Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/RK_-KObVrFqMwWpz_LD5ef7FHWs.roa
File:                     RK_-KObVrFqMwWpz_LD5ef7FHWs.roa (raw, json)
Hash identifier:          bmPHbTt3nDXj4QFRJ1Kncj6MxmTt6z/dMwbg+mB+vFw=
Subject key identifier:   44:AF:FE:28:E6:D5:AC:5A:8C:C1:6A:73:FC:B0:F9:79:FE:C5:1D:6B
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       019422FB7606D5698FDC167F1BE49CB74B2F
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/RK_-KObVrFqMwWpz_LD5ef7FHWs.roa
Signing time:             Wed 01 Jan 2025 17:48:12 +0000
ROA not before:           Wed 01 Jan 2025 17:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57271
IP address blocks:        2a01:48a0:4001::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:76:06:d5:69:8f:dc:16:7f:1b:e4:9c:b7:4b:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Jan  1 17:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44affe28e6d5ac5a8cc16a73fcb0f979fec51d6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:8f:a6:2b:44:b4:be:50:8f:52:f4:43:9e:3e:
                    f9:fe:d4:5c:2b:23:00:05:5c:ba:eb:40:1d:8e:9a:
                    8a:60:2c:d4:2d:20:20:0e:a7:27:ff:1d:35:c9:91:
                    39:29:cf:81:c0:99:ff:7f:c9:58:f5:65:9f:6c:0d:
                    31:8c:26:fe:c4:38:a2:e4:83:89:03:0c:2b:b7:62:
                    56:49:f9:02:1d:f8:60:02:fb:7f:9e:d9:5a:2e:cb:
                    e3:1b:f2:43:aa:5b:84:8a:bc:3a:e0:10:f2:dc:9e:
                    d0:c7:f1:7e:d8:0c:7b:20:4e:3a:d4:ab:03:3e:11:
                    05:dd:21:6f:a6:af:a1:e3:dc:31:04:75:f4:f0:f8:
                    5b:ce:cd:57:3c:7e:d4:ed:a4:ce:f8:b0:c8:d8:d5:
                    34:1f:0a:cb:20:f9:01:a0:23:ed:bc:73:bd:41:9f:
                    1c:ef:7e:77:59:4f:c9:ce:1f:4e:f1:5c:85:80:ef:
                    c4:45:9d:09:56:4c:08:98:e8:2d:ec:f8:03:b2:97:
                    6b:3e:c6:14:20:29:a1:ec:28:ec:25:e5:9e:8c:b3:
                    40:d9:38:b9:8a:17:4f:17:72:5d:da:03:8e:ee:20:
                    f5:f8:e6:88:d6:78:5f:14:4f:db:38:77:8d:ea:d0:
                    55:04:06:4c:a6:5d:b6:77:b0:e9:62:9e:4f:97:fc:
                    e7:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:AF:FE:28:E6:D5:AC:5A:8C:C1:6A:73:FC:B0:F9:79:FE:C5:1D:6B
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/RK_-KObVrFqMwWpz_LD5ef7FHWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:48a0:4001::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:56:91:cd:7c:0d:8c:db:6b:4c:f5:92:40:1b:2a:6f:54:a9:
         1a:ce:c7:1e:d7:2e:a9:da:ff:c8:e3:ea:e6:7b:fe:5b:b9:6f:
         12:c6:23:fd:da:ea:03:4a:3a:ec:04:57:bd:d5:de:28:19:d2:
         73:4e:c6:9c:6d:8f:db:03:7c:e8:8a:3c:1f:38:6f:cf:f8:df:
         fe:46:8a:44:60:e0:81:70:d4:f0:63:de:73:82:94:14:ab:1a:
         1c:ff:52:ae:45:0e:2a:c5:25:ae:b0:17:d6:37:a6:0b:ff:9b:
         c9:e6:c5:e4:99:b0:92:29:59:63:fe:b5:d9:a6:c3:29:cc:62:
         2b:d0:aa:22:99:58:67:03:c4:86:9b:3f:a9:ad:72:e9:e7:ad:
         70:8f:3d:32:86:02:61:d6:f4:c4:86:df:88:45:41:37:71:04:
         08:e8:91:2b:02:d3:52:3d:86:2b:be:bc:90:1d:1f:1d:e7:4c:
         66:61:28:7f:dd:9d:aa:b2:07:f3:32:93:fe:8a:66:db:20:ab:
         a6:c7:b3:b5:88:68:6b:57:2d:9a:64:5f:c0:81:15:99:3e:b7:
         78:02:32:bc:84:12:e8:0e:a6:b2:02:b1:9f:89:01:5d:50:03:
         ce:b4:f4:e3:af:5c:36:27:1b:96:8a:5e:af:48:e4:db:9e:8b:
         dd:db:30:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi+3YG1WmP3BZ/G+Sct0svMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjUwMTAxMTc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGFmZmUyOGU2ZDVhYzVhOGNjMTZhNzNmY2IwZjk3OWZlYzUxZDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14+mK0S0vlCPUvRDnj75/tRcKyMA
BVy660AdjpqKYCzULSAgDqcn/x01yZE5Kc+BwJn/f8lY9WWfbA0xjCb+xDii5IOJ
Awwrt2JWSfkCHfhgAvt/ntlaLsvjG/JDqluEirw64BDy3J7Qx/F+2Ax7IE461KsD
PhEF3SFvpq+h49wxBHX08Phbzs1XPH7U7aTO+LDI2NU0HwrLIPkBoCPtvHO9QZ8c
7353WU/Jzh9O8VyFgO/ERZ0JVkwImOgt7PgDspdrPsYUICmh7CjsJeWejLNA2Ti5
ihdPF3Jd2gOO7iD1+OaI1nhfFE/bOHeN6tBVBAZMpl22d7DpYp5Pl/znxQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFESv/ijm1axajMFqc/yw+Xn+xR1rMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvUktfLUtPYlZyRnFNd1dwel9MRDVlZjdGSFdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgFIoEAB
MA0GCSqGSIb3DQEBCwUAA4IBAQAMVpHNfA2M22tM9ZJAGypvVKkazsce1y6p2v/I
4+rme/5buW8SxiP92uoDSjrsBFe91d4oGdJzTsacbY/bA3zoijwfOG/P+N/+RopE
YOCBcNTwY95zgpQUqxoc/1KuRQ4qxSWusBfWN6YL/5vJ5sXkmbCSKVlj/rXZpsMp
zGIr0KoimVhnA8SGmz+prXLp561wjz0yhgJh1vTEht+IRUE3cQQI6JErAtNSPYYr
vryQHR8d50xmYSh/3Z2qsgfzMpP+imbbIKumx7O1iGhrVy2aZF/AgRWZPrd4AjK8
hBLoDqayArGfiQFdUAPOtPTjr1w2JxuWil6vSOTbnovd2zB7
-----END CERTIFICATE-----