Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/IhZ8qlNDzw6GY_-0TY_DnlKi9SY.roa
File:                     IhZ8qlNDzw6GY_-0TY_DnlKi9SY.roa (raw, json)
Hash identifier:          /EBB1YMKTCPOQkh2yKukzJVPXEtaJpr+VHQhSUJ1+4A=
Subject key identifier:   22:16:7C:AA:53:43:CF:0E:86:63:FF:B4:4D:8F:C3:9E:52:A2:F5:26
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       0192A3C089A46025145EDE531BC74C3B7DE9
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/IhZ8qlNDzw6GY_-0TY_DnlKi9SY.roa
Signing time:             Sat 19 Oct 2024 07:49:17 +0000
ROA not before:           Sat 19 Oct 2024 07:49:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57529
IP address blocks:        2a01:48a0:4501::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:11:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:a3:c0:89:a4:60:25:14:5e:de:53:1b:c7:4c:3b:7d:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Oct 19 07:49:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22167caa5343cf0e8663ffb44d8fc39e52a2f526
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:8f:76:47:b4:2c:84:41:78:62:a3:3c:d5:4a:
                    90:23:4e:b3:c7:a4:5a:15:30:65:f2:23:ea:7d:9c:
                    96:3d:07:9f:f0:ce:55:01:86:14:90:9a:5a:4c:9d:
                    b8:bd:05:05:c2:03:a9:b8:b8:60:65:c5:ae:dd:c9:
                    20:df:19:a7:b5:b4:58:3d:29:8a:b7:0a:1f:b3:5d:
                    9b:85:f4:df:bb:05:f1:a5:43:f6:b7:8b:e6:1d:4d:
                    a4:a1:5b:b8:69:00:74:4b:7a:d7:1b:b0:99:fe:9c:
                    7d:a0:f7:16:a1:b4:c4:f9:b1:43:8f:db:08:81:90:
                    5d:63:fa:77:02:fa:4f:4a:21:e7:4d:f6:fd:4d:51:
                    21:72:15:a5:21:3f:df:21:2b:bb:c7:75:93:ff:93:
                    e1:c1:be:2c:a3:dc:71:d8:54:50:1a:27:15:85:55:
                    cd:80:20:e6:93:c3:fa:78:7b:40:f4:cc:02:db:71:
                    cd:16:27:bc:84:08:3c:21:20:ec:3d:bd:5a:0d:aa:
                    a2:5c:6a:96:ec:d4:87:46:32:59:77:76:41:9d:24:
                    ae:f7:23:e0:91:d8:68:2c:36:c7:17:f0:dd:d6:d1:
                    f8:ac:e0:18:45:d4:1c:4f:ed:80:72:49:65:2c:5b:
                    7b:2b:06:82:f4:89:8a:9d:a5:91:97:e3:ae:41:a8:
                    78:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:16:7C:AA:53:43:CF:0E:86:63:FF:B4:4D:8F:C3:9E:52:A2:F5:26
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/IhZ8qlNDzw6GY_-0TY_DnlKi9SY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:48a0:4501::/48

    Signature Algorithm: sha256WithRSAEncryption
         c0:d0:3f:e1:f1:44:34:5b:7a:18:cf:5d:f6:c2:43:9b:94:f2:
         48:29:77:e0:bb:3b:22:51:d5:b1:f5:bf:c5:5f:bf:92:bf:3c:
         09:43:15:da:99:e0:a2:6b:9b:17:1a:97:84:c5:fd:30:54:3c:
         19:69:56:00:e6:47:1f:a3:27:e3:b4:b8:3d:cc:6d:1a:d6:3e:
         35:a0:6d:da:2f:58:b3:93:93:5b:e5:73:20:cc:72:9a:26:e9:
         f6:7a:9b:f8:ec:71:f2:24:1b:1e:b5:b8:d5:cc:07:9e:05:f3:
         47:36:2e:23:43:a4:e4:40:64:33:b4:58:00:10:d1:a1:76:03:
         6f:bf:b4:52:f2:a7:7d:81:e5:2b:92:e9:e1:f7:92:85:cb:de:
         6c:30:e3:28:20:cb:6d:29:05:fa:bb:ac:ad:90:31:67:37:87:
         10:b2:10:da:59:ba:cd:a5:2a:d6:ce:29:08:91:3f:37:59:ca:
         ec:06:b6:1e:3b:cf:63:fe:75:1e:ec:fe:dc:c9:0b:f0:37:8b:
         a8:b0:f2:3a:91:b8:11:f0:e8:47:54:be:93:57:22:6a:79:c0:
         86:3f:cc:d3:a3:91:1d:08:90:e7:7e:f0:bb:1f:a7:e4:51:b8:
         5d:48:7b:77:d6:7a:b3:ec:18:18:40:d4:90:f0:34:f4:2f:53:
         d0:de:11:59
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZKjwImkYCUUXt5TG8dMO33pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQxMDE5MDc0OTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjE2N2NhYTUzNDNjZjBlODY2M2ZmYjQ0ZDhmYzM5ZTUyYTJmNTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlY92R7QshEF4YqM81UqQI06zx6Ra
FTBl8iPqfZyWPQef8M5VAYYUkJpaTJ24vQUFwgOpuLhgZcWu3ckg3xmntbRYPSmK
twofs12bhfTfuwXxpUP2t4vmHU2koVu4aQB0S3rXG7CZ/px9oPcWobTE+bFDj9sI
gZBdY/p3AvpPSiHnTfb9TVEhchWlIT/fISu7x3WT/5Phwb4so9xx2FRQGicVhVXN
gCDmk8P6eHtA9MwC23HNFie8hAg8ISDsPb1aDaqiXGqW7NSHRjJZd3ZBnSSu9yPg
kdhoLDbHF/Dd1tH4rOAYRdQcT+2AckllLFt7KwaC9ImKnaWRl+OuQah4uQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCIWfKpTQ88OhmP/tE2Pw55SovUmMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvSWhaOHFsTkR6dzZHWV8tMFRZX0RubEtpOVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgFIoEUB
MA0GCSqGSIb3DQEBCwUAA4IBAQDA0D/h8UQ0W3oYz132wkOblPJIKXfguzsiUdWx
9b/FX7+SvzwJQxXameCia5sXGpeExf0wVDwZaVYA5kcfoyfjtLg9zG0a1j41oG3a
L1izk5Nb5XMgzHKaJun2epv47HHyJBsetbjVzAeeBfNHNi4jQ6TkQGQztFgAENGh
dgNvv7RS8qd9geUrkunh95KFy95sMOMoIMttKQX6u6ytkDFnN4cQshDaWbrNpSrW
zikIkT83WcrsBrYeO89j/nUe7P7cyQvwN4uosPI6kbgR8OhHVL6TVyJqecCGP8zT
o5EdCJDnfvC7H6fkUbhdSHt31nqz7BgYQNSQ8DT0L1PQ3hFZ
-----END CERTIFICATE-----