Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/r-pWZtY6PHzZUtrLVHgmYVqhibs.roa
File:                     r-pWZtY6PHzZUtrLVHgmYVqhibs.roa (raw, json)
Hash identifier:          dBntIJudF5zpzD/YcnJ5cFAEa85n70cQWOiQcj1F1cU=
Subject key identifier:   AF:EA:56:66:D6:3A:3C:7C:D9:52:DA:CB:54:78:26:61:5A:A1:89:BB
Certificate issuer:       /CN=f8ad543624f8d3281ec970458ee752f10a424529
Certificate serial:       018CC795306E38682F9208F2D96D00708EC5
Authority key identifier: F8:AD:54:36:24:F8:D3:28:1E:C9:70:45:8E:E7:52:F1:0A:42:45:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-K1UNiT40ygeyXBFjudS8QpCRSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/r-pWZtY6PHzZUtrLVHgmYVqhibs.roa
Signing time:             Tue 02 Jan 2024 00:31:32 +0000
ROA not before:           Tue 02 Jan 2024 00:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47232
IP address blocks:        2a0f:fec0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/1-K1UNiT40ygeyXBFjudS8QpCRSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/1-K1UNiT40ygeyXBFjudS8QpCRSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-K1UNiT40ygeyXBFjudS8QpCRSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:30:6e:38:68:2f:92:08:f2:d9:6d:00:70:8e:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8ad543624f8d3281ec970458ee752f10a424529
        Validity
            Not Before: Jan  2 00:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afea5666d63a3c7cd952dacb547826615aa189bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:1e:de:ea:2f:e2:f3:10:8b:e8:97:2d:4f:70:
                    8b:1a:4a:d2:59:e4:96:b3:ad:4b:4d:d4:40:51:04:
                    01:f5:d3:af:2b:b9:c9:45:90:12:a3:07:8e:cd:e6:
                    00:8c:de:e0:5a:e7:e6:a4:a7:fd:1a:d3:16:36:cf:
                    1c:f1:fe:67:68:fb:ab:c7:a1:42:f7:5b:96:f0:c0:
                    3b:e1:f5:51:8d:ac:4c:45:e4:5a:a0:f2:a9:c3:3f:
                    c7:fd:f4:06:0f:38:6a:01:15:9d:bb:cb:28:4e:b7:
                    0a:49:12:9b:df:7f:d2:e3:8d:38:66:8a:40:b3:ec:
                    ff:b2:f9:b9:1d:73:da:64:ee:4a:17:13:60:50:22:
                    11:56:67:68:d9:47:cd:7a:e4:32:a3:49:71:4a:a4:
                    44:b0:dc:0c:07:2d:f1:87:a1:17:85:df:f1:3c:55:
                    62:e4:36:55:0e:a3:dc:96:28:59:7f:1a:c9:63:aa:
                    fd:03:16:9e:48:24:82:61:fa:c7:c1:e1:1c:ee:41:
                    e4:f0:0a:70:fe:75:60:9a:b9:ef:5b:c3:c9:ed:92:
                    c3:97:7c:7e:cd:7f:40:24:f7:07:81:67:e3:1a:f8:
                    41:19:5c:78:cb:07:30:b7:f4:f8:f5:e4:8c:31:58:
                    d3:6e:90:a2:8b:34:f2:3c:d8:a2:99:87:4f:09:66:
                    de:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:EA:56:66:D6:3A:3C:7C:D9:52:DA:CB:54:78:26:61:5A:A1:89:BB
            X509v3 Authority Key Identifier:
