Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/HAEssOWQRwSdc5TGWOA9Yahl7WM.roa
File:                     HAEssOWQRwSdc5TGWOA9Yahl7WM.roa (raw, json)
Hash identifier:          GGhgfbO/+6MLQCq+HU+0d0YUwkftNYr1yFwg0YzDhQk=
Subject key identifier:   1C:01:2C:B0:E5:90:47:04:9D:73:94:C6:58:E0:3D:61:A8:65:ED:63
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       01942143E59288E274F29D5F622E2EDA2BCF
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/HAEssOWQRwSdc5TGWOA9Yahl7WM.roa
Signing time:             Wed 01 Jan 2025 09:48:05 +0000
ROA not before:           Wed 01 Jan 2025 09:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42337
IP address blocks:        2a05:9080:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e5:92:88:e2:74:f2:9d:5f:62:2e:2e:da:2b:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Jan  1 09:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c012cb0e59047049d7394c658e03d61a865ed63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:08:05:6b:e6:74:cd:fb:04:f4:1b:3d:76:23:
                    e9:55:2d:aa:e0:c6:29:8a:2f:b1:d9:8b:bc:8c:7e:
                    d2:bf:c9:20:09:1f:f9:6e:de:8f:fb:72:19:57:75:
                    e4:77:fe:95:e4:e4:65:b3:65:73:16:04:38:b6:af:
                    5f:c1:51:aa:35:2a:6e:e8:d3:3d:1b:b0:8a:9a:c6:
                    20:9a:9f:fb:43:7a:fc:91:b0:cf:cc:ec:f9:a5:a2:
                    6c:be:f1:81:ed:45:2d:36:f5:73:9c:01:5d:ce:9b:
                    c6:05:12:94:ed:f1:62:61:c5:5c:b2:af:fa:4b:69:
                    b2:76:3f:d5:f2:96:b3:ac:5c:36:80:43:90:58:17:
                    46:18:78:28:35:98:fe:74:23:e4:79:f1:ba:ef:e9:
                    28:5f:aa:21:6c:b9:d0:45:ea:dd:79:8e:23:b4:6b:
                    d7:60:c4:10:6c:51:15:9e:63:8b:c5:5e:a1:8f:05:
                    34:44:eb:4b:47:a2:70:ad:74:a0:06:c2:ce:a4:22:
                    1c:c9:15:8c:58:ee:1d:d1:56:6f:29:59:f6:59:2f:
                    8d:c5:9b:5a:e2:c6:c4:37:1d:5b:bf:34:6a:de:3f:
                    f4:3e:3e:90:10:a6:02:83:53:aa:f1:c7:6f:3b:c0:
                    c6:f3:f8:11:52:6c:f4:58:c7:e5:7f:ad:db:51:ee:
                    5c:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:01:2C:B0:E5:90:47:04:9D:73:94:C6:58:E0:3D:61:A8:65:ED:63
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/HAEssOWQRwSdc5TGWOA9Yahl7WM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9080:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:54:51:13:7f:3c:0c:01:de:a5:98:64:2b:9f:1e:b6:1d:37:
         ee:19:2a:44:2a:52:66:5f:ac:d0:f8:69:14:d0:4b:5f:04:83:
         b9:19:d9:ea:c0:30:ed:e2:4f:d6:de:d7:72:0d:43:f9:62:ec:
         ec:87:bb:b4:cd:fb:ae:61:44:b3:9b:1a:4b:4c:8a:16:8f:df:
         c7:07:ac:15:fb:f9:bc:86:41:a6:f5:66:1f:cd:71:5c:74:1f:
         7a:aa:8f:99:85:c0:b9:0c:a3:cd:c4:82:32:ea:be:2b:5e:9b:
         ad:26:bc:49:16:22:1a:83:6c:79:15:6f:a9:25:12:f9:1f:6c:
         f3:8a:41:2b:6e:6f:5d:50:14:23:ab:c2:4c:0a:04:58:ba:85:
         53:32:3e:c1:7d:78:14:2b:13:ad:a1:c3:07:20:98:4b:bc:9c:
         af:ae:95:81:dd:a4:54:a9:d9:58:3c:44:e3:5b:3b:65:2e:08:
         76:c7:36:98:b6:73:3e:ad:b5:18:3b:13:9e:6a:16:db:77:fe:
         7e:3c:97:13:23:6e:37:5d:ab:90:87:e3:4f:13:77:ee:51:fd:
         74:c2:00:5e:3c:4f:79:7c:6b:1f:98:ff:65:3f:20:73:b7:be:
         12:14:d4:e2:1c:43:88:69:76:b0:77:da:ca:e4:0b:9c:ea:5c:
         c7:de:c0:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhQ+WSiOJ08p1fYi4u2ivPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjUwMTAxMDk0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzAxMmNiMGU1OTA0NzA0OWQ3Mzk0YzY1OGUwM2Q2MWE4NjVlZDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwgFa+Z0zfsE9Bs9diPpVS2q4MYp
ii+x2Yu8jH7Sv8kgCR/5bt6P+3IZV3Xkd/6V5ORls2VzFgQ4tq9fwVGqNSpu6NM9
G7CKmsYgmp/7Q3r8kbDPzOz5paJsvvGB7UUtNvVznAFdzpvGBRKU7fFiYcVcsq/6
S2mydj/V8pazrFw2gEOQWBdGGHgoNZj+dCPkefG67+koX6ohbLnQRerdeY4jtGvX
YMQQbFEVnmOLxV6hjwU0ROtLR6JwrXSgBsLOpCIcyRWMWO4d0VZvKVn2WS+NxZta
4sbENx1bvzRq3j/0Pj6QEKYCg1Oq8cdvO8DG8/gRUmz0WMflf63bUe5c9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBwBLLDlkEcEnXOUxljgPWGoZe1jMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvSEFFc3NPV1FSd1NkYzVUR1dPQTlZYWhsN1dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWQgAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQC/VFETfzwMAd6lmGQrnx62HTfuGSpEKlJmX6zQ
+GkU0EtfBIO5GdnqwDDt4k/W3tdyDUP5Yuzsh7u0zfuuYUSzmxpLTIoWj9/HB6wV
+/m8hkGm9WYfzXFcdB96qo+ZhcC5DKPNxIIy6r4rXputJrxJFiIag2x5FW+pJRL5
H2zzikErbm9dUBQjq8JMCgRYuoVTMj7BfXgUKxOtocMHIJhLvJyvrpWB3aRUqdlY
PETjWztlLgh2xzaYtnM+rbUYOxOeahbbd/5+PJcTI243XauQh+NPE3fuUf10wgBe
PE95fGsfmP9lPyBzt74SFNTiHEOIaXawd9rK5Auc6lzH3sAj
-----END CERTIFICATE-----