Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/Rmz-UbX6CaxDdVMg04zGhwKvQrw.roa
File:                     Rmz-UbX6CaxDdVMg04zGhwKvQrw.roa (raw, json)
Hash identifier:          BQCJ6HXI9vToDVjc0ytzBKN0Rg38XJrtLZLFL1EUWC0=
Subject key identifier:   46:6C:FE:51:B5:FA:09:AC:43:75:53:20:D3:8C:C6:87:02:AF:42:BC
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       01922DF2A21DCAA8E70FA0D70312C11A0EE9
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/Rmz-UbX6CaxDdVMg04zGhwKvQrw.roa
Signing time:             Thu 26 Sep 2024 10:48:48 +0000
ROA not before:           Thu 26 Sep 2024 10:48:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8772
IP address blocks:        2a0a:b42::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:2d:f2:a2:1d:ca:a8:e7:0f:a0:d7:03:12:c1:1a:0e:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Sep 26 10:48:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=466cfe51b5fa09ac43755320d38cc68702af42bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:45:f7:1c:8d:7d:a2:ef:88:8e:5b:37:7e:27:
                    66:08:0a:67:1e:9b:34:e3:b5:72:4f:b2:ae:27:35:
                    6d:0e:f1:bb:22:29:02:81:e2:ea:88:c5:72:93:71:
                    88:37:11:de:e5:7c:cd:3c:ce:73:89:96:d5:e9:27:
                    57:c6:dc:34:36:90:f4:16:e6:d0:b2:42:8c:e9:f7:
                    1f:a5:ad:3e:bb:1a:70:0d:cd:b3:e8:e2:a3:ea:a3:
                    f9:ec:70:d1:da:b9:f6:b3:79:46:a7:8b:9c:85:41:
                    a3:96:53:f7:c5:d8:93:4b:53:84:1f:af:0a:d7:bc:
                    56:21:98:87:de:69:30:86:d6:c2:77:fa:3d:48:f4:
                    f3:c5:27:6a:c2:87:66:04:76:48:cb:09:b4:8d:8e:
                    6c:05:df:95:43:c8:d9:a6:83:19:09:ab:13:d2:c4:
                    00:75:af:ec:f4:2e:ce:16:0b:72:79:6e:3c:da:d4:
                    dd:91:2f:09:ca:bc:d7:3e:70:49:3f:f6:33:68:d5:
                    4b:60:e0:67:4e:3d:8b:cb:cd:ca:0c:b8:b4:d0:b4:
                    0a:76:0d:ef:20:5f:6d:4a:2f:a8:29:e4:6f:de:d2:
                    89:04:3d:d4:5d:ea:59:03:d0:d0:37:c0:c8:8d:7b:
                    39:f5:9d:fa:ad:aa:69:39:f1:9f:10:0c:8b:13:2a:
                    45:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:6C:FE:51:B5:FA:09:AC:43:75:53:20:D3:8C:C6:87:02:AF:42:BC
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/Rmz-UbX6CaxDdVMg04zGhwKvQrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:b42::/32

    Signature Algorithm: sha256WithRSAEncryption
         91:6f:a4:ea:58:cf:fa:7f:f0:95:73:7b:48:a5:0a:48:d5:92:
         97:18:a8:8f:7f:03:10:2d:6b:76:9b:14:dd:78:99:91:ee:d6:
         11:41:c3:71:fa:5f:d6:b6:eb:fe:63:fb:13:02:4e:cf:b6:5b:
         77:d0:48:84:66:7d:09:54:12:3c:48:f5:f7:28:4e:9e:1c:2a:
         72:1d:af:89:53:3b:66:da:ee:c4:26:e2:c2:2b:d5:32:cf:21:
         4f:4b:e7:bb:3c:53:c9:32:88:b4:f1:d0:45:30:6d:b6:ec:c6:
         e3:73:f9:cb:36:57:94:8e:ab:50:44:ce:06:85:a5:f6:46:8a:
         1b:2b:68:35:d6:0c:e5:da:98:61:46:aa:49:21:00:ef:fb:ec:
         0e:3e:4a:e7:42:a2:0a:95:d5:d0:48:80:76:be:bf:28:3c:0e:
         7c:d7:54:ac:8b:3b:1c:f9:df:6c:02:a5:fb:70:f4:e7:57:21:
         c9:e5:3c:29:85:b5:8e:59:fa:ae:76:ac:cd:87:32:ce:c1:1b:
         f3:b3:3a:2a:70:63:2d:68:d2:4f:9e:33:f3:80:74:0e:1d:82:
         17:eb:f1:19:31:49:13:a1:2c:18:85:88:90:2b:4b:d5:3b:b9:
         c0:c7:bb:8e:a3:3f:fa:ce:ed:f2:2d:ca:7e:5a:57:f3:2a:01:
         fa:ef:14:32
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZIt8qIdyqjnD6DXAxLBGg7pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjQwOTI2MTA0ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjZjZmU1MWI1ZmEwOWFjNDM3NTUzMjBkMzhjYzY4NzAyYWY0MmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kX3HI19ou+Ijls3fidmCApnHps0
47VyT7KuJzVtDvG7IikCgeLqiMVyk3GINxHe5XzNPM5ziZbV6SdXxtw0NpD0FubQ
skKM6fcfpa0+uxpwDc2z6OKj6qP57HDR2rn2s3lGp4uchUGjllP3xdiTS1OEH68K
17xWIZiH3mkwhtbCd/o9SPTzxSdqwodmBHZIywm0jY5sBd+VQ8jZpoMZCasT0sQA
da/s9C7OFgtyeW482tTdkS8JyrzXPnBJP/YzaNVLYOBnTj2Ly83KDLi00LQKdg3v
IF9tSi+oKeRv3tKJBD3UXepZA9DQN8DIjXs59Z36rappOfGfEAyLEypFEwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEZs/lG1+gmsQ3VTINOMxocCr0K8MB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvUm16LVViWDZDYXhEZFZNZzA0ekdod0t2UXJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgoLQjAN
BgkqhkiG9w0BAQsFAAOCAQEAkW+k6ljP+n/wlXN7SKUKSNWSlxioj38DEC1rdpsU
3XiZke7WEUHDcfpf1rbr/mP7EwJOz7Zbd9BIhGZ9CVQSPEj19yhOnhwqch2viVM7
ZtruxCbiwivVMs8hT0vnuzxTyTKItPHQRTBttuzG43P5yzZXlI6rUETOBoWl9kaK
GytoNdYM5dqYYUaqSSEA7/vsDj5K50KiCpXV0EiAdr6/KDwOfNdUrIs7HPnfbAKl
+3D051chyeU8KYW1jln6rnaszYcyzsEb87M6KnBjLWjST54z84B0Dh2CF+vxGTFJ
E6EsGIWIkCtL1Tu5wMe7jqM/+s7t8i3KflpX8yoB+u8UMg==
-----END CERTIFICATE-----