Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/0aa6e6-3054-4888-865e-265f2bd0f8f3/1/fiISLcTtszje5XVI9V1A5UtzzeY.roa
File:                     fiISLcTtszje5XVI9V1A5UtzzeY.roa (raw, json)
Hash identifier:          eVRxObYN5WO+IJLUe7vH/MdccTrSwqFAfOP7RIW37BY=
Subject key identifier:   7E:22:12:2D:C4:ED:B3:38:DE:E5:75:48:F5:5D:40:E5:4B:73:CD:E6
Certificate issuer:       /CN=8b69fc6128be591401acf82bc2461af636ebe8e6
Certificate serial:       019425221D75ED0CA1C112191572C8C1E9D4
Authority key identifier: 8B:69:FC:61:28:BE:59:14:01:AC:F8:2B:C2:46:1A:F6:36:EB:E8:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2n8YSi-WRQBrPgrwkYa9jbr6OY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/0aa6e6-3054-4888-865e-265f2bd0f8f3/1/fiISLcTtszje5XVI9V1A5UtzzeY.roa
Signing time:             Thu 02 Jan 2025 03:49:40 +0000
ROA not before:           Thu 02 Jan 2025 03:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196610
IP address blocks:        2a02:c50:db8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/0aa6e6-3054-4888-865e-265f2bd0f8f3/1/i2n8YSi-WRQBrPgrwkYa9jbr6OY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/0aa6e6-3054-4888-865e-265f2bd0f8f3/1/i2n8YSi-WRQBrPgrwkYa9jbr6OY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2n8YSi-WRQBrPgrwkYa9jbr6OY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:1d:75:ed:0c:a1:c1:12:19:15:72:c8:c1:e9:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b69fc6128be591401acf82bc2461af636ebe8e6
        Validity
            Not Before: Jan  2 03:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e22122dc4edb338dee57548f55d40e54b73cde6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:c7:e4:fa:c5:77:42:1d:70:26:ab:f0:e8:84:
                    1c:15:29:48:17:8a:9f:ea:71:f0:c2:0f:d4:42:f9:
                    40:21:b3:66:10:ae:f5:07:a3:dc:9c:02:06:22:99:
                    2c:da:75:95:1c:56:fb:4c:54:cb:26:aa:8e:23:25:
                    c5:74:3c:9d:a2:2f:7c:58:da:db:40:30:b0:0b:73:
                    32:eb:6f:9f:c0:e7:c9:dc:c7:63:b4:d8:b5:cc:73:
                    27:7a:14:f7:25:09:7c:80:c7:e4:66:d0:31:a9:c7:
                    0e:ba:4d:11:1f:21:bc:69:d5:44:b2:c8:50:08:c5:
                    ac:ed:f1:57:41:42:30:2d:9a:d0:82:f0:08:78:70:
                    8e:3e:52:f7:78:82:25:9a:d7:99:69:1d:b1:27:c8:
                    b7:a1:c6:7a:46:fd:45:20:54:ca:a6:24:99:81:c4:
                    6c:aa:73:b8:7c:ea:7e:f2:da:95:c8:db:61:62:9e:
                    58:80:62:37:5f:c7:75:e9:e3:e0:1c:06:f6:83:54:
                    d5:c4:86:52:ea:5a:f7:dd:c1:37:b9:2c:08:b3:40:
                    66:63:b3:9d:95:c6:de:e8:e2:19:55:31:53:df:00:
                    ea:00:59:76:25:93:2e:dd:db:bf:e4:28:38:6a:5b:
                    39:d5:04:72:fc:da:5e:d1:2e:a6:3e:ca:01:f7:2a:
                    ad:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:22:12:2D:C4:ED:B3:38:DE:E5:75:48:F5:5D:40:E5:4B:73:CD:E6
            X509v3 Authority Key Identifier:
