Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/lCAntpV3Puug9eCtgagQuIkxOkk.roa
File:                     lCAntpV3Puug9eCtgagQuIkxOkk.roa (raw, json)
Hash identifier:          Dfdd9Vbsr3JXtzS/5wXqKvxVfHrr1H8kKXKW+IQNi8s=
Subject key identifier:   94:20:27:B6:95:77:3E:EB:A0:F5:E0:AD:81:A8:10:B8:89:31:3A:49
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       01960127888EE243BCD2F3E43F8EDF2B0992
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/lCAntpV3Puug9eCtgagQuIkxOkk.roa
Signing time:             Fri 04 Apr 2025 14:14:50 +0000
ROA not before:           Fri 04 Apr 2025 14:14:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49505
IP address blocks:        2a0e:13c5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:01:27:88:8e:e2:43:bc:d2:f3:e4:3f:8e:df:2b:09:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Apr  4 14:14:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=942027b695773eeba0f5e0ad81a810b889313a49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:25:f9:60:76:6b:3e:50:74:f3:c2:12:3e:5e:
                    e0:7a:be:3c:8b:6b:33:ef:e3:5a:9d:58:57:72:39:
                    05:09:ec:c4:c8:b6:d1:f1:70:e2:2c:0d:8a:39:6a:
                    e0:2c:78:05:75:b7:12:44:30:f0:6d:9c:bc:ec:da:
                    e0:57:10:e6:ee:6c:40:7e:99:40:31:d2:a6:3d:06:
                    9a:ec:60:fb:da:7f:b6:9a:79:0e:6f:7f:29:7a:8f:
                    70:3f:72:83:a1:e6:74:f3:ab:41:25:45:21:55:5b:
                    91:23:c6:6e:c3:1a:7d:a7:57:3c:54:39:13:06:d6:
                    b9:df:28:86:8e:8f:08:c9:54:3f:de:ae:15:11:4b:
                    ec:82:37:43:c6:b2:4f:93:5a:26:ef:b3:79:5f:d2:
                    85:3a:e0:d7:cc:87:df:12:be:fc:71:d4:40:8e:23:
                    2a:3a:11:5d:d2:f6:cd:9c:1c:46:a3:2a:73:c3:7e:
                    69:1e:1c:33:69:5f:5f:04:b2:7d:d0:a6:a8:23:83:
                    c9:f4:d7:c9:cf:6a:16:70:70:a9:1b:fa:67:32:72:
                    95:8b:1a:1f:38:bd:72:a5:e6:87:b6:ca:8c:20:2d:
                    0f:75:a8:17:35:ce:2c:37:20:78:a1:3d:46:e3:9b:
                    d5:85:09:50:ca:0f:0a:b8:c5:b9:ed:30:66:c6:89:
                    21:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:20:27:B6:95:77:3E:EB:A0:F5:E0:AD:81:A8:10:B8:89:31:3A:49
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/lCAntpV3Puug9eCtgagQuIkxOkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:13c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:f6:a2:68:6c:44:02:31:e8:5a:e5:9a:99:7b:cf:3e:77:93:
         bf:fc:d6:be:bc:01:6b:06:7c:85:cc:4f:63:8f:31:0c:3a:b3:
         8d:89:b2:be:e3:be:78:22:55:5c:d3:9b:0e:f5:5a:8d:a6:e8:
         9e:98:63:af:20:ff:ac:c6:35:aa:4c:04:d0:ca:74:14:6f:64:
         b6:75:b6:1c:46:5b:3d:99:22:a3:98:8c:3e:5f:54:f6:ff:64:
         ab:2e:6b:96:c5:1f:dc:bd:92:84:36:92:ca:a6:6b:31:b8:66:
         e9:96:c2:65:ab:f1:e2:9f:95:1e:2c:6e:5a:33:0b:53:09:95:
         ff:22:40:67:26:99:87:01:4d:01:7b:9e:39:2f:94:e2:10:0d:
         11:4d:49:4e:bb:03:35:6b:f0:13:59:57:b0:1a:6b:33:8b:44:
         bf:b1:5c:c8:13:b1:a0:7f:1a:48:80:03:07:2e:ee:4e:f4:5f:
         30:65:8c:11:3f:ae:01:6f:e6:0a:69:fb:25:7d:d6:30:99:a7:
         e6:05:0d:a0:70:7f:48:7f:f1:7f:51:09:ea:f4:ce:44:1f:a8:
         48:6f:49:41:00:d0:42:94:f7:46:80:c4:9b:82:69:23:c3:90:
         06:be:ad:d5:b0:5f:61:bd:11:c0:70:f6:c4:2f:63:73:14:be:
         63:05:1c:54
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZYBJ4iO4kO80vPkP47fKwmSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNDA0MTQxNDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDIwMjdiNjk1NzczZWViYTBmNWUwYWQ4MWE4MTBiODg5MzEzYTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2yX5YHZrPlB088ISPl7ger48i2sz
7+NanVhXcjkFCezEyLbR8XDiLA2KOWrgLHgFdbcSRDDwbZy87NrgVxDm7mxAfplA
MdKmPQaa7GD72n+2mnkOb38peo9wP3KDoeZ086tBJUUhVVuRI8Zuwxp9p1c8VDkT
Bta53yiGjo8IyVQ/3q4VEUvsgjdDxrJPk1om77N5X9KFOuDXzIffEr78cdRAjiMq
OhFd0vbNnBxGoypzw35pHhwzaV9fBLJ90KaoI4PJ9NfJz2oWcHCpG/pnMnKVixof
OL1ypeaHtsqMIC0PdagXNc4sNyB4oT1G45vVhQlQyg8KuMW57TBmxokh6QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJQgJ7aVdz7roPXgrYGoELiJMTpJMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvbENBbnRwVjNQdXVnOWVDdGdhZ1F1SWt4T2trLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg4TxTAN
BgkqhkiG9w0BAQsFAAOCAQEAEfaiaGxEAjHoWuWamXvPPneTv/zWvrwBawZ8hcxP
Y48xDDqzjYmyvuO+eCJVXNObDvVajabonphjryD/rMY1qkwE0Mp0FG9ktnW2HEZb
PZkio5iMPl9U9v9kqy5rlsUf3L2ShDaSyqZrMbhm6ZbCZavx4p+VHixuWjMLUwmV
/yJAZyaZhwFNAXueOS+U4hANEU1JTrsDNWvwE1lXsBprM4tEv7FcyBOxoH8aSIAD
By7uTvRfMGWMET+uAW/mCmn7JX3WMJmn5gUNoHB/SH/xf1EJ6vTORB+oSG9JQQDQ
QpT3RoDEm4JpI8OQBr6t1bBfYb0RwHD2xC9jcxS+YwUcVA==
-----END CERTIFICATE-----