Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/lUkUA-Czwa2okiPJT7Kq8pTW_Yo.roa
File:                     lUkUA-Czwa2okiPJT7Kq8pTW_Yo.roa (raw, json)
Hash identifier:          fS+41ubfx3zCs5hYx7i3kz5j50EsoWw6NrXQjh9DDSs=
Subject key identifier:   95:49:14:03:E0:B3:C1:AD:A8:92:23:C9:4F:B2:AA:F2:94:D6:FD:8A
Certificate issuer:       /CN=4cf80802c6579a4d4a10608dcf92e9ace9905b16
Certificate serial:       01941FFA65ED90E3967A316D31806E99E9A8
Authority key identifier: 4C:F8:08:02:C6:57:9A:4D:4A:10:60:8D:CF:92:E9:AC:E9:90:5B:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPgIAsZXmk1KEGCNz5LprOmQWxY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/lUkUA-Czwa2okiPJT7Kq8pTW_Yo.roa
Signing time:             Wed 01 Jan 2025 03:48:11 +0000
ROA not before:           Wed 01 Jan 2025 03:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203038
IP address blocks:        2a0d:bbc0:1::/48 maxlen: 48
                          2a0d:bbc0:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/TPgIAsZXmk1KEGCNz5LprOmQWxY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/TPgIAsZXmk1KEGCNz5LprOmQWxY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPgIAsZXmk1KEGCNz5LprOmQWxY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:65:ed:90:e3:96:7a:31:6d:31:80:6e:99:e9:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf80802c6579a4d4a10608dcf92e9ace9905b16
        Validity
            Not Before: Jan  1 03:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95491403e0b3c1ada89223c94fb2aaf294d6fd8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:4f:ed:99:f9:69:a2:f1:f2:87:18:fd:ad:31:
                    aa:9f:69:4b:cf:e6:15:50:6b:fa:2a:20:db:99:88:
                    3b:9f:3b:de:66:b5:01:fb:c1:d4:33:59:a7:d2:af:
                    74:37:cd:6f:e7:e5:0e:90:ca:79:93:46:25:43:ba:
                    2f:ab:b4:62:20:a3:4f:50:89:0e:c9:45:99:fe:0c:
                    a9:49:4f:1f:d9:6d:34:1a:51:d0:8f:31:a2:18:53:
                    40:59:6a:a6:a3:7c:97:21:cf:1c:7c:7f:af:cf:92:
                    6f:29:83:da:dd:b1:f1:e7:f1:1c:46:ef:36:86:e6:
                    5a:43:e1:2b:ad:46:3a:9b:b7:3f:4a:b9:1f:4a:43:
                    b1:07:f1:94:1b:7c:79:11:f4:59:8e:59:24:20:b9:
                    71:76:3b:1a:16:ec:74:0e:f1:c6:c8:82:c3:51:40:
                    d4:3d:4b:04:ae:33:6f:7c:d7:52:e4:d5:1e:78:a8:
                    ab:83:2b:b5:c7:4e:31:d7:21:68:a7:df:57:15:6b:
                    10:23:40:1b:2e:89:be:ac:b4:06:ce:b1:c5:15:af:
                    7d:09:de:c1:38:c8:4d:c1:90:6d:8d:c9:c7:7c:c9:
                    f8:98:d0:e8:aa:e7:8c:ba:89:4d:85:e0:2f:62:d6:
                    a8:73:66:e7:d1:8b:5b:8e:33:90:92:76:e4:50:2a:
                    a7:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:49:14:03:E0:B3:C1:AD:A8:92:23:C9:4F:B2:AA:F2:94:D6:FD:8A
            X509v3 Authority Key Identifier:
                keyid:4C:F8:08:02:C6:57:9A:4D:4A:10:60:8D:CF:92:E9:AC:E9:90:5B:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPgIAsZXmk1KEGCNz5LprOmQWxY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/lUkUA-Czwa2okiPJT7Kq8pTW_Yo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/TPgIAsZXmk1KEGCNz5LprOmQWxY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:bbc0:1::-2a0d:bbc0:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         2c:27:af:f3:74:6b:68:5c:5d:6b:2d:c0:fd:e3:a6:28:70:b8:
         af:d2:b4:a7:03:e9:11:93:e5:47:00:70:d9:ca:cf:82:4b:0e:
         f1:4f:f4:b2:13:ea:18:23:96:e7:e5:06:20:63:3f:fe:cd:2a:
         94:a4:37:ae:9e:7f:5d:62:a5:55:d5:d0:c0:d5:5c:fe:99:f0:
         02:60:dc:a3:eb:08:e0:ce:04:d2:52:20:f8:1b:be:52:fb:c4:
         6b:90:a3:e2:b0:76:9f:10:41:83:96:d0:0f:3e:37:d9:2a:9d:
         ef:69:f5:39:32:b3:4b:ae:10:14:04:0d:bc:b9:9d:0b:0a:45:
         78:d7:0c:bf:2b:af:2b:54:c4:10:ff:90:2b:bf:a3:b6:2c:68:
         9f:14:c4:94:e5:a5:0a:36:02:04:59:f8:03:57:ef:28:1e:ad:
         a1:f1:18:91:ca:8a:38:6a:c4:60:80:bc:3f:15:6e:10:48:cd:
         7f:18:ce:28:62:8e:d3:e0:bb:f1:d4:a9:20:83:a4:4a:85:32:
         e3:5d:a7:8d:b3:61:a1:05:fa:be:d0:50:a0:11:57:4f:c4:cf:
         85:8b:da:07:65:8f:3b:cf:52:48:a8:49:74:49:71:09:0b:51:
         36:25:24:13:c6:8c:de:a6:29:d7:ee:8d:a0:6d:73:c4:1a:23:
         9f:c2:7c:8f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQf+mXtkOOWejFtMYBumemoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjgwODAyYzY1NzlhNGQ0YTEwNjA4ZGNmOTJlOWFjZTk5
MDViMTYwHhcNMjUwMTAxMDM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTQ5MTQwM2UwYjNjMWFkYTg5MjIzYzk0ZmIyYWFmMjk0ZDZmZDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkE/tmflpovHyhxj9rTGqn2lLz+YV
UGv6KiDbmYg7nzveZrUB+8HUM1mn0q90N81v5+UOkMp5k0YlQ7ovq7RiIKNPUIkO
yUWZ/gypSU8f2W00GlHQjzGiGFNAWWqmo3yXIc8cfH+vz5JvKYPa3bHx5/EcRu82
huZaQ+ErrUY6m7c/SrkfSkOxB/GUG3x5EfRZjlkkILlxdjsaFux0DvHGyILDUUDU
PUsErjNvfNdS5NUeeKirgyu1x04x1yFop99XFWsQI0AbLom+rLQGzrHFFa99Cd7B
OMhNwZBtjcnHfMn4mNDoqueMuolNheAvYtaoc2bn0YtbjjOQknbkUCqnVwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJVJFAPgs8GtqJIjyU+yqvKU1v2KMB8GA1UdIwQY
MBaAFEz4CALGV5pNShBgjc+S6azpkFsWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBnSUFzWlhtazFLRUdDTno1THByT21RV3hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8zOThiYmItMTg0Zi00ODUxLWIyYTAt
OTFmNDlkOGQxMTVkLzEvbFVrVUEtQ3p3YTJva2lQSlQ3S3E4cFRXX1lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8zOThiYmItMTg0Zi00ODUxLWIyYTAtOTFmNDlkOGQxMTVk
LzEvVFBnSUFzWlhtazFLRUdDTno1THByT21RV3hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqDbvA
AAEDBwAqDbvAAAIwDQYJKoZIhvcNAQELBQADggEBACwnr/N0a2hcXWstwP3jpihw
uK/StKcD6RGT5UcAcNnKz4JLDvFP9LIT6hgjluflBiBjP/7NKpSkN66ef11ipVXV
0MDVXP6Z8AJg3KPrCODOBNJSIPgbvlL7xGuQo+Kwdp8QQYOW0A8+N9kqne9p9Tky
s0uuEBQEDby5nQsKRXjXDL8rrytUxBD/kCu/o7YsaJ8UxJTlpQo2AgRZ+ANX7yge
raHxGJHKijhqxGCAvD8VbhBIzX8YzihijtPgu/HUqSCDpEqFMuNdp42zYaEF+r7Q
UKARV0/Ez4WL2gdljzvPUkioSXRJcQkLUTYlJBPGjN6mKdfujaBtc8QaI5/CfI8=
-----END CERTIFICATE-----