Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/9ioTTouwDAdjti2UptXcOCsh1Po.roa
File:                     9ioTTouwDAdjti2UptXcOCsh1Po.roa (raw, json)
Hash identifier:          XfQ02KBk81Ha8U23R9wuoKXx9mN0uM0n5PPDDr+U6Iw=
Subject key identifier:   F6:2A:13:4E:8B:B0:0C:07:63:B6:2D:94:A6:D5:DC:38:2B:21:D4:FA
Certificate issuer:       /CN=5a376c8008d6abd962341563dd2a4dccaf153cba
Certificate serial:       019424454CF103A24C87E39E773DE277AB64
Authority key identifier: 5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/9ioTTouwDAdjti2UptXcOCsh1Po.roa
Signing time:             Wed 01 Jan 2025 23:48:28 +0000
ROA not before:           Wed 01 Jan 2025 23:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44486
IP address blocks:        2a05:bec0:40::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:4c:f1:03:a2:4c:87:e3:9e:77:3d:e2:77:ab:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a376c8008d6abd962341563dd2a4dccaf153cba
        Validity
            Not Before: Jan  1 23:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f62a134e8bb00c0763b62d94a6d5dc382b21d4fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ec:c2:2c:03:03:5e:7e:03:55:ae:b6:a5:c5:
                    d5:43:d3:40:a0:af:09:ec:94:8c:74:58:a2:79:5c:
                    fb:1b:21:f0:50:60:bc:28:85:b3:10:b2:e3:ea:5f:
                    f2:a1:ad:ec:36:7c:0f:ca:07:d2:6b:61:c2:ec:45:
                    3a:2d:df:5c:ac:a9:3a:50:17:22:9c:71:02:52:ff:
                    7c:89:99:3b:09:cc:ba:c6:79:73:db:3e:64:71:e2:
                    9c:2e:bb:07:9e:2d:aa:92:f7:ec:d8:89:16:2e:bb:
                    19:f8:72:af:94:5a:19:52:cb:7d:e4:c2:31:4d:03:
                    33:37:ad:71:8b:3e:66:dd:63:68:c1:73:a9:0c:90:
                    74:ea:16:df:23:d0:b1:0e:cc:13:7e:5b:4d:2d:e3:
                    64:53:2e:43:31:3c:b2:15:09:3f:fd:62:33:dc:db:
                    8e:90:2a:d6:f6:24:6d:cf:54:aa:c4:57:cf:09:d4:
                    2a:ea:02:3e:62:02:e7:30:c5:cb:48:de:70:d4:03:
                    92:98:8b:da:cc:20:d0:d7:a6:49:81:e2:f2:7e:9f:
                    65:be:34:3c:38:c6:71:bd:d0:8b:4b:9b:2b:dd:0f:
                    3d:34:d4:ef:14:50:bc:f3:d7:58:b6:f2:09:95:9d:
                    29:7d:7a:4c:86:14:97:54:3a:2c:54:bc:3b:72:c5:
                    0c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:2A:13:4E:8B:B0:0C:07:63:B6:2D:94:A6:D5:DC:38:2B:21:D4:FA
            X509v3 Authority Key Identifier:
                keyid:5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/9ioTTouwDAdjti2UptXcOCsh1Po.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:bec0:40::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:31:dc:1d:db:6a:8f:34:3d:76:c5:14:33:73:58:01:18:7d:
