Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/f3PAHFCLBJR1p0JkkB9JQ0TXuzY.roa
File:                     f3PAHFCLBJR1p0JkkB9JQ0TXuzY.roa (raw, json)
Hash identifier:          HT9l+4XHo8mQEFUjkF0FX4AJzuWkzFrKqF9ZmOi2mYE=
Subject key identifier:   7F:73:C0:1C:50:8B:04:94:75:A7:42:64:90:1F:49:43:44:D7:BB:36
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       019422202F134A30CF65B331E7DAC9BEF9B7
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/f3PAHFCLBJR1p0JkkB9JQ0TXuzY.roa
Signing time:             Wed 01 Jan 2025 13:48:41 +0000
ROA not before:           Wed 01 Jan 2025 13:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202952
IP address blocks:        2a0e:8f02:21e0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:2f:13:4a:30:cf:65:b3:31:e7:da:c9:be:f9:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 13:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f73c01c508b049475a74264901f494344d7bb36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:3f:ba:f3:0b:98:ae:dc:e1:c7:03:04:0c:2a:
                    db:78:ef:91:49:a5:ef:d0:2e:85:8d:2a:89:56:d7:
                    30:fd:31:a4:a0:8d:f7:3a:57:8c:38:c7:a1:ce:fc:
                    ea:80:ad:81:dd:41:ef:72:74:d0:4e:bb:fa:18:db:
                    8e:49:b4:07:aa:da:a8:d0:53:3f:6e:4c:13:b7:13:
                    83:1f:8d:ae:86:cb:9e:14:e0:6a:de:23:96:6f:78:
                    8b:81:24:15:d9:13:86:b8:a1:a4:1c:5c:a4:0a:de:
                    ea:7c:84:b1:9d:3c:77:83:05:5e:6a:16:4f:b8:af:
                    ab:ef:6c:c4:73:7f:0c:1d:8e:eb:5f:b3:10:6a:2c:
                    d8:e5:16:1d:4c:86:5c:f0:ca:77:e4:c9:d2:cd:80:
                    e7:54:ca:13:94:f8:cf:95:19:54:65:ec:43:2b:5a:
                    38:02:01:7a:d9:cf:72:fd:b8:65:1b:be:1b:33:f3:
                    9d:3c:3e:c1:98:9b:02:75:b7:1a:3d:e8:f0:fa:20:
                    b8:5c:c1:4a:89:e5:d8:6b:73:37:2a:c3:28:a5:a8:
                    b3:28:ba:f9:83:80:64:ff:61:15:8f:5b:47:a8:33:
                    27:55:57:39:ae:cf:e1:28:4e:e2:6e:d4:7c:0c:9b:
                    db:9b:25:a0:ef:3c:d4:8e:23:59:1f:88:e2:83:3a:
                    c4:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:73:C0:1C:50:8B:04:94:75:A7:42:64:90:1F:49:43:44:D7:BB:36
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/f3PAHFCLBJR1p0JkkB9JQ0TXuzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:21e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         9e:35:2f:3f:da:f4:c1:48:7d:cf:a4:fa:ca:3d:15:cc:c1:80:
         7c:18:88:a1:5d:77:a5:dd:02:56:83:f3:c9:c1:dd:de:4e:bd:
         ec:2e:71:cf:45:a0:9a:c1:3d:38:50:8f:4b:93:7c:e5:46:0b:
         ef:6b:a4:dd:89:cc:7b:8b:74:21:28:64:92:57:b5:0f:3a:4b:
         18:dc:8e:6d:e9:19:22:0e:7a:b0:52:f7:93:da:d9:7f:6e:ff:
         23:93:b5:fc:f3:c5:ae:66:3f:65:a6:5b:16:0b:1c:a5:64:90:
         03:2b:09:99:81:fe:bc:ee:87:1d:e0:9e:2d:c8:d4:81:d9:ce:
         12:01:00:15:f1:a3:dc:be:d9:ff:52:27:20:07:bd:e7:09:91:
         a3:7b:c7:3c:5f:42:8c:fe:e6:16:2a:3a:5d:6a:8d:29:90:7d:
         61:cb:9e:32:01:23:ab:cc:12:5f:0e:c1:ac:80:dc:54:ea:66:
         c2:dd:85:32:a5:7a:60:48:7a:d0:fb:a6:f6:50:3a:95:27:96:
         00:08:ee:f2:7e:0d:7a:a4:e3:ec:3d:de:19:73:09:7c:d2:2e:
         9e:ac:4c:ce:58:7d:37:7a:bb:b6:af:7c:48:f8:63:fe:a7:b2:
         41:3e:4d:27:ac:a9:dc:41:e1:25:66:d4:0c:b0:07:38:dc:b5:
         5e:65:09:34
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiIC8TSjDPZbMx59rJvvm3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwMTAxMTM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjczYzAxYzUwOGIwNDk0NzVhNzQyNjQ5MDFmNDk0MzQ0ZDdiYjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwT+68wuYrtzhxwMEDCrbeO+RSaXv
0C6FjSqJVtcw/TGkoI33OleMOMehzvzqgK2B3UHvcnTQTrv6GNuOSbQHqtqo0FM/
bkwTtxODH42uhsueFOBq3iOWb3iLgSQV2ROGuKGkHFykCt7qfISxnTx3gwVeahZP
uK+r72zEc38MHY7rX7MQaizY5RYdTIZc8Mp35MnSzYDnVMoTlPjPlRlUZexDK1o4
AgF62c9y/bhlG74bM/OdPD7BmJsCdbcaPejw+iC4XMFKieXYa3M3KsMopaizKLr5
g4Bk/2EVj1tHqDMnVVc5rs/hKE7ibtR8DJvbmyWg7zzUjiNZH4jigzrE2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH9zwBxQiwSUdadCZJAfSUNE17s2MB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvZjNQQUhGQ0xCSlIxcDBKa2tCOUpRMFRYdXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiHg
MA0GCSqGSIb3DQEBCwUAA4IBAQCeNS8/2vTBSH3PpPrKPRXMwYB8GIihXXel3QJW
g/PJwd3eTr3sLnHPRaCawT04UI9Lk3zlRgvva6Tdicx7i3QhKGSSV7UPOksY3I5t
6RkiDnqwUveT2tl/bv8jk7X888WuZj9lplsWCxylZJADKwmZgf687ocd4J4tyNSB
2c4SAQAV8aPcvtn/UicgB73nCZGje8c8X0KM/uYWKjpdao0pkH1hy54yASOrzBJf
DsGsgNxU6mbC3YUypXpgSHrQ+6b2UDqVJ5YACO7yfg16pOPsPd4Zcwl80i6erEzO
WH03eru2r3xI+GP+p7JBPk0nrKncQeElZtQMsAc43LVeZQk0
-----END CERTIFICATE-----