Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/S1r5hqr0H_eG0pYFEYET1oPJyrU.roa
File:                     S1r5hqr0H_eG0pYFEYET1oPJyrU.roa (raw, json)
Hash identifier:          AL2mRYe3QSk0eHBtZxwwGn0QyvUm0r2qBAzoPe+jc5Y=
Subject key identifier:   4B:5A:F9:86:AA:F4:1F:F7:86:D2:96:05:11:81:13:D6:83:C9:CA:B5
Certificate issuer:       /CN=f60846f21c56a8513d31c155dd199197a3ffc7c0
Certificate serial:       019427B584ADA57257D860AE7D3CCA1C6C0D
Authority key identifier: F6:08:46:F2:1C:56:A8:51:3D:31:C1:55:DD:19:91:97:A3:FF:C7:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9ghG8hxWqFE9McFV3RmRl6P_x8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/S1r5hqr0H_eG0pYFEYET1oPJyrU.roa
Signing time:             Thu 02 Jan 2025 15:49:54 +0000
ROA not before:           Thu 02 Jan 2025 15:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211380
IP address blocks:        2a0c:5707:ff00::/40 maxlen: 48
                          2a0c:5707:ff01::/48 maxlen: 48
                          2a0c:5707:ff02::/48 maxlen: 48
                          2a0c:5707:ff04::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/9ghG8hxWqFE9McFV3RmRl6P_x8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/9ghG8hxWqFE9McFV3RmRl6P_x8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9ghG8hxWqFE9McFV3RmRl6P_x8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:84:ad:a5:72:57:d8:60:ae:7d:3c:ca:1c:6c:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f60846f21c56a8513d31c155dd199197a3ffc7c0
        Validity
            Not Before: Jan  2 15:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b5af986aaf41ff786d29605118113d683c9cab5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2a:3a:a8:75:2c:f2:e6:53:a4:3f:40:10:d3:
                    34:9b:0b:e1:ef:a4:f6:13:0c:c5:1e:42:ee:da:22:
                    97:5d:c2:54:3e:13:c5:11:af:30:4e:b6:8f:c1:f0:
                    6f:d2:48:f7:7a:2d:2e:78:c4:d4:b2:e1:da:8e:7f:
                    b1:a6:72:e8:7e:4c:86:bd:27:ea:e6:51:b8:ec:5c:
                    be:e0:40:6f:a3:81:5b:45:2d:0f:23:97:a0:21:53:
                    c6:4a:f1:65:b6:3b:06:23:63:b4:55:01:90:09:e6:
                    ad:d9:f4:4b:0a:9e:63:2c:b9:33:42:23:d7:80:c7:
                    93:cf:1f:f3:45:68:29:52:3e:25:c2:00:18:e7:3d:
                    4b:6b:11:d6:69:44:98:cb:0b:7d:4b:3f:70:80:f8:
                    c7:9f:28:55:fb:b2:e1:5f:7e:9b:1e:99:cc:2c:1a:
                    f2:36:d8:53:30:38:4c:0a:89:04:b8:be:b3:58:f1:
                    a1:86:d5:eb:46:21:0b:41:25:39:35:16:06:44:82:
                    a6:22:00:f5:92:cf:b5:49:03:91:a9:2b:ee:77:6f:
                    f0:a3:bd:88:1f:69:f7:5b:ff:cf:86:6c:43:f3:5b:
                    8b:c4:2d:50:25:e2:f7:ae:a3:1c:be:db:a1:cb:b3:
                    1d:ef:e9:0d:67:43:a2:8c:cc:7e:46:3e:e3:af:38:
                    0c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:5A:F9:86:AA:F4:1F:F7:86:D2:96:05:11:81:13:D6:83:C9:CA:B5
            X509v3 Authority Key Identifier:
