Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/1b9185-40b5-490b-9af8-55c140c9f54f/1/0uRkVKY7XXnyDogUgS2r5XX9qoA.roa
File:                     0uRkVKY7XXnyDogUgS2r5XX9qoA.roa (raw, json)
Hash identifier:          lp1oaMmoBZ+ARuOSInljJOVgC+Q+LtTeEykGOBERqsQ=
Subject key identifier:   D2:E4:64:54:A6:3B:5D:79:F2:0E:88:14:81:2D:AB:E5:75:FD:AA:80
Certificate issuer:       /CN=a82c9bc2d2dacfd6f130d85a84fedeabf179a567
Certificate serial:       019420D665A69554C96044D5A2405242493D
Authority key identifier: A8:2C:9B:C2:D2:DA:CF:D6:F1:30:D8:5A:84:FE:DE:AB:F1:79:A5:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qCybwtLaz9bxMNhahP7eq_F5pWc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/1b9185-40b5-490b-9af8-55c140c9f54f/1/0uRkVKY7XXnyDogUgS2r5XX9qoA.roa
Signing time:             Wed 01 Jan 2025 07:48:29 +0000
ROA not before:           Wed 01 Jan 2025 07:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2119
IP address blocks:        2001:1400:ffef::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/1b9185-40b5-490b-9af8-55c140c9f54f/1/qCybwtLaz9bxMNhahP7eq_F5pWc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/1b9185-40b5-490b-9af8-55c140c9f54f/1/qCybwtLaz9bxMNhahP7eq_F5pWc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qCybwtLaz9bxMNhahP7eq_F5pWc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:65:a6:95:54:c9:60:44:d5:a2:40:52:42:49:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a82c9bc2d2dacfd6f130d85a84fedeabf179a567
        Validity
            Not Before: Jan  1 07:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2e46454a63b5d79f20e8814812dabe575fdaa80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:12:00:db:e0:8e:8c:35:43:d4:cc:2d:ca:ce:
                    69:62:b1:4d:27:db:f7:04:94:ec:ce:84:4f:eb:1b:
                    63:39:f7:47:21:61:66:a8:23:ef:63:a6:c2:a3:4a:
                    a1:fd:ae:5e:92:6a:91:12:1b:26:af:c1:80:6e:8d:
                    6e:c3:78:a4:66:88:76:de:9d:33:f5:a9:5a:31:a4:
                    46:71:6a:be:46:df:16:cc:a1:9f:75:59:97:7a:5c:
                    95:57:8f:71:15:87:fb:da:3d:5e:ca:04:4b:6a:17:
                    0a:9d:c1:29:a2:d9:1e:cc:96:cd:64:9e:5f:6d:dd:
                    39:24:d3:d6:6a:b2:7c:9b:54:29:72:73:e6:73:47:
                    ce:1c:e1:40:47:2e:90:7c:54:3a:64:08:03:3f:d9:
                    69:57:ea:64:3a:a3:1b:d2:24:81:c9:b0:43:74:e3:
                    96:fd:ba:1e:d7:83:89:cb:ca:e2:d4:b1:7a:3b:57:
                    3a:28:8c:25:34:f4:aa:4b:44:e7:1a:94:07:4a:b0:
                    60:09:64:e7:9c:0e:e3:22:ab:21:ed:2c:f0:af:d9:
                    3b:9e:42:e9:c3:32:a9:9f:2d:a6:a1:e7:cb:bc:5c:
                    1f:0f:61:a5:df:e4:74:d6:53:ca:34:2f:73:72:74:
                    12:30:97:d3:06:d2:28:df:58:f2:c7:57:d0:f0:93:
                    2c:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:E4:64:54:A6:3B:5D:79:F2:0E:88:14:81:2D:AB:E5:75:FD:AA:80
            X509v3 Authority Key Identifier:
                keyid:A8:2C:9B:C2:D2:DA:CF:D6:F1:30:D8:5A:84:FE:DE:AB:F1:79:A5:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qCybwtLaz9bxMNhahP7eq_F5pWc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/1b9185-40b5-490b-9af8-55c140c9f54f/1/0uRkVKY7XXnyDogUgS2r5XX9qoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/1b9185-40b5-490b-9af8-55c140c9f54f/1/qCybwtLaz9bxMNhahP7eq_F5pWc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1400:ffef::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:b4:fd:52:55:ef:a3:92:2a:98:53:c8:36:ec:ae:14:c0:df:
         5e:37:c5:23:ec:1f:a9:68:10:16:25:d2:3f:14:c3:dc:8c:9d:
         c9:4c:60:2f:74:6a:24:d6:82:1f:86:79:19:35:87:1a:c3:f0:
         fa:a3:cb:e8:58:10:cd:a8:07:2c:ea:05:b3:91:90:00:07:4d:
         e1:41:65:27:9d:f4:1d:a8:c4:56:5e:21:38:f5:bb:88:0a:de:
         92:d9:2c:45:ae:73:c9:8b:18:01:b1:f8:5a:50:96:ef:85:75:
         23:79:01:b2:f0:89:bd:41:1b:13:4a:55:71:e7:2f:e8:1b:66:
         9f:1a:b4:39:58:d4:57:72:64:4a:42:9b:0d:69:6b:86:75:2c:
         f8:f6:4f:f1:72:fe:85:f9:9f:86:a5:ba:d8:3d:d0:9d:e8:b1:
         6b:42:55:8e:f8:3f:a6:0f:ff:bd:c9:09:cd:dc:0d:7c:b9:81:
         37:6c:bc:10:61:75:18:4f:2c:d8:a2:d3:f5:ac:f9:67:5d:3d:
         3e:3a:c6:bf:37:18:e8:a2:f0:8c:52:4d:cc:30:01:3d:b3:a1:
         cf:b5:1a:3c:8d:bc:13:a5:87:10:af:4d:1b:14:b5:b5:b1:7c:
         65:32:d1:ad:8f:ec:4b:f7:45:1a:2a:4e:ce:29:2e:96:81:02:
         32:ae:0c:80
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1mWmlVTJYETVokBSQkk9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MmM5YmMyZDJkYWNmZDZmMTMwZDg1YTg0ZmVkZWFiZjE3
OWE1NjcwHhcNMjUwMTAxMDc0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmU0NjQ1NGE2M2I1ZDc5ZjIwZTg4MTQ4MTJkYWJlNTc1ZmRhYTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2BIA2+COjDVD1Mwtys5pYrFNJ9v3
BJTszoRP6xtjOfdHIWFmqCPvY6bCo0qh/a5ekmqREhsmr8GAbo1uw3ikZoh23p0z
9alaMaRGcWq+Rt8WzKGfdVmXelyVV49xFYf72j1eygRLahcKncEpotkezJbNZJ5f
bd05JNPWarJ8m1QpcnPmc0fOHOFARy6QfFQ6ZAgDP9lpV+pkOqMb0iSBybBDdOOW
/boe14OJy8ri1LF6O1c6KIwlNPSqS0TnGpQHSrBgCWTnnA7jIqsh7Szwr9k7nkLp
wzKpny2moefLvFwfD2Gl3+R01lPKNC9zcnQSMJfTBtIo31jyx1fQ8JMsoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNLkZFSmO1158g6IFIEtq+V1/aqAMB8GA1UdIwQY
MBaAFKgsm8LS2s/W8TDYWoT+3qvxeaVnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUN5Ynd0TGF6OWJ4TU5oYWhQN2VxX0Y1cFdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8xYjkxODUtNDBiNS00OTBiLTlhZjgt
NTVjMTQwYzlmNTRmLzEvMHVSa1ZLWTdYWG55RG9nVWdTMnI1WFg5cW9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8xYjkxODUtNDBiNS00OTBiLTlhZjgtNTVjMTQwYzlmNTRm
LzEvcUN5Ynd0TGF6OWJ4TU5oYWhQN2VxX0Y1cFdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEUAP/v
MA0GCSqGSIb3DQEBCwUAA4IBAQButP1SVe+jkiqYU8g27K4UwN9eN8Uj7B+paBAW
JdI/FMPcjJ3JTGAvdGok1oIfhnkZNYcaw/D6o8voWBDNqAcs6gWzkZAAB03hQWUn
nfQdqMRWXiE49buICt6S2SxFrnPJixgBsfhaUJbvhXUjeQGy8Im9QRsTSlVx5y/o
G2afGrQ5WNRXcmRKQpsNaWuGdSz49k/xcv6F+Z+GpbrYPdCd6LFrQlWO+D+mD/+9
yQnN3A18uYE3bLwQYXUYTyzYotP1rPlnXT0+Osa/NxjoovCMUk3MMAE9s6HPtRo8
jbwTpYcQr00bFLW1sXxlMtGtj+xL90UaKk7OKS6WgQIyrgyA
-----END CERTIFICATE-----