Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/9kHCDEYZPWH5aik7KavJ0sDUmNA.roa
File:                     9kHCDEYZPWH5aik7KavJ0sDUmNA.roa (raw, json)
Hash identifier:          ijJR9ND92QYljIrNDlxEINq6c8DaInEaO2V/WhuFgzU=
Subject key identifier:   F6:41:C2:0C:46:19:3D:61:F9:6A:29:3B:29:AB:C9:D2:C0:D4:98:D0
Certificate issuer:       /CN=923a2b3dd7667275f09886df7da079f755ceed59
Certificate serial:       019420685322D87D72D0FDF8E3EF81D2A136
Authority key identifier: 92:3A:2B:3D:D7:66:72:75:F0:98:86:DF:7D:A0:79:F7:55:CE:ED:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kjorPddmcnXwmIbffaB591XO7Vk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/9kHCDEYZPWH5aik7KavJ0sDUmNA.roa
Signing time:             Wed 01 Jan 2025 05:48:15 +0000
ROA not before:           Wed 01 Jan 2025 05:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13030
IP address blocks:        2a11:8b80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/kjorPddmcnXwmIbffaB591XO7Vk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/kjorPddmcnXwmIbffaB591XO7Vk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kjorPddmcnXwmIbffaB591XO7Vk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:53:22:d8:7d:72:d0:fd:f8:e3:ef:81:d2:a1:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=923a2b3dd7667275f09886df7da079f755ceed59
        Validity
            Not Before: Jan  1 05:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f641c20c46193d61f96a293b29abc9d2c0d498d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:5f:c2:1b:9d:31:91:55:ab:2f:db:01:51:06:
                    de:80:bb:ee:dc:63:f9:2c:ae:6f:54:74:7c:b1:23:
                    88:be:bd:45:82:c3:92:19:b6:21:ca:63:1f:d8:ab:
                    f0:1c:76:77:3b:a8:b2:a3:61:87:a0:4a:a0:0a:21:
                    3d:0c:58:48:9b:4c:e7:af:09:cc:09:2f:fe:2d:63:
                    3c:ee:91:61:48:17:74:59:3c:18:3f:0f:f7:c4:45:
                    09:57:0c:3c:6d:32:6d:82:d1:b4:64:96:d7:f9:bd:
                    4b:68:e9:90:c5:67:e6:b9:6e:87:af:4a:11:2d:08:
                    74:88:ce:84:d4:c1:59:df:8b:5a:08:5c:ac:3a:27:
                    8c:7b:dd:62:a8:fe:60:14:0b:77:c6:82:13:b9:bf:
                    41:f0:c0:41:0c:a8:e3:cb:df:84:0e:03:46:f9:e5:
                    ee:21:aa:53:bb:36:f8:c0:ea:55:48:73:89:b1:5f:
                    6d:2b:78:42:c5:fc:49:f5:de:74:cc:f7:ac:bd:67:
                    99:ab:41:1a:6d:72:ac:d0:bd:a6:34:5c:33:32:47:
                    20:0f:38:6b:d7:e5:ac:8a:b8:fa:d1:5c:18:db:8b:
                    30:a8:38:fa:9f:4f:7f:14:b1:51:df:c4:60:2e:4b:
                    7d:68:39:6b:6e:19:51:51:5f:be:4c:54:7f:d5:2d:
                    06:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:41:C2:0C:46:19:3D:61:F9:6A:29:3B:29:AB:C9:D2:C0:D4:98:D0
            X509v3 Authority Key Identifier:
