Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/f9ZO97gOWJUut8XaLFuUGxsZrIY.roa
File:                     f9ZO97gOWJUut8XaLFuUGxsZrIY.roa (raw, json)
Hash identifier:          6tq23TLuISKAQugLOcVCTXKPxD4H8WtHoGjZUKQXbNY=
Subject key identifier:   7F:D6:4E:F7:B8:0E:58:95:2E:B7:C5:DA:2C:5B:94:1B:1B:19:AC:86
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       0194228D60705781517502E6D72C53B65DF5
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/f9ZO97gOWJUut8XaLFuUGxsZrIY.roa
Signing time:             Wed 01 Jan 2025 15:47:58 +0000
ROA not before:           Wed 01 Jan 2025 15:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     10929
IP address blocks:        2a02:c6c1:1::/48 maxlen: 48
                          2a02:c6c1:142::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:60:70:57:81:51:75:02:e6:d7:2c:53:b6:5d:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Jan  1 15:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7fd64ef7b80e58952eb7c5da2c5b941b1b19ac86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:71:f2:39:b4:6f:c9:d3:ff:2d:4e:20:dc:12:
                    65:20:fc:6c:d0:c1:86:fc:31:c3:98:f7:e6:5d:0f:
                    a5:d9:32:d9:7c:51:24:bf:42:45:a0:63:f4:41:6e:
                    65:9f:0c:7a:37:06:4d:1e:e0:fd:c6:64:bc:76:16:
                    99:b2:93:c9:8f:ad:a0:4f:52:77:1f:3a:f9:ed:6f:
                    d6:6c:a1:58:29:e6:e7:68:33:f4:f6:52:cd:67:ff:
                    e5:c9:00:58:6b:1b:ea:5d:89:41:ad:e7:8a:63:ac:
                    43:47:f0:a9:f2:1b:ce:ad:43:7d:80:7a:05:36:d5:
                    81:a1:da:b1:3e:c6:e5:aa:94:be:ad:4f:33:74:ff:
                    37:70:71:25:9a:2d:90:34:e9:a5:24:48:3e:77:47:
                    f8:d3:5a:d0:25:61:9a:e2:78:0f:2d:29:33:fd:d1:
                    50:5f:c6:ec:07:18:56:48:e4:6e:56:f9:bc:0d:ff:
                    9c:e7:35:61:8d:c8:1a:cf:5d:3b:e5:d3:74:d4:85:
                    eb:e6:ed:f6:6a:60:8c:8a:1f:d7:11:65:2b:23:e8:
                    d3:26:56:24:75:88:44:15:6e:11:01:b0:4d:8e:8f:
                    a8:1b:54:5e:7e:ac:d2:66:1f:f9:02:3f:8c:a2:e4:
                    78:e6:ab:d8:cb:10:86:ce:1b:4a:1b:94:22:36:99:
                    66:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:D6:4E:F7:B8:0E:58:95:2E:B7:C5:DA:2C:5B:94:1B:1B:19:AC:86
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/f9ZO97gOWJUut8XaLFuUGxsZrIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:c6c1:1::/48
                  2a02:c6c1:142::/48

    Signature Algorithm: sha256WithRSAEncryption
         c7:ad:0e:ad:f6:75:e0:f6:67:c9:a4:d4:83:9a:63:81:d7:be:
         09:91:e6:c7:62:fe:4a:56:be:e1:7c:d3:50:67:18:e6:40:64:
         f6:c1:67:4b:4a:0d:b8:0a:5f:88:20:f8:07:39:79:48:d1:92:
         be:c4:03:9f:57:7b:6c:52:30:13:d5:c1:f4:20:b1:8e:43:d1:
         e9:77:87:31:a4:a6:14:de:61:4c:3f:49:da:e5:4d:28:36:6a:
         8e:41:bc:94:3a:eb:39:4d:28:60:d8:d1:28:9a:61:b7:3a:9e:
         71:82:59:f0:32:cd:5d:3f:cb:8e:90:09:0e:dd:db:c2:dd:ce:
         18:fc:09:bd:67:b9:66:d4:d4:bb:16:ac:b2:73:4d:c1:3d:6a:
         f1:ca:11:3f:ac:71:02:42:40:93:92:7e:6f:90:8c:d9:63:ac:
         d5:82:ea:36:a0:ac:04:93:e8:97:3c:a1:1f:f6:a0:aa:32:19:
         24:44:4b:f0:e0:ba:e1:5e:ff:4f:e5:f0:cf:ae:bd:54:ea:db:
         92:80:52:ca:ad:ca:cd:6b:b7:82:7a:c0:0c:1c:bf:ca:e6:ec:
         d7:28:fd:8e:e4:fb:05:bd:6a:c2:19:a1:9e:0c:ca:8a:e6:18:
         af:47:c9:14:83:ea:ce:6f:c8:6d:a5:39:2c:0f:4c:ff:07:a9:
         e1:56:71:ed
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQijWBwV4FRdQLm1yxTtl31MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjUwMTAxMTU0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmQ2NGVmN2I4MGU1ODk1MmViN2M1ZGEyYzViOTQxYjFiMTlhYzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3XHyObRvydP/LU4g3BJlIPxs0MGG
/DHDmPfmXQ+l2TLZfFEkv0JFoGP0QW5lnwx6NwZNHuD9xmS8dhaZspPJj62gT1J3
Hzr57W/WbKFYKebnaDP09lLNZ//lyQBYaxvqXYlBreeKY6xDR/Cp8hvOrUN9gHoF
NtWBodqxPsblqpS+rU8zdP83cHElmi2QNOmlJEg+d0f401rQJWGa4ngPLSkz/dFQ
X8bsBxhWSORuVvm8Df+c5zVhjcgaz1075dN01IXr5u32amCMih/XEWUrI+jTJlYk
dYhEFW4RAbBNjo+oG1RefqzSZh/5Aj+MouR45qvYyxCGzhtKG5QiNplmGwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFH/WTve4DliVLrfF2ixblBsbGayGMB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvZjlaTzk3Z09XSlV1dDhYYUxGdVVHeHNacklZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgLGwQAB
AwcAKgLGwQFCMA0GCSqGSIb3DQEBCwUAA4IBAQDHrQ6t9nXg9mfJpNSDmmOB174J
kebHYv5KVr7hfNNQZxjmQGT2wWdLSg24Cl+IIPgHOXlI0ZK+xAOfV3tsUjAT1cH0
ILGOQ9Hpd4cxpKYU3mFMP0na5U0oNmqOQbyUOus5TShg2NEommG3Op5xglnwMs1d
P8uOkAkO3dvC3c4Y/Am9Z7lm1NS7Fqyyc03BPWrxyhE/rHECQkCTkn5vkIzZY6zV
guo2oKwEk+iXPKEf9qCqMhkkREvw4LrhXv9P5fDPrr1U6tuSgFLKrcrNa7eCesAM
HL/K5uzXKP2O5PsFvWrCGaGeDMqK5hivR8kUg+rOb8htpTksD0z/B6nhVnHt
-----END CERTIFICATE-----