Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/9a0497-cd0d-48dc-86ae-51c99bc8e8d0/1/LqnNExPECBrLWHZxipr7utM__10.roa
File:                     LqnNExPECBrLWHZxipr7utM__10.roa (raw, json)
Hash identifier:          QeICuemiifdBQ/Uxih/96nvmASg2fqvcs1N4t08aYZ0=
Subject key identifier:   2E:A9:CD:13:13:C4:08:1A:CB:58:76:71:8A:9A:FB:BA:D3:3F:FF:5D
Certificate issuer:       /CN=ca35f54a3b0e2e48dd5efb3624c1fe0e85fe261d
Certificate serial:       019423D78E95099B5F61DF6A62CDCDDE8982
Authority key identifier: CA:35:F5:4A:3B:0E:2E:48:DD:5E:FB:36:24:C1:FE:0E:85:FE:26:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yjX1SjsOLkjdXvs2JMH-DoX-Jh0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/9a0497-cd0d-48dc-86ae-51c99bc8e8d0/1/LqnNExPECBrLWHZxipr7utM__10.roa
Signing time:             Wed 01 Jan 2025 21:48:36 +0000
ROA not before:           Wed 01 Jan 2025 21:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2001:67c:fc0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/9a0497-cd0d-48dc-86ae-51c99bc8e8d0/1/yjX1SjsOLkjdXvs2JMH-DoX-Jh0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/9a0497-cd0d-48dc-86ae-51c99bc8e8d0/1/yjX1SjsOLkjdXvs2JMH-DoX-Jh0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yjX1SjsOLkjdXvs2JMH-DoX-Jh0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:8e:95:09:9b:5f:61:df:6a:62:cd:cd:de:89:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca35f54a3b0e2e48dd5efb3624c1fe0e85fe261d
        Validity
            Not Before: Jan  1 21:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ea9cd1313c4081acb5876718a9afbbad33fff5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:7e:ce:5f:d5:48:26:1a:7c:50:1c:9b:9f:89:
                    c2:44:8f:ec:aa:45:ab:84:b2:21:91:ef:f6:05:3d:
                    a4:6f:32:11:86:aa:5a:5a:b6:78:8b:8f:60:6b:95:
                    1b:e7:bb:48:53:ef:63:c2:fa:dd:98:0b:f6:b8:fd:
                    0d:a3:3f:6e:51:29:9b:1d:e4:52:0f:f1:01:68:2c:
                    da:bb:ee:6e:32:31:a0:43:46:3d:e9:04:0c:94:48:
                    fa:66:6c:bd:52:2e:6a:b8:d9:3c:64:88:3b:83:8a:
                    42:52:90:41:46:37:e5:31:04:d6:cc:01:33:ce:40:
                    0a:07:e2:19:61:8a:1a:1f:6c:83:b1:10:2d:c8:69:
                    a0:0f:9e:33:7d:8b:73:10:41:95:ef:0d:41:18:c1:
                    68:85:94:45:8b:2b:8e:0a:3c:c9:64:8e:57:82:38:
                    61:cc:87:75:57:d3:b1:f3:4f:fa:d0:ea:5a:ff:ce:
                    37:50:54:5b:c8:8f:e6:d5:92:1e:bd:c6:9e:72:52:
                    db:01:b1:19:58:df:31:54:72:82:b7:86:b3:c6:ba:
                    83:ae:20:0a:20:aa:60:3c:bd:48:6b:9d:27:e5:d5:
                    a3:d3:36:d4:9b:59:ce:5e:c9:2b:ff:be:90:ff:df:
                    15:cc:57:87:f9:48:f7:84:7d:c0:5a:f2:ae:be:3f:
                    64:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:A9:CD:13:13:C4:08:1A:CB:58:76:71:8A:9A:FB:BA:D3:3F:FF:5D
            X509v3 Authority Key Identifier:
                keyid:CA:35:F5:4A:3B:0E:2E:48:DD:5E:FB:36:24:C1:FE:0E:85:FE:26:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yjX1SjsOLkjdXvs2JMH-DoX-Jh0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/9a0497-cd0d-48dc-86ae-51c99bc8e8d0/1/LqnNExPECBrLWHZxipr7utM__10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/9a0497-cd0d-48dc-86ae-51c99bc8e8d0/1/yjX1SjsOLkjdXvs2JMH-DoX-Jh0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:fc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:4b:65:f9:8c:e8:4b:81:df:9c:3a:7e:b4:b9:42:b4:5c:fd:
         5a:92:27:ae:84:1a:5d:0e:5d:59:7b:54:15:72:3a:1a:46:06:
         4d:b8:14:5a:5e:a4:bf:3a:1d:c4:a6:ca:12:fb:3a:f8:e9:a9:
         51:58:c6:7f:98:2c:45:71:13:a2:a1:d2:4f:84:58:c1:6a:4d:
         24:2c:4e:9b:22:84:82:b6:0e:1c:36:cf:47:08:02:de:ef:f8:
         4e:b3:ce:9b:be:2b:65:bd:1d:f0:51:d1:b1:80:9c:d5:82:f6:
         ab:8f:98:c3:60:b1:f7:f8:21:bc:a2:75:8f:15:d5:ea:12:6f:
         8d:6d:ec:0e:74:41:21:12:60:78:da:9c:c4:0f:5c:20:9a:66:
         3f:35:86:39:63:b0:38:51:bd:a6:1f:44:80:ff:27:9a:77:60:
         fd:f5:a2:dd:0b:6b:60:2f:26:9b:c1:50:91:1a:a4:ef:53:26:
         db:93:c1:69:6d:11:34:9e:d3:95:d7:2e:0f:fa:65:12:e9:95:
         c7:ba:c1:65:ac:bb:09:a4:d9:e1:d8:7a:40:5c:c3:05:3b:84:
         36:9d:dc:40:dc:cd:12:db:63:63:7b:16:84:98:f5:ae:85:8a:
         f4:08:f0:a9:1e:67:0f:19:bc:9a:60:d5:a5:c9:2e:1f:c0:fd:
         00:4c:a5:0e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQj146VCZtfYd9qYs3N3omCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMzVmNTRhM2IwZTJlNDhkZDVlZmIzNjI0YzFmZTBlODVm
ZTI2MWQwHhcNMjUwMTAxMjE0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWE5Y2QxMzEzYzQwODFhY2I1ODc2NzE4YTlhZmJiYWQzM2ZmZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkH7OX9VIJhp8UBybn4nCRI/sqkWr
hLIhke/2BT2kbzIRhqpaWrZ4i49ga5Ub57tIU+9jwvrdmAv2uP0Noz9uUSmbHeRS
D/EBaCzau+5uMjGgQ0Y96QQMlEj6Zmy9Ui5quNk8ZIg7g4pCUpBBRjflMQTWzAEz
zkAKB+IZYYoaH2yDsRAtyGmgD54zfYtzEEGV7w1BGMFohZRFiyuOCjzJZI5Xgjhh
zId1V9Ox80/60Opa/843UFRbyI/m1ZIevcaeclLbAbEZWN8xVHKCt4azxrqDriAK
IKpgPL1Ia50n5dWj0zbUm1nOXskr/76Q/98VzFeH+Uj3hH3AWvKuvj9kNwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC6pzRMTxAgay1h2cYqa+7rTP/9dMB8GA1UdIwQY
MBaAFMo19Uo7Di5I3V77NiTB/g6F/iYdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWpYMVNqc09Ma2pkWHZzMkpNSC1Eb1gtSmgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC85YTA0OTctY2QwZC00OGRjLTg2YWUt
NTFjOTliYzhlOGQwLzEvTHFuTkV4UEVDQnJMV0haeGlwcjd1dE1fXzEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC85YTA0OTctY2QwZC00OGRjLTg2YWUtNTFjOTliYzhlOGQw
LzEveWpYMVNqc09Ma2pkWHZzMkpNSC1Eb1gtSmgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA/A
MA0GCSqGSIb3DQEBCwUAA4IBAQAZS2X5jOhLgd+cOn60uUK0XP1akieuhBpdDl1Z
e1QVcjoaRgZNuBRaXqS/Oh3EpsoS+zr46alRWMZ/mCxFcROiodJPhFjBak0kLE6b
IoSCtg4cNs9HCALe7/hOs86bvitlvR3wUdGxgJzVgvarj5jDYLH3+CG8onWPFdXq
Em+NbewOdEEhEmB42pzED1wgmmY/NYY5Y7A4Ub2mH0SA/yead2D99aLdC2tgLyab
wVCRGqTvUybbk8FpbRE0ntOV1y4P+mUS6ZXHusFlrLsJpNnh2HpAXMMFO4Q2ndxA
3M0S22NjexaEmPWuhYr0CPCpHmcPGbyaYNWlyS4fwP0ATKUO
-----END CERTIFICATE-----