Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/Ff-r3-0iyLfe2eC4tftKl7r4ksA.roa
File:                     Ff-r3-0iyLfe2eC4tftKl7r4ksA.roa (raw, json)
Hash identifier:          XBCuFAzYlK+KS0b0qdNX4BGXCyC4kES1ua5iNmQkljo=
Subject key identifier:   15:FF:AB:DF:ED:22:C8:B7:DE:D9:E0:B8:B5:FB:4A:97:BA:F8:92:C0
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       019422FC4675320690CC6AC49DD7C2927F9D
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/Ff-r3-0iyLfe2eC4tftKl7r4ksA.roa
Signing time:             Wed 01 Jan 2025 17:49:05 +0000
ROA not before:           Wed 01 Jan 2025 17:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215540
IP address blocks:        5.181.2.0/24 maxlen: 24
                          5.181.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:46:75:32:06:90:cc:6a:c4:9d:d7:c2:92:7f:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Jan  1 17:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15ffabdfed22c8b7ded9e0b8b5fb4a97baf892c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:87:b9:7f:a7:ec:ca:43:82:e1:36:95:40:70:
                    82:a7:0d:7f:1f:18:45:a8:1a:62:a7:f0:f4:de:b4:
                    6a:87:c3:a9:bf:d0:5b:eb:96:46:4b:e7:10:d1:97:
                    28:0b:56:46:d8:af:8b:72:9d:ad:9a:5f:19:ea:01:
                    ab:3c:34:b8:88:f6:c8:21:67:68:cc:ff:0a:55:9e:
                    90:ef:2d:f7:d6:6d:ca:b6:58:7e:64:f9:63:ad:86:
                    d5:b3:e5:53:ba:54:43:1e:a8:20:60:1d:20:7e:bc:
                    2c:86:02:e3:5f:27:3e:0f:71:15:68:f4:16:09:ad:
                    c2:48:a0:3c:80:6a:c6:54:7a:0b:bb:b1:af:69:b8:
                    25:33:f0:9f:1b:13:67:ba:9b:eb:b2:f1:0d:a5:6b:
                    53:5a:09:38:cd:3d:55:43:f1:16:b5:02:b4:ee:a7:
                    81:d5:2e:48:7e:47:2a:20:d1:2c:fe:f7:c5:77:2c:
                    bf:0f:73:7e:0c:67:3d:44:ef:26:39:d4:c7:11:76:
                    c7:22:ac:95:65:01:fc:97:df:ef:3f:04:e9:eb:89:
                    d8:5e:50:6a:2f:01:d8:56:70:e0:b8:66:0f:17:d9:
                    03:1a:55:e8:0c:e4:d8:d3:3e:89:48:bf:ec:09:25:
                    08:7c:b7:75:a4:d8:7e:a6:cc:d1:5b:c1:ff:d8:6b:
                    50:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:FF:AB:DF:ED:22:C8:B7:DE:D9:E0:B8:B5:FB:4A:97:BA:F8:92:C0
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/Ff-r3-0iyLfe2eC4tftKl7r4ksA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:0c:97:97:b0:32:29:83:1e:5c:d1:84:0e:bf:f1:39:72:5e:
         90:ea:da:cf:bc:5f:f6:09:3b:d0:6a:73:94:98:df:d6:c5:26:
         78:dc:b8:fb:94:b2:47:f8:e1:7b:d9:96:22:bb:12:01:84:84:
         3d:3d:48:94:e1:9c:af:47:b1:24:af:ba:f0:d4:21:2a:a8:54:
         16:6c:43:3c:ac:a9:e3:5f:a1:b7:16:ee:2c:f4:91:2a:e6:60:
         40:a0:cb:d6:9b:60:75:fa:9e:e3:da:aa:67:e7:ac:6b:f1:c2:
         98:bc:87:f6:25:d2:a8:69:1f:9e:c9:4e:f8:e1:55:a1:e3:0c:
         aa:f7:a8:94:41:ab:a6:15:9f:42:11:af:d6:41:92:5b:da:f9:
         e8:f0:d1:47:0c:88:66:2f:97:77:32:03:49:4e:10:43:77:db:
         1e:b8:29:c1:3e:d0:01:48:f7:5e:8c:4a:f8:3c:c1:c5:ea:4a:
         2d:90:c7:4a:53:0b:d4:5d:e8:0e:65:90:c7:37:bf:10:a3:81:
         4c:c8:54:f0:95:77:01:dd:a7:97:7c:29:12:c8:83:a0:10:09:
         b0:53:bb:fe:1f:32:5e:7e:10:6d:41:aa:a6:c4:e4:c2:d9:3e:
         bb:3c:64:11:36:7f:86:ef:6c:68:e6:7b:87:14:a2:78:d0:b0:
         c0:63:4f:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/EZ1MgaQzGrEndfCkn+dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjUwMTAxMTc0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWZmYWJkZmVkMjJjOGI3ZGVkOWUwYjhiNWZiNGE5N2JhZjg5MmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4e5f6fsykOC4TaVQHCCpw1/HxhF
qBpip/D03rRqh8Opv9Bb65ZGS+cQ0ZcoC1ZG2K+Lcp2tml8Z6gGrPDS4iPbIIWdo
zP8KVZ6Q7y331m3Ktlh+ZPljrYbVs+VTulRDHqggYB0gfrwshgLjXyc+D3EVaPQW
Ca3CSKA8gGrGVHoLu7GvabglM/CfGxNnupvrsvENpWtTWgk4zT1VQ/EWtQK07qeB
1S5IfkcqINEs/vfFdyy/D3N+DGc9RO8mOdTHEXbHIqyVZQH8l9/vPwTp64nYXlBq
LwHYVnDguGYPF9kDGlXoDOTY0z6JSL/sCSUIfLd1pNh+pszRW8H/2GtQ+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBX/q9/tIsi33tnguLX7Spe6+JLAMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvRmYtcjMtMGl5TGZlMmVDNHRmdEtsN3I0a3NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBbUCMA0G
CSqGSIb3DQEBCwUAA4IBAQAjDJeXsDIpgx5c0YQOv/E5cl6Q6trPvF/2CTvQanOU
mN/WxSZ43Lj7lLJH+OF72ZYiuxIBhIQ9PUiU4ZyvR7Ekr7rw1CEqqFQWbEM8rKnj
X6G3Fu4s9JEq5mBAoMvWm2B1+p7j2qpn56xr8cKYvIf2JdKoaR+eyU744VWh4wyq
96iUQaumFZ9CEa/WQZJb2vno8NFHDIhmL5d3MgNJThBDd9seuCnBPtABSPdejEr4
PMHF6kotkMdKUwvUXegOZZDHN78Qo4FMyFTwlXcB3aeXfCkSyIOgEAmwU7v+HzJe
fhBtQaqmxOTC2T67PGQRNn+G72xo5nuHFKJ40LDAY09a
-----END CERTIFICATE-----