Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/bfb27a-f005-48cb-9473-ffb2ef4bfe25/1/KV_nG_kmH633ZUe-9L97LnA29yw.roa
File:                     KV_nG_kmH633ZUe-9L97LnA29yw.roa (raw, json)
Hash identifier:          sb05Z/GuWAjUIqo0R3Yca51uKGMc6MwqIkHeJF92vO8=
Subject key identifier:   29:5F:E7:1B:F9:26:1F:AD:F7:65:47:BE:F4:BF:7B:2E:70:36:F7:2C
Certificate issuer:       /CN=ff597b40c6d4469f9b914a78dc8ec439323b0fb8
Certificate serial:       019424B2AE0AF61D9BAAD9ACED0E56FB0A23
Authority key identifier: FF:59:7B:40:C6:D4:46:9F:9B:91:4A:78:DC:8E:C4:39:32:3B:0F:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_1l7QMbURp-bkUp43I7EOTI7D7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/bfb27a-f005-48cb-9473-ffb2ef4bfe25/1/KV_nG_kmH633ZUe-9L97LnA29yw.roa
Signing time:             Thu 02 Jan 2025 01:47:56 +0000
ROA not before:           Thu 02 Jan 2025 01:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0b:4581::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/bfb27a-f005-48cb-9473-ffb2ef4bfe25/1/_1l7QMbURp-bkUp43I7EOTI7D7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/bfb27a-f005-48cb-9473-ffb2ef4bfe25/1/_1l7QMbURp-bkUp43I7EOTI7D7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_1l7QMbURp-bkUp43I7EOTI7D7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:ae:0a:f6:1d:9b:aa:d9:ac:ed:0e:56:fb:0a:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff597b40c6d4469f9b914a78dc8ec439323b0fb8
        Validity
            Not Before: Jan  2 01:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=295fe71bf9261fadf76547bef4bf7b2e7036f72c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b1:fd:e3:9c:84:01:90:55:4f:88:2f:38:7b:
                    bd:46:d4:bf:31:77:d2:6b:7f:1a:d4:79:0b:e0:8d:
                    78:c5:71:64:c5:3e:58:c7:fc:a5:00:ae:67:48:87:
                    a3:90:49:48:65:ed:90:d1:71:a2:a6:a2:8b:f6:4d:
                    5d:cf:30:5e:30:ed:b1:61:9b:7a:4f:32:fb:6a:06:
                    0b:d9:61:82:ed:e5:bb:35:53:f2:a6:10:48:5a:ce:
                    a7:dc:60:3a:4d:17:31:f1:8a:49:0d:e5:6a:70:3a:
                    37:c8:38:62:58:44:ce:67:e0:f1:bb:ae:ef:9f:17:
                    f3:5e:45:b2:d3:e7:a6:ea:80:26:62:63:d0:86:54:
                    fe:97:4d:58:16:ae:4b:07:4e:3a:9b:84:27:64:d2:
                    66:78:0c:9b:9b:53:59:49:ca:23:60:32:bc:f9:3d:
                    06:75:ef:e0:52:23:58:30:b2:f7:8a:d1:b0:54:88:
                    ca:cf:2b:30:aa:9b:eb:aa:f2:e2:48:48:ca:9c:d2:
                    cd:13:3e:71:66:7c:54:b6:b6:cd:4a:ac:56:2a:16:
                    8f:09:7c:09:29:ed:7e:37:72:c2:6d:6a:0f:56:dc:
                    2a:65:3c:78:52:86:cd:f1:57:5d:4a:fe:65:27:fd:
                    ad:9d:c5:66:4a:ba:08:e9:40:8f:51:30:98:47:fe:
                    2d:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:5F:E7:1B:F9:26:1F:AD:F7:65:47:BE:F4:BF:7B:2E:70:36:F7:2C
            X509v3 Authority Key Identifier:
                keyid:FF:59:7B:40:C6:D4:46:9F:9B:91:4A:78:DC:8E:C4:39:32:3B:0F:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_1l7QMbURp-bkUp43I7EOTI7D7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/bfb27a-f005-48cb-9473-ffb2ef4bfe25/1/KV_nG_kmH633ZUe-9L97LnA29yw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/bfb27a-f005-48cb-9473-ffb2ef4bfe25/1/_1l7QMbURp-bkUp43I7EOTI7D7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4581::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:e5:5a:ad:ac:56:cd:46:12:c1:a3:d3:6f:2f:37:d1:7d:40:
         72:f2:1f:1e:00:08:45:a7:cb:20:ab:99:6b:da:3e:b1:16:74:
         4c:39:16:71:63:c6:e1:4e:e7:20:18:3a:4c:8e:22:83:2e:03:
         42:16:ab:1c:ca:17:da:c7:11:9e:8d:69:95:df:91:65:9c:7d:
         26:18:eb:81:bd:a8:53:a1:ec:6c:e6:3f:43:5f:24:6c:f7:55:
         e1:7e:dc:86:13:fb:dc:a7:b2:e7:ad:6c:ee:9f:21:bc:a2:5d:
         ca:0b:d6:ac:f9:d3:1d:00:dc:20:99:87:2b:bb:ac:1b:1f:1f:
         09:fa:c5:58:93:18:f8:df:65:27:d1:89:33:0f:a9:af:c0:3d:
         78:d5:53:e8:f5:fa:07:c7:23:54:32:12:f0:81:98:a9:e4:e2:
         7b:c8:50:cb:4a:13:50:39:1e:b8:e7:c2:67:16:ee:8f:15:6a:
         cf:a6:4a:24:de:13:27:99:4d:34:a3:c5:ca:f7:3b:b1:11:aa:
         7b:b2:5d:ed:c0:ce:60:40:59:fd:f4:44:9b:80:d6:39:c5:0b:
         bc:d1:b0:f3:31:e8:8c:89:44:52:ff:e4:3b:74:99:79:03:a4:
         6a:03:e8:0c:3b:5d:e0:ad:81:ad:60:54:f1:cf:a5:4c:02:4a:
         a3:d9:93:6e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQksq4K9h2bqtms7Q5W+wojMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNTk3YjQwYzZkNDQ2OWY5YjkxNGE3OGRjOGVjNDM5MzIz
YjBmYjgwHhcNMjUwMTAyMDE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTVmZTcxYmY5MjYxZmFkZjc2NTQ3YmVmNGJmN2IyZTcwMzZmNzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorH945yEAZBVT4gvOHu9RtS/MXfS
a38a1HkL4I14xXFkxT5Yx/ylAK5nSIejkElIZe2Q0XGipqKL9k1dzzBeMO2xYZt6
TzL7agYL2WGC7eW7NVPyphBIWs6n3GA6TRcx8YpJDeVqcDo3yDhiWETOZ+Dxu67v
nxfzXkWy0+em6oAmYmPQhlT+l01YFq5LB046m4QnZNJmeAybm1NZScojYDK8+T0G
de/gUiNYMLL3itGwVIjKzyswqpvrqvLiSEjKnNLNEz5xZnxUtrbNSqxWKhaPCXwJ
Ke1+N3LCbWoPVtwqZTx4UobN8VddSv5lJ/2tncVmSroI6UCPUTCYR/4t0wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFClf5xv5Jh+t92VHvvS/ey5wNvcsMB8GA1UdIwQY
MBaAFP9Ze0DG1Eafm5FKeNyOxDkyOw+4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzFsN1FNYlVScC1ia1VwNDNJN0VPVEk3RDdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9iZmIyN2EtZjAwNS00OGNiLTk0NzMt
ZmZiMmVmNGJmZTI1LzEvS1Zfbkdfa21INjMzWlVlLTlMOTdMbkEyOXl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9iZmIyN2EtZjAwNS00OGNiLTk0NzMtZmZiMmVmNGJmZTI1
LzEvXzFsN1FNYlVScC1ia1VwNDNJN0VPVEk3RDdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgtFgQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBK5VqtrFbNRhLBo9NvLzfRfUBy8h8eAAhFp8sg
q5lr2j6xFnRMORZxY8bhTucgGDpMjiKDLgNCFqscyhfaxxGejWmV35FlnH0mGOuB
vahToexs5j9DXyRs91XhftyGE/vcp7LnrWzunyG8ol3KC9as+dMdANwgmYcru6wb
Hx8J+sVYkxj432Un0YkzD6mvwD141VPo9foHxyNUMhLwgZip5OJ7yFDLShNQOR64
58JnFu6PFWrPpkok3hMnmU00o8XK9zuxEap7sl3twM5gQFn99ESbgNY5xQu80bDz
MeiMiURS/+Q7dJl5A6RqA+gMO13grYGtYFTxz6VMAkqj2ZNu
-----END CERTIFICATE-----