Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/4jaGZdOEYrPblfps0YpbkEMcNKM.roa
File:                     4jaGZdOEYrPblfps0YpbkEMcNKM.roa (raw, json)
Hash identifier:          G6P2F/yQN3KTaexhThEC0j4hTEjLeDNZKdLyv/NC+3M=
Subject key identifier:   E2:36:86:65:D3:84:62:B3:DB:95:FA:6C:D1:8A:5B:90:43:1C:34:A3
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       0194244544C60829F54AAC7431D784DACFB2
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/4jaGZdOEYrPblfps0YpbkEMcNKM.roa
Signing time:             Wed 01 Jan 2025 23:48:26 +0000
ROA not before:           Wed 01 Jan 2025 23:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207080
IP address blocks:        2a0b:6b86:400::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:44:c6:08:29:f5:4a:ac:74:31:d7:84:da:cf:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 23:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2368665d38462b3db95fa6cd18a5b90431c34a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:4a:ae:e8:cf:91:77:9a:13:b7:78:9a:ca:e7:
                    47:c5:73:a1:a2:db:1f:46:1c:6b:e0:4b:a6:b3:2c:
                    a0:28:57:d5:43:9b:3b:ab:51:b4:5f:fa:37:80:bc:
                    fe:e0:d1:b1:b4:4c:f9:86:3f:4f:6f:82:43:6e:f2:
                    2e:f9:f6:52:ca:8c:51:46:ed:e3:6e:ac:2b:36:f5:
                    8d:0d:c6:e6:0e:1f:d0:02:3c:b3:5e:21:54:b4:f2:
                    3d:f5:fb:90:36:5b:05:99:c1:1d:7e:7e:fd:54:20:
                    05:9f:c2:1a:d1:cf:0e:23:8e:3b:f5:d5:28:d2:73:
                    d3:aa:2c:7a:0b:22:8c:f9:86:7f:a9:1f:4b:18:95:
                    24:53:a4:12:98:fb:ac:bc:24:3e:31:48:d6:7c:1d:
                    2a:3b:30:8b:22:cc:09:77:e3:c0:b0:fe:da:ae:73:
                    d3:f2:39:43:50:83:55:ab:21:5b:0a:b8:8c:00:c3:
                    05:6e:aa:9b:cb:26:af:74:cc:73:60:42:6c:26:ee:
                    79:b4:51:04:ce:b3:ef:eb:3c:ac:48:0d:c6:b6:a8:
                    c7:9a:00:9f:eb:e8:a7:b8:81:91:70:77:7a:9b:98:
                    c7:49:b7:ef:2c:ff:63:9b:8c:6b:3e:87:84:9f:64:
                    1d:60:43:3c:18:a4:39:44:7c:62:e8:68:27:03:d7:
                    e1:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:36:86:65:D3:84:62:B3:DB:95:FA:6C:D1:8A:5B:90:43:1C:34:A3
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/4jaGZdOEYrPblfps0YpbkEMcNKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b86:400::/40

    Signature Algorithm: sha256WithRSAEncryption
         93:40:f5:50:3f:1f:36:63:c3:f6:66:6d:bc:05:68:09:06:94:
         80:8e:b1:86:b9:10:f3:d2:a0:f6:c2:b5:10:48:da:f3:e3:4c:
         73:80:bd:41:b0:31:a0:a3:09:ac:22:72:7e:3e:3f:53:17:9b:
         23:9c:63:35:e0:5a:e3:9e:21:b4:75:e0:0e:09:2d:fa:c8:57:
         4d:87:e0:ce:f9:1b:d9:11:2b:69:35:57:70:50:ef:f8:01:65:
         48:3c:8b:bb:9f:ff:7b:f3:db:7b:57:29:a0:cf:b0:ad:66:8f:
         4c:e6:ce:e7:3c:f6:7f:3f:ef:b9:f8:16:74:eb:a1:7d:cd:3c:
         27:00:fc:42:18:2e:2d:fd:47:94:62:6a:ed:e3:1f:97:89:c2:
         37:12:6b:6e:20:e7:31:0e:3c:46:17:27:f4:16:e1:30:f5:8e:
         9d:38:49:c7:e6:fe:8b:d9:98:3b:6f:02:8f:1c:7c:28:f9:c5:
         ea:d1:79:9f:ac:37:59:f6:52:2d:07:f1:1d:4f:07:f3:5e:4a:
         4a:c4:e7:15:6f:ce:bf:1d:ab:91:fc:cb:a0:d7:2c:7d:fe:79:
         13:7f:29:68:24:db:ad:b4:b7:42:5f:5d:00:97:d8:9b:16:6f:
         45:d7:77:e7:87:3f:f1:34:05:cd:fc:65:36:2b:ef:aa:a7:93:
         95:40:5a:11
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQkRUTGCCn1Sqx0MdeE2s+yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjUwMTAxMjM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjM2ODY2NWQzODQ2MmIzZGI5NWZhNmNkMThhNWI5MDQzMWMzNGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEqu6M+Rd5oTt3iayudHxXOhotsf
Rhxr4EumsyygKFfVQ5s7q1G0X/o3gLz+4NGxtEz5hj9Pb4JDbvIu+fZSyoxRRu3j
bqwrNvWNDcbmDh/QAjyzXiFUtPI99fuQNlsFmcEdfn79VCAFn8Ia0c8OI4479dUo
0nPTqix6CyKM+YZ/qR9LGJUkU6QSmPusvCQ+MUjWfB0qOzCLIswJd+PAsP7arnPT
8jlDUINVqyFbCriMAMMFbqqbyyavdMxzYEJsJu55tFEEzrPv6zysSA3GtqjHmgCf
6+inuIGRcHd6m5jHSbfvLP9jm4xrPoeEn2QdYEM8GKQ5RHxi6GgnA9fhhQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOI2hmXThGKz25X6bNGKW5BDHDSjMB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvNGphR1pkT0VZclBibGZwczBZcGJrRU1jTktNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgtrhgQw
DQYJKoZIhvcNAQELBQADggEBAJNA9VA/HzZjw/ZmbbwFaAkGlICOsYa5EPPSoPbC
tRBI2vPjTHOAvUGwMaCjCawicn4+P1MXmyOcYzXgWuOeIbR14A4JLfrIV02H4M75
G9kRK2k1V3BQ7/gBZUg8i7uf/3vz23tXKaDPsK1mj0zmzuc89n8/77n4FnTroX3N
PCcA/EIYLi39R5Riau3jH5eJwjcSa24g5zEOPEYXJ/QW4TD1jp04Scfm/ovZmDtv
Ao8cfCj5xerReZ+sN1n2Ui0H8R1PB/NeSkrE5xVvzr8dq5H8y6DXLH3+eRN/KWgk
2620t0JfXQCX2JsWb0XXd+eHP/E0Bc38ZTYr76qnk5VAWhE=
-----END CERTIFICATE-----