         c2:78:d4:d3:c3:8a:97:74:40:0f:3e:13:bb:c9:e4:7c:df:02:
         3e:0a:e8:e9:05:a1:ea:37:34:fd:33:de:ec:50:f0:cc:80:7f:
         bb:fb:f2:e0:fe:3b:59:85:5c:fe:97:64:19:d2:dd:3e:91:40:
         3e:3b:eb:8f:61:12:05:0d:94:a6:d9:d1:e4:22:f5:73:28:ee:
         c8:84:12:6e:0d:37:e1:df:83:17:1f:bb:fe:a5:12:21:e8:7c:
         9c:c9:db:8d:a3:68:56:b4:90:d9:35:aa:02:b0:de:c9:79:55:
         41:c5:cf:b1:94:a8:e8:13:e2:a4:83:c8:18:23:90:2e:dc:49:
         7d:fd:2c:b2:3d:b8:3b:ff:f0:55:10:43:5f:a8:0d:90:7a:d1:
         5e:07:e0:a5:fb:8f:f1:90:a9:fa:47:2f:a1:4e:74:18:26:9c:
         c9:7a:01:8f:ce:7f:a1:1b:47:4e:a0:b0:10:bf:a4:3f:91:e1:
         90:6e:85:e7:aa:cd:2d:f9:17:7a:8b:c0:a7:f9:9d:62:4d:40:
         be:e9:1b:1a:81:57:31:3f:79:78:be:62:70:8f:3d:6f:ec:4c:
         d4:2b:d8:58:60:ba:ff:6a:fe:64:c6:d1:a3:d7:43:9e:4f:da:
         4e:6c:06:e1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQkRUzxA6JMh+Oedz3id6tkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMzc2YzgwMDhkNmFiZDk2MjM0MTU2M2RkMmE0ZGNjYWYx
NTNjYmEwHhcNMjUwMTAxMjM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjJhMTM0ZThiYjAwYzA3NjNiNjJkOTRhNmQ1ZGMzODJiMjFkNGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOzCLAMDXn4DVa62pcXVQ9NAoK8J
7JSMdFiieVz7GyHwUGC8KIWzELLj6l/yoa3sNnwPygfSa2HC7EU6Ld9crKk6UBci
nHECUv98iZk7Ccy6xnlz2z5kceKcLrsHni2qkvfs2IkWLrsZ+HKvlFoZUst95MIx
TQMzN61xiz5m3WNowXOpDJB06hbfI9CxDswTfltNLeNkUy5DMTyyFQk//WIz3NuO
kCrW9iRtz1SqxFfPCdQq6gI+YgLnMMXLSN5w1AOSmIvazCDQ16ZJgeLyfp9lvjQ8
OMZxvdCLS5sr3Q89NNTvFFC889dYtvIJlZ0pfXpMhhSXVDosVLw7csUMSQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPYqE06LsAwHY7YtlKbV3DgrIdT6MB8GA1UdIwQY
MBaAFFo3bIAI1qvZYjQVY90qTcyvFTy6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2pkc2dBaldxOWxpTkJWajNTcE56SzhWUExvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9jYWE3NDMtMWMxMy00YTI1LTlmNmEt
NjViZTU1MDMxNjVkLzEvOWlvVFRvdXdEQWRqdGkyVXB0WGNPQ3NoMVBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9jYWE3NDMtMWMxMy00YTI1LTlmNmEtNjViZTU1MDMxNjVk
LzEvV2pkc2dBaldxOWxpTkJWajNTcE56SzhWUExvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgW+wABA
MA0GCSqGSIb3DQEBCwUAA4IBAQBvMdwd22qPND12xRQzc1gBGH3CeNTTw4qXdEAP
PhO7yeR83wI+CujpBaHqNzT9M97sUPDMgH+7+/Lg/jtZhVz+l2QZ0t0+kUA+O+uP
YRIFDZSm2dHkIvVzKO7IhBJuDTfh34MXH7v+pRIh6HycyduNo2hWtJDZNaoCsN7J
eVVBxc+xlKjoE+Kkg8gYI5Au3El9/SyyPbg7//BVEENfqA2QetFeB+Cl+4/xkKn6
Ry+hTnQYJpzJegGPzn+hG0dOoLAQv6Q/keGQboXnqs0t+Rd6i8Cn+Z1iTUC+6Rsa
gVcxP3l4vmJwjz1v7EzUK9hYYLr/av5kxtGj10OeT9pObAbh
-----END CERTIFICATE-----