cc:79:3a:58:6c:31:a4:05:a5:30:06:ed:ab:89:
         36:49:8a:f3:b9:e7:65:5f:fb:7b:c0:7b:59:fa:48:f8:1f:75:
         7e:94:85:cf:64:ac:ec:76:cd:81:7a:55:a6:b7:84:9c:89:5a:
         b9:6c:eb:fe
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZQgaAu8WTGnWXtf8jBGs59JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OWY1Y2E4YzMzZjEzNGMzYzE1N2Q0OGI5YzJhZTRlOTFi
NjMwYmYwHhcNMjUwMTAxMDU0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWZiOThiYTU1MTVjNmQ4MTJkOGU3NDBhMDNhYjBlZjdiMGJlMzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrubAgeWVR6WqIIqm71bG8RFVjcs
hUKWj11PDRR+tjmhUmQbbqLp75LXuyvcrxZ+G7MHELd1UO0dbeeLRKTH8pF7rLET
9iISTUPAQdtUWdJZ+M9OnIyhiFZcI10u8WWKDt2KBCT34rD9VEcUVdLopt1Qe2AX
fbcvq3QQXkkGLSfKA+3lmEOjVP91GR2/VUE6ffVnLuf25l6qHMhTYwfXRt6YY7/w
183enEMSXRj7aWxGthu7cTWOjMdV3N/oZwsdTFg7Chu+2yKggcDfrfYCjE01QQjl
NtDkpT5N7lJFLfl8wNP1t1KHJRRP++mjAPazdmnPnVM5CBerd0lZrorvQQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFPX7mLpVFcbYEtjnQKA6sO97C+OfMB8GA1UdIwQY
MBaAFJefXKjDPxNMPBV9SLnCrk6RtjC/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDU5Y3FNTV9FMHc4RlgxSXVjS3VUcEcyTUw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9mNjU2MTAtNTlmNi00YWQ2LWE5ZDgt
MTQ3MGFjMzY0ZGQyLzEvOWZ1WXVsVVZ4dGdTMk9kQW9EcXc3M3NMNDU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9mNjU2MTAtNTlmNi00YWQ2LWE5ZDgtMTQ3MGFjMzY0ZGQy
LzEvbDU5Y3FNTV9FMHc4RlgxSXVjS3VUcEcyTUw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAIAELGBAV
AwYEKg2CxzAwDQYJKoZIhvcNAQELBQADggEBAAd0dUxTzURXU8sJL1rR8dxyy0eg
kKHx1Epd4SPz5DsROGAjZBAbl/gFN9u3CZrm13bKoEwBrNkc8hCBb6qDwGRGCnP1
wL3Pde13jp32EdcpvYFPDoko+k2ynfB82uRvNyoSM4E2sFpoOSf1bHOtsVlJzJY5
Oju1ug/kADpyozz0PJt7/NDXEr+sGC4gtGY3HV1+41gL04gZokqaxU/fHhP1744v
thEsy80PIGnljc3O4MjHBMb2xXif4RokGKnOYb6VAqcJgnDiZ/TMeTpYbDGkBaUw
Bu2riTZJivO552Vf+3vAe1n6SPgfdX6Uhc9krOx2zYF6Vaa3hJyJWrls6/4=
-----END CERTIFICATE-----