Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/Vy_8OYOh1TkU0Trz5L0_pUaLaDQ.roa
File:                     Vy_8OYOh1TkU0Trz5L0_pUaLaDQ.roa (raw, json)
Hash identifier:          45fnTuIrYPX+ZgzLb3UCCORtFF74in0AsBskP4DlDf0=
Subject key identifier:   57:2F:FC:39:83:A1:D5:39:14:D1:3A:F3:E4:BD:3F:A5:46:8B:68:34
Certificate issuer:       /CN=fbac50f19d9930aeec09cd27f508fc502ea14d1f
Certificate serial:       019422FAF6B2794CDCB46DE74D7673A1D869
Authority key identifier: FB:AC:50:F1:9D:99:30:AE:EC:09:CD:27:F5:08:FC:50:2E:A1:4D:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/Vy_8OYOh1TkU0Trz5L0_pUaLaDQ.roa
Signing time:             Wed 01 Jan 2025 17:47:40 +0000
ROA not before:           Wed 01 Jan 2025 17:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203279
IP address blocks:        2a0a:4540:101::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fa:f6:b2:79:4c:dc:b4:6d:e7:4d:76:73:a1:d8:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbac50f19d9930aeec09cd27f508fc502ea14d1f
        Validity
            Not Before: Jan  1 17:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=572ffc3983a1d53914d13af3e4bd3fa5468b6834
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a7:09:49:3e:ec:d0:20:c0:0c:e7:f8:23:f4:
                    de:09:d7:33:dc:04:ba:89:18:2c:70:17:3e:81:85:
                    f2:7d:93:8c:56:51:eb:d2:97:f9:b7:02:2c:35:4c:
                    60:d2:2f:eb:85:1c:08:aa:78:3b:85:34:35:08:b4:
                    8d:98:a5:06:92:6b:49:87:36:dd:7d:d5:6d:b1:dc:
                    46:ba:f0:6e:70:28:75:40:de:b1:39:6c:89:9d:15:
                    1e:19:99:77:8c:13:f6:83:9e:75:91:bf:9e:32:bc:
                    c4:46:fb:a2:f5:cd:35:40:21:f4:e6:22:4c:44:51:
                    e1:67:be:f8:2d:8f:e1:6e:2e:12:67:b5:7f:df:1a:
                    7c:81:4f:d5:86:92:91:2d:92:e9:13:62:ed:80:35:
                    69:9c:a8:65:88:d6:c9:74:41:9a:40:e0:72:ba:bd:
                    c1:4d:41:d0:a7:c3:50:52:9d:f0:97:ba:87:a1:37:
                    13:57:6f:17:45:41:16:38:6c:fe:9e:b1:f7:ee:b9:
                    1d:39:3f:51:c1:20:7e:fc:48:4e:f8:04:75:b5:e7:
                    01:46:02:3c:51:09:46:36:d1:aa:56:cc:c0:74:30:
                    99:8b:a0:85:bb:fc:55:f5:d5:62:aa:76:72:22:3d:
                    18:68:7d:44:0b:fe:ab:8c:5b:19:63:b5:9d:23:4d:
                    52:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:2F:FC:39:83:A1:D5:39:14:D1:3A:F3:E4:BD:3F:A5:46:8B:68:34
            X509v3 Authority Key Identifier:
                keyid:FB:AC:50:F1:9D:99:30:AE:EC:09:CD:27:F5:08:FC:50:2E:A1:4D:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/Vy_8OYOh1TkU0Trz5L0_pUaLaDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4540:101::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:7a:5f:4f:d3:09:a4:75:e7:51:04:00:86:7c:ca:ee:cb:96:
