Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/979bdb-01a3-4d17-8746-fe44772d5ae1/1/4ghkRfOquB-e7Fok48kTrT0aVAU.roa
File:                     4ghkRfOquB-e7Fok48kTrT0aVAU.roa (raw, json)
Hash identifier:          6SkfRPpDusU3pdgmnRmAtb8LYqLwuaj5aFdgg7X05Uw=
Subject key identifier:   E2:08:64:45:F3:AA:B8:1F:9E:EC:5A:24:E3:C9:13:AD:3D:1A:54:05
Certificate issuer:       /CN=f1dd795be36e4b5b309ebc8e04ea7394135c714c
Certificate serial:       019424B31BB73618A3C0B8B7AD20ACD86AB7
Authority key identifier: F1:DD:79:5B:E3:6E:4B:5B:30:9E:BC:8E:04:EA:73:94:13:5C:71:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8d15W-NuS1swnryOBOpzlBNccUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/979bdb-01a3-4d17-8746-fe44772d5ae1/1/4ghkRfOquB-e7Fok48kTrT0aVAU.roa
Signing time:             Thu 02 Jan 2025 01:48:25 +0000
ROA not before:           Thu 02 Jan 2025 01:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3209
IP address blocks:        2a09:c580:1611::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/979bdb-01a3-4d17-8746-fe44772d5ae1/1/8d15W-NuS1swnryOBOpzlBNccUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/979bdb-01a3-4d17-8746-fe44772d5ae1/1/8d15W-NuS1swnryOBOpzlBNccUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8d15W-NuS1swnryOBOpzlBNccUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:1b:b7:36:18:a3:c0:b8:b7:ad:20:ac:d8:6a:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1dd795be36e4b5b309ebc8e04ea7394135c714c
        Validity
            Not Before: Jan  2 01:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2086445f3aab81f9eec5a24e3c913ad3d1a5405
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:35:c2:a3:8c:81:ac:d3:97:71:5d:d7:2b:2b:
                    48:e0:27:f8:09:c5:4c:c9:ad:ed:0e:2e:06:a1:ef:
                    e0:fd:7c:b3:0c:d2:40:c5:23:62:ff:42:94:24:7c:
                    0e:e2:7a:8a:9e:b2:02:5a:c6:22:6f:08:b1:7e:69:
                    c9:bc:ab:22:27:b8:a6:6e:ff:28:78:24:18:8d:9d:
                    d6:82:d0:5e:2a:a5:66:0e:3f:51:b7:bb:cb:0b:16:
                    bf:37:0b:dc:77:e2:14:45:4f:88:70:79:0a:81:79:
                    28:e5:10:4f:d1:a5:aa:07:87:ba:eb:92:fc:a5:e7:
                    e2:f8:9e:40:2c:08:ea:67:d6:9c:9a:ca:1d:53:3a:
                    7f:d4:2c:4c:9f:5b:d9:24:cb:63:e8:f1:d7:ed:78:
                    cc:e8:3f:eb:4d:a9:55:aa:cb:33:12:f0:23:dc:9d:
                    2b:ee:d9:5b:80:55:f1:0a:0d:33:6b:d4:f6:b0:53:
                    a9:a8:df:55:71:9f:ca:34:f0:c7:7f:06:54:a9:ee:
                    c8:d0:f1:ba:46:c4:46:a2:36:e2:d4:39:ac:98:70:
                    22:c0:89:8a:60:f0:e6:bc:4f:bf:c2:f4:2a:64:74:
                    f6:33:61:1e:14:74:f7:f5:75:73:12:69:ba:fb:59:
                    be:29:e1:13:a5:f2:03:1e:a7:45:8a:6c:69:a1:a2:
                    0a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:08:64:45:F3:AA:B8:1F:9E:EC:5A:24:E3:C9:13:AD:3D:1A:54:05
            X509v3 Authority Key Identifier:
