Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/Zg9LMTVlLMAMzOgaRCOZsvbj5YY.roa
File:                     Zg9LMTVlLMAMzOgaRCOZsvbj5YY.roa (raw, json)
Hash identifier:          9YC0kyDqEXxaDbjw/WFc8btR+dLVmBtAW2yMy6GIxwY=
Subject key identifier:   66:0F:4B:31:35:65:2C:C0:0C:CC:E8:1A:44:23:99:B2:F6:E3:E5:86
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       019424454682D265507F0F314631E1D1A867
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/Zg9LMTVlLMAMzOgaRCOZsvbj5YY.roa
Signing time:             Wed 01 Jan 2025 23:48:27 +0000
ROA not before:           Wed 01 Jan 2025 23:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211387
IP address blocks:        2a0b:6b86:f00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:46:82:d2:65:50:7f:0f:31:46:31:e1:d1:a8:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 23:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=660f4b3135652cc00ccce81a442399b2f6e3e586
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:8e:29:38:ff:0e:ee:30:54:d6:9e:ca:36:7d:
                    93:77:e2:a3:3c:c5:b1:0a:ee:72:57:a8:c6:8b:60:
                    4a:58:a2:bb:81:1c:a2:fe:61:a5:fa:6c:d1:43:00:
                    3c:7e:6f:2b:35:8f:c4:11:0c:09:ab:8c:4c:1c:50:
                    4c:9b:b4:ea:b3:95:d7:01:7e:1e:04:22:67:40:d9:
                    bf:02:75:0c:d4:ca:04:19:eb:09:0f:db:c9:c2:c5:
                    57:b1:af:f5:a6:61:ab:73:66:69:09:5e:c8:0f:4b:
                    29:ea:87:19:82:06:23:b6:93:f9:3a:2d:2e:e4:88:
                    90:0c:62:99:12:90:ea:28:f7:83:d5:1b:f9:48:62:
                    9c:fa:47:01:c1:4f:b2:2f:38:27:cc:d6:8a:b5:4f:
                    ee:78:58:0e:33:c2:49:1d:00:fc:cd:eb:7b:87:f8:
                    38:55:ef:f4:fb:61:2c:23:23:40:22:b1:4a:c5:db:
                    64:fe:97:4f:30:1a:44:1d:df:b7:d5:45:aa:4a:d4:
                    81:d4:c6:87:fe:79:93:de:b7:5f:a6:9e:05:03:13:
                    de:fc:ed:ed:8a:48:d4:bc:c3:07:47:83:89:26:8b:
                    f5:3c:f1:27:34:e0:c3:38:78:44:32:81:22:e6:ec:
                    10:77:b0:2e:5b:d9:3b:1c:f1:c5:9e:50:72:01:89:
                    c5:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:0F:4B:31:35:65:2C:C0:0C:CC:E8:1A:44:23:99:B2:F6:E3:E5:86
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/Zg9LMTVlLMAMzOgaRCOZsvbj5YY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b86:f00::/40

    Signature Algorithm: sha256WithRSAEncryption
         a0:53:c9:7b:38:1e:90:78:dc:d4:39:a6:34:ea:a7:8a:dd:ac:
         ca:e5:a9:c8:20:25:c9:07:cf:2c:cb:53:f4:06:77:f5:64:6d:
         33:66:5f:85:93:7d:10:48:e7:9b:ca:b8:be:14:b3:d7:5a:20:
         b6:0f:56:36:0e:f5:c6:ba:c3:d3:08:cf:22:ab:77:d2:f4:ec:
         da:61:35:9e:1b:45:c0:32:21:34:a9:0a:52:4d:9c:8b:46:fa:
         2c:69:34:8d:01:d3:f9:18:da:34:a5:92:af:e4:55:0c:ac:33:
         31:54:9b:07:e4:e5:99:e8:69:f5:64:9c:29:0e:15:ed:2c:0b:
         53:0c:b4:01:71:2c:d0:a1:6a:39:eb:5b:29:d6:e8:52:e5:cf:
         82:5e:ee:5c:eb:6c:f4:e4:6f:c3:57:34:16:0c:b4:e9:2f:96:
         91:25:2a:25:46:23:1c:f2:29:d4:5e:71:31:6f:3c:80:2d:6a:
         11:bf:a1:49:68:93:3b:fc:46:96:c2:98:a6:ee:80:3c:1c:00:
         6f:0a:86:4a:bb:e9:7e:29:35:c4:13:c0:e8:da:d5:5d:8a:78:
         64:ec:b6:6c:28:53:8a:ac:e0:98:29:25:97:fe:f5:f1:f1:f1:
         d4:ee:9d:23:26:66:a1:c3:30:1c:39:87:14:c5:01:80:f8:6b:
         be:c8:02:f9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQkRUaC0mVQfw8xRjHh0ahnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjUwMTAxMjM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjBmNGIzMTM1NjUyY2MwMGNjY2U4MWE0NDIzOTliMmY2ZTNlNTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm44pOP8O7jBU1p7KNn2Td+KjPMWx
Cu5yV6jGi2BKWKK7gRyi/mGl+mzRQwA8fm8rNY/EEQwJq4xMHFBMm7Tqs5XXAX4e
BCJnQNm/AnUM1MoEGesJD9vJwsVXsa/1pmGrc2ZpCV7ID0sp6ocZggYjtpP5Oi0u
5IiQDGKZEpDqKPeD1Rv5SGKc+kcBwU+yLzgnzNaKtU/ueFgOM8JJHQD8zet7h/g4
Ve/0+2EsIyNAIrFKxdtk/pdPMBpEHd+31UWqStSB1MaH/nmT3rdfpp4FAxPe/O3t
ikjUvMMHR4OJJov1PPEnNODDOHhEMoEi5uwQd7AuW9k7HPHFnlByAYnFJQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGYPSzE1ZSzADMzoGkQjmbL24+WGMB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvWmc5TE1UVmxMTUFNek9nYVJDT1pzdmJqNVlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgtrhg8w
DQYJKoZIhvcNAQELBQADggEBAKBTyXs4HpB43NQ5pjTqp4rdrMrlqcggJckHzyzL
U/QGd/VkbTNmX4WTfRBI55vKuL4Us9daILYPVjYO9ca6w9MIzyKrd9L07NphNZ4b
RcAyITSpClJNnItG+ixpNI0B0/kY2jSlkq/kVQysMzFUmwfk5ZnoafVknCkOFe0s
C1MMtAFxLNChajnrWynW6FLlz4Je7lzrbPTkb8NXNBYMtOkvlpElKiVGIxzyKdRe
cTFvPIAtahG/oUlokzv8RpbCmKbugDwcAG8Khkq76X4pNcQTwOja1V2KeGTstmwo
U4qs4JgpJZf+9fHx8dTunSMmZqHDMBw5hxTFAYD4a77IAvk=
-----END CERTIFICATE-----