Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/4sVuDUHUhuqv4fotP4t5XZJrll4.roa
File:                     4sVuDUHUhuqv4fotP4t5XZJrll4.roa (raw, json)
Hash identifier:          ObxWj69OtudWkX1fVAGgmn9Z1mlrHpzlXmvK45aoIXM=
Subject key identifier:   E2:C5:6E:0D:41:D4:86:EA:AF:E1:FA:2D:3F:8B:79:5D:92:6B:96:5E
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       01942445425934680522717AC5FCC0629E9E
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/4sVuDUHUhuqv4fotP4t5XZJrll4.roa
Signing time:             Wed 01 Jan 2025 23:48:26 +0000
ROA not before:           Wed 01 Jan 2025 23:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200365
IP address blocks:        2a0b:6b86:a00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:42:59:34:68:05:22:71:7a:c5:fc:c0:62:9e:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 23:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2c56e0d41d486eaafe1fa2d3f8b795d926b965e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:9f:e8:d3:ad:45:23:f4:f9:20:ba:ea:f2:51:
                    8f:cc:f4:11:e8:cb:41:81:a9:cd:3e:53:44:f1:43:
                    1b:1f:2d:a0:a6:bf:e6:45:1b:06:25:fe:cc:48:92:
                    c2:c0:12:5c:3a:4f:4b:4a:f2:f1:34:6c:7d:e2:44:
                    bd:dc:c5:53:e0:7c:8f:65:3b:4f:bc:d4:fb:a1:9f:
                    e8:07:3e:b6:c0:10:a2:1d:7f:ad:9b:1d:c9:79:f4:
                    c0:3f:74:58:46:1c:20:d1:14:c9:14:dc:80:77:79:
                    81:e3:35:ab:33:41:0f:de:76:bd:b0:68:d7:6c:71:
                    3e:f4:c1:3c:84:cf:c5:f9:fb:9a:72:20:26:16:1a:
                    8d:12:e5:05:a2:28:a0:4d:17:71:0e:39:73:bf:58:
                    9d:85:c3:98:75:da:a4:a6:76:4a:7d:a0:ea:98:35:
                    74:a6:f7:66:54:a1:0d:82:02:fc:16:8e:3f:4e:ca:
                    ec:08:49:93:6b:c8:ae:9a:4c:1b:8b:cb:9f:e2:7c:
                    a8:ac:3d:80:a0:9a:40:e7:d2:e9:c2:e3:f8:f2:67:
                    53:58:cc:2d:24:ae:ec:38:d7:81:d9:9e:d0:cb:67:
                    7d:bc:f0:4c:a1:93:54:d0:87:a7:97:d4:44:0e:85:
                    44:8f:d1:da:13:eb:62:ca:c0:db:2a:2b:36:ab:9f:
                    c0:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:C5:6E:0D:41:D4:86:EA:AF:E1:FA:2D:3F:8B:79:5D:92:6B:96:5E
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/4sVuDUHUhuqv4fotP4t5XZJrll4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b86:a00::/40

    Signature Algorithm: sha256WithRSAEncryption
         be:2f:88:50:e1:fb:85:18:33:65:70:a1:83:83:17:a9:bf:d6:
         e1:88:d6:a1:1c:2e:89:39:f4:23:61:c2:15:f7:27:9a:ee:e6:
         50:c1:2f:39:35:dd:6e:9d:af:5a:60:de:65:a7:37:91:cf:7c:
         b1:bd:f0:1a:b2:5f:ef:82:2d:b4:69:75:76:dc:49:82:34:7f:
         17:6b:e1:99:00:6c:0b:ed:56:66:e2:89:0d:a2:ed:fd:8b:3c:
         d3:27:b4:ec:63:e9:1d:1b:bc:76:b4:dd:33:68:e8:ca:dc:9a:
         47:c1:bc:b6:e2:19:83:46:72:b5:86:3a:be:17:db:ae:e8:8a:
         3c:77:f0:69:f1:d3:f1:63:c3:ce:c3:88:46:7e:bf:c6:6a:d0:
         08:60:d7:de:de:49:95:73:02:98:75:24:e4:32:12:b9:bf:02:
         2c:ae:bc:de:ad:99:9f:c4:d1:0d:f6:49:b5:85:75:c3:f9:5f:
         f7:6e:cc:83:23:8b:4e:7b:bd:4b:e1:8d:58:84:83:d2:a4:68:
         42:9e:c4:b9:80:a3:71:2d:03:4f:37:b9:6f:ef:8c:70:3b:28:
         b8:51:4b:a9:1a:e7:6d:38:67:c3:b5:dc:39:60:09:ad:3a:f6:
         be:ce:51:90:8d:e5:32:03:bf:aa:8f:4a:5b:f4:61:be:8c:b3:
         96:16:fa:18
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQkRUJZNGgFInF6xfzAYp6eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjUwMTAxMjM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmM1NmUwZDQxZDQ4NmVhYWZlMWZhMmQzZjhiNzk1ZDkyNmI5NjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZ/o061FI/T5ILrq8lGPzPQR6MtB
ganNPlNE8UMbHy2gpr/mRRsGJf7MSJLCwBJcOk9LSvLxNGx94kS93MVT4HyPZTtP
vNT7oZ/oBz62wBCiHX+tmx3JefTAP3RYRhwg0RTJFNyAd3mB4zWrM0EP3na9sGjX
bHE+9ME8hM/F+fuaciAmFhqNEuUFoiigTRdxDjlzv1idhcOYddqkpnZKfaDqmDV0
pvdmVKENggL8Fo4/TsrsCEmTa8iumkwbi8uf4nyorD2AoJpA59LpwuP48mdTWMwt
JK7sONeB2Z7Qy2d9vPBMoZNU0Ienl9REDoVEj9HaE+tiysDbKis2q5/A1wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOLFbg1B1Ibqr+H6LT+LeV2Sa5ZeMB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvNHNWdURVSFVodXF2NGZvdFA0dDVYWkpybGw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgtrhgow
DQYJKoZIhvcNAQELBQADggEBAL4viFDh+4UYM2VwoYODF6m/1uGI1qEcLok59CNh
whX3J5ru5lDBLzk13W6dr1pg3mWnN5HPfLG98BqyX++CLbRpdXbcSYI0fxdr4ZkA
bAvtVmbiiQ2i7f2LPNMntOxj6R0bvHa03TNo6MrcmkfBvLbiGYNGcrWGOr4X267o
ijx38Gnx0/Fjw87DiEZ+v8Zq0Ahg197eSZVzAph1JOQyErm/AiyuvN6tmZ/E0Q32
SbWFdcP5X/duzIMji057vUvhjViEg9KkaEKexLmAo3EtA083uW/vjHA7KLhRS6ka
5204Z8O13DlgCa069r7OUZCN5TIDv6qPSlv0Yb6Ms5YW+hg=
-----END CERTIFICATE-----