Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/8s9AQh9G6fVBfnNbnVmZTqXsuwg.roa
File:                     8s9AQh9G6fVBfnNbnVmZTqXsuwg.roa (raw, json)
Hash identifier:          7Lq9v+syjN0uylqG5ZKh6ZFMzZAMtKjXsvWJlQW3WqE=
Subject key identifier:   F2:CF:40:42:1F:46:E9:F5:41:7E:73:5B:9D:59:99:4E:A5:EC:BB:08
Certificate issuer:       /CN=07d44a52778aa65f736e72436003f6654f268318
Certificate serial:       01942521986514063F015F0E59FCFE491939
Authority key identifier: 07:D4:4A:52:77:8A:A6:5F:73:6E:72:43:60:03:F6:65:4F:26:83:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B9RKUneKpl9zbnJDYAP2ZU8mgxg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/8s9AQh9G6fVBfnNbnVmZTqXsuwg.roa
Signing time:             Thu 02 Jan 2025 03:49:06 +0000
ROA not before:           Thu 02 Jan 2025 03:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12303
IP address blocks:        2001:738:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/B9RKUneKpl9zbnJDYAP2ZU8mgxg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/B9RKUneKpl9zbnJDYAP2ZU8mgxg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B9RKUneKpl9zbnJDYAP2ZU8mgxg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 06:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:98:65:14:06:3f:01:5f:0e:59:fc:fe:49:19:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07d44a52778aa65f736e72436003f6654f268318
        Validity
            Not Before: Jan  2 03:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f2cf40421f46e9f5417e735b9d59994ea5ecbb08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b0:16:1c:54:8a:33:91:20:51:7d:a5:8f:2b:
                    ae:3a:16:46:5d:65:15:c4:eb:38:96:0a:a7:c4:4d:
                    ec:0c:c7:bd:56:76:6c:d7:4d:3b:09:be:53:e8:fe:
                    c4:da:4d:5f:28:aa:7c:be:21:8f:2c:51:f1:59:7a:
                    a4:45:5a:45:8b:e0:a1:0d:ce:0b:e3:d1:0f:c5:69:
                    0b:f6:e0:2c:44:be:4e:ad:8a:21:4f:56:71:56:e8:
                    59:ce:9d:92:1e:ed:43:d6:05:fa:f7:ed:7b:dd:e2:
                    94:b0:ad:38:9f:63:b3:b9:4b:58:4c:56:ba:d6:cc:
                    dc:19:c3:5f:85:cf:91:77:3f:53:6e:84:64:79:9c:
                    52:89:e2:1a:2f:df:ce:b5:1b:62:de:30:4f:0a:78:
                    de:fd:4e:1f:d8:fa:6b:4f:fa:55:14:ee:59:ca:41:
                    35:5c:65:8d:49:a5:c9:d0:0e:b0:81:10:9b:c3:91:
                    ff:43:a3:f0:63:39:a7:62:8a:21:63:66:3e:57:2b:
                    46:c1:a0:a5:a3:70:3a:8a:8c:4d:e0:67:df:9d:90:
                    68:5a:54:42:78:d1:81:a7:92:11:b5:03:e0:a5:8f:
                    ac:58:25:99:5d:76:db:a2:96:dd:1e:7f:de:fb:10:
                    6c:dd:a6:36:f9:47:98:e3:1e:b8:26:00:01:b3:fd:
                    d8:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:CF:40:42:1F:46:E9:F5:41:7E:73:5B:9D:59:99:4E:A5:EC:BB:08
            X509v3 Authority Key Identifier:
                keyid:07:D4:4A:52:77:8A:A6:5F:73:6E:72:43:60:03:F6:65:4F:26:83:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B9RKUneKpl9zbnJDYAP2ZU8mgxg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/8s9AQh9G6fVBfnNbnVmZTqXsuwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/B9RKUneKpl9zbnJDYAP2ZU8mgxg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:738:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:67:43:be:35:95:a3:70:4c:68:8b:2d:66:44:26:68:05:7e:
         87:5a:83:ac:13:57:c5:d9:52:87:51:0c:5c:4f:cb:96:53:98:
         bd:56:0d:f9:0e:f0:74:43:f9:4c:95:50:f4:68:19:40:df:d5:
         37:b1:ab:18:35:56:2f:9f:1c:46:e4:98:62:bc:a8:b5:8d:75:
         c5:b2:fb:21:d4:dc:21:4e:19:da:b0:ea:97:c8:d1:f4:f3:a9:
         02:13:5c:6f:d5:00:55:10:0a:52:11:53:ab:e5:68:a7:25:c7:
         7f:ff:16:0f:e1:e6:fb:39:b6:df:95:c1:ab:b9:4f:41:4d:1e:
         dc:63:63:0d:97:d9:7b:33:98:b8:94:4a:15:a0:92:04:87:03:
         13:00:c8:5f:a4:15:bb:db:10:c8:2c:ce:93:5d:d9:51:34:1f:
         a6:b9:e5:42:08:df:91:90:62:ce:10:44:80:2e:76:8d:42:eb:
         98:bc:ba:c0:e1:77:21:11:81:24:f3:0a:e0:2f:33:f8:a8:3f:
         91:6d:81:3f:a6:35:df:52:ec:e7:41:e6:b8:c6:00:81:07:dd:
         30:a1:bd:3a:4c:f5:aa:f1:05:99:c2:b1:56:a5:e0:59:9e:ec:
         23:24:fb:a4:25:28:2e:bc:31:43:38:3e:12:c5:5b:35:2f:d0:
         2b:b9:e7:e3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIZhlFAY/AV8OWfz+SRk5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZDQ0YTUyNzc4YWE2NWY3MzZlNzI0MzYwMDNmNjY1NGYy
NjgzMTgwHhcNMjUwMTAyMDM0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmNmNDA0MjFmNDZlOWY1NDE3ZTczNWI5ZDU5OTk0ZWE1ZWNiYjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7AWHFSKM5EgUX2ljyuuOhZGXWUV
xOs4lgqnxE3sDMe9VnZs1007Cb5T6P7E2k1fKKp8viGPLFHxWXqkRVpFi+ChDc4L
49EPxWkL9uAsRL5OrYohT1ZxVuhZzp2SHu1D1gX69+173eKUsK04n2OzuUtYTFa6
1szcGcNfhc+Rdz9TboRkeZxSieIaL9/OtRti3jBPCnje/U4f2PprT/pVFO5ZykE1
XGWNSaXJ0A6wgRCbw5H/Q6PwYzmnYoohY2Y+VytGwaClo3A6ioxN4GffnZBoWlRC
eNGBp5IRtQPgpY+sWCWZXXbbopbdHn/e+xBs3aY2+UeY4x64JgABs/3YtwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPLPQEIfRun1QX5zW51ZmU6l7LsIMB8GA1UdIwQY
MBaAFAfUSlJ3iqZfc25yQ2AD9mVPJoMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjlSS1VuZUtwbDl6Ym5KRFlBUDJaVThtZ3hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS84MTNjYmMtNGZhNC00NjQ2LWE4ZGIt
MWQyOGE2MGUwZTMwLzEvOHM5QVFoOUc2ZlZCZm5OYm5WbVpUcVhzdXdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS84MTNjYmMtNGZhNC00NjQ2LWE4ZGItMWQyOGE2MGUwZTMw
LzEvQjlSS1VuZUtwbDl6Ym5KRFlBUDJaVThtZ3hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEHOAAE
MA0GCSqGSIb3DQEBCwUAA4IBAQBVZ0O+NZWjcExoiy1mRCZoBX6HWoOsE1fF2VKH
UQxcT8uWU5i9Vg35DvB0Q/lMlVD0aBlA39U3sasYNVYvnxxG5JhivKi1jXXFsvsh
1NwhThnasOqXyNH086kCE1xv1QBVEApSEVOr5WinJcd//xYP4eb7ObbflcGruU9B
TR7cY2MNl9l7M5i4lEoVoJIEhwMTAMhfpBW72xDILM6TXdlRNB+mueVCCN+RkGLO
EESALnaNQuuYvLrA4XchEYEk8wrgLzP4qD+RbYE/pjXfUuznQea4xgCBB90wob06
TPWq8QWZwrFWpeBZnuwjJPukJSguvDFDOD4SxVs1L9Aruefj
-----END CERTIFICATE-----