                keyid:92:3A:2B:3D:D7:66:72:75:F0:98:86:DF:7D:A0:79:F7:55:CE:ED:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kjorPddmcnXwmIbffaB591XO7Vk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/9kHCDEYZPWH5aik7KavJ0sDUmNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/kjorPddmcnXwmIbffaB591XO7Vk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:8b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         81:15:ae:b5:d4:a6:6b:bc:b3:a5:4b:d2:09:84:ab:0e:cf:74:
         92:d8:4b:52:6a:c8:72:ed:a5:00:b7:7b:36:03:c4:cd:f9:ca:
         1b:f7:43:99:91:c5:05:01:d2:67:05:d2:88:5e:c4:34:ba:ef:
         25:4f:c5:a8:98:39:df:39:e8:48:50:ce:5b:19:41:31:00:39:
         6a:6b:a1:58:54:09:ab:53:4d:84:71:c1:ea:b2:80:4a:98:8f:
         b5:7f:06:4c:56:1e:3d:8e:52:54:ef:da:b5:3d:d2:ef:19:7f:
         da:c1:03:45:fd:8f:35:0b:81:87:69:55:8e:30:4f:00:e9:9c:
         d5:99:04:0a:2b:b7:91:e6:79:b5:e7:75:0c:90:54:82:33:85:
         40:aa:42:89:9b:e9:49:31:53:4f:2a:e4:98:c5:3a:a5:59:e3:
         97:ef:a9:81:0d:bf:49:64:4e:0a:b0:3a:e3:1f:c0:f0:e2:5e:
         21:ba:a6:7a:cf:78:34:74:9e:f0:9b:9d:d0:e6:f4:0c:16:85:
         28:c3:cf:cc:f6:02:a9:fb:cb:f5:c3:45:fb:3d:15:ab:29:71:
         93:76:4a:ce:49:f3:7d:46:6a:02:47:f7:fb:8e:a8:03:df:98:
         a2:07:2a:86:32:88:2e:92:a1:c5:a5:24:bd:9d:18:e8:f3:19:
         41:c6:de:c2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQgaFMi2H1y0P344++B0qE2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyM2EyYjNkZDc2NjcyNzVmMDk4ODZkZjdkYTA3OWY3NTVj
ZWVkNTkwHhcNMjUwMTAxMDU0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjQxYzIwYzQ2MTkzZDYxZjk2YTI5M2IyOWFiYzlkMmMwZDQ5OGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9V/CG50xkVWrL9sBUQbegLvu3GP5
LK5vVHR8sSOIvr1FgsOSGbYhymMf2KvwHHZ3O6iyo2GHoEqgCiE9DFhIm0znrwnM
CS/+LWM87pFhSBd0WTwYPw/3xEUJVww8bTJtgtG0ZJbX+b1LaOmQxWfmuW6Hr0oR
LQh0iM6E1MFZ34taCFysOieMe91iqP5gFAt3xoITub9B8MBBDKjjy9+EDgNG+eXu
IapTuzb4wOpVSHOJsV9tK3hCxfxJ9d50zPesvWeZq0EabXKs0L2mNFwzMkcgDzhr
1+Wsirj60VwY24swqDj6n09/FLFR38RgLkt9aDlrbhlRUV++TFR/1S0GFQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPZBwgxGGT1h+WopOymrydLA1JjQMB8GA1UdIwQY
MBaAFJI6Kz3XZnJ18JiG332gefdVzu1ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2pvclBkZG1jblh3bUliZmZhQjU5MVhPN1ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iNzk2ZjQtMmU4OC00ZWFhLWEyNjkt
MjczOGJjYjQzZDZkLzEvOWtIQ0RFWVpQV0g1YWlrN0thdkowc0RVbU5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iNzk2ZjQtMmU4OC00ZWFhLWEyNjktMjczOGJjYjQzZDZk
LzEva2pvclBkZG1jblh3bUliZmZhQjU5MVhPN1ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhGLgDAN
BgkqhkiG9w0BAQsFAAOCAQEAgRWutdSma7yzpUvSCYSrDs90kthLUmrIcu2lALd7
NgPEzfnKG/dDmZHFBQHSZwXSiF7ENLrvJU/FqJg53znoSFDOWxlBMQA5amuhWFQJ
q1NNhHHB6rKASpiPtX8GTFYePY5SVO/atT3S7xl/2sEDRf2PNQuBh2lVjjBPAOmc
1ZkECiu3keZ5ted1DJBUgjOFQKpCiZvpSTFTTyrkmMU6pVnjl++pgQ2/SWROCrA6
4x/A8OJeIbqmes94NHSe8Jud0Ob0DBaFKMPPzPYCqfvL9cNF+z0Vqylxk3ZKzknz
fUZqAkf3+46oA9+YogcqhjKILpKhxaUkvZ0Y6PMZQcbewg==
-----END CERTIFICATE-----