Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/CN8JcZNe6nBmbhnbxKuljzmeRw4.roa
File:                     CN8JcZNe6nBmbhnbxKuljzmeRw4.roa (raw, json)
Hash identifier:          ueo5lBbOlNgxrxTTa+PPhxNr2eig9TfjivNKSsqsvII=
Subject key identifier:   08:DF:09:71:93:5E:EA:70:66:6E:19:DB:C4:AB:A5:8F:39:9E:47:0E
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       0194459F5BF1E1AE2C7544B2B566DBFCCBC5
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/CN8JcZNe6nBmbhnbxKuljzmeRw4.roa
Signing time:             Wed 08 Jan 2025 11:14:19 +0000
ROA not before:           Wed 08 Jan 2025 11:14:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a05:9080:9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:45:9f:5b:f1:e1:ae:2c:75:44:b2:b5:66:db:fc:cb:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Jan  8 11:14:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08df0971935eea70666e19dbc4aba58f399e470e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:59:e7:4a:6d:55:64:95:03:a6:29:47:7e:94:
                    71:5e:7a:94:0e:33:43:9a:62:42:f0:89:2a:b6:c5:
                    c3:d0:48:f6:5b:2a:97:a4:ba:28:27:2f:59:06:f6:
                    9e:50:4e:9d:2d:04:c4:8e:66:e5:b0:34:44:43:5a:
                    3a:72:3a:84:ed:69:72:0c:ed:4d:57:53:8c:57:b8:
                    ee:a3:bf:1e:b7:03:15:06:12:4d:94:62:c7:ae:b0:
                    fd:96:06:96:41:e1:70:a5:a8:88:50:71:c9:b3:70:
                    45:fc:18:f4:df:3b:19:5e:2c:a1:0d:d2:6b:d3:59:
                    e0:1a:8c:64:27:a0:d9:75:53:aa:3e:bc:1d:b1:5f:
                    39:bc:7b:b7:d4:14:72:1d:69:5c:60:32:47:e5:38:
                    b3:28:89:09:67:82:d6:96:90:06:51:4b:25:6c:ea:
                    7a:70:3f:6e:34:c4:75:42:13:4e:49:2c:bd:21:1d:
                    1f:b9:57:2c:86:0f:2a:06:85:8e:e5:04:25:91:9e:
                    00:3b:c8:3f:13:41:06:ec:6d:e1:b3:40:d5:66:48:
                    17:17:74:5a:df:f7:41:de:42:44:25:11:93:f2:c5:
                    f5:02:02:45:8a:66:17:cb:2b:dd:c1:3e:f8:24:e5:
                    a4:da:55:d8:5f:7f:b4:95:bb:59:1b:9a:3a:7b:dd:
                    6b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:DF:09:71:93:5E:EA:70:66:6E:19:DB:C4:AB:A5:8F:39:9E:47:0E
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/CN8JcZNe6nBmbhnbxKuljzmeRw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9080:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:85:a2:ba:98:c7:72:b7:1b:f7:e2:37:29:70:58:8e:4b:3c:
         5e:3a:8b:aa:f4:13:ed:56:03:f2:7d:85:69:8e:44:c1:05:c9:
         73:c6:36:21:30:94:ac:b4:fe:72:15:ed:c8:1d:9f:f3:d1:2f:
         3e:0b:95:53:b9:20:4f:79:71:08:8c:58:07:16:22:08:9a:91:
         ad:b5:69:e6:bd:51:8b:d0:c3:0c:19:c7:05:6c:56:13:2e:56:
         07:b1:ac:af:5d:4d:98:17:dd:f7:95:74:fe:09:49:a2:e6:9e:
         5a:e1:d9:6f:39:5f:a0:bc:eb:7c:08:8a:e0:93:70:4c:b8:e2:
         d1:3c:6a:d6:e6:66:df:40:00:6c:89:4e:e2:e3:14:03:d0:9b:
         9c:04:a7:28:12:b3:18:c6:fb:92:e7:4c:33:fd:45:d8:58:8d:
         aa:f8:9c:f4:a9:2c:8a:95:a4:cb:8d:b7:73:8d:10:24:98:11:
         a8:75:e3:9a:a5:cc:79:72:38:d4:87:b4:16:57:9e:9f:5c:91:
         45:1f:33:61:0c:5b:97:0c:26:4a:af:92:a4:36:8b:63:ef:23:
         68:4a:69:bf:95:95:3d:73:7e:b4:b7:52:59:f9:e4:69:6d:fc:
         74:5f:6f:dd:a2:fd:f0:ea:b2:92:7f:81:bd:d3:b0:72:fb:65:
         fd:9d:79:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZRFn1vx4a4sdUSytWbb/MvFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjUwMTA4MTExNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGRmMDk3MTkzNWVlYTcwNjY2ZTE5ZGJjNGFiYTU4ZjM5OWU0NzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1nnSm1VZJUDpilHfpRxXnqUDjND
mmJC8IkqtsXD0Ej2WyqXpLooJy9ZBvaeUE6dLQTEjmblsDREQ1o6cjqE7WlyDO1N
V1OMV7juo78etwMVBhJNlGLHrrD9lgaWQeFwpaiIUHHJs3BF/Bj03zsZXiyhDdJr
01ngGoxkJ6DZdVOqPrwdsV85vHu31BRyHWlcYDJH5TizKIkJZ4LWlpAGUUslbOp6
cD9uNMR1QhNOSSy9IR0fuVcshg8qBoWO5QQlkZ4AO8g/E0EG7G3hs0DVZkgXF3Ra
3/dB3kJEJRGT8sX1AgJFimYXyyvdwT74JOWk2lXYX3+0lbtZG5o6e91rCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAjfCXGTXupwZm4Z28SrpY85nkcOMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvQ044SmNaTmU2bkJtYmhuYnhLdWxqem1lUnc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWQgAAJ
MA0GCSqGSIb3DQEBCwUAA4IBAQCXhaK6mMdytxv34jcpcFiOSzxeOouq9BPtVgPy
fYVpjkTBBclzxjYhMJSstP5yFe3IHZ/z0S8+C5VTuSBPeXEIjFgHFiIImpGttWnm
vVGL0MMMGccFbFYTLlYHsayvXU2YF933lXT+CUmi5p5a4dlvOV+gvOt8CIrgk3BM
uOLRPGrW5mbfQABsiU7i4xQD0JucBKcoErMYxvuS50wz/UXYWI2q+Jz0qSyKlaTL
jbdzjRAkmBGodeOapcx5cjjUh7QWV56fXJFFHzNhDFuXDCZKr5KkNotj7yNoSmm/
lZU9c360t1JZ+eRpbfx0X2/dov3w6rKSf4G907By+2X9nXkT
-----END CERTIFICATE-----