Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/Phfb_gnhQv7aqXoov8JmsWGw0EY.roa
File:                     Phfb_gnhQv7aqXoov8JmsWGw0EY.roa (raw, json)
Hash identifier:          U1Pxa1/MZcW8goQMz7uquhFJGWgsb2RIb59/F1UwU4s=
Subject key identifier:   3E:17:DB:FE:09:E1:42:FE:DA:A9:7A:28:BF:C2:66:B1:61:B0:D0:46
Certificate issuer:       /CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
Certificate serial:       019478B48F184C18003ACA83C0E3D987A5E7
Authority key identifier: 69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/Phfb_gnhQv7aqXoov8JmsWGw0EY.roa
Signing time:             Sat 18 Jan 2025 09:18:06 +0000
ROA not before:           Sat 18 Jan 2025 09:18:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203062
IP address blocks:        2a01:e281:b400::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:55:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:78:b4:8f:18:4c:18:00:3a:ca:83:c0:e3:d9:87:a5:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
        Validity
            Not Before: Jan 18 09:18:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e17dbfe09e142fedaa97a28bfc266b161b0d046
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:c8:81:83:28:f2:88:cb:75:b5:ea:72:80:fd:
                    09:d0:09:ef:66:60:40:d8:a2:fc:0f:9d:a0:9c:57:
                    02:de:46:f7:a8:2e:15:ca:10:56:f4:d8:e4:cf:0d:
                    1e:72:0b:ad:b8:af:30:85:87:d7:5d:ae:11:8e:7d:
                    16:14:5c:7b:9b:ae:73:c8:f9:2c:5e:1d:6e:0d:19:
                    66:23:52:ed:b5:45:d0:ce:4d:c5:33:57:e2:5e:68:
                    1e:86:9f:78:aa:b6:1e:40:c5:11:cf:9a:ea:81:65:
                    0d:fe:db:cc:3b:c8:a9:65:64:4c:7c:44:be:46:37:
                    cb:c3:51:64:4a:80:c0:54:16:cb:95:15:bc:98:eb:
                    cc:d0:45:8b:cc:2b:cf:f2:5a:a8:ee:e0:11:4a:11:
                    72:ba:5f:32:11:dd:ef:de:87:1d:e9:fb:79:3b:55:
                    b1:f8:b5:83:d2:a6:a2:5b:11:9d:ff:d6:74:a4:c6:
                    f4:69:ae:d2:2e:e2:4b:ec:08:8f:43:06:9a:33:da:
                    17:45:80:f3:2b:e0:eb:8b:86:14:ff:68:b7:72:ac:
                    72:99:fb:17:b8:1f:2c:1e:69:08:40:e7:02:a2:6c:
                    ec:24:70:7e:12:f1:ff:1c:39:20:fe:ad:64:bd:5d:
                    1e:84:d5:7c:4b:86:07:84:94:bf:2e:f1:5e:51:86:
                    a8:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:17:DB:FE:09:E1:42:FE:DA:A9:7A:28:BF:C2:66:B1:61:B0:D0:46
            X509v3 Authority Key Identifier:
                keyid:69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/Phfb_gnhQv7aqXoov8JmsWGw0EY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e281:b400::/40

    Signature Algorithm: sha256WithRSAEncryption
         84:a3:8f:82:3c:0a:ff:bf:bb:a4:70:21:2d:f6:26:fb:27:a3:
         ef:4b:00:9f:3f:06:6e:07:22:1f:ab:62:dd:ff:4b:5a:3b:bd:
         fa:fd:12:ba:82:48:9c:10:cf:fd:a6:b0:b3:79:e2:10:d6:09:
         a0:f9:27:3e:f0:9f:9b:54:78:27:ca:a4:df:b4:ba:20:91:b0:
         86:0e:3b:81:3e:23:cd:1b:de:b5:d9:15:95:ac:d1:f4:84:3f:
         01:67:30:d7:27:27:cb:c6:58:f5:88:67:ae:8b:23:e1:5c:9e:
         78:2a:a8:8b:d0:ad:8b:b4:00:1c:34:2d:0f:3a:c0:56:b1:31:
         58:1c:30:0d:9e:0c:b8:ca:5b:ad:aa:e7:b4:5a:e3:b7:37:43:
         89:6c:ef:aa:f4:5c:95:bd:55:8b:4d:fc:b2:56:46:19:5d:d3:
         fc:a6:81:e6:83:9d:f4:53:9b:3d:7c:6e:06:c9:9d:30:f8:5e:
         9f:60:39:44:e8:e3:22:24:40:f6:87:ff:5a:37:d6:01:f0:82:
         8c:e9:34:78:51:42:17:b3:11:29:41:f7:61:e5:ae:93:96:2b:
         92:27:2c:cc:9f:ff:eb:c9:3f:cf:b2:b7:a4:fe:86:65:8c:38:
         e5:40:c6:ce:8b:db:71:d7:a0:59:85:39:b2:0b:0a:b9:27:14:
         21:9a:7a:4f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZR4tI8YTBgAOsqDwOPZh6XnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZGJlMWU3ZDllODdkNjg3MDFhNDAzNWE3NmM1MWJmZWNk
ODhkODEwHhcNMjUwMTE4MDkxODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTE3ZGJmZTA5ZTE0MmZlZGFhOTdhMjhiZmMyNjZiMTYxYjBkMDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA18iBgyjyiMt1tepygP0J0AnvZmBA
2KL8D52gnFcC3kb3qC4VyhBW9Njkzw0ecgutuK8whYfXXa4Rjn0WFFx7m65zyPks
Xh1uDRlmI1LttUXQzk3FM1fiXmgehp94qrYeQMURz5rqgWUN/tvMO8ipZWRMfES+
RjfLw1FkSoDAVBbLlRW8mOvM0EWLzCvP8lqo7uARShFyul8yEd3v3ocd6ft5O1Wx
+LWD0qaiWxGd/9Z0pMb0aa7SLuJL7AiPQwaaM9oXRYDzK+Dri4YU/2i3cqxymfsX
uB8sHmkIQOcComzsJHB+EvH/HDkg/q1kvV0ehNV8S4YHhJS/LvFeUYao0QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFD4X2/4J4UL+2ql6KL/CZrFhsNBGMB8GA1UdIwQY
MBaAFGnb4efZ6H1ocBpANadsUb/s2I2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWIt
OGQ5NDU1M2I3NWUxLzEvUGhmYl9nbmhRdjdhcVhvb3Y4Sm1zV0d3MEVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWItOGQ5NDU1M2I3NWUx
LzEvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgHigbQw
DQYJKoZIhvcNAQELBQADggEBAISjj4I8Cv+/u6RwIS32Jvsno+9LAJ8/Bm4HIh+r
Yt3/S1o7vfr9ErqCSJwQz/2msLN54hDWCaD5Jz7wn5tUeCfKpN+0uiCRsIYOO4E+
I80b3rXZFZWs0fSEPwFnMNcnJ8vGWPWIZ66LI+FcnngqqIvQrYu0ABw0LQ86wFax
MVgcMA2eDLjKW62q57Ra47c3Q4ls76r0XJW9VYtN/LJWRhld0/ymgeaDnfRTmz18
bgbJnTD4Xp9gOUTo4yIkQPaH/1o31gHwgozpNHhRQhezESlB92HlrpOWK5InLMyf
/+vJP8+yt6T+hmWMOOVAxs6L23HXoFmFObILCrknFCGaek8=
-----END CERTIFICATE-----