Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/lPrZs3D91Gt-m6B9Dr3LWvP3o94.roa
File:                     lPrZs3D91Gt-m6B9Dr3LWvP3o94.roa (raw, json)
Hash identifier:          fhopXrhhREaGMI2tIGmpG5P4JKsz7B7bhwx1BvlGmtQ=
Subject key identifier:   94:FA:D9:B3:70:FD:D4:6B:7E:9B:A0:7D:0E:BD:CB:5A:F3:F7:A3:DE
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       0194266B068065627FF0227B32BA75D1F465
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/lPrZs3D91Gt-m6B9Dr3LWvP3o94.roa
Signing time:             Thu 02 Jan 2025 09:48:55 +0000
ROA not before:           Thu 02 Jan 2025 09:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51714
IP address blocks:        2a09:ff00:103::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:06:80:65:62:7f:f0:22:7b:32:ba:75:d1:f4:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Jan  2 09:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94fad9b370fdd46b7e9ba07d0ebdcb5af3f7a3de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:63:7e:46:7b:13:4b:e7:d9:cd:16:0d:da:8e:
                    e7:57:cd:12:54:53:f7:a5:87:c2:4a:2c:25:d6:d1:
                    2f:81:06:c6:d3:a9:03:06:9d:33:19:69:7a:ed:20:
                    51:b5:90:7f:90:7e:07:fc:09:ae:1f:af:e2:bb:9a:
                    ca:e9:1d:ee:e2:2d:07:4c:f3:9b:9a:0d:89:e6:3e:
                    72:8a:44:70:e6:39:58:79:1c:d8:0b:27:79:8e:9f:
                    96:d2:95:cb:d8:2e:eb:2a:87:ad:2e:5c:4a:1b:07:
                    2f:2a:c1:08:c3:b7:bb:79:da:cb:63:1a:0b:4f:76:
                    61:e1:f2:ad:77:77:70:9f:bb:2e:5d:e7:93:36:ed:
                    88:2a:3c:bc:4e:92:5b:c4:47:e3:44:48:19:71:76:
                    a2:e5:c5:fe:0e:ec:8a:e6:dc:81:e4:65:12:55:78:
                    5e:7f:97:7e:74:f5:b1:80:bc:37:67:c8:28:f6:25:
                    f1:21:16:52:65:39:22:9d:4e:97:7b:0f:4a:16:f4:
                    de:7f:34:20:11:54:1c:f4:dd:4b:46:ca:7a:20:94:
                    e5:59:00:2c:a1:18:37:c4:61:76:a3:9a:e7:8a:d2:
                    74:e2:90:14:7c:e8:96:e4:1b:39:78:b1:cc:ba:c2:
                    a6:83:cd:f7:e8:5b:37:6d:77:ab:82:b9:97:36:32:
                    ee:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:FA:D9:B3:70:FD:D4:6B:7E:9B:A0:7D:0E:BD:CB:5A:F3:F7:A3:DE
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/lPrZs3D91Gt-m6B9Dr3LWvP3o94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:ff00:103::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:89:3b:b0:39:eb:8c:50:22:0f:7e:30:eb:1f:1e:4b:50:47:
         ea:0d:70:f7:6a:e9:7e:2f:b5:5f:77:09:b5:56:31:6e:6c:4b:
         23:50:5a:25:72:d5:98:77:c7:40:3d:57:50:4a:c8:18:62:15:
         2c:0a:9b:3e:a0:02:0c:e8:c1:d7:5a:d4:06:6d:e4:c5:f8:8b:
         ae:8a:8b:b1:d7:83:c5:13:71:b2:5e:7a:0d:41:70:32:ec:d9:
         cb:a7:71:08:19:73:d0:4d:78:27:d4:f7:22:e4:23:ed:b5:d0:
         8a:18:1b:a9:41:84:c8:8c:aa:f2:49:19:7a:94:b3:3e:01:bb:
         3b:4e:be:ad:ac:22:2f:fe:7a:16:ce:75:19:f6:85:b4:c9:c4:
         3a:fa:0f:ae:71:23:55:cb:44:cc:f2:a7:60:8b:83:46:fc:1f:
         d7:55:25:67:ea:dc:b1:1d:fa:d9:25:d9:9d:e7:71:7e:fc:1f:
         66:76:31:3d:51:eb:ba:d1:e8:fc:26:5e:6e:ea:72:98:14:1f:
         a3:6b:35:e3:a5:99:f8:9c:45:5b:e4:33:6a:17:4f:05:88:36:
         15:f5:3e:25:4f:0f:1d:66:73:b0:33:b0:f8:2f:4b:43:72:f0:
         38:3c:f2:4f:89:0c:d0:b4:08:74:96:5f:96:2f:f6:0a:74:21:
         ed:95:c5:74
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQmawaAZWJ/8CJ7Mrp10fRlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjUwMTAyMDk0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGZhZDliMzcwZmRkNDZiN2U5YmEwN2QwZWJkY2I1YWYzZjdhM2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGN+RnsTS+fZzRYN2o7nV80SVFP3
pYfCSiwl1tEvgQbG06kDBp0zGWl67SBRtZB/kH4H/AmuH6/iu5rK6R3u4i0HTPOb
mg2J5j5yikRw5jlYeRzYCyd5jp+W0pXL2C7rKoetLlxKGwcvKsEIw7e7edrLYxoL
T3Zh4fKtd3dwn7suXeeTNu2IKjy8TpJbxEfjREgZcXai5cX+DuyK5tyB5GUSVXhe
f5d+dPWxgLw3Z8go9iXxIRZSZTkinU6Xew9KFvTefzQgEVQc9N1LRsp6IJTlWQAs
oRg3xGF2o5rnitJ04pAUfOiW5Bs5eLHMusKmg8336Fs3bXergrmXNjLulQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJT62bNw/dRrfpugfQ69y1rz96PeMB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvbFByWnMzRDkxR3QtbTZCOURyM0xXdlAzbzk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgn/AAED
MA0GCSqGSIb3DQEBCwUAA4IBAQAYiTuwOeuMUCIPfjDrHx5LUEfqDXD3aul+L7Vf
dwm1VjFubEsjUFolctWYd8dAPVdQSsgYYhUsCps+oAIM6MHXWtQGbeTF+Iuuioux
14PFE3GyXnoNQXAy7NnLp3EIGXPQTXgn1Pci5CPttdCKGBupQYTIjKrySRl6lLM+
Abs7Tr6trCIv/noWznUZ9oW0ycQ6+g+ucSNVy0TM8qdgi4NG/B/XVSVn6tyxHfrZ
Jdmd53F+/B9mdjE9Ueu60ej8Jl5u6nKYFB+jazXjpZn4nEVb5DNqF08FiDYV9T4l
Tw8dZnOwM7D4L0tDcvA4PPJPiQzQtAh0ll+WL/YKdCHtlcV0
-----END CERTIFICATE-----