Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/z4wc-XAByuKg9_4TbtczZujvcTM.roa
File:                     z4wc-XAByuKg9_4TbtczZujvcTM.roa (raw, json)
Hash identifier:          k/l1khmraEpcZ2ZtOkT01pmuwNGz8qHwS9DZWQhB7Ek=
Subject key identifier:   CF:8C:1C:F9:70:01:CA:E2:A0:F7:FE:13:6E:D7:33:66:E8:EF:71:33
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       01942445475AF00C8E53470DA3DC863E1CB8
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/z4wc-XAByuKg9_4TbtczZujvcTM.roa
Signing time:             Wed 01 Jan 2025 23:48:27 +0000
ROA not before:           Wed 01 Jan 2025 23:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401297
IP address blocks:        2a0b:6b82::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:47:5a:f0:0c:8e:53:47:0d:a3:dc:86:3e:1c:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 23:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf8c1cf97001cae2a0f7fe136ed73366e8ef7133
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:75:c9:b8:32:3d:f9:b8:60:41:4a:41:cd:46:
                    8d:b2:db:2c:c0:8f:9f:33:8a:a0:50:ad:99:fb:d6:
                    17:3f:f7:03:c4:d6:a9:95:a9:c7:e0:fd:0c:80:bc:
                    3d:21:fe:b1:71:92:43:db:b4:f1:e4:ec:96:02:56:
                    14:9b:e6:93:7a:3e:b0:e5:b8:96:60:a3:e2:14:2a:
                    df:a7:cd:d4:18:e9:25:fa:81:3c:6f:97:bc:18:0b:
                    d3:6b:12:6d:70:79:c2:c3:a0:14:6f:a7:e0:a5:3c:
                    27:a2:00:ee:13:0c:df:b1:53:b5:fd:82:93:90:43:
                    26:7c:89:66:ee:08:e3:73:93:b2:27:54:a9:cc:93:
                    09:69:48:08:b7:8c:d1:38:46:29:03:13:eb:38:e7:
                    5d:b5:a3:b6:36:12:47:e5:24:da:ac:e1:2a:f8:68:
                    f8:70:f1:03:3c:cc:19:19:72:0c:f4:16:e8:9a:64:
                    e7:15:11:e6:c3:82:0c:f6:7b:5a:15:7d:0e:0c:75:
                    d3:e2:33:e0:ef:57:45:7f:d0:66:43:9c:9c:c5:67:
                    14:e9:37:94:44:29:e8:a2:03:d7:72:d9:96:83:df:
                    c3:d7:54:25:0b:c8:b4:25:15:fd:b3:20:4d:1e:5c:
                    11:21:60:d1:cd:57:8c:6a:83:8f:25:7c:1e:63:80:
                    a9:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:8C:1C:F9:70:01:CA:E2:A0:F7:FE:13:6E:D7:33:66:E8:EF:71:33
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/z4wc-XAByuKg9_4TbtczZujvcTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b82::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:9c:26:76:ae:69:a7:4b:57:98:16:56:10:7c:16:36:e3:43:
         42:42:91:36:29:7d:ac:46:81:18:aa:5b:d8:19:3e:bc:16:64:
         ca:92:c8:7f:64:5a:c1:b3:d4:92:b9:6f:a9:c3:e9:87:7d:ac:
         dc:b9:ae:f7:d3:d7:f6:ac:bd:a1:38:50:c4:f0:f3:65:cb:dc:
         3e:0f:14:9e:fb:36:9e:20:8d:06:9f:19:c1:ce:c7:0a:f7:66:
         bc:1c:64:bb:f3:27:14:1d:51:bb:a9:0a:fd:ac:41:5e:37:88:
         1e:ed:e7:66:0e:68:a0:0c:b3:15:d6:11:11:b1:21:b3:42:29:
         34:97:6c:1e:50:c5:0f:69:94:2c:b0:4c:98:0a:9c:c4:06:5a:
         1b:fa:2c:74:5b:dc:f2:4b:46:d9:af:5a:7d:ea:fe:bc:76:e3:
         5a:9c:38:b8:72:cf:22:d0:54:74:b6:2b:74:26:c3:da:c5:f5:
         75:67:06:f4:ab:e0:9a:71:e7:f7:c5:15:a0:38:e1:18:31:6b:
         db:52:48:60:14:d0:d9:4e:ad:72:f7:c6:aa:4a:c2:46:b2:10:
         18:b7:e1:3d:4d:d3:38:5c:8d:d1:c0:43:9b:a0:29:c2:cd:20:
         4e:dc:7e:5f:1e:87:96:1d:28:e9:53:45:cc:2b:9c:1c:c3:93:
         22:72:e7:fb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQkRUda8AyOU0cNo9yGPhy4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjUwMTAxMjM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjhjMWNmOTcwMDFjYWUyYTBmN2ZlMTM2ZWQ3MzM2NmU4ZWY3MTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnXJuDI9+bhgQUpBzUaNstsswI+f
M4qgUK2Z+9YXP/cDxNaplanH4P0MgLw9If6xcZJD27Tx5OyWAlYUm+aTej6w5biW
YKPiFCrfp83UGOkl+oE8b5e8GAvTaxJtcHnCw6AUb6fgpTwnogDuEwzfsVO1/YKT
kEMmfIlm7gjjc5OyJ1SpzJMJaUgIt4zROEYpAxPrOOddtaO2NhJH5STarOEq+Gj4
cPEDPMwZGXIM9BbommTnFRHmw4IM9ntaFX0ODHXT4jPg71dFf9BmQ5ycxWcU6TeU
RCnoogPXctmWg9/D11QlC8i0JRX9syBNHlwRIWDRzVeMaoOPJXweY4Cp3wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM+MHPlwAcrioPf+E27XM2bo73EzMB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvejR3Yy1YQUJ5dUtnOV80VGJ0Y3padWp2Y1RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgtrgjAN
BgkqhkiG9w0BAQsFAAOCAQEAXJwmdq5pp0tXmBZWEHwWNuNDQkKRNil9rEaBGKpb
2Bk+vBZkypLIf2RawbPUkrlvqcPph32s3Lmu99PX9qy9oThQxPDzZcvcPg8Unvs2
niCNBp8Zwc7HCvdmvBxku/MnFB1Ru6kK/axBXjeIHu3nZg5ooAyzFdYREbEhs0Ip
NJdsHlDFD2mULLBMmAqcxAZaG/osdFvc8ktG2a9afer+vHbjWpw4uHLPItBUdLYr
dCbD2sX1dWcG9KvgmnHn98UVoDjhGDFr21JIYBTQ2U6tcvfGqkrCRrIQGLfhPU3T
OFyN0cBDm6Apws0gTtx+Xx6Hlh0o6VNFzCucHMOTInLn+w==
-----END CERTIFICATE-----