Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/kYOzNphxQuuMN-KEH5LcxfVfKho.roa
File:                     kYOzNphxQuuMN-KEH5LcxfVfKho.roa (raw, json)
Hash identifier:          ZqTwzdBEFFNTdg6mPtQfwSsq0u9CJRd378DWfNVX+no=
Subject key identifier:   91:83:B3:36:98:71:42:EB:8C:37:E2:84:1F:92:DC:C5:F5:5F:2A:1A
Certificate issuer:       /CN=8452b03e1b01709638940d9592983cde77ecab77
Certificate serial:       01942369AFDCEFFF52C48B5E450C8C3A1F16
Authority key identifier: 84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/kYOzNphxQuuMN-KEH5LcxfVfKho.roa
Signing time:             Wed 01 Jan 2025 19:48:36 +0000
ROA not before:           Wed 01 Jan 2025 19:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42350
IP address blocks:        2a02:2000:3c8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:af:dc:ef:ff:52:c4:8b:5e:45:0c:8c:3a:1f:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8452b03e1b01709638940d9592983cde77ecab77
        Validity
            Not Before: Jan  1 19:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9183b336987142eb8c37e2841f92dcc5f55f2a1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:d4:17:87:19:af:fd:57:a1:a0:d8:4b:3c:c2:
                    86:7f:63:20:33:d2:69:50:16:d9:2e:8a:b7:1f:12:
                    8f:2d:cd:9f:83:62:9c:f2:ee:eb:de:c6:bf:b6:0f:
                    35:61:5f:ad:6c:d8:fb:f9:5f:21:ab:e9:0b:81:d9:
                    31:54:82:e0:7b:77:ac:6e:20:72:a0:3f:62:7a:63:
                    62:64:e1:19:d5:07:66:34:b3:41:ac:ac:64:51:74:
                    00:34:5e:e9:93:bf:6a:7a:99:d0:6c:c0:d1:d9:ff:
                    ba:a8:bb:ad:37:6d:c7:00:5c:45:36:b9:f5:68:db:
                    71:ae:04:a6:f0:a5:df:3d:0c:5f:f7:67:a4:b4:66:
                    b9:17:0b:61:4f:50:f7:af:97:6b:af:9f:81:3c:2f:
                    c7:be:2c:94:d1:22:49:fd:a0:2c:d1:8c:38:16:fe:
                    12:f3:21:92:88:38:8b:95:16:06:01:1b:0f:4a:7e:
                    2e:71:97:36:e0:66:ba:3d:57:07:19:80:17:57:92:
                    80:c3:7c:db:87:c2:20:e2:c6:32:41:b5:4d:6f:64:
                    51:21:8a:c7:38:7f:f0:f2:f3:5b:f4:d5:4f:db:d0:
                    dc:51:79:93:ae:d0:bf:e6:97:a5:6b:3c:53:b8:94:
                    bf:43:25:90:2a:5c:8a:b5:7d:0b:03:a9:b4:f6:9b:
                    27:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:83:B3:36:98:71:42:EB:8C:37:E2:84:1F:92:DC:C5:F5:5F:2A:1A
            X509v3 Authority Key Identifier:
                keyid:84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/kYOzNphxQuuMN-KEH5LcxfVfKho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2000:3c8::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:28:ef:0f:15:d7:b4:a9:b2:42:2b:9f:98:7d:e3:58:41:2c:
         da:2e:6b:50:e1:af:00:1d:2e:15:9c:24:88:bc:8c:c8:32:75:
         81:e0:30:ce:94:0a:56:f3:7e:8c:b2:5e:25:f6:7b:f5:b0:54:
         c9:b8:c3:1c:0f:4e:0b:3c:57:e8:f6:da:ac:1b:e0:46:5c:df:
         20:db:e5:24:8a:d0:25:fe:68:f0:96:e2:7c:69:3e:bc:50:e4:
         8b:d6:84:0b:bd:33:ce:5b:f8:b2:3d:c4:1f:b3:57:c4:d9:07:
         19:36:d9:d3:84:71:0e:30:fa:68:fd:86:39:1a:67:c2:d0:7c:
         bf:d0:bc:86:c7:2a:3e:6c:1d:99:de:93:31:ed:7b:f3:bf:0f:
         c7:a0:fb:b7:75:83:30:e7:55:66:69:d1:82:af:e1:41:98:59:
         29:06:48:b2:22:76:7e:94:5d:0a:29:d8:ca:74:fc:ac:b7:54:
         30:6c:6c:b9:85:90:4b:58:c5:72:03:82:54:a7:80:55:ff:8f:
         e0:c2:0a:06:2b:70:5d:f0:c9:79:38:bb:b2:63:f8:13:08:99:
         e2:26:f9:ab:1a:32:a2:83:52:79:05:8e:d3:fb:96:b4:8f:02:
         a3:c6:ba:9f:e1:5e:49:6b:56:d8:f1:a5:fb:ed:5c:c1:26:9f:
         c3:81:04:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjaa/c7/9SxIteRQyMOh8WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NTJiMDNlMWIwMTcwOTYzODk0MGQ5NTkyOTgzY2RlNzdl
Y2FiNzcwHhcNMjUwMTAxMTk0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTgzYjMzNjk4NzE0MmViOGMzN2UyODQxZjkyZGNjNWY1NWYyYTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9QXhxmv/VehoNhLPMKGf2MgM9Jp
UBbZLoq3HxKPLc2fg2Kc8u7r3sa/tg81YV+tbNj7+V8hq+kLgdkxVILge3esbiBy
oD9iemNiZOEZ1QdmNLNBrKxkUXQANF7pk79qepnQbMDR2f+6qLutN23HAFxFNrn1
aNtxrgSm8KXfPQxf92ektGa5FwthT1D3r5drr5+BPC/HviyU0SJJ/aAs0Yw4Fv4S
8yGSiDiLlRYGARsPSn4ucZc24Ga6PVcHGYAXV5KAw3zbh8Ig4sYyQbVNb2RRIYrH
OH/w8vNb9NVP29DcUXmTrtC/5pelazxTuJS/QyWQKlyKtX0LA6m09psnIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJGDszaYcULrjDfihB+S3MX1XyoaMB8GA1UdIwQY
MBaAFIRSsD4bAXCWOJQNlZKYPN537Kt3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQt
MjAwZmMyNzRjYjAxLzEva1lPek5waHhRdXVNTi1LRUg1TGN4ZlZmS2hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQtMjAwZmMyNzRjYjAx
LzEvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIgAAPI
MA0GCSqGSIb3DQEBCwUAA4IBAQBdKO8PFde0qbJCK5+YfeNYQSzaLmtQ4a8AHS4V
nCSIvIzIMnWB4DDOlApW836Msl4l9nv1sFTJuMMcD04LPFfo9tqsG+BGXN8g2+Uk
itAl/mjwluJ8aT68UOSL1oQLvTPOW/iyPcQfs1fE2QcZNtnThHEOMPpo/YY5GmfC
0Hy/0LyGxyo+bB2Z3pMx7Xvzvw/HoPu3dYMw51VmadGCr+FBmFkpBkiyInZ+lF0K
KdjKdPyst1QwbGy5hZBLWMVyA4JUp4BV/4/gwgoGK3Bd8Ml5OLuyY/gTCJniJvmr
GjKig1J5BY7T+5a0jwKjxrqf4V5Ja1bY8aX77VzBJp/DgQQs
-----END CERTIFICATE-----