Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/Olq79L64wCg-hHRooByi3vPZULM.roa
File:                     Olq79L64wCg-hHRooByi3vPZULM.roa (raw, json)
Hash identifier:          7iTlVlX50RF0+9QmCG7iYPxhRnhcj6E2kkA6pnlrhOE=
Subject key identifier:   3A:5A:BB:F4:BE:B8:C0:28:3E:84:74:68:A0:1C:A2:DE:F3:D9:50:B3
Certificate issuer:       /CN=9af9d0d4befda09e999eabd0c8724e217364de10
Certificate serial:       01942747D7F9F3FFE888CAD2918CD7E66671
Authority key identifier: 9A:F9:D0:D4:BE:FD:A0:9E:99:9E:AB:D0:C8:72:4E:21:73:64:DE:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/Olq79L64wCg-hHRooByi3vPZULM.roa
Signing time:             Thu 02 Jan 2025 13:50:07 +0000
ROA not before:           Thu 02 Jan 2025 13:50:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        2a0e:fd80:a03::/48 maxlen: 48
                          2a0e:fd80:a04::/48 maxlen: 48
                          2a0e:fd80:a05::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:d7:f9:f3:ff:e8:88:ca:d2:91:8c:d7:e6:66:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9af9d0d4befda09e999eabd0c8724e217364de10
        Validity
            Not Before: Jan  2 13:50:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a5abbf4beb8c0283e847468a01ca2def3d950b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:13:67:cd:1b:33:fa:3f:15:7c:e1:91:2e:d8:
                    6b:7c:ae:f2:a0:f0:7d:47:37:59:d9:2f:5d:7f:4f:
                    3c:9f:83:ce:68:56:ed:a5:1b:b2:cc:c6:d1:84:27:
                    b9:a6:77:16:74:33:9e:d4:61:90:a1:95:be:73:03:
                    ce:13:46:b0:5e:46:9d:93:08:4c:95:3f:69:f1:f7:
                    cc:f9:26:4d:4d:bc:8b:a4:b0:35:9c:7d:a1:0c:bc:
                    fb:e1:35:37:05:1b:3a:f9:c1:20:cc:51:c0:a6:73:
                    6a:7a:30:b2:ee:27:7d:04:28:b0:45:f0:5d:e8:4e:
                    ee:3a:56:a1:24:9a:5c:c1:2e:34:34:2b:d5:96:70:
                    7d:95:75:67:96:c4:6d:56:42:5a:2c:1a:0b:12:01:
                    0b:6e:25:2c:df:7c:38:f7:da:d8:e2:e5:5f:8a:a6:
                    5b:e9:7a:0a:40:b8:6b:f7:58:42:e5:74:fb:32:bc:
                    e6:1b:19:79:af:26:b9:dd:c3:e1:c1:ab:a9:70:65:
                    fe:e5:7e:e7:7a:ec:69:1b:35:23:0e:c2:2f:10:54:
                    89:3b:f8:c4:f7:e2:9b:3d:41:81:23:4b:48:70:30:
                    c9:6c:21:f5:c5:33:24:6d:1b:23:d9:d8:dd:c9:7f:
                    77:ae:a4:cd:a1:c1:37:19:cc:9a:f9:56:12:2c:a1:
                    87:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:5A:BB:F4:BE:B8:C0:28:3E:84:74:68:A0:1C:A2:DE:F3:D9:50:B3
            X509v3 Authority Key Identifier:
