Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/9tAlrFt3BNMHldCpxQwWxRWTL28.roa
File:                     9tAlrFt3BNMHldCpxQwWxRWTL28.roa (raw, json)
Hash identifier:          AIcGQ00F00sy/YugmjOKtTlrin+Y6m1qVlh/Z2kZ+RM=
Subject key identifier:   F6:D0:25:AC:5B:77:04:D3:07:95:D0:A9:C5:0C:16:C5:15:93:2F:6F
Certificate issuer:       /CN=e14ac611614dd165d94557296ed7ed46c8fc025f
Certificate serial:       0194228D47BD785ACBEF4B7271557C85752B
Authority key identifier: E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/9tAlrFt3BNMHldCpxQwWxRWTL28.roa
Signing time:             Wed 01 Jan 2025 15:47:51 +0000
ROA not before:           Wed 01 Jan 2025 15:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214944
IP address blocks:        2a0d:2146:bdd0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:47:bd:78:5a:cb:ef:4b:72:71:55:7c:85:75:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e14ac611614dd165d94557296ed7ed46c8fc025f
        Validity
            Not Before: Jan  1 15:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6d025ac5b7704d30795d0a9c50c16c515932f6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:68:f1:af:02:ac:a2:91:68:8a:e8:49:72:d0:
                    ad:34:e0:8b:eb:30:10:4a:3f:7a:05:42:ba:6b:66:
                    9c:84:bf:96:1e:23:26:a5:4f:b5:e9:ac:b0:97:91:
                    20:b1:1b:a7:0f:1a:72:13:cc:3a:ce:44:39:25:91:
                    44:79:1b:72:2c:d7:56:a2:ba:18:7f:a9:28:0a:ae:
                    74:20:18:b1:dd:a1:0a:39:77:f4:87:21:60:f7:4f:
                    09:45:bd:c1:e2:6a:6b:d6:ce:6f:fc:3d:8f:aa:02:
                    85:07:87:fa:56:9a:9f:22:26:2e:81:80:36:24:e7:
                    84:df:f6:2a:35:7e:d8:ee:1c:f3:59:72:29:19:9b:
                    c6:a4:6b:4a:eb:a8:64:46:37:8a:88:d8:e1:22:20:
                    a0:d1:02:e1:ba:36:85:4d:23:bb:f5:e8:f5:12:b9:
                    a6:77:f7:60:5a:cd:56:db:ea:48:88:3b:17:32:50:
                    e1:88:be:6e:b5:44:be:bf:94:2c:b0:81:3a:16:67:
                    ac:a2:60:d3:87:99:0b:ad:d8:8b:50:3b:6a:54:c8:
                    bf:0a:65:20:41:f8:3c:6b:cb:47:4e:65:5a:53:c0:
                    9e:eb:b2:62:f1:4d:6d:d2:64:3b:9f:57:29:f1:2a:
                    79:25:8d:aa:a6:92:83:94:0d:04:fb:70:d2:f4:d5:
                    c0:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:D0:25:AC:5B:77:04:D3:07:95:D0:A9:C5:0C:16:C5:15:93:2F:6F
            X509v3 Authority Key Identifier:
                keyid:E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/9tAlrFt3BNMHldCpxQwWxRWTL28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2146:bdd0::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:7a:a8:2f:4c:d3:5d:05:1e:9c:0b:26:8a:46:9b:72:7c:92:
         fa:94:a5:b8:d3:9a:bb:6d:f5:08:41:35:52:c0:51:63:ab:30:
         73:63:c2:b0:22:8e:e7:c5:b5:9e:26:e8:77:4f:6f:f7:b1:55:
         76:36:51:4c:26:31:1a:dd:31:0e:d2:0e:5e:02:ed:ba:28:ef:
         77:6e:c7:58:ac:76:f1:6c:ec:08:5a:a7:46:e1:50:e8:6c:1b:
         1b:22:dc:86:49:90:23:b0:25:26:e4:d7:69:c6:ce:d4:b0:00:
         74:f6:26:18:6a:1a:fa:9b:ac:01:89:ee:db:42:e3:36:54:e6:
         15:34:0a:d9:3c:72:16:26:20:7d:79:e0:05:bc:f9:d7:85:6c:
         46:7c:43:e7:8c:9a:41:8a:26:b9:8d:f9:ad:3c:52:8e:53:1d:
         77:24:9d:18:72:da:ca:3c:2f:7b:50:29:d5:2c:83:e2:53:bc:
         5d:9f:73:95:e5:9b:41:0c:85:a9:1f:60:0a:94:d5:22:52:31:
         25:94:4b:99:8a:67:37:b7:6c:21:0c:ac:d7:2a:48:b3:a3:1c:
         f8:a2:24:7c:ea:33:b7:9e:1f:cb:13:ec:3f:87:7b:00:de:4f:
         d7:9b:5c:13:8c:bd:70:35:6f:db:b7:04:a0:06:24:f4:ae:cf:
         90:34:db:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijUe9eFrL70tycVV8hXUrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNGFjNjExNjE0ZGQxNjVkOTQ1NTcyOTZlZDdlZDQ2Yzhm
YzAyNWYwHhcNMjUwMTAxMTU0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmQwMjVhYzViNzcwNGQzMDc5NWQwYTljNTBjMTZjNTE1OTMyZjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA72jxrwKsopFoiuhJctCtNOCL6zAQ
Sj96BUK6a2achL+WHiMmpU+16aywl5EgsRunDxpyE8w6zkQ5JZFEeRtyLNdWoroY
f6koCq50IBix3aEKOXf0hyFg908JRb3B4mpr1s5v/D2PqgKFB4f6VpqfIiYugYA2
JOeE3/YqNX7Y7hzzWXIpGZvGpGtK66hkRjeKiNjhIiCg0QLhujaFTSO79ej1Ermm
d/dgWs1W2+pIiDsXMlDhiL5utUS+v5QssIE6FmesomDTh5kLrdiLUDtqVMi/CmUg
Qfg8a8tHTmVaU8Ce67Ji8U1t0mQ7n1cp8Sp5JY2qppKDlA0E+3DS9NXA1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPbQJaxbdwTTB5XQqcUMFsUVky9vMB8GA1UdIwQY
MBaAFOFKxhFhTdFl2UVXKW7X7UbI/AJfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUt
NzBlODk4YmIzOGRkLzEvOXRBbHJGdDNCTk1IbGRDcHhRd1d4UldUTDI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUtNzBlODk4YmIzOGRk
LzEvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg0hRr3Q
MA0GCSqGSIb3DQEBCwUAA4IBAQB+eqgvTNNdBR6cCyaKRptyfJL6lKW405q7bfUI
QTVSwFFjqzBzY8KwIo7nxbWeJuh3T2/3sVV2NlFMJjEa3TEO0g5eAu26KO93bsdY
rHbxbOwIWqdG4VDobBsbItyGSZAjsCUm5Ndpxs7UsAB09iYYahr6m6wBie7bQuM2
VOYVNArZPHIWJiB9eeAFvPnXhWxGfEPnjJpBiia5jfmtPFKOUx13JJ0YctrKPC97
UCnVLIPiU7xdn3OV5ZtBDIWpH2AKlNUiUjEllEuZimc3t2whDKzXKkizoxz4oiR8
6jO3nh/LE+w/h3sA3k/Xm1wTjL1wNW/btwSgBiT0rs+QNNvD
-----END CERTIFICATE-----