Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/t-FfJGiq3zMzg6eYpXTROfgHAdE.roa
File:                     t-FfJGiq3zMzg6eYpXTROfgHAdE.roa (raw, json)
Hash identifier:          5DTaYqJydUbA4KeBvZre4IbivKahzOtHayoewNZjZW0=
Subject key identifier:   B7:E1:5F:24:68:AA:DF:33:33:83:A7:98:A5:74:D1:39:F8:07:01:D1
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019424451A5943A34E0E65000DED0ECCDB9F
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/t-FfJGiq3zMzg6eYpXTROfgHAdE.roa
Signing time:             Wed 01 Jan 2025 23:48:16 +0000
ROA not before:           Wed 01 Jan 2025 23:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49111
IP address blocks:        2a0e:98c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:1a:59:43:a3:4e:0e:65:00:0d:ed:0e:cc:db:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 23:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7e15f2468aadf333383a798a574d139f80701d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:09:9f:06:0e:03:08:e9:b0:95:ad:cc:2d:fb:
                    cb:41:cb:e1:ed:94:51:38:8e:d2:8b:8d:99:61:fc:
                    b1:57:c1:da:ce:40:75:22:7e:f1:15:45:ad:03:45:
                    d8:f7:86:ac:d3:35:49:18:64:1c:f2:ae:83:a2:a7:
                    80:dc:05:5c:d2:f1:21:cf:90:81:50:89:a7:1b:c0:
                    cd:fa:67:83:ea:95:53:e7:1a:4d:36:9c:2a:e1:26:
                    83:5b:e0:61:22:23:16:1c:a1:c0:87:ab:69:26:e5:
                    e4:19:8f:24:ed:35:ec:6e:ea:73:a7:31:2b:a0:b3:
                    26:4f:d8:41:5f:6f:e6:bd:79:ca:7f:9f:43:a7:19:
                    3a:52:2f:fa:1f:12:89:f2:9a:89:4b:1a:79:72:2b:
                    67:99:79:94:e8:26:7e:90:a7:21:34:ed:7e:c7:bc:
                    93:63:7d:ec:c3:44:7b:f1:50:c7:e5:45:53:bc:c9:
                    37:3b:6d:95:2b:86:51:2a:d1:21:d9:9e:22:08:aa:
                    c4:ad:3b:93:33:10:cf:50:bf:cf:b6:07:00:81:8d:
                    bc:08:35:7c:0a:71:39:d4:68:bc:07:67:f6:81:c3:
                    8b:10:5f:09:92:86:98:20:ec:3d:63:ee:84:9e:45:
                    a6:6d:09:09:b2:9b:38:f7:b5:4d:2b:85:67:a4:d4:
                    9d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:E1:5F:24:68:AA:DF:33:33:83:A7:98:A5:74:D1:39:F8:07:01:D1
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/t-FfJGiq3zMzg6eYpXTROfgHAdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:98c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3d:65:f1:e0:71:cd:86:ce:67:ef:59:25:d0:20:8a:f5:fa:69:
         d9:0c:71:c0:dc:e0:a2:43:e9:6a:3c:7a:96:06:65:b7:25:39:
         d8:7d:eb:67:68:f9:b5:f9:4c:07:3b:9a:e8:d1:c8:21:0f:bc:
         e3:67:c4:63:44:37:b8:52:03:2d:51:96:c6:96:70:68:ff:ee:
         a6:2d:3e:ab:20:05:47:98:ea:b8:16:03:fe:34:9f:68:49:0e:
         81:8e:3e:e0:c3:cd:db:25:8f:ec:78:53:94:48:e0:64:ff:f5:
         d5:7c:9a:b6:4d:79:a9:61:f9:ee:4d:cd:be:8d:7b:e1:a2:45:
         2c:5b:ab:0d:ef:5e:34:74:92:cc:d2:22:e4:5d:36:9c:20:c5:
         76:20:57:d0:59:a7:a6:54:2e:dc:26:66:98:44:3e:f4:7c:6c:
         79:41:93:c8:bc:19:38:6c:8e:be:9e:4a:ee:7f:d6:bc:9e:aa:
         99:3c:7c:7b:f8:19:3f:9b:f8:d9:7e:25:37:46:f8:e5:84:27:
         9a:8a:53:f0:f1:f5:35:e1:44:1f:12:8d:27:0a:99:59:9b:71:
         b1:07:d4:9e:0b:ca:0e:2d:e6:3e:2b:d8:79:6b:ab:a5:27:98:
         c4:38:32:ff:37:e4:ef:55:b6:fc:7c:66:2e:a7:ee:1d:9b:d5:
         d0:62:87:62
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQkRRpZQ6NODmUADe0OzNufMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwMTAxMjM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2UxNWYyNDY4YWFkZjMzMzM4M2E3OThhNTc0ZDEzOWY4MDcwMWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwmfBg4DCOmwla3MLfvLQcvh7ZRR
OI7Si42ZYfyxV8HazkB1In7xFUWtA0XY94as0zVJGGQc8q6DoqeA3AVc0vEhz5CB
UImnG8DN+meD6pVT5xpNNpwq4SaDW+BhIiMWHKHAh6tpJuXkGY8k7TXsbupzpzEr
oLMmT9hBX2/mvXnKf59Dpxk6Ui/6HxKJ8pqJSxp5citnmXmU6CZ+kKchNO1+x7yT
Y33sw0R78VDH5UVTvMk3O22VK4ZRKtEh2Z4iCKrErTuTMxDPUL/PtgcAgY28CDV8
CnE51Gi8B2f2gcOLEF8JkoaYIOw9Y+6EnkWmbQkJsps497VNK4VnpNSdlwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLfhXyRoqt8zM4OnmKV00Tn4BwHRMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvdC1GZkpHaXEzek16ZzZlWXBYVFJPZmdIQWRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg6YwDAN
BgkqhkiG9w0BAQsFAAOCAQEAPWXx4HHNhs5n71kl0CCK9fpp2QxxwNzgokPpajx6
lgZltyU52H3rZ2j5tflMBzua6NHIIQ+842fEY0Q3uFIDLVGWxpZwaP/upi0+qyAF
R5jquBYD/jSfaEkOgY4+4MPN2yWP7HhTlEjgZP/11Xyatk15qWH57k3Nvo174aJF
LFurDe9eNHSSzNIi5F02nCDFdiBX0FmnplQu3CZmmEQ+9HxseUGTyLwZOGyOvp5K
7n/WvJ6qmTx8e/gZP5v42X4lN0b45YQnmopT8PH1NeFEHxKNJwqZWZtxsQfUngvK
Di3mPivYeWurpSeYxDgy/zfk71W2/HxmLqfuHZvV0GKHYg==
-----END CERTIFICATE-----