Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/rvBoaYSrYkbtJTtOKbhTdATaFJM.roa
File:                     rvBoaYSrYkbtJTtOKbhTdATaFJM.roa (raw, json)
Hash identifier:          LE4FJA/j7M053Yg4eAl5SJ9uM0sRd4GVsWhWeNGGUv0=
Subject key identifier:   AE:F0:68:69:84:AB:62:46:ED:25:3B:4E:29:B8:53:74:04:DA:14:93
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       0194244544626FCF6A8E48FE1AE2908DDA54
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/rvBoaYSrYkbtJTtOKbhTdATaFJM.roa
Signing time:             Wed 01 Jan 2025 23:48:26 +0000
ROA not before:           Wed 01 Jan 2025 23:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206699
IP address blocks:        2a0b:6b86:b00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:44:62:6f:cf:6a:8e:48:fe:1a:e2:90:8d:da:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 23:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aef0686984ab6246ed253b4e29b8537404da1493
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d2:27:45:9d:ad:fd:a6:d7:c0:07:0e:b2:de:
                    2f:f8:e0:5e:91:95:5a:fd:0a:72:ba:9e:44:30:97:
                    3f:b8:d1:60:ca:bd:54:1d:a9:57:e8:b2:40:64:2d:
                    95:1e:4b:75:89:2f:a3:79:24:26:88:d6:b4:a7:67:
                    9d:80:33:6c:85:0a:e6:12:9f:d2:c3:98:0b:be:15:
                    a8:ed:51:05:e1:b1:37:1c:16:a2:89:e9:12:15:9f:
                    2d:1a:34:cf:ec:34:3c:29:c4:d6:0f:f3:aa:d6:2f:
                    26:50:16:2d:23:0f:3d:61:c2:d0:56:19:be:4f:73:
                    1d:ca:bf:5f:55:8b:5f:bc:ca:c1:5a:c4:4e:4e:80:
                    91:ba:e1:0d:3a:66:28:0e:d4:4e:d5:26:d3:94:25:
                    6c:7e:34:a1:8c:29:07:54:c2:06:69:4e:76:01:1a:
                    ff:06:62:64:71:27:87:41:de:7e:52:06:dc:81:c5:
                    2f:60:89:48:b4:69:0f:aa:dd:b5:32:e4:e5:5f:5b:
                    8a:99:90:c7:b5:29:8a:cf:bc:ec:96:84:ca:ed:76:
                    69:90:75:5d:ee:95:c7:19:99:26:34:92:11:c4:84:
                    96:70:0a:46:3e:9a:4f:56:ea:ea:d4:4e:d6:50:e4:
                    57:90:1e:cc:93:44:f3:0a:23:68:0e:31:52:29:74:
                    8e:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:F0:68:69:84:AB:62:46:ED:25:3B:4E:29:B8:53:74:04:DA:14:93
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/rvBoaYSrYkbtJTtOKbhTdATaFJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b86:b00::/40

    Signature Algorithm: sha256WithRSAEncryption
         bc:eb:d7:bc:75:c4:36:b7:da:22:1f:1e:83:28:d7:bb:3c:6d:
         55:a0:00:41:e3:c7:09:22:80:0b:c6:1b:95:76:b7:69:aa:a8:
         4b:c2:bb:62:38:28:04:7d:c5:78:01:3e:2d:7a:c4:09:77:d7:
         b8:e1:68:ad:10:96:05:76:49:f5:64:cf:e4:30:83:84:e2:b0:
         70:ab:55:de:79:9d:ee:c1:7f:f4:9b:f5:54:ac:0e:13:ce:97:
         b4:86:e6:31:df:d8:62:b6:ae:c8:aa:69:f9:bd:67:a6:05:ef:
         ad:f7:ff:eb:56:08:a3:91:3d:9e:f3:f8:4a:15:4e:e7:e7:4f:
         18:62:66:54:06:b3:58:b1:ca:3c:14:6d:30:a4:26:34:0e:0a:
         d8:ce:da:17:8c:73:f7:ff:18:f9:fc:bb:b6:5e:d1:9e:1c:17:
         68:8f:c3:bb:e1:5f:1d:85:5e:07:26:64:f4:51:e4:07:71:87:
         88:14:70:61:93:b6:bf:d2:50:f8:97:ca:a5:99:06:09:b4:ca:
         bc:0f:ca:6d:6d:2e:eb:78:08:4a:e6:5b:ef:72:e2:7b:31:93:
         fd:a4:35:56:25:0c:76:d6:16:39:00:3b:5d:28:74:c3:8a:9d:
         46:37:51:b9:96:17:23:f8:0b:b6:1b:1c:e7:07:76:2a:3f:87:
         df:fa:ba:f9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQkRURib89qjkj+GuKQjdpUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjUwMTAxMjM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWYwNjg2OTg0YWI2MjQ2ZWQyNTNiNGUyOWI4NTM3NDA0ZGExNDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdInRZ2t/abXwAcOst4v+OBekZVa
/Qpyup5EMJc/uNFgyr1UHalX6LJAZC2VHkt1iS+jeSQmiNa0p2edgDNshQrmEp/S
w5gLvhWo7VEF4bE3HBaiiekSFZ8tGjTP7DQ8KcTWD/Oq1i8mUBYtIw89YcLQVhm+
T3Mdyr9fVYtfvMrBWsROToCRuuENOmYoDtRO1SbTlCVsfjShjCkHVMIGaU52ARr/
BmJkcSeHQd5+UgbcgcUvYIlItGkPqt21MuTlX1uKmZDHtSmKz7zsloTK7XZpkHVd
7pXHGZkmNJIRxISWcApGPppPVurq1E7WUORXkB7Mk0TzCiNoDjFSKXSO1wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFK7waGmEq2JG7SU7Tim4U3QE2hSTMB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvcnZCb2FZU3JZa2J0SlR0T0tiaFRkQVRhRkpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgtrhgsw
DQYJKoZIhvcNAQELBQADggEBALzr17x1xDa32iIfHoMo17s8bVWgAEHjxwkigAvG
G5V2t2mqqEvCu2I4KAR9xXgBPi16xAl317jhaK0QlgV2SfVkz+Qwg4TisHCrVd55
ne7Bf/Sb9VSsDhPOl7SG5jHf2GK2rsiqafm9Z6YF7633/+tWCKORPZ7z+EoVTufn
TxhiZlQGs1ixyjwUbTCkJjQOCtjO2heMc/f/GPn8u7Ze0Z4cF2iPw7vhXx2FXgcm
ZPRR5Adxh4gUcGGTtr/SUPiXyqWZBgm0yrwPym1tLut4CErmW+9y4nsxk/2kNVYl
DHbWFjkAO10odMOKnUY3UbmWFyP4C7YbHOcHdio/h9/6uvk=
-----END CERTIFICATE-----