Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/i6bd6fMorsRaNPo_y3O9YHa_JY8.roa
File:                     i6bd6fMorsRaNPo_y3O9YHa_JY8.roa (raw, json)
Hash identifier:          pX7J+a/wu4lqfmaESboDo9lKDG2+T/BHYlZ6YrCC+SU=
Subject key identifier:   8B:A6:DD:E9:F3:28:AE:C4:5A:34:FA:3F:CB:73:BD:60:76:BF:25:8F
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       019428271D2F2AB24971D1FBBA20EAA21615
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/i6bd6fMorsRaNPo_y3O9YHa_JY8.roa
Signing time:             Thu 02 Jan 2025 17:53:59 +0000
ROA not before:           Thu 02 Jan 2025 17:53:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213326
IP address blocks:        2a0e:46c4:2c00::/44 maxlen: 47
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:1d:2f:2a:b2:49:71:d1:fb:ba:20:ea:a2:16:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  2 17:53:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ba6dde9f328aec45a34fa3fcb73bd6076bf258f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f2:52:29:5f:9e:8c:fd:b6:3c:9f:65:ff:ce:
                    9b:96:56:7e:71:53:5c:8e:33:75:2a:71:8a:e2:09:
                    6e:43:57:be:cd:51:1f:63:76:f0:1b:6c:dc:1b:0e:
                    23:8f:d0:7a:e6:7c:4a:7a:1b:36:03:99:4a:b3:ef:
                    0d:3b:cb:19:1e:1a:4b:5d:bb:00:e3:e2:bb:12:68:
                    b2:5d:68:2a:2e:10:86:f2:0a:1c:b1:44:08:63:15:
                    21:e3:f0:29:ac:49:89:a1:eb:74:ae:5c:a5:23:5d:
                    1d:d3:e3:76:46:da:ad:f8:74:20:2f:68:5d:cf:56:
                    68:0f:26:88:91:eb:e1:2f:46:74:bf:f5:68:24:56:
                    6b:17:29:04:d7:18:a7:23:c6:45:15:a5:a8:c5:35:
                    30:c6:2f:9b:9e:cc:1f:26:c1:84:57:44:6e:19:ab:
                    f9:d4:45:19:8d:25:77:3f:fb:89:13:d0:24:4a:46:
                    8d:ff:ea:c6:d1:68:f3:7c:d1:b5:67:db:2c:26:83:
                    40:53:ec:22:0b:d7:42:98:13:c0:9a:04:8f:8d:98:
                    db:70:a0:9d:07:e0:59:b8:b6:45:6a:ce:a0:c1:f4:
                    46:d3:ae:4c:7a:df:59:42:86:63:71:eb:49:c7:98:
                    e3:d1:a6:ee:86:96:5c:36:d9:83:81:ab:fb:94:79:
                    2e:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:A6:DD:E9:F3:28:AE:C4:5A:34:FA:3F:CB:73:BD:60:76:BF:25:8F
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/i6bd6fMorsRaNPo_y3O9YHa_JY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c4:2c00::/44

    Signature Algorithm: sha256WithRSAEncryption
         3f:26:d3:81:1d:aa:63:69:37:57:42:32:8d:82:2a:4b:af:1d:
         f8:d5:c8:be:4a:25:eb:12:e3:45:a9:1b:12:09:c1:54:7f:cd:
         2a:a0:35:86:ef:c1:ee:6e:3a:63:ac:17:bd:45:6a:30:16:af:
         41:b3:f0:bd:11:9b:c2:e8:49:f1:8f:39:49:fa:c2:39:e6:13:
         88:dc:4e:88:df:08:28:91:c4:25:87:5c:60:2d:95:61:f9:a9:
         ff:01:70:69:16:c6:2b:21:a2:e4:c8:66:ee:97:32:dd:f3:c8:
         c4:56:c4:e5:56:40:eb:55:30:f6:4f:2a:d1:26:56:f4:5c:36:
         29:bc:2b:36:92:ae:5f:f5:20:f0:d0:bc:01:bb:c7:6d:c7:f3:
         aa:0b:f0:16:f2:ea:9b:69:4c:ee:97:5f:44:22:a7:f5:d9:59:
         63:1b:48:34:53:7d:ed:73:7a:8c:fc:5f:3d:e2:c3:84:89:5c:
         c6:31:80:e8:aa:de:37:9a:a4:32:c5:7a:32:74:16:a5:9d:67:
         82:8d:8a:35:79:56:15:73:89:5f:45:fc:00:fb:15:de:3e:2b:
         d6:b5:87:58:7c:7c:da:0a:fa:5b:45:87:5b:9d:5f:b1:f9:de:
         97:eb:62:71:25:3e:dd:93:9e:c6:8f:54:e2:80:bf:fe:2d:2b:
         1a:d6:a2:b6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQoJx0vKrJJcdH7uiDqohYVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjUwMTAyMTc1MzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmE2ZGRlOWYzMjhhZWM0NWEzNGZhM2ZjYjczYmQ2MDc2YmYyNThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvJSKV+ejP22PJ9l/86bllZ+cVNc
jjN1KnGK4gluQ1e+zVEfY3bwG2zcGw4jj9B65nxKehs2A5lKs+8NO8sZHhpLXbsA
4+K7EmiyXWgqLhCG8gocsUQIYxUh4/AprEmJoet0rlylI10d0+N2Rtqt+HQgL2hd
z1ZoDyaIkevhL0Z0v/VoJFZrFykE1xinI8ZFFaWoxTUwxi+bnswfJsGEV0RuGav5
1EUZjSV3P/uJE9AkSkaN/+rG0WjzfNG1Z9ssJoNAU+wiC9dCmBPAmgSPjZjbcKCd
B+BZuLZFas6gwfRG065Met9ZQoZjcetJx5jj0abuhpZcNtmDgav7lHkucwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIum3enzKK7EWjT6P8tzvWB2vyWPMB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvaTZiZDZmTW9yc1JhTlBvX3kzTzlZSGFfSlk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg5GxCwA
MA0GCSqGSIb3DQEBCwUAA4IBAQA/JtOBHapjaTdXQjKNgipLrx341ci+SiXrEuNF
qRsSCcFUf80qoDWG78HubjpjrBe9RWowFq9Bs/C9EZvC6EnxjzlJ+sI55hOI3E6I
3wgokcQlh1xgLZVh+an/AXBpFsYrIaLkyGbulzLd88jEVsTlVkDrVTD2TyrRJlb0
XDYpvCs2kq5f9SDw0LwBu8dtx/OqC/AW8uqbaUzul19EIqf12VljG0g0U33tc3qM
/F894sOEiVzGMYDoqt43mqQyxXoydBalnWeCjYo1eVYVc4lfRfwA+xXePivWtYdY
fHzaCvpbRYdbnV+x+d6X62JxJT7dk57Gj1TigL/+LSsa1qK2
-----END CERTIFICATE-----