                keyid:8B:69:FC:61:28:BE:59:14:01:AC:F8:2B:C2:46:1A:F6:36:EB:E8:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2n8YSi-WRQBrPgrwkYa9jbr6OY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/0aa6e6-3054-4888-865e-265f2bd0f8f3/1/fiISLcTtszje5XVI9V1A5UtzzeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/0aa6e6-3054-4888-865e-265f2bd0f8f3/1/i2n8YSi-WRQBrPgrwkYa9jbr6OY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:c50:db8::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:9f:90:17:f0:12:19:de:76:21:44:73:21:43:e3:fc:0c:f8:
         ed:4b:c9:2e:03:d9:32:38:69:63:10:8a:e2:69:9f:aa:bf:9d:
         0a:9b:3e:81:61:93:70:bf:9a:c3:04:a6:66:81:9b:3f:c5:23:
         18:29:c7:ee:3e:c9:1e:a3:e8:79:d7:c5:63:7d:bd:81:b8:9e:
         5c:51:94:93:7c:82:08:67:88:f6:53:d9:f4:bf:7e:2b:b8:b3:
         b0:2a:87:f6:3c:0f:69:ee:08:da:09:f8:87:1d:ca:6f:45:cb:
         86:c7:1b:67:a6:47:2a:df:d3:f9:64:b9:5f:5b:66:2b:9d:ff:
         82:5b:25:f5:66:fb:36:68:8b:d8:4d:4c:69:3f:3c:01:7e:68:
         86:82:67:fc:33:5a:ec:c7:8e:c1:44:a3:a3:5e:56:7d:43:fc:
         f6:84:83:22:ca:dc:37:86:e9:f4:f2:e0:82:64:a3:4a:0b:2a:
         63:46:fb:4b:0a:45:6f:5b:d1:b7:74:ad:a6:55:a5:41:00:1a:
         de:ef:3e:0e:64:ce:66:aa:9a:b3:69:56:c8:19:0b:d0:ed:1b:
         59:54:f0:09:52:0e:7f:e8:f6:ea:6a:bb:0f:24:b3:de:09:88:
         55:b4:83:17:8d:e1:da:8a:54:45:d6:b2:15:d9:55:9a:fd:38:
         39:90:4d:0e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIh117QyhwRIZFXLIwenUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNjlmYzYxMjhiZTU5MTQwMWFjZjgyYmMyNDYxYWY2MzZl
YmU4ZTYwHhcNMjUwMTAyMDM0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTIyMTIyZGM0ZWRiMzM4ZGVlNTc1NDhmNTVkNDBlNTRiNzNjZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7sfk+sV3Qh1wJqvw6IQcFSlIF4qf
6nHwwg/UQvlAIbNmEK71B6PcnAIGIpks2nWVHFb7TFTLJqqOIyXFdDydoi98WNrb
QDCwC3My62+fwOfJ3MdjtNi1zHMnehT3JQl8gMfkZtAxqccOuk0RHyG8adVEsshQ
CMWs7fFXQUIwLZrQgvAIeHCOPlL3eIIlmteZaR2xJ8i3ocZ6Rv1FIFTKpiSZgcRs
qnO4fOp+8tqVyNthYp5YgGI3X8d16ePgHAb2g1TVxIZS6lr33cE3uSwIs0BmY7Od
lcbe6OIZVTFT3wDqAFl2JZMu3du/5Cg4als51QRy/Npe0S6mPsoB9yqtFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH4iEi3E7bM43uV1SPVdQOVLc83mMB8GA1UdIwQY
MBaAFItp/GEovlkUAaz4K8JGGvY26+jmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTJuOFlTaS1XUlFCclBncndrWWE5amJyNk9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8wYWE2ZTYtMzA1NC00ODg4LTg2NWUt
MjY1ZjJiZDBmOGYzLzEvZmlJU0xjVHRzemplNVhWSTlWMUE1VXR6emVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8wYWE2ZTYtMzA1NC00ODg4LTg2NWUtMjY1ZjJiZDBmOGYz
LzEvaTJuOFlTaS1XUlFCclBncndrWWE5amJyNk9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIMUA24
MA0GCSqGSIb3DQEBCwUAA4IBAQACn5AX8BIZ3nYhRHMhQ+P8DPjtS8kuA9kyOGlj
EIriaZ+qv50Kmz6BYZNwv5rDBKZmgZs/xSMYKcfuPskeo+h518Vjfb2BuJ5cUZST
fIIIZ4j2U9n0v34ruLOwKof2PA9p7gjaCfiHHcpvRcuGxxtnpkcq39P5ZLlfW2Yr
nf+CWyX1Zvs2aIvYTUxpPzwBfmiGgmf8M1rsx47BRKOjXlZ9Q/z2hIMiytw3hun0
8uCCZKNKCypjRvtLCkVvW9G3dK2mVaVBABre7z4OZM5mqpqzaVbIGQvQ7RtZVPAJ
Ug5/6PbqarsPJLPeCYhVtIMXjeHailRF1rIV2VWa/Tg5kE0O
-----END CERTIFICATE-----