                keyid:F8:AD:54:36:24:F8:D3:28:1E:C9:70:45:8E:E7:52:F1:0A:42:45:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-K1UNiT40ygeyXBFjudS8QpCRSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/r-pWZtY6PHzZUtrLVHgmYVqhibs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/1-K1UNiT40ygeyXBFjudS8QpCRSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:fec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         41:c3:41:79:aa:71:41:11:61:92:fd:3c:14:d6:4b:20:6d:dd:
         e0:60:ab:b9:c6:19:95:06:18:7e:11:0c:8d:a6:a0:7e:ff:ee:
         2d:f6:95:46:f4:66:72:24:8b:fa:6a:c5:06:bf:ca:67:a2:07:
         51:49:bf:74:d0:ec:fb:62:f6:97:d5:2a:2e:1e:47:ce:96:7c:
         fa:72:a9:31:13:5a:3b:d9:80:fd:18:ad:2a:3b:cd:85:77:5d:
         91:70:26:6d:6d:d0:40:27:07:46:6c:57:7f:a5:eb:c4:49:03:
         e1:0b:8c:fe:a5:6c:83:04:89:e6:c9:75:ab:74:7f:02:85:41:
         dc:a1:db:56:0b:4c:b1:95:d5:87:b0:7d:f4:78:0c:44:8b:89:
         e3:24:75:05:af:f3:15:2b:15:5b:75:73:3e:cb:6d:ac:01:91:
         c9:cd:30:f0:55:6a:30:6f:b8:8b:e8:0e:86:61:39:9a:be:1f:
         4f:91:d2:59:23:2c:83:71:54:3f:70:53:09:4c:94:3f:e6:1f:
         5d:50:56:2d:25:3f:71:b4:bf:b8:a9:1d:2f:1a:a4:68:46:cb:
         8b:06:f6:f7:af:22:35:66:73:cb:2e:d3:fc:c0:3e:04:a1:23:
         dc:6d:6b:dd:b4:7e:d4:13:8d:b2:41:48:c8:b7:12:7e:18:f3:
         72:71:27:a3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlTBuOGgvkgjy2W0AcI7FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YWQ1NDM2MjRmOGQzMjgxZWM5NzA0NThlZTc1MmYxMGE0
MjQ1MjkwHhcNMjQwMTAyMDAzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmVhNTY2NmQ2M2EzYzdjZDk1MmRhY2I1NDc4MjY2MTVhYTE4OWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgB7e6i/i8xCL6JctT3CLGkrSWeSW
s61LTdRAUQQB9dOvK7nJRZASoweOzeYAjN7gWufmpKf9GtMWNs8c8f5naPurx6FC
91uW8MA74fVRjaxMReRaoPKpwz/H/fQGDzhqARWdu8soTrcKSRKb33/S4404ZopA
s+z/svm5HXPaZO5KFxNgUCIRVmdo2UfNeuQyo0lxSqREsNwMBy3xh6EXhd/xPFVi
5DZVDqPclihZfxrJY6r9AxaeSCSCYfrHweEc7kHk8Apw/nVgmrnvW8PJ7ZLDl3x+
zX9AJPcHgWfjGvhBGVx4ywcwt/T49eSMMVjTbpCiizTyPNiimYdPCWbeiQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK/qVmbWOjx82VLay1R4JmFaoYm7MB8GA1UdIwQY
MBaAFPitVDYk+NMoHslwRY7nUvEKQkUpMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LMVVOaVQ0MHlnZXlYQkZqdWRTOFFwQ1JTay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjAvYWYxZjY0LWMzNWYtNDdlOC04N2M5
LThhMTFiNDcxOWQ4Mi8xL3ItcFdadFk2UEh6WlV0ckxWSGdtWVZxaGlicy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjAvYWYxZjY0LWMzNWYtNDdlOC04N2M5LThhMTFiNDcxOWQ4
Mi8xLzEtSzFVTmlUNDB5Z2V5WEJGanVkUzhRcENSU2suY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqD/7A
MA0GCSqGSIb3DQEBCwUAA4IBAQBBw0F5qnFBEWGS/TwU1ksgbd3gYKu5xhmVBhh+
EQyNpqB+/+4t9pVG9GZyJIv6asUGv8pnogdRSb900Oz7YvaX1SouHkfOlnz6cqkx
E1o72YD9GK0qO82Fd12RcCZtbdBAJwdGbFd/pevESQPhC4z+pWyDBInmyXWrdH8C
hUHcodtWC0yxldWHsH30eAxEi4njJHUFr/MVKxVbdXM+y22sAZHJzTDwVWowb7iL
6A6GYTmavh9PkdJZIyyDcVQ/cFMJTJQ/5h9dUFYtJT9xtL+4qR0vGqRoRsuLBvb3
ryI1ZnPLLtP8wD4EoSPcbWvdtH7UE42yQUjItxJ+GPNycSej
-----END CERTIFICATE-----