Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/qILC_Pv0K7-ROV4CDhL6zSnDsio.roa
File:                     qILC_Pv0K7-ROV4CDhL6zSnDsio.roa (raw, json)
Hash identifier:          tV5WuqZJh0gjM0aw66Rwu52v2V+q3xkrQZsO/3MBrn0=
Subject key identifier:   A8:82:C2:FC:FB:F4:2B:BF:91:39:5E:02:0E:12:FA:CD:29:C3:B2:2A
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       0194321EFCBCC078F5BD2EF45BA9E6524517
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/qILC_Pv0K7-ROV4CDhL6zSnDsio.roa
Signing time:             Sat 04 Jan 2025 16:21:19 +0000
ROA not before:           Sat 04 Jan 2025 16:21:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198154
IP address blocks:        2a05:9080::/48 maxlen: 48
                          2a05:9080:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:32:1e:fc:bc:c0:78:f5:bd:2e:f4:5b:a9:e6:52:45:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Jan  4 16:21:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a882c2fcfbf42bbf91395e020e12facd29c3b22a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c3:4d:f3:68:03:fc:a8:d3:16:d9:27:d2:27:
                    c0:7e:fc:77:c4:f0:35:32:3e:d7:21:e0:d6:c9:48:
                    46:97:81:d2:39:4f:3b:4d:cd:82:ac:ba:14:4c:34:
                    b3:8d:67:3f:9a:70:33:42:79:99:90:67:3b:92:1d:
                    3f:ca:c1:0b:e9:c2:fd:c0:a1:4e:ec:82:97:d2:c5:
                    87:32:a7:ac:a3:a0:53:ca:ae:33:14:bf:28:98:d8:
                    77:84:b1:78:e9:56:a6:5d:37:cf:5d:7c:c9:ea:14:
                    d3:62:1a:5c:7d:f7:10:11:78:0d:fb:10:20:8e:f5:
                    4b:5b:41:d6:b3:e0:29:13:8b:16:69:c1:d1:6a:fb:
                    f8:78:79:7b:11:36:bf:57:c2:f1:2e:d9:a4:70:96:
                    d0:b7:e7:5d:76:35:e3:65:8b:6e:ce:15:11:61:8d:
                    0f:db:18:24:b6:cd:70:fc:08:0a:0e:1a:05:2f:e8:
                    ed:f7:b5:95:83:e2:59:a3:f4:04:f2:20:ed:80:a7:
                    c4:1d:e0:9e:0c:03:c7:37:6d:29:ed:9f:87:b4:c6:
                    59:2a:73:b5:3d:b7:e0:08:77:48:0d:c4:a3:6d:f0:
                    7e:59:5d:c8:b1:f8:04:03:56:da:76:f9:9b:d9:2b:
                    d3:7d:78:02:88:a5:7d:b4:8a:2d:d2:50:cf:15:9d:
                    9f:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:82:C2:FC:FB:F4:2B:BF:91:39:5E:02:0E:12:FA:CD:29:C3:B2:2A
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/qILC_Pv0K7-ROV4CDhL6zSnDsio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9080::/48
                  2a05:9080:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:25:6c:b6:8f:e8:8c:82:3d:7d:0a:c8:6e:e1:d1:ed:ca:66:
         da:48:32:59:45:76:8d:03:ec:6b:84:8e:66:63:01:47:c8:db:
         20:55:a7:b3:b7:97:11:6c:68:54:04:9b:9e:38:06:38:8d:52:
         6e:59:77:d9:79:19:d1:b3:6f:52:e8:6a:6b:a9:b6:f6:66:ea:
         4e:05:1a:29:4f:a8:af:e6:01:57:38:4a:60:63:62:2a:e9:ca:
         97:56:f4:85:10:9d:e8:45:99:d2:8d:91:02:3b:34:35:8c:d6:
         92:15:10:cc:6b:aa:3a:02:0e:29:c9:fb:75:e4:dd:c2:5a:4c:
         16:a6:1c:95:e4:dd:26:71:46:e9:e8:2b:03:3c:d0:c1:ba:23:
         05:08:df:d0:b2:74:8e:13:42:03:cf:bb:fd:de:cd:6c:59:53:
         4a:53:ff:67:9a:07:04:a0:a4:e7:34:e8:65:f8:9e:45:5b:80:
         2b:38:b0:b9:42:62:74:1a:80:32:89:0c:b3:8c:24:39:14:15:
         89:0e:95:a6:43:55:c0:39:ba:8c:3a:d0:38:65:1c:1b:0b:7c:
         51:27:e0:c7:d3:07:36:66:34:49:eb:53:01:67:e0:98:07:ed:
         e5:ea:f4:e1:97:c2:68:d4:6a:5d:fd:ec:d8:28:4e:3c:6e:34:
         4e:6b:ac:d9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQyHvy8wHj1vS70W6nmUkUXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjUwMTA0MTYyMTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODgyYzJmY2ZiZjQyYmJmOTEzOTVlMDIwZTEyZmFjZDI5YzNiMjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MNN82gD/KjTFtkn0ifAfvx3xPA1
Mj7XIeDWyUhGl4HSOU87Tc2CrLoUTDSzjWc/mnAzQnmZkGc7kh0/ysEL6cL9wKFO
7IKX0sWHMqeso6BTyq4zFL8omNh3hLF46VamXTfPXXzJ6hTTYhpcffcQEXgN+xAg
jvVLW0HWs+ApE4sWacHRavv4eHl7ETa/V8LxLtmkcJbQt+dddjXjZYtuzhURYY0P
2xgkts1w/AgKDhoFL+jt97WVg+JZo/QE8iDtgKfEHeCeDAPHN20p7Z+HtMZZKnO1
PbfgCHdIDcSjbfB+WV3IsfgEA1badvmb2SvTfXgCiKV9tIot0lDPFZ2fqwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKiCwvz79Cu/kTleAg4S+s0pw7IqMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvcUlMQ19QdjBLNy1ST1Y0Q0RoTDZ6U25Ec2lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgWQgAAA
AwcAKgWQgAAEMA0GCSqGSIb3DQEBCwUAA4IBAQAgJWy2j+iMgj19Cshu4dHtymba
SDJZRXaNA+xrhI5mYwFHyNsgVaezt5cRbGhUBJueOAY4jVJuWXfZeRnRs29S6Gpr
qbb2ZupOBRopT6iv5gFXOEpgY2Iq6cqXVvSFEJ3oRZnSjZECOzQ1jNaSFRDMa6o6
Ag4pyft15N3CWkwWphyV5N0mcUbp6CsDPNDBuiMFCN/QsnSOE0IDz7v93s1sWVNK
U/9nmgcEoKTnNOhl+J5FW4ArOLC5QmJ0GoAyiQyzjCQ5FBWJDpWmQ1XAObqMOtA4
ZRwbC3xRJ+DH0wc2ZjRJ61MBZ+CYB+3l6vThl8Jo1Gpd/ezYKE48bjROa6zZ
-----END CERTIFICATE-----