Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/whbNPX7xpImhIktrpipKoQzAFZo.roa
File:                     whbNPX7xpImhIktrpipKoQzAFZo.roa (raw, json)
Hash identifier:          Jtvnk0ncEqCQ/ZQ9F0sCk3O4UoG6D0dlD2s9B3IWjbk=
Subject key identifier:   C2:16:CD:3D:7E:F1:A4:89:A1:22:4B:6B:A6:2A:4A:A1:0C:C0:15:9A
Certificate issuer:       /CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Certificate serial:       019425FDC73B0855524ABB8FC790BDAF0A09
Authority key identifier: 6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/whbNPX7xpImhIktrpipKoQzAFZo.roa
Signing time:             Thu 02 Jan 2025 07:49:36 +0000
ROA not before:           Thu 02 Jan 2025 07:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197501
IP address blocks:        2a0a:2c0:8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:c7:3b:08:55:52:4a:bb:8f:c7:90:bd:af:0a:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
        Validity
            Not Before: Jan  2 07:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c216cd3d7ef1a489a1224b6ba62a4aa10cc0159a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d1:41:04:16:50:2b:c2:1c:7c:4f:e5:be:fc:
                    f7:76:e7:ba:4a:7a:18:39:b8:83:8b:36:4b:79:be:
                    1f:43:e3:81:21:8f:c1:ab:ff:2a:8f:b1:90:e1:1c:
                    8f:74:9f:9a:76:81:aa:71:58:1a:5b:fc:42:6b:dd:
                    32:5a:67:ab:14:d7:e9:d6:eb:c2:73:98:df:f9:67:
                    80:96:73:ea:46:0b:87:ca:10:95:6f:75:ce:dd:c1:
                    6f:86:bf:e5:16:ef:49:09:16:82:6f:cd:42:41:cf:
                    d2:03:d2:e0:c7:b6:27:3d:b4:d4:ee:89:62:04:5e:
                    9a:f7:9e:af:c8:7f:3e:8f:62:f9:7b:70:df:75:20:
                    e0:75:9a:e8:32:27:09:ec:eb:83:82:25:20:45:c3:
                    6c:2c:cd:28:50:76:8b:78:35:b6:6f:2e:f8:53:97:
                    12:af:a8:db:aa:63:95:5a:44:d2:d1:b9:e7:e3:25:
                    32:75:8f:c1:f4:d4:b4:b1:05:b1:86:0e:4e:d8:e6:
                    b5:67:cf:0b:fe:6a:22:ca:30:da:2e:95:d1:63:da:
                    09:0a:20:aa:6c:83:3f:fd:f7:62:9b:15:6c:3d:7b:
                    d0:61:8b:da:c3:ab:0e:99:89:fc:27:3f:2b:2e:e3:
                    63:64:5b:8f:ff:d9:38:0b:8d:a4:53:70:81:99:d2:
                    25:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:16:CD:3D:7E:F1:A4:89:A1:22:4B:6B:A6:2A:4A:A1:0C:C0:15:9A
            X509v3 Authority Key Identifier:
                keyid:6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/whbNPX7xpImhIktrpipKoQzAFZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2c0:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:7c:e0:72:6f:f0:30:44:a5:2e:5d:5f:de:82:bd:b4:c5:f0:
         06:e5:e2:d5:de:f9:a9:52:e8:52:68:01:6e:38:bb:59:ce:da:
         89:f5:a2:d5:9d:62:17:c0:03:30:86:0d:56:c7:cf:20:d8:48:
         08:d5:22:b2:3b:ca:d5:d2:65:83:e7:04:35:23:03:e1:51:87:
         fd:89:06:6e:43:58:fc:9a:d1:2f:2b:89:f5:7c:c8:5d:f8:48:
         5e:a5:1f:94:bf:2a:87:a5:7b:d8:93:00:ce:cd:fa:5a:5f:99:
         a9:c3:de:a9:98:de:8d:9a:ac:37:fc:8b:11:9a:26:ac:41:0e:
         bd:22:05:d4:36:b3:1d:bd:a9:aa:b5:21:17:0e:2e:61:e6:d4:
         dd:5a:0f:46:cf:8d:48:f9:98:6e:19:fc:f8:b4:8f:1a:ea:0e:
         b9:48:50:63:21:43:53:37:7c:60:ea:92:da:ee:91:49:af:6b:
         34:b0:41:09:aa:80:05:ab:1e:ee:e2:d1:c9:63:c0:45:76:f8:
         89:9a:d9:e7:35:66:d2:d8:b8:6c:63:dc:e8:6a:f6:ba:a8:28:
         6d:d4:a3:37:0a:41:87:79:d4:a3:9e:54:7b:56:7a:3d:55:69:
         16:85:ab:0b:3c:1f:44:3e:bb:b1:7f:90:0d:38:96:67:e9:f3:
         62:1f:d9:59
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/cc7CFVSSruPx5C9rwoJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTk3Y2Y0ZDhkMGJjMTdiM2FmMWQ2MmM0ZDcxNDg4NjYx
YmQyMTIwHhcNMjUwMTAyMDc0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjE2Y2QzZDdlZjFhNDg5YTEyMjRiNmJhNjJhNGFhMTBjYzAxNTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldFBBBZQK8IcfE/lvvz3due6SnoY
ObiDizZLeb4fQ+OBIY/Bq/8qj7GQ4RyPdJ+adoGqcVgaW/xCa90yWmerFNfp1uvC
c5jf+WeAlnPqRguHyhCVb3XO3cFvhr/lFu9JCRaCb81CQc/SA9Lgx7YnPbTU7oli
BF6a956vyH8+j2L5e3DfdSDgdZroMicJ7OuDgiUgRcNsLM0oUHaLeDW2by74U5cS
r6jbqmOVWkTS0bnn4yUydY/B9NS0sQWxhg5O2Oa1Z88L/moiyjDaLpXRY9oJCiCq
bIM//fdimxVsPXvQYYvaw6sOmYn8Jz8rLuNjZFuP/9k4C42kU3CBmdIlcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMIWzT1+8aSJoSJLa6YqSqEMwBWaMB8GA1UdIwQY
MBaAFGzpfPTY0LwXs68dYsTXFIhmG9ISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMt
Mzk5M2FhMzI0ZTFmLzEvd2hiTlBYN3hwSW1oSWt0cnBpcEtvUXpBRlpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMtMzk5M2FhMzI0ZTFm
LzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgoCwAAI
MA0GCSqGSIb3DQEBCwUAA4IBAQBhfOByb/AwRKUuXV/egr20xfAG5eLV3vmpUuhS
aAFuOLtZztqJ9aLVnWIXwAMwhg1Wx88g2EgI1SKyO8rV0mWD5wQ1IwPhUYf9iQZu
Q1j8mtEvK4n1fMhd+EhepR+UvyqHpXvYkwDOzfpaX5mpw96pmN6Nmqw3/IsRmias
QQ69IgXUNrMdvamqtSEXDi5h5tTdWg9Gz41I+ZhuGfz4tI8a6g65SFBjIUNTN3xg
6pLa7pFJr2s0sEEJqoAFqx7u4tHJY8BFdviJmtnnNWbS2LhsY9zoava6qCht1KM3
CkGHedSjnlR7Vno9VWkWhasLPB9EPruxf5ANOJZn6fNiH9lZ
-----END CERTIFICATE-----