Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/24149d-d115-4330-bd49-cb56ed3ea7fa/1/rYOTmI6zBWy0_qXug-7vEbI5-NE.roa
File:                     rYOTmI6zBWy0_qXug-7vEbI5-NE.roa (raw, json)
Hash identifier:          WCnXAEMnH2mCY9gWHiuKlZ1HO6eQUoArgriFfc+fAVo=
Subject key identifier:   AD:83:93:98:8E:B3:05:6C:B4:FE:A5:EE:83:EE:EF:11:B2:39:F8:D1
Certificate issuer:       /CN=dc1089c942b68033683b4dd506c0c36f74be0ea3
Certificate serial:       01942067CB32B23CC189E3851752E763C1D3
Authority key identifier: DC:10:89:C9:42:B6:80:33:68:3B:4D:D5:06:C0:C3:6F:74:BE:0E:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3BCJyUK2gDNoO03VBsDDb3S-DqM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/24149d-d115-4330-bd49-cb56ed3ea7fa/1/rYOTmI6zBWy0_qXug-7vEbI5-NE.roa
Signing time:             Wed 01 Jan 2025 05:47:40 +0000
ROA not before:           Wed 01 Jan 2025 05:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26073
IP address blocks:        2a09:a446:1337::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/24149d-d115-4330-bd49-cb56ed3ea7fa/1/3BCJyUK2gDNoO03VBsDDb3S-DqM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/24149d-d115-4330-bd49-cb56ed3ea7fa/1/3BCJyUK2gDNoO03VBsDDb3S-DqM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3BCJyUK2gDNoO03VBsDDb3S-DqM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 17:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:cb:32:b2:3c:c1:89:e3:85:17:52:e7:63:c1:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc1089c942b68033683b4dd506c0c36f74be0ea3
        Validity
            Not Before: Jan  1 05:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad8393988eb3056cb4fea5ee83eeef11b239f8d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:ff:8a:ef:50:97:40:3d:29:79:ff:5b:27:93:
                    c9:9b:a2:d9:c2:ea:57:a7:e1:df:1d:17:22:99:c4:
                    8a:03:c4:63:5a:2d:22:33:ae:91:03:70:18:68:3f:
                    c2:b7:16:e0:a3:23:67:bf:83:f1:70:d1:31:0f:aa:
                    21:85:e0:8a:76:b0:82:eb:98:d5:1e:b8:12:9f:07:
                    45:81:73:58:bb:d9:b4:33:d7:34:2b:41:4a:0b:c6:
                    38:4c:e3:6c:05:af:7a:e3:6a:b9:87:f5:a5:2b:d7:
                    8c:6a:94:d9:f6:0a:be:a8:ca:d4:36:60:ce:49:2d:
                    a6:95:29:f4:fa:fd:3a:d2:48:8e:fd:c8:a4:41:be:
                    92:84:4e:29:bc:d5:0d:70:02:3d:b8:a3:75:f2:ee:
                    66:42:79:24:a5:c7:f2:99:6c:ea:bd:42:ba:3c:71:
                    5a:f1:bb:e4:36:e0:2d:e2:da:80:74:94:e4:bc:2c:
                    30:3f:e3:46:dd:4b:00:e4:b8:11:e3:23:f0:85:40:
                    bf:43:54:18:4f:67:25:e7:3f:b4:33:2f:38:ef:a3:
                    31:b9:50:7e:8d:a1:e8:1c:74:0e:a0:87:a3:6b:93:
                    47:49:e0:7c:b8:d0:cf:6e:c4:65:b7:d9:98:be:76:
                    34:3a:f9:8a:18:69:17:6e:62:e0:68:54:10:a1:d1:
                    19:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:83:93:98:8E:B3:05:6C:B4:FE:A5:EE:83:EE:EF:11:B2:39:F8:D1
            X509v3 Authority Key Identifier:
                keyid:DC:10:89:C9:42:B6:80:33:68:3B:4D:D5:06:C0:C3:6F:74:BE:0E:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3BCJyUK2gDNoO03VBsDDb3S-DqM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/24149d-d115-4330-bd49-cb56ed3ea7fa/1/rYOTmI6zBWy0_qXug-7vEbI5-NE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/24149d-d115-4330-bd49-cb56ed3ea7fa/1/3BCJyUK2gDNoO03VBsDDb3S-DqM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:a446:1337::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:fb:62:27:14:47:87:3a:eb:3b:14:b0:d2:bf:fb:4e:e9:c9:
         1d:1d:e9:c3:5d:6e:13:d5:2d:66:3a:1b:72:30:41:53:a0:8b:
         91:a6:d7:13:83:2b:aa:98:d3:0a:fd:dd:bb:a4:bf:b0:17:39:
         08:a7:72:52:70:26:b3:33:3d:46:d6:4e:55:19:36:26:89:02:
         cc:ce:ee:3f:d5:7e:89:8e:37:c3:09:73:4d:01:15:7e:da:28:
         f2:9f:11:ac:00:a6:98:3b:38:9d:97:60:16:91:c6:e4:4b:fc:
         56:a0:64:89:c3:66:5c:3f:0b:5e:a5:66:9f:15:3d:bb:b1:d8:
         ad:14:64:65:13:f6:56:46:90:ce:7f:54:a9:7b:1f:77:6c:b9:
         47:e8:16:63:a9:db:96:64:bf:0a:09:6e:56:1a:cd:8d:47:f6:
         7e:98:b8:5a:e5:3d:53:a4:a6:e9:a1:f9:ee:25:d5:b6:52:22:
         59:06:1d:71:af:76:b5:1d:24:64:ee:c1:1b:07:fe:06:4c:84:
         21:4e:94:bc:74:04:d8:29:67:99:41:85:6c:80:5b:63:51:a4:
         26:75:88:70:ed:1d:a7:af:df:a9:40:24:6e:3d:80:7e:96:f8:
         a0:22:a4:29:00:01:df:cd:3f:14:9e:39:fe:61:87:c6:6c:aa:
         15:3a:4d:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQgZ8sysjzBieOFF1LnY8HTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMTA4OWM5NDJiNjgwMzM2ODNiNGRkNTA2YzBjMzZmNzRi
ZTBlYTMwHhcNMjUwMTAxMDU0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDgzOTM5ODhlYjMwNTZjYjRmZWE1ZWU4M2VlZWYxMWIyMzlmOGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8/+K71CXQD0pef9bJ5PJm6LZwupX
p+HfHRcimcSKA8RjWi0iM66RA3AYaD/CtxbgoyNnv4PxcNExD6ohheCKdrCC65jV
HrgSnwdFgXNYu9m0M9c0K0FKC8Y4TONsBa9642q5h/WlK9eMapTZ9gq+qMrUNmDO
SS2mlSn0+v060kiO/cikQb6ShE4pvNUNcAI9uKN18u5mQnkkpcfymWzqvUK6PHFa
8bvkNuAt4tqAdJTkvCwwP+NG3UsA5LgR4yPwhUC/Q1QYT2cl5z+0My8476MxuVB+
jaHoHHQOoIeja5NHSeB8uNDPbsRlt9mYvnY0OvmKGGkXbmLgaFQQodEZ6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK2Dk5iOswVstP6l7oPu7xGyOfjRMB8GA1UdIwQY
MBaAFNwQiclCtoAzaDtN1QbAw290vg6jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JDSnlVSzJnRE5vTzAzVkJzRERiM1MtRHFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy8yNDE0OWQtZDExNS00MzMwLWJkNDkt
Y2I1NmVkM2VhN2ZhLzEvcllPVG1JNnpCV3kwX3FYdWctN3ZFYkk1LU5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy8yNDE0OWQtZDExNS00MzMwLWJkNDktY2I1NmVkM2VhN2Zh
LzEvM0JDSnlVSzJnRE5vTzAzVkJzRERiM1MtRHFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgmkRhM3
MA0GCSqGSIb3DQEBCwUAA4IBAQBO+2InFEeHOus7FLDSv/tO6ckdHenDXW4T1S1m
OhtyMEFToIuRptcTgyuqmNMK/d27pL+wFzkIp3JScCazMz1G1k5VGTYmiQLMzu4/
1X6JjjfDCXNNARV+2ijynxGsAKaYOzidl2AWkcbkS/xWoGSJw2ZcPwtepWafFT27
sditFGRlE/ZWRpDOf1Spex93bLlH6BZjqduWZL8KCW5WGs2NR/Z+mLha5T1TpKbp
ofnuJdW2UiJZBh1xr3a1HSRk7sEbB/4GTIQhTpS8dATYKWeZQYVsgFtjUaQmdYhw
7R2nr9+pQCRuPYB+lvigIqQpAAHfzT8Unjn+YYfGbKoVOk2M
-----END CERTIFICATE-----