Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/9TPdAIfPUajUjs2DsbC3GN5w1mM.roa
File:                     9TPdAIfPUajUjs2DsbC3GN5w1mM.roa (raw, json)
Hash identifier:          f998uOYMTFD5RySwHTrfZLXT9MQqC7DQiOZI706CLv0=
Subject key identifier:   F5:33:DD:00:87:CF:51:A8:D4:8E:CD:83:B1:B0:B7:18:DE:70:D6:63
Certificate issuer:       /CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
Certificate serial:       0194221FF2D8FC1B57D66BB4F63E68FF3E56
Authority key identifier: 47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/9TPdAIfPUajUjs2DsbC3GN5w1mM.roa
Signing time:             Wed 01 Jan 2025 13:48:26 +0000
ROA not before:           Wed 01 Jan 2025 13:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206925
IP address blocks:        2a04:2b00:119::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f2:d8:fc:1b:57:d6:6b:b4:f6:3e:68:ff:3e:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
        Validity
            Not Before: Jan  1 13:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f533dd0087cf51a8d48ecd83b1b0b718de70d663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c0:55:15:26:3f:5e:38:86:fe:75:af:d8:6b:
                    67:9b:45:5d:a3:00:73:34:da:f1:b1:e8:fa:c0:27:
                    23:b2:f9:1a:d8:03:5b:c6:0d:a3:bb:7b:d1:37:5e:
                    cf:ca:78:9b:aa:c8:3d:7d:a5:ad:44:fa:49:f8:bc:
                    78:32:d1:f9:ae:1a:56:9a:fa:90:1a:58:3b:7a:81:
                    70:c1:40:45:f3:56:49:e3:53:ea:fd:3f:13:a1:ab:
                    11:ee:b5:85:17:29:5c:32:a9:df:6e:fa:ab:3b:a0:
                    e8:3e:fd:88:01:ec:6d:b3:a9:69:d6:b8:ba:75:95:
                    a2:8d:cc:81:a4:bf:44:ce:fa:75:38:b0:73:52:63:
                    ff:08:92:e6:fc:40:27:11:ee:0b:72:9d:71:61:6b:
                    60:9b:2e:c1:c1:e8:77:d8:be:89:f5:10:3b:ec:a6:
                    cf:7f:c5:8f:00:91:c2:78:22:5f:20:9d:98:a6:36:
                    8f:77:a3:dc:91:3c:0d:bf:5d:e2:64:16:c5:44:93:
                    2d:e0:38:7b:d7:4d:e7:42:4a:36:c2:40:4d:01:e6:
                    1a:d0:58:73:bd:90:b1:da:09:f5:1e:a1:79:33:d0:
                    f2:1a:d5:7f:af:fc:97:d4:ca:ae:cf:50:5a:b5:81:
                    45:13:2b:f4:93:69:b1:6b:7d:b1:b4:d0:25:06:f9:
                    37:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:33:DD:00:87:CF:51:A8:D4:8E:CD:83:B1:B0:B7:18:DE:70:D6:63
            X509v3 Authority Key Identifier:
                keyid:47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/9TPdAIfPUajUjs2DsbC3GN5w1mM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:2b00:119::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:33:d1:a8:7a:99:e6:a1:42:ef:29:48:d8:25:3e:a7:0e:f5:
         0f:97:f1:f0:fe:53:0b:ea:cf:6d:64:98:4b:b5:ac:96:fc:fe:
         c8:02:5b:4b:77:d4:bb:4f:5d:0f:e5:e8:9f:3c:fe:bf:3d:de:
         f5:c6:93:3a:d0:fd:bf:78:4c:a0:80:af:7b:2c:1c:76:b5:67:
         be:67:75:19:85:1c:d2:65:23:42:69:c6:9d:d1:9d:df:4b:ce:
         d4:d0:07:fa:51:a8:88:b3:af:c8:e6:c0:1c:d6:f0:7e:00:b5:
         04:d1:67:02:45:4e:18:e4:5b:59:6c:4d:f3:b9:1d:ab:1a:07:
         62:ae:09:df:c5:d8:81:df:06:e3:b4:33:fd:45:2b:89:b9:2e:
         4f:6c:f1:4b:d9:14:38:a7:27:04:42:b7:45:32:9d:4c:2c:06:
         1c:1a:e7:f5:1d:ae:38:3d:80:9b:47:a2:09:81:31:93:33:c8:
         1a:d4:c7:40:b1:ba:41:e1:53:c1:2b:ba:36:7d:54:fa:0b:ac:
         ab:47:16:06:34:88:f7:0a:e2:10:a6:49:46:5e:2e:ef:69:4c:
         d0:44:75:7f:23:b2:43:a1:5d:0c:4e:38:56:7f:f1:93:5b:d1:
         19:51:a9:ac:52:4e:75:4c:e0:9c:41:78:c1:7d:0b:92:08:fd:
         ea:90:72:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH/LY/BtX1mu09j5o/z5WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzZhZmI3NGZhZDViYWYwYTYxODBiNDk1MTBkOGI4NDk3
ZGY4ZDMwHhcNMjUwMTAxMTM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTMzZGQwMDg3Y2Y1MWE4ZDQ4ZWNkODNiMWIwYjcxOGRlNzBkNjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8BVFSY/XjiG/nWv2Gtnm0VdowBz
NNrxsej6wCcjsvka2ANbxg2ju3vRN17Pynibqsg9faWtRPpJ+Lx4MtH5rhpWmvqQ
Glg7eoFwwUBF81ZJ41Pq/T8ToasR7rWFFylcMqnfbvqrO6DoPv2IAexts6lp1ri6
dZWijcyBpL9Ezvp1OLBzUmP/CJLm/EAnEe4Lcp1xYWtgmy7Bweh32L6J9RA77KbP
f8WPAJHCeCJfIJ2YpjaPd6PckTwNv13iZBbFRJMt4Dh7103nQko2wkBNAeYa0Fhz
vZCx2gn1HqF5M9DyGtV/r/yX1Mquz1BatYFFEyv0k2mxa32xtNAlBvk33QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPUz3QCHz1Go1I7Ng7GwtxjecNZjMB8GA1UdIwQY
MBaAFEd2r7dPrVuvCmGAtJUQ2LhJffjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEt
MDUzOGU5NWYzZjEyLzEvOVRQZEFJZlBVYWpVanMyRHNiQzNHTjV3MW1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEtMDUzOGU5NWYzZjEy
LzEvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgQrAAEZ
MA0GCSqGSIb3DQEBCwUAA4IBAQClM9GoepnmoULvKUjYJT6nDvUPl/Hw/lML6s9t
ZJhLtayW/P7IAltLd9S7T10P5eifPP6/Pd71xpM60P2/eEyggK97LBx2tWe+Z3UZ
hRzSZSNCacad0Z3fS87U0Af6UaiIs6/I5sAc1vB+ALUE0WcCRU4Y5FtZbE3zuR2r
GgdirgnfxdiB3wbjtDP9RSuJuS5PbPFL2RQ4pycEQrdFMp1MLAYcGuf1Ha44PYCb
R6IJgTGTM8ga1MdAsbpB4VPBK7o2fVT6C6yrRxYGNIj3CuIQpklGXi7vaUzQRHV/
I7JDoV0MTjhWf/GTW9EZUamsUk51TOCcQXjBfQuSCP3qkHIy
-----END CERTIFICATE-----