Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/rPef_fSf30lKUIt0FiquYhoXATY.roa
File:                     rPef_fSf30lKUIt0FiquYhoXATY.roa (raw, json)
Hash identifier:          Z0VOnnMDQ8rVUNalJ6zJanV6z7u+O1OwYpukhKJNqvw=
Subject key identifier:   AC:F7:9F:FD:F4:9F:DF:49:4A:50:8B:74:16:2A:AE:62:1A:17:01:36
Certificate issuer:       /CN=f1b8bbb1e186a599d4cc058cabf4df0e252f31fa
Certificate serial:       019425FDA175CAA93AF19F9ECF0C15CF7B4F
Authority key identifier: F1:B8:BB:B1:E1:86:A5:99:D4:CC:05:8C:AB:F4:DF:0E:25:2F:31:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/rPef_fSf30lKUIt0FiquYhoXATY.roa
Signing time:             Thu 02 Jan 2025 07:49:26 +0000
ROA not before:           Thu 02 Jan 2025 07:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64439
IP address blocks:        2a0b:b200::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/8bi7seGGpZnUzAWMq_TfDiUvMfo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/8bi7seGGpZnUzAWMq_TfDiUvMfo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:a1:75:ca:a9:3a:f1:9f:9e:cf:0c:15:cf:7b:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1b8bbb1e186a599d4cc058cabf4df0e252f31fa
        Validity
            Not Before: Jan  2 07:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=acf79ffdf49fdf494a508b74162aae621a170136
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:c3:d1:62:2a:ee:ec:12:2d:36:3d:9d:bd:0a:
                    b6:6c:92:3e:ba:c0:e5:ba:34:1b:3b:07:e8:68:0c:
                    5f:84:74:27:2b:92:6e:96:4f:a2:58:f4:d5:08:d8:
                    c8:7a:66:83:d4:82:52:59:7c:8d:fc:84:12:fc:db:
                    8c:0c:d9:a2:59:e0:09:c1:4c:0b:4a:db:06:77:d3:
                    a5:b1:7e:13:c0:03:e5:82:c2:8b:8e:5b:d9:ff:e6:
                    56:34:68:af:1d:03:e8:5c:fa:ea:bd:07:01:d7:fd:
                    8e:08:ed:26:6a:85:6d:77:7d:7e:f2:3f:71:57:03:
                    d0:99:2c:0c:ee:e0:15:1e:8b:74:d4:4f:c8:a2:57:
                    c8:07:04:1f:7b:03:dd:4b:f6:22:23:8e:0a:51:fd:
                    ea:05:0b:3a:89:af:f9:a1:92:7b:e9:ad:0c:0a:09:
                    62:24:02:b1:e4:32:0b:39:68:6d:5b:6d:91:36:0a:
                    c8:c9:c3:d6:f0:64:3a:3d:9a:55:d4:64:79:3c:5e:
                    77:b0:d4:cf:b2:ab:e1:9f:93:f3:46:23:3a:7f:59:
                    6b:e3:b2:5a:f4:61:39:8e:e8:89:4f:ba:87:ce:c9:
                    c8:8b:0c:89:5d:63:b8:5e:8d:39:d8:e6:35:b2:4c:
                    66:1d:55:4d:95:1e:ab:a0:3b:0a:36:84:22:43:cc:
                    4a:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:F7:9F:FD:F4:9F:DF:49:4A:50:8B:74:16:2A:AE:62:1A:17:01:36
            X509v3 Authority Key Identifier:
                keyid:F1:B8:BB:B1:E1:86:A5:99:D4:CC:05:8C:AB:F4:DF:0E:25:2F:31:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/rPef_fSf30lKUIt0FiquYhoXATY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/8bi7seGGpZnUzAWMq_TfDiUvMfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b200::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:70:c2:d0:69:f2:6e:09:65:75:79:69:3f:64:6a:af:f9:e6:
         d1:52:ac:f7:78:2a:2e:4d:4d:af:6e:fe:d8:26:67:c2:2f:24:
         31:5b:a5:87:4c:e2:a7:52:6b:b1:14:83:34:b5:f9:37:ba:fc:
         9a:c2:a5:81:5c:32:d4:d2:2a:2c:94:8d:e4:73:05:53:64:42:
         15:64:e0:8a:28:5c:45:e5:a8:08:6f:db:34:2c:9d:64:ee:8d:
         15:08:f7:99:f5:95:cd:2a:58:5e:f0:66:9d:2f:cd:ab:cb:b8:
         62:31:1f:77:a1:bd:b4:77:26:c3:73:76:0d:db:2a:4b:d2:11:
         4e:7e:c2:49:f8:82:26:54:6c:92:2f:e3:13:2b:63:ec:3a:f6:
         da:e6:1e:d4:1d:60:6e:7f:45:df:72:2c:ea:a8:a7:6d:20:25:
         f9:09:b0:72:6e:de:5c:25:94:11:b9:25:d9:93:1d:40:cb:a4:
         5c:15:33:df:44:c7:b9:34:40:1d:51:c0:95:c2:17:dd:a0:5f:
         3a:e1:84:6b:85:92:52:15:9f:6e:1f:a4:0c:25:15:35:99:40:
         0c:9f:f3:92:f0:f2:03:cb:6d:16:dc:ef:12:52:23:93:88:9d:
         62:dd:46:91:5d:d9:6f:2d:a8:ea:eb:70:c2:de:cb:13:d0:36:
         80:62:0e:b8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQl/aF1yqk68Z+ezwwVz3tPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxYjhiYmIxZTE4NmE1OTlkNGNjMDU4Y2FiZjRkZjBlMjUy
ZjMxZmEwHhcNMjUwMTAyMDc0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2Y3OWZmZGY0OWZkZjQ5NGE1MDhiNzQxNjJhYWU2MjFhMTcwMTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3cPRYiru7BItNj2dvQq2bJI+usDl
ujQbOwfoaAxfhHQnK5Julk+iWPTVCNjIemaD1IJSWXyN/IQS/NuMDNmiWeAJwUwL
StsGd9OlsX4TwAPlgsKLjlvZ/+ZWNGivHQPoXPrqvQcB1/2OCO0maoVtd31+8j9x
VwPQmSwM7uAVHot01E/IolfIBwQfewPdS/YiI44KUf3qBQs6ia/5oZJ76a0MCgli
JAKx5DILOWhtW22RNgrIycPW8GQ6PZpV1GR5PF53sNTPsqvhn5PzRiM6f1lr47Ja
9GE5juiJT7qHzsnIiwyJXWO4Xo052OY1skxmHVVNlR6roDsKNoQiQ8xKOQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKz3n/30n99JSlCLdBYqrmIaFwE2MB8GA1UdIwQY
MBaAFPG4u7HhhqWZ1MwFjKv03w4lLzH6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGJpN3NlR0dwWm5VekFXTXFfVGZEaVV2TWZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8zMjFlYTYtZWZmNy00NTE0LWFiMmQt
NWI0Yjg1ZmQ1YWU1LzEvclBlZl9mU2YzMGxLVUl0MEZpcXVZaG9YQVRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8zMjFlYTYtZWZmNy00NTE0LWFiMmQtNWI0Yjg1ZmQ1YWU1
LzEvOGJpN3NlR0dwWm5VekFXTXFfVGZEaVV2TWZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKguyADAN
BgkqhkiG9w0BAQsFAAOCAQEAUXDC0GnybglldXlpP2Rqr/nm0VKs93gqLk1Nr27+
2CZnwi8kMVulh0zip1JrsRSDNLX5N7r8msKlgVwy1NIqLJSN5HMFU2RCFWTgiihc
ReWoCG/bNCydZO6NFQj3mfWVzSpYXvBmnS/Nq8u4YjEfd6G9tHcmw3N2DdsqS9IR
Tn7CSfiCJlRski/jEytj7Dr22uYe1B1gbn9F33Is6qinbSAl+Qmwcm7eXCWUEbkl
2ZMdQMukXBUz30THuTRAHVHAlcIX3aBfOuGEa4WSUhWfbh+kDCUVNZlADJ/zkvDy
A8ttFtzvElIjk4idYt1GkV3Zby2o6utwwt7LE9A2gGIOuA==
-----END CERTIFICATE-----