Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/Komd5Ms6qIcTUPazhp2KYBREj_I.roa
File:                     Komd5Ms6qIcTUPazhp2KYBREj_I.roa (raw, json)
Hash identifier:          CnW97+An2rd0iCGWkOmUW+VoUsOuuzcBgbeTYXyF6OA=
Subject key identifier:   2A:89:9D:E4:CB:3A:A8:87:13:50:F6:B3:86:9D:8A:60:14:44:8F:F2
Certificate issuer:       /CN=7021d7528be713a4ba2cb4db5e58d64d882eb555
Certificate serial:       0194266B32D6E6E19E552D4BFA6265630B18
Authority key identifier: 70:21:D7:52:8B:E7:13:A4:BA:2C:B4:DB:5E:58:D6:4D:88:2E:B5:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cCHXUovnE6S6LLTbXljWTYgutVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/Komd5Ms6qIcTUPazhp2KYBREj_I.roa
Signing time:             Thu 02 Jan 2025 09:49:06 +0000
ROA not before:           Thu 02 Jan 2025 09:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50225
IP address blocks:        2a0f:bf02::/32 maxlen: 32
                          2a0f:bf03::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/cCHXUovnE6S6LLTbXljWTYgutVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/cCHXUovnE6S6LLTbXljWTYgutVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cCHXUovnE6S6LLTbXljWTYgutVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:32:d6:e6:e1:9e:55:2d:4b:fa:62:65:63:0b:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7021d7528be713a4ba2cb4db5e58d64d882eb555
        Validity
            Not Before: Jan  2 09:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a899de4cb3aa8871350f6b3869d8a6014448ff2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:8c:58:47:8a:18:db:a1:52:a0:2e:d4:c7:1a:
                    5f:77:6c:63:0c:be:4a:6f:0f:3e:18:dc:7f:d9:37:
                    2d:cc:32:bb:68:7e:10:bd:54:06:65:0a:b1:06:bc:
                    9a:e7:0e:cb:09:d5:f8:4f:7d:5e:00:21:ca:72:46:
                    d6:c1:5b:4e:1f:35:46:48:8b:3b:60:e8:c0:f9:49:
                    f4:4d:8d:23:a6:89:2b:a0:80:b4:8f:59:9f:49:c0:
                    d3:ea:1e:ae:3e:db:cc:8b:a3:96:f8:b0:58:f4:de:
                    c2:25:72:a3:c1:11:9e:cf:40:72:26:53:71:6a:10:
                    81:c1:d0:cc:39:af:24:4e:34:e7:23:e6:3a:59:47:
                    f0:81:ed:8c:a7:e4:2a:95:c9:0f:a3:20:d6:a7:63:
                    6c:18:bc:01:54:ad:7b:91:19:e1:44:38:81:df:4d:
                    e3:9b:4e:f9:80:82:17:17:80:e8:a4:40:29:0d:57:
                    10:30:f1:69:0b:80:be:a6:87:8e:7f:b4:a9:e0:53:
                    e5:ae:47:0d:d1:54:cc:ee:d1:7c:af:a9:63:81:c8:
                    f6:41:85:4d:17:74:d7:59:ff:9f:8c:67:a6:ec:64:
                    5c:9c:83:1c:f9:9e:d5:d0:62:f8:1c:7f:b9:74:ff:
                    b9:75:d9:64:b2:b1:e6:63:82:2c:63:be:42:50:4a:
                    26:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:89:9D:E4:CB:3A:A8:87:13:50:F6:B3:86:9D:8A:60:14:44:8F:F2
            X509v3 Authority Key Identifier:
