Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/X9-z3qhXpej4BCNHXlOlwIoxiSI.roa
File:                     X9-z3qhXpej4BCNHXlOlwIoxiSI.roa (raw, json)
Hash identifier:          +XeMFApgKN+wHjuGvI8Wb1xE1s+7UuhIUkYxW35SfdA=
Subject key identifier:   5F:DF:B3:DE:A8:57:A5:E8:F8:04:23:47:5E:53:A5:C0:8A:31:89:22
Certificate issuer:       /CN=3a0429b5aecac8364544bf623f94f163afdce561
Certificate serial:       019427B6444C78E37703F026D39B9D98BD69
Authority key identifier: 3A:04:29:B5:AE:CA:C8:36:45:44:BF:62:3F:94:F1:63:AF:DC:E5:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgQpta7KyDZFRL9iP5TxY6_c5WE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/X9-z3qhXpej4BCNHXlOlwIoxiSI.roa
Signing time:             Thu 02 Jan 2025 15:50:43 +0000
ROA not before:           Thu 02 Jan 2025 15:50:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197938
IP address blocks:        2a04:e540::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/OgQpta7KyDZFRL9iP5TxY6_c5WE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/OgQpta7KyDZFRL9iP5TxY6_c5WE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgQpta7KyDZFRL9iP5TxY6_c5WE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:44:4c:78:e3:77:03:f0:26:d3:9b:9d:98:bd:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0429b5aecac8364544bf623f94f163afdce561
        Validity
            Not Before: Jan  2 15:50:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fdfb3dea857a5e8f80423475e53a5c08a318922
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:fc:85:45:97:06:0f:dd:e3:6f:26:3e:9e:81:
                    6c:da:64:b5:6b:35:3b:8e:7e:91:2b:2b:7e:76:90:
                    77:fa:0b:9a:ce:01:cb:de:58:b7:b6:65:4a:66:aa:
                    38:a8:60:3d:64:80:39:ec:f7:27:2b:9a:d5:81:c4:
                    33:0a:d9:f6:9e:f6:6a:b1:a2:03:c3:99:64:94:d9:
                    03:fc:df:19:55:2d:6d:40:d8:e9:b3:f0:01:f3:c6:
                    92:60:aa:3a:27:94:be:1b:ff:a6:a7:32:88:be:42:
                    01:f5:94:69:80:47:ba:1c:54:3a:d7:5f:76:5c:ff:
                    38:b6:b7:bb:7f:70:d2:5d:38:07:f9:7f:af:68:2b:
                    52:ef:fa:dd:70:59:a1:76:75:f0:95:1d:cb:6d:67:
                    31:ab:c7:ad:b0:da:f9:3b:07:bf:48:a9:2c:f6:f0:
                    19:fd:e0:ea:3c:c8:b6:89:9f:96:4b:92:3b:c2:9d:
                    ec:4e:ab:b7:fa:69:f6:8b:f2:cd:ef:3e:02:76:f8:
                    79:92:2b:2c:87:5d:fe:b1:9b:97:be:fa:6e:ad:41:
                    67:6d:65:c4:05:eb:a7:68:db:4b:f4:d8:99:af:2d:
                    b0:65:47:b3:c4:65:db:88:df:23:90:51:bb:e7:44:
                    b3:d6:34:e5:e0:c4:f9:b3:b4:6d:9e:7c:76:8c:7b:
                    81:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:DF:B3:DE:A8:57:A5:E8:F8:04:23:47:5E:53:A5:C0:8A:31:89:22
            X509v3 Authority Key Identifier:
                keyid:3A:04:29:B5:AE:CA:C8:36:45:44:BF:62:3F:94:F1:63:AF:DC:E5:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgQpta7KyDZFRL9iP5TxY6_c5WE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/X9-z3qhXpej4BCNHXlOlwIoxiSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/OgQpta7KyDZFRL9iP5TxY6_c5WE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:e540::/32

    Signature Algorithm: sha256WithRSAEncryption
         36:4c:1a:a9:cb:8b:93:07:41:8f:c1:33:99:b0:14:4f:38:58:
         06:d5:e7:9d:d3:fb:ee:85:9e:21:6f:32:02:d2:b2:a3:96:bb:
         bc:92:74:e1:18:82:ef:3d:70:96:fb:e1:96:f8:e7:80:63:0e:
         df:f7:6a:e5:67:03:cc:81:4a:c3:37:28:ba:4a:42:b2:9c:b7:
         24:f4:0b:4a:82:be:26:80:02:9a:46:08:c3:ac:db:d7:ae:37:
         21:94:af:45:1f:2c:30:de:ba:73:ac:db:9e:48:6d:73:31:c7:
         45:8a:e7:ab:e0:e6:31:7b:16:de:c4:0d:08:84:e3:47:9d:19:
         f0:b0:b2:b3:5b:5c:9e:01:c1:1e:80:0e:d7:ed:0d:4c:8c:62:
         a8:16:29:cd:fb:d7:4c:3f:2d:99:d2:8a:e2:76:59:f8:88:60:
         6f:38:69:6a:4c:ac:6c:e9:df:49:a2:3a:f9:9b:09:24:03:ab:
         40:42:69:5d:6f:e9:ba:60:97:13:8c:cf:51:98:8a:b7:90:59:
         33:d3:81:ab:e9:e0:16:91:02:3b:c1:76:ee:e8:11:86:ba:3d:
         90:fa:00:0b:e3:94:44:a2:94:d2:eb:2d:19:b8:71:0a:a0:7a:
         54:e0:ea:8f:bb:73:02:21:46:12:67:fe:f0:77:0d:2d:44:bb:
         16:99:12:0f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQntkRMeON3A/Am05udmL1pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDQyOWI1YWVjYWM4MzY0NTQ0YmY2MjNmOTRmMTYzYWZk
Y2U1NjEwHhcNMjUwMTAyMTU1MDQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmRmYjNkZWE4NTdhNWU4ZjgwNDIzNDc1ZTUzYTVjMDhhMzE4OTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfyFRZcGD93jbyY+noFs2mS1azU7
jn6RKyt+dpB3+guazgHL3li3tmVKZqo4qGA9ZIA57PcnK5rVgcQzCtn2nvZqsaID
w5lklNkD/N8ZVS1tQNjps/AB88aSYKo6J5S+G/+mpzKIvkIB9ZRpgEe6HFQ61192
XP84tre7f3DSXTgH+X+vaCtS7/rdcFmhdnXwlR3LbWcxq8etsNr5Owe/SKks9vAZ
/eDqPMi2iZ+WS5I7wp3sTqu3+mn2i/LN7z4Cdvh5kissh13+sZuXvvpurUFnbWXE
BeunaNtL9NiZry2wZUezxGXbiN8jkFG750Sz1jTl4MT5s7Rtnnx2jHuBFwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFF/fs96oV6Xo+AQjR15TpcCKMYkiMB8GA1UdIwQY
MBaAFDoEKbWuysg2RUS/Yj+U8WOv3OVhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dRcHRhN0t5RFpGUkw5aVA1VHhZNl9jNVdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9mYjkyMTUtZDFkMS00N2MyLWFjODEt
ODQ3MTJjOWYzNDY0LzEvWDktejNxaFhwZWo0QkNOSFhsT2x3SW94aVNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9mYjkyMTUtZDFkMS00N2MyLWFjODEtODQ3MTJjOWYzNDY0
LzEvT2dRcHRhN0t5RFpGUkw5aVA1VHhZNl9jNVdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgTlQDAN
BgkqhkiG9w0BAQsFAAOCAQEANkwaqcuLkwdBj8EzmbAUTzhYBtXnndP77oWeIW8y
AtKyo5a7vJJ04RiC7z1wlvvhlvjngGMO3/dq5WcDzIFKwzcoukpCspy3JPQLSoK+
JoACmkYIw6zb1643IZSvRR8sMN66c6zbnkhtczHHRYrnq+DmMXsW3sQNCITjR50Z
8LCys1tcngHBHoAO1+0NTIxiqBYpzfvXTD8tmdKK4nZZ+IhgbzhpakysbOnfSaI6
+ZsJJAOrQEJpXW/pumCXE4zPUZiKt5BZM9OBq+ngFpECO8F27ugRhro9kPoAC+OU
RKKU0ustGbhxCqB6VODqj7tzAiFGEmf+8HcNLUS7FpkSDw==
-----END CERTIFICATE-----