Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/qNmo9ErwvGzB7-gtURMQyOE2DUI.roa
File:                     qNmo9ErwvGzB7-gtURMQyOE2DUI.roa (raw, json)
Hash identifier:          uBNPGZq3r2haanNNNROjCkxdwQgouK/Y3JytQpmCLT0=
Subject key identifier:   A8:D9:A8:F4:4A:F0:BC:6C:C1:EF:E8:2D:51:13:10:C8:E1:36:0D:42
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       019426D9BFF97A1C9DD42499263BD02AA594
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/qNmo9ErwvGzB7-gtURMQyOE2DUI.roa
Signing time:             Thu 02 Jan 2025 11:49:52 +0000
ROA not before:           Thu 02 Jan 2025 11:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61330
IP address blocks:        2a05:c441::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:bf:f9:7a:1c:9d:d4:24:99:26:3b:d0:2a:a5:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: Jan  2 11:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8d9a8f44af0bc6cc1efe82d511310c8e1360d42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:33:99:b7:40:ab:61:2e:e4:f8:5b:62:f9:4b:
                    f1:ef:84:50:ed:d8:78:ff:f8:83:79:44:9a:fb:11:
                    11:5c:67:af:07:3a:34:1a:22:13:cf:69:bc:d4:87:
                    f6:6c:d8:f0:6e:1f:fd:98:97:df:82:f4:f9:8d:52:
                    3d:26:7c:19:d6:8e:84:8e:8f:ca:03:39:ff:69:eb:
                    a4:f7:62:0f:fc:b2:c7:1d:80:a1:1a:7d:52:4c:f8:
                    23:68:fa:ac:a2:73:19:54:41:19:85:cb:f9:5a:3c:
                    2a:bb:17:fd:8f:8d:64:7f:f1:cd:c7:01:d3:b0:42:
                    2a:d0:f8:dd:a4:a7:1c:68:ff:02:b2:25:2b:75:48:
                    d7:ba:f1:61:35:8e:47:bd:69:f4:c2:e8:65:05:3f:
                    84:bb:2d:00:19:1e:84:52:2b:01:51:aa:77:d4:85:
                    10:48:b5:07:01:5e:3a:d4:c3:de:62:74:73:5f:11:
                    1e:e4:eb:d5:ab:33:e1:09:30:62:da:09:f1:80:c6:
                    a0:03:c4:ab:cd:0e:14:61:62:e7:8c:fc:41:dc:d9:
                    58:bf:53:3b:46:5d:63:82:ee:ed:7d:91:2e:89:98:
                    7e:73:e6:67:bc:8a:4a:7b:ea:c0:46:22:4a:63:bd:
                    d0:23:9c:4b:09:27:1b:01:10:0e:55:60:dd:33:fc:
                    e8:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:D9:A8:F4:4A:F0:BC:6C:C1:EF:E8:2D:51:13:10:C8:E1:36:0D:42
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/qNmo9ErwvGzB7-gtURMQyOE2DUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:c441::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:7e:d4:78:dc:18:c4:e3:a2:85:15:70:8b:59:a6:a0:73:f1:
         19:bd:92:9a:03:39:62:c9:e0:06:fb:34:f9:5a:34:35:4c:05:
         da:5e:b3:fb:85:ae:02:9c:87:f2:20:12:cc:81:83:ea:08:a5:
         f8:91:cd:13:6e:3e:a0:ea:eb:0c:fe:d9:ff:f8:fa:0f:24:0e:
         c5:ff:cc:d2:5c:2e:8f:29:8f:a9:fd:8e:52:b5:1c:6d:1a:3d:
         bf:15:d3:47:0b:8f:a5:1f:48:52:17:05:ae:44:58:ae:f1:4e:
         9d:d9:93:19:b8:be:17:db:ed:b8:01:62:97:33:e5:82:27:76:
         4e:48:bb:0b:a0:fa:32:2e:c1:22:c2:2b:21:00:06:35:22:b3:
         a4:8d:52:37:bd:1a:33:36:c2:4e:0f:13:71:a7:a0:fe:11:bc:
         28:8f:73:f0:53:db:b7:d1:47:20:e0:7c:81:1b:a2:22:ea:49:
         3f:a4:75:4d:6f:64:5b:c2:93:3c:31:6d:73:52:65:5b:3b:7b:
         b9:38:0d:37:e3:fb:06:78:fb:fb:0f:ca:b3:f4:b1:c0:d0:72:
         04:34:5a:7a:a9:77:d1:a7:07:a0:51:27:51:3d:fa:4c:fa:dd:
         25:3e:f6:c6:54:2d:97:00:26:dd:70:74:5d:03:70:6e:88:29:
         9e:2b:eb:66
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQm2b/5ehyd1CSZJjvQKqWUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjUwMTAyMTE0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGQ5YThmNDRhZjBiYzZjYzFlZmU4MmQ1MTEzMTBjOGUxMzYwZDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTOZt0CrYS7k+Fti+Uvx74RQ7dh4
//iDeUSa+xERXGevBzo0GiITz2m81If2bNjwbh/9mJffgvT5jVI9JnwZ1o6Ejo/K
Azn/aeuk92IP/LLHHYChGn1STPgjaPqsonMZVEEZhcv5Wjwquxf9j41kf/HNxwHT
sEIq0PjdpKccaP8CsiUrdUjXuvFhNY5HvWn0wuhlBT+Euy0AGR6EUisBUap31IUQ
SLUHAV461MPeYnRzXxEe5OvVqzPhCTBi2gnxgMagA8SrzQ4UYWLnjPxB3NlYv1M7
Rl1jgu7tfZEuiZh+c+ZnvIpKe+rARiJKY73QI5xLCScbARAOVWDdM/zoqwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKjZqPRK8Lxswe/oLVETEMjhNg1CMB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEvcU5tbzlFcnd2R3pCNy1ndFVSTVF5T0UyRFVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgXEQTAN
BgkqhkiG9w0BAQsFAAOCAQEAH37UeNwYxOOihRVwi1mmoHPxGb2SmgM5YsngBvs0
+Vo0NUwF2l6z+4WuApyH8iASzIGD6gil+JHNE24+oOrrDP7Z//j6DyQOxf/M0lwu
jymPqf2OUrUcbRo9vxXTRwuPpR9IUhcFrkRYrvFOndmTGbi+F9vtuAFilzPlgid2
Tki7C6D6Mi7BIsIrIQAGNSKzpI1SN70aMzbCTg8Tcaeg/hG8KI9z8FPbt9FHIOB8
gRuiIupJP6R1TW9kW8KTPDFtc1JlWzt7uTgNN+P7Bnj7+w/Ks/SxwNByBDRaeql3
0acHoFEnUT36TPrdJT72xlQtlwAm3XB0XQNwbogpnivrZg==
-----END CERTIFICATE-----