                keyid:70:21:D7:52:8B:E7:13:A4:BA:2C:B4:DB:5E:58:D6:4D:88:2E:B5:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cCHXUovnE6S6LLTbXljWTYgutVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/Komd5Ms6qIcTUPazhp2KYBREj_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/cCHXUovnE6S6LLTbXljWTYgutVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:bf02::/31

    Signature Algorithm: sha256WithRSAEncryption
         89:73:1e:4c:f8:60:0d:21:3b:33:be:d3:45:7b:93:30:09:2b:
         7e:59:53:d7:06:36:d7:78:80:45:fe:00:4e:d7:06:4a:ea:38:
         ea:59:05:5a:1a:37:32:3b:cb:44:47:7d:0f:48:a9:45:4c:71:
         a6:28:ad:59:d1:90:0b:d7:e7:57:90:d6:33:64:a4:b7:86:2f:
         7f:33:43:5e:09:a0:1a:42:22:06:9f:01:01:b7:c6:03:6f:5d:
         88:6f:06:e7:4c:02:80:3a:25:17:b5:55:0f:ca:47:4b:ef:9b:
         e7:20:2f:dc:e6:52:49:7c:85:7c:de:ea:a2:d4:77:21:a4:ee:
         03:8d:6f:aa:95:ae:06:82:54:50:ca:f1:e9:e8:41:69:a1:58:
         ad:ed:00:e2:17:0f:bb:80:07:48:3f:9b:85:e1:12:21:d2:7e:
         2d:30:e3:16:bc:3c:e4:ee:42:1d:e0:0d:ae:e9:a0:59:0b:d0:
         e2:ad:b8:65:f1:66:24:f3:0e:40:af:5d:41:40:5c:4a:2e:6a:
         1f:9e:a5:fe:f2:f8:05:cc:0b:b4:09:be:7f:5b:8c:33:3b:07:
         c4:ad:b0:f2:6d:79:3d:62:2d:06:bb:ad:9d:5f:f3:1a:84:6e:
         4c:40:6b:5c:f0:4a:0d:44:8d:43:e5:11:31:fb:ad:f4:c0:81:
         f1:87:9e:97
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQmazLW5uGeVS1L+mJlYwsYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMjFkNzUyOGJlNzEzYTRiYTJjYjRkYjVlNThkNjRkODgy
ZWI1NTUwHhcNMjUwMTAyMDk0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTg5OWRlNGNiM2FhODg3MTM1MGY2YjM4NjlkOGE2MDE0NDQ4ZmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYxYR4oY26FSoC7Uxxpfd2xjDL5K
bw8+GNx/2TctzDK7aH4QvVQGZQqxBrya5w7LCdX4T31eACHKckbWwVtOHzVGSIs7
YOjA+Un0TY0jpokroIC0j1mfScDT6h6uPtvMi6OW+LBY9N7CJXKjwRGez0ByJlNx
ahCBwdDMOa8kTjTnI+Y6WUfwge2Mp+QqlckPoyDWp2NsGLwBVK17kRnhRDiB303j
m075gIIXF4DopEApDVcQMPFpC4C+poeOf7Sp4FPlrkcN0VTM7tF8r6ljgcj2QYVN
F3TXWf+fjGem7GRcnIMc+Z7V0GL4HH+5dP+5ddlksrHmY4IsY75CUEom4wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCqJneTLOqiHE1D2s4adimAURI/yMB8GA1UdIwQY
MBaAFHAh11KL5xOkuiy0215Y1k2ILrVVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0NIWFVvdm5FNlM2TExUYlhsaldUWWd1dFZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8wMWIwYzAtMWI4Ny00ZDZmLTllOTAt
OTI4MWYwZDIzZGJmLzEvS29tZDVNczZxSWNUVVBhemhwMktZQlJFal9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8wMWIwYzAtMWI4Ny00ZDZmLTllOTAtOTI4MWYwZDIzZGJm
LzEvY0NIWFVvdm5FNlM2TExUYlhsaldUWWd1dFZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKg+/AjAN
BgkqhkiG9w0BAQsFAAOCAQEAiXMeTPhgDSE7M77TRXuTMAkrfllT1wY213iARf4A
TtcGSuo46lkFWho3MjvLREd9D0ipRUxxpiitWdGQC9fnV5DWM2Skt4YvfzNDXgmg
GkIiBp8BAbfGA29diG8G50wCgDolF7VVD8pHS++b5yAv3OZSSXyFfN7qotR3IaTu
A41vqpWuBoJUUMrx6ehBaaFYre0A4hcPu4AHSD+bheESIdJ+LTDjFrw85O5CHeAN
rumgWQvQ4q24ZfFmJPMOQK9dQUBcSi5qH56l/vL4BcwLtAm+f1uMMzsHxK2w8m15
PWItBrutnV/zGoRuTEBrXPBKDUSNQ+URMfut9MCB8Yeelw==
-----END CERTIFICATE-----