Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/g0VLR4dmZuTUcMAH8lFP9-35SEQ.roa
File:                     g0VLR4dmZuTUcMAH8lFP9-35SEQ.roa (raw, json)
Hash identifier:          VJzmNAtUkQtzYlHT74BgFDK6+FNteK79SAvoZ6OtMvk=
Subject key identifier:   83:45:4B:47:87:66:66:E4:D4:70:C0:07:F2:51:4F:F7:ED:F9:48:44
Certificate issuer:       /CN=049d4f66598668079353721c21935a00319f6759
Certificate serial:       019424B2737C4B0839632A82A50D9C2BDF74
Authority key identifier: 04:9D:4F:66:59:86:68:07:93:53:72:1C:21:93:5A:00:31:9F:67:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/g0VLR4dmZuTUcMAH8lFP9-35SEQ.roa
Signing time:             Thu 02 Jan 2025 01:47:41 +0000
ROA not before:           Thu 02 Jan 2025 01:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        2a11:7400:d1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:73:7c:4b:08:39:63:2a:82:a5:0d:9c:2b:df:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=049d4f66598668079353721c21935a00319f6759
        Validity
            Not Before: Jan  2 01:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83454b47876666e4d470c007f2514ff7edf94844
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:fd:b5:8d:4b:6c:86:45:43:0b:39:6d:23:44:
                    bd:1b:7f:01:e7:81:c2:2a:81:e4:97:b2:3a:10:f6:
                    13:5e:1e:e7:0c:f2:f4:5b:ce:3e:43:ba:8f:3a:9c:
                    d3:bd:07:00:2e:0f:34:20:c6:07:b8:d1:f0:47:be:
                    bf:71:44:6c:01:e5:c2:8e:c3:80:54:9c:82:c2:13:
                    ee:b8:04:33:58:5a:f9:c2:6a:30:86:21:65:12:fa:
                    ed:65:bb:96:c7:28:77:bf:b2:01:8c:b9:25:f4:ae:
                    f1:29:6c:4a:27:c6:9f:06:f9:96:01:b9:29:03:f7:
                    6b:85:b4:c8:d9:1a:8c:55:a3:c9:65:aa:f6:ea:cc:
                    42:44:d6:76:bc:79:b8:be:e8:bc:c4:b0:8b:ab:b0:
                    2e:1c:cd:f7:cf:3a:36:85:8c:ab:ec:4d:5a:de:28:
                    e3:d4:a3:37:c4:45:d7:c6:4b:46:dc:b6:04:9a:34:
                    d2:69:4b:36:a6:9c:92:59:29:97:c6:3c:6c:32:cb:
                    2d:8f:56:3e:6d:2a:0c:c8:7d:ac:56:29:3d:9c:f0:
                    fd:b0:18:93:11:5e:e6:7a:f4:c1:2b:06:4e:09:f8:
                    c6:a4:bf:5c:d1:00:e2:7f:b9:de:2a:b1:30:d0:43:
                    b8:cd:da:32:37:ad:60:5f:51:25:1d:5c:42:f2:7f:
                    4a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:45:4B:47:87:66:66:E4:D4:70:C0:07:F2:51:4F:F7:ED:F9:48:44
            X509v3 Authority Key Identifier:
                keyid:04:9D:4F:66:59:86:68:07:93:53:72:1C:21:93:5A:00:31:9F:67:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/g0VLR4dmZuTUcMAH8lFP9-35SEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:7400:d1::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:44:e6:53:63:4e:29:fd:c4:d9:0c:c8:cf:b8:e1:cf:15:b7:
