Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/ZkqOfmuhubAXa5wjbsE6j4_ahXs.roa
File:                     ZkqOfmuhubAXa5wjbsE6j4_ahXs.roa (raw, json)
Hash identifier:          Hey5kTZ4283sFnXZkMTOrQ0P+6y/gPOLg1iSKQS0uK8=
Subject key identifier:   66:4A:8E:7E:6B:A1:B9:B0:17:6B:9C:23:6E:C1:3A:8F:8F:DA:85:7B
Certificate issuer:       /CN=8133d89c06a8a1cc9dbc362201f7ec559d7fdd48
Certificate serial:       019421B233B46E50FEF38F6ACF389EA2CF2A
Authority key identifier: 81:33:D8:9C:06:A8:A1:CC:9D:BC:36:22:01:F7:EC:55:9D:7F:DD:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gTPYnAaoocydvDYiAffsVZ1_3Ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/ZkqOfmuhubAXa5wjbsE6j4_ahXs.roa
Signing time:             Wed 01 Jan 2025 11:48:34 +0000
ROA not before:           Wed 01 Jan 2025 11:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213204
IP address blocks:        2a0f:3784:100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/gTPYnAaoocydvDYiAffsVZ1_3Ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/gTPYnAaoocydvDYiAffsVZ1_3Ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gTPYnAaoocydvDYiAffsVZ1_3Ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:33:b4:6e:50:fe:f3:8f:6a:cf:38:9e:a2:cf:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8133d89c06a8a1cc9dbc362201f7ec559d7fdd48
        Validity
            Not Before: Jan  1 11:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=664a8e7e6ba1b9b0176b9c236ec13a8f8fda857b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:7d:e6:09:3b:2d:64:3c:98:35:46:d4:75:af:
                    26:82:34:a1:a0:78:0f:ae:5a:e9:b0:4d:2b:a7:2b:
                    7a:c5:6a:e8:9a:76:e2:7a:3d:7e:7f:6e:c7:33:f3:
                    a8:e5:d9:98:97:ed:8e:34:87:f3:f3:57:12:e6:96:
                    f5:86:25:77:03:bd:fc:e0:96:f2:a9:c7:33:31:90:
                    a0:c2:b3:89:b5:73:b0:02:b5:30:a9:0f:13:49:13:
                    13:27:0b:1a:bd:da:7c:54:14:99:98:9d:99:70:b6:
                    0b:bc:68:31:36:5e:f4:ef:42:21:59:d6:4b:71:ad:
                    28:9b:c9:31:b9:15:3b:a1:ec:a1:2c:ac:e6:5e:ca:
                    24:2b:ba:bc:b7:69:27:ff:14:d6:61:8b:67:53:ec:
                    1f:b5:4a:5c:92:50:4b:50:f9:d0:87:26:81:27:e6:
                    19:3b:05:4e:0f:4d:ee:c8:73:56:d7:47:d8:e8:14:
                    c3:08:bb:fd:15:11:f6:c4:7a:7c:0b:ff:be:1a:c8:
                    34:15:66:b9:8d:63:73:45:31:9a:a9:13:f4:56:a7:
                    a0:49:71:c5:bf:fa:85:5c:e5:72:9e:46:36:49:ca:
                    35:19:80:4a:f3:17:fd:a9:db:f4:b3:27:8e:76:64:
                    8b:cf:2b:15:19:9e:73:2c:cd:75:38:25:2b:dd:db:
                    c3:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:4A:8E:7E:6B:A1:B9:B0:17:6B:9C:23:6E:C1:3A:8F:8F:DA:85:7B
            X509v3 Authority Key Identifier:
                keyid:81:33:D8:9C:06:A8:A1:CC:9D:BC:36:22:01:F7:EC:55:9D:7F:DD:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gTPYnAaoocydvDYiAffsVZ1_3Ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/ZkqOfmuhubAXa5wjbsE6j4_ahXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/gTPYnAaoocydvDYiAffsVZ1_3Ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:3784:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         a9:20:ef:51:26:c1:67:97:60:76:0a:e2:b8:c7:c4:f5:49:2c:
         cf:5e:a6:98:81:c6:aa:80:6f:82:42:4a:18:fd:9c:b7:ab:f8:
         e6:63:d7:9a:eb:66:87:64:09:1a:54:d8:cb:a3:4c:2a:43:a8:
         8c:64:a3:ee:31:91:3b:ad:88:37:0a:43:1b:6b:4c:19:ca:b1:
         c3:a6:90:9b:1b:05:70:d1:ae:b6:48:a1:2d:c0:73:e8:5f:31:
         92:a4:3a:3a:60:3b:9d:cf:27:4d:75:1f:f3:02:01:15:be:5d:
         01:bc:05:5d:71:3c:69:07:f4:36:24:16:1a:c9:ff:57:af:58:
         4b:4c:30:23:d4:e5:17:ff:3c:6d:66:fb:71:83:dd:18:b6:43:
         64:0e:6e:2f:9f:72:4d:e8:b3:3d:09:ad:0a:91:1e:4e:a0:80:
         0e:d3:b5:4c:0a:01:a0:21:76:a4:f7:08:35:0e:f7:88:21:b9:
         bb:08:fd:e8:26:01:eb:3c:15:31:d7:0d:50:1f:fb:28:1a:9e:
         1d:fa:76:63:8a:d5:fe:0a:2d:13:58:5d:18:cc:ca:be:f9:ee:
         c7:bf:fb:21:a9:6a:11:09:9d:81:ee:98:2a:18:cc:6f:67:23:
         dc:cd:3b:a3:9d:34:e2:d2:1b:4d:8c:06:2e:e8:91:5c:25:16:
         c6:07:d9:ff
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQhsjO0blD+849qzzieos8qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMzNkODljMDZhOGExY2M5ZGJjMzYyMjAxZjdlYzU1OWQ3
ZmRkNDgwHhcNMjUwMTAxMTE0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjRhOGU3ZTZiYTFiOWIwMTc2YjljMjM2ZWMxM2E4ZjhmZGE4NTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA633mCTstZDyYNUbUda8mgjShoHgP
rlrpsE0rpyt6xWromnbiej1+f27HM/Oo5dmYl+2ONIfz81cS5pb1hiV3A7384Jby
qcczMZCgwrOJtXOwArUwqQ8TSRMTJwsavdp8VBSZmJ2ZcLYLvGgxNl7070IhWdZL
ca0om8kxuRU7oeyhLKzmXsokK7q8t2kn/xTWYYtnU+wftUpcklBLUPnQhyaBJ+YZ
OwVOD03uyHNW10fY6BTDCLv9FRH2xHp8C/++Gsg0FWa5jWNzRTGaqRP0VqegSXHF
v/qFXOVynkY2Sco1GYBK8xf9qdv0syeOdmSLzysVGZ5zLM11OCUr3dvDaQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGZKjn5robmwF2ucI27BOo+P2oV7MB8GA1UdIwQY
MBaAFIEz2JwGqKHMnbw2IgH37FWdf91IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1RQWW5BYW9vY3lkdkRZaUFmZnNWWjFfM1VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9lOTBmZjItNmM5MS00ZWI4LWE0YjEt
YzVmZWJlNDg3YzQwLzEvWmtxT2ZtdWh1YkFYYTV3amJzRTZqNF9haFhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9lOTBmZjItNmM5MS00ZWI4LWE0YjEtYzVmZWJlNDg3YzQw
LzEvZ1RQWW5BYW9vY3lkdkRZaUFmZnNWWjFfM1VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg83hAEw
DQYJKoZIhvcNAQELBQADggEBAKkg71EmwWeXYHYK4rjHxPVJLM9eppiBxqqAb4JC
Shj9nLer+OZj15rrZodkCRpU2MujTCpDqIxko+4xkTutiDcKQxtrTBnKscOmkJsb
BXDRrrZIoS3Ac+hfMZKkOjpgO53PJ011H/MCARW+XQG8BV1xPGkH9DYkFhrJ/1ev
WEtMMCPU5Rf/PG1m+3GD3Ri2Q2QObi+fck3osz0JrQqRHk6ggA7TtUwKAaAhdqT3
CDUO94ghubsI/egmAes8FTHXDVAf+yganh36dmOK1f4KLRNYXRjMyr757se/+yGp
ahEJnYHumCoYzG9nI9zNO6OdNOLSG02MBi7okVwlFsYH2f8=
-----END CERTIFICATE-----