Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/1c7917-8aa6-4c43-92dd-7476f42f2d9c/1/k3iYLAwyPc2aObu9-B_F44ynmik.roa
File:                     k3iYLAwyPc2aObu9-B_F44ynmik.roa (raw, json)
Hash identifier:          LrwFsWIjQZ+W2D90vgDv7dfPfE/Ui+QCFrdt8y4WIOo=
Subject key identifier:   93:78:98:2C:0C:32:3D:CD:9A:39:BB:BD:F8:1F:C5:E3:8C:A7:9A:29
Certificate issuer:       /CN=ce5bf5201f18b402b8e628bc77f2252f769e70f2
Certificate serial:       01945FE894787BD34B68A52D623F9071C0D1
Authority key identifier: CE:5B:F5:20:1F:18:B4:02:B8:E6:28:BC:77:F2:25:2F:76:9E:70:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zlv1IB8YtAK45ii8d_IlL3aecPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/1c7917-8aa6-4c43-92dd-7476f42f2d9c/1/k3iYLAwyPc2aObu9-B_F44ynmik.roa
Signing time:             Mon 13 Jan 2025 13:44:25 +0000
ROA not before:           Mon 13 Jan 2025 13:44:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2a02:d21:1000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/1c7917-8aa6-4c43-92dd-7476f42f2d9c/1/zlv1IB8YtAK45ii8d_IlL3aecPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/1c7917-8aa6-4c43-92dd-7476f42f2d9c/1/zlv1IB8YtAK45ii8d_IlL3aecPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zlv1IB8YtAK45ii8d_IlL3aecPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:5f:e8:94:78:7b:d3:4b:68:a5:2d:62:3f:90:71:c0:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce5bf5201f18b402b8e628bc77f2252f769e70f2
        Validity
            Not Before: Jan 13 13:44:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9378982c0c323dcd9a39bbbdf81fc5e38ca79a29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:63:c9:37:93:58:2d:20:aa:dc:98:6b:2e:92:
                    8b:0a:36:2d:e0:96:c5:44:8d:c8:b9:98:9f:97:d7:
                    4f:92:5f:e7:a4:f7:f2:35:45:11:c3:43:84:6c:97:
                    18:07:b4:50:b1:c4:02:25:81:b0:17:6d:a8:93:12:
                    01:e9:67:c0:6d:0f:fd:ca:65:40:02:c7:98:e3:f7:
                    0c:10:72:27:31:57:46:35:c9:97:53:87:8d:2c:75:
                    07:ba:e9:30:a4:6a:7c:88:46:a1:e2:91:b9:d5:6e:
                    f7:75:f7:1b:e5:7a:a9:15:29:e4:56:88:45:53:cc:
                    62:56:2a:48:30:bc:9c:fe:55:58:f6:86:41:5c:8d:
                    a7:17:15:ae:19:08:d4:9e:7a:f8:84:af:19:a3:9f:
                    10:41:f0:64:2f:c7:bf:02:05:a5:d1:90:ae:b9:6a:
                    b8:50:da:c4:53:dc:c4:90:37:87:49:ba:47:e9:9e:
                    2a:7e:ff:36:e5:f4:df:ed:01:6c:bb:9d:a4:0f:f0:
                    f4:63:08:35:3e:41:41:32:b6:77:c8:23:d3:8d:68:
                    1d:65:bd:b9:e6:30:45:53:bd:88:fb:8a:19:e8:58:
                    7a:b8:af:88:e3:f9:ee:6c:3e:22:3c:70:d9:10:f3:
                    69:0a:cd:08:fd:53:d8:82:00:83:55:41:8b:db:e3:
                    22:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:78:98:2C:0C:32:3D:CD:9A:39:BB:BD:F8:1F:C5:E3:8C:A7:9A:29
            X509v3 Authority Key Identifier:
                keyid:CE:5B:F5:20:1F:18:B4:02:B8:E6:28:BC:77:F2:25:2F:76:9E:70:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zlv1IB8YtAK45ii8d_IlL3aecPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/1c7917-8aa6-4c43-92dd-7476f42f2d9c/1/k3iYLAwyPc2aObu9-B_F44ynmik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/1c7917-8aa6-4c43-92dd-7476f42f2d9c/1/zlv1IB8YtAK45ii8d_IlL3aecPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:d21:1000::/48

    Signature Algorithm: sha256WithRSAEncryption
         c3:f9:7e:08:7e:d0:d5:34:1d:ce:7f:fd:f5:fc:d4:e2:25:2c:
         3d:2b:13:24:d1:64:47:4a:27:d3:aa:d0:74:f3:9a:20:33:e8:
         05:aa:3f:b7:f0:04:1f:07:d5:8b:e3:51:06:a6:a4:be:aa:5f:
         43:96:54:9a:6e:1c:6a:1d:db:00:57:54:4a:da:d0:07:ea:d0:
         7c:74:d7:0b:70:46:83:4b:73:b1:3e:31:3f:e7:ac:40:8d:2b:
         f3:45:43:2a:97:e3:e0:18:3d:a7:b7:59:70:7e:91:a6:0d:7b:
         20:76:fc:d4:72:6c:ee:02:a2:69:ae:0e:13:85:c8:0b:de:f1:
         da:3d:67:86:37:e2:c0:d2:65:19:26:e3:77:8a:d6:bb:31:99:
         c4:ea:ba:35:49:06:85:24:1d:ce:13:e9:c3:c1:81:86:bf:a4:
         b2:ea:53:44:21:fd:b1:94:6f:8b:67:dc:f0:21:f7:41:27:fb:
         fe:ba:0a:ae:61:5a:6f:92:3b:5a:5b:c9:a8:78:57:3b:57:67:
         67:16:2e:4e:f6:b3:78:c4:f1:83:c6:ad:21:43:7b:94:09:90:
         2c:31:41:45:93:56:7d:3d:1a:71:35:64:52:96:1a:8f:51:d3:
         3e:29:3c:9b:a2:c9:f7:aa:22:3b:33:5a:57:d0:26:b1:6b:05:
         77:09:49:5b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZRf6JR4e9NLaKUtYj+QccDRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlNWJmNTIwMWYxOGI0MDJiOGU2MjhiYzc3ZjIyNTJmNzY5
ZTcwZjIwHhcNMjUwMTEzMTM0NDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzc4OTgyYzBjMzIzZGNkOWEzOWJiYmRmODFmYzVlMzhjYTc5YTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmPJN5NYLSCq3JhrLpKLCjYt4JbF
RI3IuZifl9dPkl/npPfyNUURw0OEbJcYB7RQscQCJYGwF22okxIB6WfAbQ/9ymVA
AseY4/cMEHInMVdGNcmXU4eNLHUHuukwpGp8iEah4pG51W73dfcb5XqpFSnkVohF
U8xiVipIMLyc/lVY9oZBXI2nFxWuGQjUnnr4hK8Zo58QQfBkL8e/AgWl0ZCuuWq4
UNrEU9zEkDeHSbpH6Z4qfv825fTf7QFsu52kD/D0Ywg1PkFBMrZ3yCPTjWgdZb25
5jBFU72I+4oZ6Fh6uK+I4/nubD4iPHDZEPNpCs0I/VPYggCDVUGL2+MifwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJN4mCwMMj3Nmjm7vfgfxeOMp5opMB8GA1UdIwQY
MBaAFM5b9SAfGLQCuOYovHfyJS92nnDyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemx2MUlCOFl0QUs0NWlpOGRfSWxMM2FlY1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8xYzc5MTctOGFhNi00YzQzLTkyZGQt
NzQ3NmY0MmYyZDljLzEvazNpWUxBd3lQYzJhT2J1OS1CX0Y0NHlubWlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8xYzc5MTctOGFhNi00YzQzLTkyZGQtNzQ3NmY0MmYyZDlj
LzEvemx2MUlCOFl0QUs0NWlpOGRfSWxMM2FlY1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgINIRAA
MA0GCSqGSIb3DQEBCwUAA4IBAQDD+X4IftDVNB3Of/31/NTiJSw9KxMk0WRHSifT
qtB085ogM+gFqj+38AQfB9WL41EGpqS+ql9DllSabhxqHdsAV1RK2tAH6tB8dNcL
cEaDS3OxPjE/56xAjSvzRUMql+PgGD2nt1lwfpGmDXsgdvzUcmzuAqJprg4ThcgL
3vHaPWeGN+LA0mUZJuN3ita7MZnE6ro1SQaFJB3OE+nDwYGGv6Sy6lNEIf2xlG+L
Z9zwIfdBJ/v+ugquYVpvkjtaW8moeFc7V2dnFi5O9rN4xPGDxq0hQ3uUCZAsMUFF
k1Z9PRpxNWRSlhqPUdM+KTybosn3qiI7M1pX0CaxawV3CUlb
-----END CERTIFICATE-----