         95:87:28:56:e1:2a:a5:f1:2d:e2:d9:1f:df:e9:05:91:84:31:
         a8:77:d1:06:87:1a:ed:89:89:0f:c2:7f:2e:69:e8:33:b5:23:
         39:c8:29:ab:70:5e:3a:15:e0:c1:ba:4b:a9:cb:90:cb:00:ca:
         77:73:6d:11:14:5f:28:95:01:d8:b5:31:01:9e:a5:bc:b2:81:
         5f:58:5a:3f:30:fd:2c:3f:ce:7a:27:05:32:39:e9:51:23:49:
         bd:3a:aa:68:61:fc:fa:3f:0e:8f:9b:22:93:f5:fb:43:08:81:
         f7:47:08:fe:ac:81:b0:d1:f1:e9:44:db:c0:b8:81:19:8f:e1:
         ed:ac:e2:19:c8:5f:fa:2b:ae:82:48:0c:69:37:3f:6f:5d:8c:
         fb:d6:a7:7f:87:21:77:ae:cb:0d:88:a2:b2:cc:db:e7:32:e7:
         a5:fa:32:79:e6:72:1f:8c:f3:5e:ff:6e:26:36:f1:43:30:57:
         a8:fd:1f:e3:5e:77:34:09:38:ab:1b:b0:b5:d7:16:b2:18:71:
         cd:f7:f6:80:6f:ae:ad:b9:0a:01:d9:10:73:ef:b7:41:f1:bf:
         6d:52:72:8e:15:b1:ea:c0:2d:58:10:a2:6f:93:d7:cc:bb:70:
         95:cd:70:ae
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZQi+vayeUzctG3nTXZzodhpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYWM1MGYxOWQ5OTMwYWVlYzA5Y2QyN2Y1MDhmYzUwMmVh
MTRkMWYwHhcNMjUwMTAxMTc0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzJmZmMzOTgzYTFkNTM5MTRkMTNhZjNlNGJkM2ZhNTQ2OGI2ODM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqcJST7s0CDADOf4I/TeCdcz3AS6
iRgscBc+gYXyfZOMVlHr0pf5twIsNUxg0i/rhRwIqng7hTQ1CLSNmKUGkmtJhzbd
fdVtsdxGuvBucCh1QN6xOWyJnRUeGZl3jBP2g551kb+eMrzERvui9c01QCH05iJM
RFHhZ774LY/hbi4SZ7V/3xp8gU/VhpKRLZLpE2LtgDVpnKhliNbJdEGaQOByur3B
TUHQp8NQUp3wl7qHoTcTV28XRUEWOGz+nrH37rkdOT9RwSB+/EhO+AR1tecBRgI8
UQlGNtGqVszAdDCZi6CFu/xV9dViqnZyIj0YaH1EC/6rjFsZY7WdI01S4wIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFFcv/DmDodU5FNE68+S9P6VGi2g0MB8GA1UdIwQY
MBaAFPusUPGdmTCu7AnNJ/UI/FAuoU0fMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS02eFE4WjJaTUs3c0NjMG45UWo4VUM2aFRSOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvOGZjMDlkLTdkMjUtNDI1Yy04Yjkx
LWQ2MmU0NTRiZjM3Zi8xL1Z5XzhPWU9oMVRrVTBUcno1TDBfcFVhTGFEUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvOGZjMDlkLTdkMjUtNDI1Yy04YjkxLWQ2MmU0NTRiZjM3
Zi8xLzEtNnhROFoyWk1LN3NDYzBuOVFqOFVDNmhUUjguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqCkVA
AQEwDQYJKoZIhvcNAQELBQADggEBAC16X0/TCaR151EEAIZ8yu7LlpWHKFbhKqXx
LeLZH9/pBZGEMah30QaHGu2JiQ/Cfy5p6DO1IznIKatwXjoV4MG6S6nLkMsAyndz
bREUXyiVAdi1MQGepbyygV9YWj8w/Sw/znonBTI56VEjSb06qmhh/Po/Do+bIpP1
+0MIgfdHCP6sgbDR8elE28C4gRmP4e2s4hnIX/orroJIDGk3P29djPvWp3+HIXeu
yw2IorLM2+cy56X6Mnnmch+M817/biY28UMwV6j9H+NedzQJOKsbsLXXFrIYcc33
9oBvrq25CgHZEHPvt0Hxv21Sco4VserALVgQom+T18y7cJXNcK4=
-----END CERTIFICATE-----