         d7:a5:b3:44:f2:1f:a8:93:28:df:8d:4c:47:42:e6:dc:fb:e1:
         6a:db:77:6d:58:5e:8f:83:03:bc:a8:4a:fa:3f:ed:98:19:72:
         db:d3:f4:a3:1c:86:08:3c:95:67:97:53:e4:55:64:2f:e1:e9:
         19:7f:89:e2:ad:b7:d9:13:e4:b9:3c:db:cc:a2:8c:01:19:4c:
         6a:fd:c0:c6:80:72:23:c3:97:f0:ae:26:bc:21:89:93:9a:24:
         fc:3e:16:86:4f:fc:54:00:f2:3b:d5:58:d1:11:70:9f:ab:8e:
         ac:a0:5d:f7:20:69:c1:03:a8:73:1d:fe:ad:19:45:c6:45:0f:
         42:b0:9d:cd:80:c8:2a:5a:91:7e:17:f5:57:15:6a:5b:67:21:
         3a:a7:49:ce:ca:eb:1a:d1:35:6d:29:66:4d:96:ff:32:f9:47:
         46:9e:46:f4:b1:c7:e6:55:3d:41:43:e3:20:f5:ec:e2:0e:3c:
         ab:82:7f:6e:25:df:ce:28:61:51:42:20:38:56:32:39:15:a3:
         4e:e7:82:c4:68:2a:f2:18:38:78:f0:12:70:f6:2e:5f:b5:57:
         e5:86:84:08:1c:f2:8a:bc:6d:24:1a:c6:57:2f:68:2b:9a:79:
         e8:5a:85:cb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQksnN8Swg5YyqCpQ2cK990MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0OWQ0ZjY2NTk4NjY4MDc5MzUzNzIxYzIxOTM1YTAwMzE5
ZjY3NTkwHhcNMjUwMTAyMDE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzQ1NGI0Nzg3NjY2NmU0ZDQ3MGMwMDdmMjUxNGZmN2VkZjk0ODQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmf21jUtshkVDCzltI0S9G38B54HC
KoHkl7I6EPYTXh7nDPL0W84+Q7qPOpzTvQcALg80IMYHuNHwR76/cURsAeXCjsOA
VJyCwhPuuAQzWFr5wmowhiFlEvrtZbuWxyh3v7IBjLkl9K7xKWxKJ8afBvmWAbkp
A/drhbTI2RqMVaPJZar26sxCRNZ2vHm4vui8xLCLq7AuHM33zzo2hYyr7E1a3ijj
1KM3xEXXxktG3LYEmjTSaUs2ppySWSmXxjxsMsstj1Y+bSoMyH2sVik9nPD9sBiT
EV7mevTBKwZOCfjGpL9c0QDif7neKrEw0EO4zdoyN61gX1ElHVxC8n9KEQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFINFS0eHZmbk1HDAB/JRT/ft+UhEMB8GA1UdIwQY
MBaAFASdT2ZZhmgHk1NyHCGTWgAxn2dZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkoxUFpsbUdhQWVUVTNJY0laTmFBREdmWjFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9mMjNmYjYtMzIyOS00ZThiLTkzNmEt
OTI3OTU0N2VjYTU1LzEvZzBWTFI0ZG1adVRVY01BSDhsRlA5LTM1U0VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9mMjNmYjYtMzIyOS00ZThiLTkzNmEtOTI3OTU0N2VjYTU1
LzEvQkoxUFpsbUdhQWVUVTNJY0laTmFBREdmWjFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhF0AADR
MA0GCSqGSIb3DQEBCwUAA4IBAQByROZTY04p/cTZDMjPuOHPFbfXpbNE8h+okyjf
jUxHQubc++Fq23dtWF6PgwO8qEr6P+2YGXLb0/SjHIYIPJVnl1PkVWQv4ekZf4ni
rbfZE+S5PNvMoowBGUxq/cDGgHIjw5fwria8IYmTmiT8PhaGT/xUAPI71VjREXCf
q46soF33IGnBA6hzHf6tGUXGRQ9CsJ3NgMgqWpF+F/VXFWpbZyE6p0nOyusa0TVt
KWZNlv8y+UdGnkb0scfmVT1BQ+Mg9eziDjyrgn9uJd/OKGFRQiA4VjI5FaNO54LE
aCryGDh48BJw9i5ftVflhoQIHPKKvG0kGsZXL2grmnnoWoXL
-----END CERTIFICATE-----