Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/l-5N3zq4Lf8qagKD_cQxrvHwWtQ.roa
File:                     l-5N3zq4Lf8qagKD_cQxrvHwWtQ.roa (raw, json)
Hash identifier:          ghkebTs8+d0Z8UwBt6vTl1jBM9VhBA+cF+wffNicGBw=
Subject key identifier:   97:EE:4D:DF:3A:B8:2D:FF:2A:6A:02:83:FD:C4:31:AE:F1:F0:5A:D4
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       019425FDF17CCCC6CF07E50AB31FB3977ECF
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/l-5N3zq4Lf8qagKD_cQxrvHwWtQ.roa
Signing time:             Thu 02 Jan 2025 07:49:46 +0000
ROA not before:           Thu 02 Jan 2025 07:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398493
IP address blocks:        2a06:e881:116::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:f1:7c:cc:c6:cf:07:e5:0a:b3:1f:b3:97:7e:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 07:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97ee4ddf3ab82dff2a6a0283fdc431aef1f05ad4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:87:8b:40:cc:08:8d:6b:b7:0d:e1:e7:07:42:
                    a6:98:0b:5e:b9:cc:13:73:b0:4e:f7:8b:fe:76:8e:
                    65:07:12:6e:25:e7:20:60:77:24:56:3e:43:2c:00:
                    ec:32:bf:7c:6a:2e:d3:4b:ee:a0:4f:f8:47:10:97:
                    66:9f:c4:cd:03:2e:63:58:65:7a:f3:55:63:39:be:
                    9c:2b:1a:c7:0e:9a:27:a9:d9:03:22:8c:1a:5f:03:
                    e6:93:55:17:6e:94:a6:20:57:47:c2:d7:4f:25:3e:
                    2b:0b:6d:18:89:3d:8c:90:7b:94:ed:dd:42:aa:80:
                    c4:5c:44:98:25:d4:97:fd:59:ed:27:48:d9:84:70:
                    a8:d9:2e:c5:4c:46:52:f0:22:83:9f:d8:43:96:3b:
                    27:9c:14:17:fb:17:de:54:75:2c:bf:a7:bb:57:ce:
                    65:e1:1f:cd:da:d0:eb:08:a0:fd:7a:b3:56:82:d3:
                    3e:5f:f5:67:aa:02:cc:12:8d:8e:4b:a7:3f:17:b7:
                    28:f9:e7:ee:71:c1:0f:4f:43:45:4f:c0:81:89:86:
                    8e:0b:a3:1b:38:48:29:26:3a:54:18:17:8d:90:76:
                    e3:28:11:00:72:e5:ba:9c:13:21:46:a6:e9:72:02:
                    43:65:7f:f0:b9:9c:60:27:65:c7:a3:38:87:c5:ae:
                    40:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:EE:4D:DF:3A:B8:2D:FF:2A:6A:02:83:FD:C4:31:AE:F1:F0:5A:D4
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/l-5N3zq4Lf8qagKD_cQxrvHwWtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:116::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:a5:0d:ad:42:60:f6:62:98:a2:d2:b2:50:f0:eb:40:7e:82:
         b4:40:eb:05:9f:77:b3:ef:87:56:23:a1:01:a7:88:3d:17:68:
         a5:6c:5c:ca:bc:00:e6:d6:64:e0:a5:29:bf:51:91:54:c9:cf:
         36:37:26:9b:df:49:96:dd:29:6c:99:a0:d6:98:46:16:c2:54:
         b0:61:80:3e:15:ff:c4:4c:fb:99:92:eb:2d:42:3e:99:44:89:
         2b:e4:4b:f9:f8:21:eb:ce:bb:cd:4e:fa:29:9a:3b:29:da:99:
         f7:fb:57:d3:9d:c5:10:24:d3:60:97:b3:58:8f:9b:a1:25:c5:
         4d:e3:7c:61:3b:99:14:58:77:3f:84:a5:a6:47:8b:bb:5b:2e:
         3a:40:28:dc:5d:0a:f1:45:1f:3d:49:c9:b3:bd:16:1a:32:30:
         2b:94:a8:ba:20:2c:83:93:62:04:97:6a:70:98:a0:10:95:46:
         96:e6:93:13:65:17:72:35:aa:de:f0:28:85:0e:22:82:08:17:
         40:aa:90:6d:cc:70:fa:e9:84:8f:3c:9a:25:dc:5e:a9:60:dc:
         f5:4c:39:c8:03:3f:80:1d:13:c2:49:b6:0d:72:f5:a1:e3:5a:
         ed:4e:77:7e:52:b7:33:79:e1:3d:53:b8:ab:74:8d:20:a5:6b:
         cb:8e:d4:7c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/fF8zMbPB+UKsx+zl37PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjUwMTAyMDc0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2VlNGRkZjNhYjgyZGZmMmE2YTAyODNmZGM0MzFhZWYxZjA1YWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoeLQMwIjWu3DeHnB0KmmAteucwT
c7BO94v+do5lBxJuJecgYHckVj5DLADsMr98ai7TS+6gT/hHEJdmn8TNAy5jWGV6
81VjOb6cKxrHDponqdkDIowaXwPmk1UXbpSmIFdHwtdPJT4rC20YiT2MkHuU7d1C
qoDEXESYJdSX/VntJ0jZhHCo2S7FTEZS8CKDn9hDljsnnBQX+xfeVHUsv6e7V85l
4R/N2tDrCKD9erNWgtM+X/VnqgLMEo2OS6c/F7co+efuccEPT0NFT8CBiYaOC6Mb
OEgpJjpUGBeNkHbjKBEAcuW6nBMhRqbpcgJDZX/wuZxgJ2XHoziHxa5AHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJfuTd86uC3/KmoCg/3EMa7x8FrUMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvbC01TjN6cTRMZjhxYWdLRF9jUXhydkh3V3RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgbogQEW
MA0GCSqGSIb3DQEBCwUAA4IBAQAWpQ2tQmD2Ypii0rJQ8OtAfoK0QOsFn3ez74dW
I6EBp4g9F2ilbFzKvADm1mTgpSm/UZFUyc82Nyab30mW3SlsmaDWmEYWwlSwYYA+
Ff/ETPuZkustQj6ZRIkr5Ev5+CHrzrvNTvopmjsp2pn3+1fTncUQJNNgl7NYj5uh
JcVN43xhO5kUWHc/hKWmR4u7Wy46QCjcXQrxRR89ScmzvRYaMjArlKi6ICyDk2IE
l2pwmKAQlUaW5pMTZRdyNare8CiFDiKCCBdAqpBtzHD66YSPPJol3F6pYNz1TDnI
Az+AHRPCSbYNcvWh41rtTnd+UrczeeE9U7irdI0gpWvLjtR8
-----END CERTIFICATE-----