Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/_V9iNdLNvzcILlqD4tp-rDulSmM.roa
File:                     _V9iNdLNvzcILlqD4tp-rDulSmM.roa (raw, json)
Hash identifier:          kxzIFRUPsKA3j+xYpHpOGCAi5Yz0wuFJtVxH/VGdwMM=
Subject key identifier:   FD:5F:62:35:D2:CD:BF:37:08:2E:5A:83:E2:DA:7E:AC:3B:A5:4A:63
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       0194266C1AB0322B7C03010EBB3F3E3ED30D
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/_V9iNdLNvzcILlqD4tp-rDulSmM.roa
Signing time:             Thu 02 Jan 2025 09:50:06 +0000
ROA not before:           Thu 02 Jan 2025 09:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38191
IP address blocks:        2a01:3e0:d01::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:1a:b0:32:2b:7c:03:01:0e:bb:3f:3e:3e:d3:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Jan  2 09:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd5f6235d2cdbf37082e5a83e2da7eac3ba54a63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:6f:f2:0a:58:35:24:b4:de:8e:a3:bb:d1:91:
                    d0:e3:6c:e0:57:b2:af:eb:d4:43:9b:5c:95:23:08:
                    49:24:fd:33:e5:fe:df:ad:50:7a:8f:74:0e:6d:fb:
                    f9:02:79:e5:4f:2c:98:0f:0e:47:2c:0b:e8:c6:cc:
                    00:34:f6:01:2d:24:3c:e9:7c:37:5e:f4:b5:c4:76:
                    63:20:bd:ce:67:94:18:7e:65:98:f7:0d:02:86:2a:
                    e2:d8:0c:5f:04:35:c9:1d:20:2b:15:57:8e:75:a0:
                    83:82:0a:79:d3:d2:8f:c9:85:a5:67:06:32:d0:e6:
                    34:a4:51:c0:4c:95:6e:eb:fa:88:0b:2a:39:ca:cd:
                    0d:ae:03:8c:6e:a8:49:32:45:c2:4c:4f:22:49:bd:
                    ab:5f:49:f4:b9:b2:c8:f0:de:1e:0a:bf:2e:66:f6:
                    4f:1a:16:4b:d7:e0:99:63:e6:ae:dc:61:fe:de:99:
                    08:b0:a5:c8:07:45:23:3e:7a:01:48:aa:19:8d:da:
                    33:ba:a5:c4:be:2d:7f:4b:b8:81:73:b7:2b:77:b6:
                    a7:2a:47:ac:ff:aa:27:73:1e:c2:dd:d0:bf:cd:c0:
                    7a:0b:d3:c2:93:91:eb:65:40:09:98:83:8b:ef:be:
                    9d:e1:b6:15:58:83:35:91:45:4c:1d:b3:02:92:9b:
                    eb:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:5F:62:35:D2:CD:BF:37:08:2E:5A:83:E2:DA:7E:AC:3B:A5:4A:63
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/_V9iNdLNvzcILlqD4tp-rDulSmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:3e0:d01::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:84:50:52:0a:7d:48:1d:cc:61:84:11:66:8c:34:da:e4:57:
         c0:a2:37:7a:3f:b4:38:94:3b:b0:df:db:1a:83:b7:b8:0c:1f:
         86:c6:49:00:56:cb:26:4e:82:7e:c6:c6:3c:f6:8b:8c:e5:71:
         aa:27:dc:e5:63:73:e3:12:35:56:31:38:68:87:7c:e5:ac:5d:
         f6:f0:2e:3a:e1:26:06:89:f0:c0:ff:41:77:40:e5:12:0c:ba:
         e1:da:ee:c2:23:05:a5:c4:95:e4:7e:30:b8:12:e9:69:fa:71:
         1a:fd:4a:fc:65:0a:27:4a:40:4b:07:90:70:7e:76:cb:1e:4a:
         82:32:38:49:54:d0:50:72:e3:c6:2e:1b:16:94:d0:f8:7f:75:
         9f:4b:c1:44:4e:65:4d:2c:94:ab:a0:40:15:71:83:cd:4a:35:
         d5:24:08:43:09:15:35:e4:9f:c5:f2:8a:31:fe:b2:b9:6b:34:
         06:43:cd:06:91:2f:a4:1c:ee:e4:83:4f:46:0b:e4:e4:99:ba:
         fc:55:4b:a3:5a:8c:d2:37:0e:ef:75:f7:78:f1:7d:37:94:4e:
         4f:23:49:37:31:2d:2b:ce:9e:4d:7a:0f:c6:37:90:57:6b:63:
         29:43:b7:5f:26:6c:ef:59:bb:7e:c9:18:9f:f9:cf:20:94:3a:
         06:96:ce:33
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQmbBqwMit8AwEOuz8+PtMNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjUwMTAyMDk1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDVmNjIzNWQyY2RiZjM3MDgyZTVhODNlMmRhN2VhYzNiYTU0YTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9m/yClg1JLTejqO70ZHQ42zgV7Kv
69RDm1yVIwhJJP0z5f7frVB6j3QObfv5AnnlTyyYDw5HLAvoxswANPYBLSQ86Xw3
XvS1xHZjIL3OZ5QYfmWY9w0Chiri2AxfBDXJHSArFVeOdaCDggp509KPyYWlZwYy
0OY0pFHATJVu6/qICyo5ys0NrgOMbqhJMkXCTE8iSb2rX0n0ubLI8N4eCr8uZvZP
GhZL1+CZY+au3GH+3pkIsKXIB0UjPnoBSKoZjdozuqXEvi1/S7iBc7crd7anKkes
/6oncx7C3dC/zcB6C9PCk5HrZUAJmIOL776d4bYVWIM1kUVMHbMCkpvrmQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP1fYjXSzb83CC5ag+Lafqw7pUpjMB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvX1Y5aU5kTE52emNJTGxxRDR0cC1yRHVsU21NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgED4A0B
MA0GCSqGSIb3DQEBCwUAA4IBAQCvhFBSCn1IHcxhhBFmjDTa5FfAojd6P7Q4lDuw
39sag7e4DB+GxkkAVssmToJ+xsY89ouM5XGqJ9zlY3PjEjVWMThoh3zlrF328C46
4SYGifDA/0F3QOUSDLrh2u7CIwWlxJXkfjC4Eulp+nEa/Ur8ZQonSkBLB5BwfnbL
HkqCMjhJVNBQcuPGLhsWlND4f3WfS8FETmVNLJSroEAVcYPNSjXVJAhDCRU15J/F
8oox/rK5azQGQ80GkS+kHO7kg09GC+Tkmbr8VUujWozSNw7vdfd48X03lE5PI0k3
MS0rzp5Neg/GN5BXa2MpQ7dfJmzvWbt+yRif+c8glDoGls4z
-----END CERTIFICATE-----