                keyid:9A:F9:D0:D4:BE:FD:A0:9E:99:9E:AB:D0:C8:72:4E:21:73:64:DE:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/Olq79L64wCg-hHRooByi3vPZULM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:fd80:a03::-2a0e:fd80:a05:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         8b:98:4d:6d:6d:8a:90:87:89:d7:84:2f:dd:ec:e7:71:8f:cf:
         4b:3b:1c:cb:6f:8f:c4:96:4d:70:81:60:58:bb:87:98:eb:f7:
         b4:cf:1e:f7:9f:40:93:84:a9:44:b4:d1:8e:0b:76:c9:c1:3d:
         44:fe:99:60:d7:da:7e:49:7c:2e:1f:2e:e7:9d:0d:50:39:ca:
         b2:5e:8f:8c:95:88:e3:12:5e:6f:9c:ef:df:bf:fb:50:e4:73:
         0d:3b:2f:df:6d:c2:6c:b0:0b:45:f5:31:d6:ab:74:f5:cd:13:
         89:f8:0f:75:a1:c7:88:ed:89:b1:38:fe:95:64:8d:b6:8c:39:
         48:63:3d:60:29:76:d2:2a:b2:b1:d3:75:5a:6a:5e:cd:ad:d4:
         fa:63:78:e1:92:cc:63:62:54:2e:ab:91:77:c6:43:ab:51:0f:
         ae:7a:03:2a:8d:b6:78:e8:3b:6f:ab:c0:f1:5e:7d:1e:94:29:
         9d:52:bf:29:df:d1:04:5b:90:03:2c:58:da:a2:10:c0:54:ee:
         68:f2:85:3e:53:26:fa:d2:fd:1d:e1:cd:73:5d:db:74:fd:58:
         64:83:4c:15:0c:6c:6b:eb:e4:21:06:f7:8d:f9:f6:c8:b8:a0:
         24:e9:11:d7:b0:c7:13:7b:19:51:04:5b:b3:48:b4:f5:13:85:
         77:8e:cd:aa
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQnR9f58//oiMrSkYzX5mZxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZjlkMGQ0YmVmZGEwOWU5OTllYWJkMGM4NzI0ZTIxNzM2
NGRlMTAwHhcNMjUwMTAyMTM1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTVhYmJmNGJlYjhjMDI4M2U4NDc0NjhhMDFjYTJkZWYzZDk1MGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRNnzRsz+j8VfOGRLthrfK7yoPB9
RzdZ2S9df088n4POaFbtpRuyzMbRhCe5pncWdDOe1GGQoZW+cwPOE0awXkadkwhM
lT9p8ffM+SZNTbyLpLA1nH2hDLz74TU3BRs6+cEgzFHApnNqejCy7id9BCiwRfBd
6E7uOlahJJpcwS40NCvVlnB9lXVnlsRtVkJaLBoLEgELbiUs33w499rY4uVfiqZb
6XoKQLhr91hC5XT7MrzmGxl5rya53cPhwaupcGX+5X7neuxpGzUjDsIvEFSJO/jE
9+KbPUGBI0tIcDDJbCH1xTMkbRsj2djdyX93rqTNocE3Gcya+VYSLKGHSwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDpau/S+uMAoPoR0aKAcot7z2VCzMB8GA1UdIwQY
MBaAFJr50NS+/aCemZ6r0MhyTiFzZN4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXZuUTFMNzlvSjZabnF2UXlISk9JWE5rM2hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wMWQ5ZmUtZTE0YS00MGE0LTg0NTgt
MjY3MDFiMTYyZmMzLzEvT2xxNzlMNjR3Q2ctaEhSb29CeWkzdlBaVUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wMWQ5ZmUtZTE0YS00MGE0LTg0NTgtMjY3MDFiMTYyZmMz
LzEvbXZuUTFMNzlvSjZabnF2UXlISk9JWE5rM2hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqDv2A
CgMDBwEqDv2ACgQwDQYJKoZIhvcNAQELBQADggEBAIuYTW1tipCHideEL93s53GP
z0s7HMtvj8SWTXCBYFi7h5jr97TPHvefQJOEqUS00Y4LdsnBPUT+mWDX2n5JfC4f
LuedDVA5yrJej4yViOMSXm+c79+/+1Dkcw07L99twmywC0X1MdardPXNE4n4D3Wh
x4jtibE4/pVkjbaMOUhjPWApdtIqsrHTdVpqXs2t1PpjeOGSzGNiVC6rkXfGQ6tR
D656AyqNtnjoO2+rwPFefR6UKZ1Svynf0QRbkAMsWNqiEMBU7mjyhT5TJvrS/R3h
zXNd23T9WGSDTBUMbGvr5CEG94359si4oCTpEdewxxN7GVEEW7NItPUThXeOzao=
-----END CERTIFICATE-----