                keyid:F1:DD:79:5B:E3:6E:4B:5B:30:9E:BC:8E:04:EA:73:94:13:5C:71:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d15W-NuS1swnryOBOpzlBNccUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/979bdb-01a3-4d17-8746-fe44772d5ae1/1/4ghkRfOquB-e7Fok48kTrT0aVAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/979bdb-01a3-4d17-8746-fe44772d5ae1/1/8d15W-NuS1swnryOBOpzlBNccUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:c580:1611::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:be:f7:7d:b0:4a:f5:b8:20:b9:d1:d9:fa:70:96:85:23:6f:
         c1:26:0d:8f:b6:3f:1c:47:08:1c:24:21:67:58:e2:d6:a5:b4:
         ac:6f:21:5f:83:31:a5:10:92:39:a0:29:da:f4:37:18:be:0a:
         4f:d1:69:e2:48:a4:77:fb:77:7d:dd:d7:8d:41:3e:71:3d:45:
         74:d9:7c:b7:22:30:1f:2f:06:a7:86:f8:ec:12:60:12:92:df:
         e7:99:3a:7c:63:9a:c1:8e:d0:a5:66:c6:44:9a:37:d2:81:94:
         94:27:3e:5d:60:1f:97:1d:aa:4b:fe:ea:6c:e0:e8:53:4f:35:
         b9:3e:03:c1:81:8e:b2:37:23:60:80:39:9f:a7:b8:d1:5b:ad:
         41:69:6c:e5:58:99:da:26:73:3e:c4:fd:b1:63:d1:6f:39:86:
         c0:06:db:e6:92:83:32:40:ef:06:f7:42:1b:ae:77:f0:f7:f3:
         bb:10:7e:fa:f0:dd:c5:ad:c2:b3:74:fb:4a:2f:20:d0:b7:b2:
         be:59:55:51:2c:fd:bc:d2:79:06:78:f5:fb:8f:26:5a:15:ec:
         e7:43:5f:41:71:03:1e:41:eb:62:cb:ee:f6:83:62:bc:29:b8:
         92:69:c6:18:98:5a:b3:d2:5c:d4:f2:ef:f1:4e:49:4e:3d:01:
         1a:11:8f:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQksxu3NhijwLi3rSCs2Gq3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZGQ3OTViZTM2ZTRiNWIzMDllYmM4ZTA0ZWE3Mzk0MTM1
YzcxNGMwHhcNMjUwMTAyMDE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjA4NjQ0NWYzYWFiODFmOWVlYzVhMjRlM2M5MTNhZDNkMWE1NDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTXCo4yBrNOXcV3XKytI4Cf4CcVM
ya3tDi4Goe/g/XyzDNJAxSNi/0KUJHwO4nqKnrICWsYibwixfmnJvKsiJ7imbv8o
eCQYjZ3WgtBeKqVmDj9Rt7vLCxa/Nwvcd+IURU+IcHkKgXko5RBP0aWqB4e665L8
pefi+J5ALAjqZ9acmsodUzp/1CxMn1vZJMtj6PHX7XjM6D/rTalVqsszEvAj3J0r
7tlbgFXxCg0za9T2sFOpqN9VcZ/KNPDHfwZUqe7I0PG6RsRGojbi1DmsmHAiwImK
YPDmvE+/wvQqZHT2M2EeFHT39XVzEmm6+1m+KeETpfIDHqdFimxpoaIKywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOIIZEXzqrgfnuxaJOPJE609GlQFMB8GA1UdIwQY
MBaAFPHdeVvjbktbMJ68jgTqc5QTXHFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGQxNVctTnVTMXN3bnJ5T0JPcHpsQk5jY1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS85NzliZGItMDFhMy00ZDE3LTg3NDYt
ZmU0NDc3MmQ1YWUxLzEvNGdoa1JmT3F1Qi1lN0ZvazQ4a1RyVDBhVkFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS85NzliZGItMDFhMy00ZDE3LTg3NDYtZmU0NDc3MmQ1YWUx
LzEvOGQxNVctTnVTMXN3bnJ5T0JPcHpsQk5jY1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgnFgBYR
MA0GCSqGSIb3DQEBCwUAA4IBAQA4vvd9sEr1uCC50dn6cJaFI2/BJg2Ptj8cRwgc
JCFnWOLWpbSsbyFfgzGlEJI5oCna9DcYvgpP0WniSKR3+3d93deNQT5xPUV02Xy3
IjAfLwanhvjsEmASkt/nmTp8Y5rBjtClZsZEmjfSgZSUJz5dYB+XHapL/ups4OhT
TzW5PgPBgY6yNyNggDmfp7jRW61BaWzlWJnaJnM+xP2xY9FvOYbABtvmkoMyQO8G
90Ibrnfw9/O7EH768N3FrcKzdPtKLyDQt7K+WVVRLP280nkGePX7jyZaFeznQ19B
cQMeQetiy+72g2K8KbiSacYYmFqz0lzU8u/xTklOPQEaEY+C
-----END CERTIFICATE-----