Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/SDOLmAhobKGDPwlOvXakvXkm9LU.roa
File:                     SDOLmAhobKGDPwlOvXakvXkm9LU.roa (raw, json)
Hash identifier:          zmS1T8bhM8/AfzZdTFVM6nmbZ8DYbKH7HiNAE7C3CHU=
Subject key identifier:   48:33:8B:98:08:68:6C:A1:83:3F:09:4E:BD:76:A4:BD:79:26:F4:B5
Certificate issuer:       /CN=bb830630f23b070a2b7bdf529f73948c97eacd40
Certificate serial:       0194236A020B87D3529868832F181D5C4E00
Authority key identifier: BB:83:06:30:F2:3B:07:0A:2B:7B:DF:52:9F:73:94:8C:97:EA:CD:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u4MGMPI7Bwore99Sn3OUjJfqzUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/SDOLmAhobKGDPwlOvXakvXkm9LU.roa
Signing time:             Wed 01 Jan 2025 19:48:57 +0000
ROA not before:           Wed 01 Jan 2025 19:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48108
IP address blocks:        2a09:7c43::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/u4MGMPI7Bwore99Sn3OUjJfqzUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/u4MGMPI7Bwore99Sn3OUjJfqzUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u4MGMPI7Bwore99Sn3OUjJfqzUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:02:0b:87:d3:52:98:68:83:2f:18:1d:5c:4e:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb830630f23b070a2b7bdf529f73948c97eacd40
        Validity
            Not Before: Jan  1 19:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=48338b9808686ca1833f094ebd76a4bd7926f4b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:f4:4a:e5:14:b1:78:7b:bb:d1:ee:72:87:22:
                    92:2a:10:ce:db:b7:ef:13:cb:77:69:66:5e:96:c8:
                    e0:3a:a5:d4:af:1b:43:a1:15:ef:96:e8:c5:12:fe:
                    dd:3d:43:49:ca:3e:65:14:48:91:35:14:76:c8:0b:
                    58:7a:2a:e9:09:48:c0:18:79:7b:dc:40:0c:6c:b6:
                    cf:c3:e9:2c:04:75:6c:c3:2c:a2:52:1c:14:eb:b0:
                    0b:96:38:dc:c4:c4:60:a7:ce:a9:b6:0d:79:79:4f:
                    54:fe:80:14:5b:be:bf:43:f7:e0:57:38:47:ce:36:
                    c8:1b:3c:c6:a7:02:3c:20:bb:b7:43:14:fb:0d:d1:
                    db:26:b3:9e:fc:d1:23:a1:11:d2:5b:03:99:33:83:
                    7a:f8:69:6e:88:c2:4c:8c:89:45:71:7a:1c:6b:e0:
                    9a:5b:c9:25:df:cc:c5:08:64:3d:2f:ee:a0:ac:84:
                    62:3f:a7:9a:21:ce:fd:31:e1:91:7e:76:b2:f2:64:
                    0d:98:fa:ef:c7:e7:5a:0a:b3:af:6d:34:f8:df:02:
                    be:cf:2c:41:9f:6f:07:e1:31:5b:a7:02:05:79:67:
                    84:01:7b:be:85:31:57:5a:13:7e:1d:92:fa:f6:e3:
                    35:a7:c2:2e:fd:56:bb:1f:b5:d5:2f:88:6d:35:be:
                    ce:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:33:8B:98:08:68:6C:A1:83:3F:09:4E:BD:76:A4:BD:79:26:F4:B5
            X509v3 Authority Key Identifier:
                keyid:BB:83:06:30:F2:3B:07:0A:2B:7B:DF:52:9F:73:94:8C:97:EA:CD:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u4MGMPI7Bwore99Sn3OUjJfqzUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/SDOLmAhobKGDPwlOvXakvXkm9LU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/u4MGMPI7Bwore99Sn3OUjJfqzUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:7c43::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:3c:33:ee:6a:55:f1:68:e3:33:b6:1e:51:a1:8d:2b:53:ff:
         ef:58:4a:00:1b:ff:69:3f:1e:61:e8:7e:f1:8f:e6:ee:1c:78:
         29:0b:a0:53:7b:49:53:4c:2e:08:f7:9e:3e:27:9b:c0:b9:d7:
         3c:31:ce:5b:85:3d:6f:c8:2d:13:f6:d3:25:4f:cc:70:05:ce:
         a5:63:c3:55:84:21:67:d5:38:72:fb:18:d8:26:67:88:c8:68:
         45:46:4c:db:f8:e9:36:46:60:b1:29:21:dd:09:c6:68:9f:d3:
         3c:f2:fd:2a:8a:1e:3d:a9:bb:81:bf:d1:81:be:05:b9:6e:d4:
         23:f8:6a:63:9b:bd:c8:74:f0:06:f7:70:07:0e:23:d0:02:94:
         8d:da:43:96:80:eb:7d:53:ec:58:ce:d4:e4:54:89:aa:5e:4b:
         8c:64:7b:0d:0f:96:16:00:b4:c5:63:2d:91:cf:39:67:c8:db:
         e0:7b:bc:4f:5c:d8:ea:c5:34:7a:c5:2b:6b:9b:3e:58:12:70:
         23:9b:45:b3:eb:56:6a:ef:15:64:15:be:f2:cf:a6:e1:73:8f:
         42:5d:e3:71:ea:3f:f6:6e:a4:02:ab:54:63:f4:9b:25:31:67:
         ba:f1:51:ad:f7:aa:d8:f8:c8:58:49:cc:8a:68:b7:64:eb:ad:
         74:e4:fb:76
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQjagILh9NSmGiDLxgdXE4AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiODMwNjMwZjIzYjA3MGEyYjdiZGY1MjlmNzM5NDhjOTdl
YWNkNDAwHhcNMjUwMTAxMTk0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODMzOGI5ODA4Njg2Y2ExODMzZjA5NGViZDc2YTRiZDc5MjZmNGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufRK5RSxeHu70e5yhyKSKhDO27fv
E8t3aWZelsjgOqXUrxtDoRXvlujFEv7dPUNJyj5lFEiRNRR2yAtYeirpCUjAGHl7
3EAMbLbPw+ksBHVswyyiUhwU67ALljjcxMRgp86ptg15eU9U/oAUW76/Q/fgVzhH
zjbIGzzGpwI8ILu3QxT7DdHbJrOe/NEjoRHSWwOZM4N6+GluiMJMjIlFcXoca+Ca
W8kl38zFCGQ9L+6grIRiP6eaIc79MeGRfnay8mQNmPrvx+daCrOvbTT43wK+zyxB
n28H4TFbpwIFeWeEAXu+hTFXWhN+HZL69uM1p8Iu/Va7H7XVL4htNb7O0wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEgzi5gIaGyhgz8JTr12pL15JvS1MB8GA1UdIwQY
MBaAFLuDBjDyOwcKK3vfUp9zlIyX6s1AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTRNR01QSTdCd29yZTk5U24zT1VqSmZxelVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9mNzZlMjAtNTg1OS00MTVkLTg2YjMt
MTE5ZWZjYmIyMDIzLzEvU0RPTG1BaG9iS0dEUHdsT3ZYYWt2WGttOUxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9mNzZlMjAtNTg1OS00MTVkLTg2YjMtMTE5ZWZjYmIyMDIz
LzEvdTRNR01QSTdCd29yZTk5U24zT1VqSmZxelVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgl8QzAN
BgkqhkiG9w0BAQsFAAOCAQEAITwz7mpV8WjjM7YeUaGNK1P/71hKABv/aT8eYeh+
8Y/m7hx4KQugU3tJU0wuCPeePiebwLnXPDHOW4U9b8gtE/bTJU/McAXOpWPDVYQh
Z9U4cvsY2CZniMhoRUZM2/jpNkZgsSkh3QnGaJ/TPPL9KooePam7gb/Rgb4FuW7U
I/hqY5u9yHTwBvdwBw4j0AKUjdpDloDrfVPsWM7U5FSJql5LjGR7DQ+WFgC0xWMt
kc85Z8jb4Hu8T1zY6sU0esUra5s+WBJwI5tFs+tWau8VZBW+8s+m4XOPQl3jceo/
9m6kAqtUY/SbJTFnuvFRrfeq2PjIWEnMimi3ZOutdOT7dg==
-----END CERTIFICATE-----