                keyid:F6:08:46:F2:1C:56:A8:51:3D:31:C1:55:DD:19:91:97:A3:FF:C7:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9ghG8hxWqFE9McFV3RmRl6P_x8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/S1r5hqr0H_eG0pYFEYET1oPJyrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/9ghG8hxWqFE9McFV3RmRl6P_x8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:5707:ff00::/40

    Signature Algorithm: sha256WithRSAEncryption
         93:3d:36:04:9e:fb:b4:a7:49:8b:4b:7d:3d:a0:0b:22:d9:84:
         0c:5f:f6:bb:9c:8e:fe:65:ef:48:aa:79:69:fc:67:3f:a9:f1:
         77:e5:2e:cb:c3:34:c7:76:6c:c8:e9:26:ae:77:e0:f4:55:4f:
         a3:46:5d:a9:d8:62:3c:01:98:b8:1f:7a:f2:fa:61:34:4d:cd:
         6b:9d:bb:23:8d:94:dd:1b:61:16:83:c5:72:f4:4c:36:68:78:
         8e:eb:b3:ee:cf:8b:84:d7:a0:67:1e:79:6d:9f:cd:52:7a:96:
         29:d4:cc:05:41:a7:71:8f:7b:fd:34:63:fb:9d:07:36:06:ec:
         b9:37:95:6e:e6:4e:e7:ed:2b:19:3f:06:5f:dc:65:64:36:b6:
         f4:fb:db:5b:24:eb:60:9e:35:6d:86:dc:bb:64:73:07:9f:69:
         87:9a:a1:1b:54:43:a8:08:ec:46:0e:02:13:a2:e0:50:1a:11:
         d2:56:0f:bc:a3:3e:3a:ce:37:8b:6a:0a:6c:7c:2f:73:90:68:
         6d:76:84:b1:e1:9e:2b:a8:a7:5d:bd:ee:a6:0e:e5:a7:1e:98:
         d1:62:c3:80:d9:74:6d:28:ec:55:82:95:e5:89:ee:39:b3:61:
         da:df:d6:20:86:09:30:ca:34:dc:88:e7:6f:e6:50:a5:c2:30:
         1d:23:35:ff
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQntYStpXJX2GCufTzKHGwNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MDg0NmYyMWM1NmE4NTEzZDMxYzE1NWRkMTk5MTk3YTNm
ZmM3YzAwHhcNMjUwMTAyMTU0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjVhZjk4NmFhZjQxZmY3ODZkMjk2MDUxMTgxMTNkNjgzYzljYWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxio6qHUs8uZTpD9AENM0mwvh76T2
EwzFHkLu2iKXXcJUPhPFEa8wTraPwfBv0kj3ei0ueMTUsuHajn+xpnLofkyGvSfq
5lG47Fy+4EBvo4FbRS0PI5egIVPGSvFltjsGI2O0VQGQCeat2fRLCp5jLLkzQiPX
gMeTzx/zRWgpUj4lwgAY5z1LaxHWaUSYywt9Sz9wgPjHnyhV+7LhX36bHpnMLBry
NthTMDhMCokEuL6zWPGhhtXrRiELQSU5NRYGRIKmIgD1ks+1SQORqSvud2/wo72I
H2n3W//PhmxD81uLxC1QJeL3rqMcvtuhy7Md7+kNZ0OijMx+Rj7jrzgM2QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEta+Yaq9B/3htKWBRGBE9aDycq1MB8GA1UdIwQY
MBaAFPYIRvIcVqhRPTHBVd0ZkZej/8fAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWdoRzhoeFdxRkU5TWNGVjNSbVJsNlBfeDhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9hMGY0YmUtNGMwZC00ZGY1LTkwYzYt
YTZkNDVlZjdkMjI3LzEvUzFyNWhxcjBIX2VHMHBZRkVZRVQxb1BKeXJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9hMGY0YmUtNGMwZC00ZGY1LTkwYzYtYTZkNDVlZjdkMjI3
LzEvOWdoRzhoeFdxRkU5TWNGVjNSbVJsNlBfeDhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgxXB/8w
DQYJKoZIhvcNAQELBQADggEBAJM9NgSe+7SnSYtLfT2gCyLZhAxf9rucjv5l70iq
eWn8Zz+p8XflLsvDNMd2bMjpJq534PRVT6NGXanYYjwBmLgfevL6YTRNzWuduyON
lN0bYRaDxXL0TDZoeI7rs+7Pi4TXoGceeW2fzVJ6linUzAVBp3GPe/00Y/udBzYG
7Lk3lW7mTuftKxk/Bl/cZWQ2tvT721sk62CeNW2G3LtkcwefaYeaoRtUQ6gI7EYO
AhOi4FAaEdJWD7yjPjrON4tqCmx8L3OQaG12hLHhniuop1297qYO5acemNFiw4DZ
dG0o7FWCleWJ7jmzYdrf1iCGCTDKNNyI52/mUKXCMB0jNf8=
-----END CERTIFICATE-----