Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/162560-b4c5-4f0d-9c06-18bdf8847418/1/AXFMAuQFiImdG2wTbjh2NfyFUIs.roa
File:                     AXFMAuQFiImdG2wTbjh2NfyFUIs.roa (raw, json)
Hash identifier:          kda6Uef68murp0/KoNVqOJMqb+aSnitbRVah/zHfpzY=
Subject key identifier:   01:71:4C:02:E4:05:88:89:9D:1B:6C:13:6E:38:76:35:FC:85:50:8B
Certificate issuer:       /CN=f674f0c8d16cbb510bba1fe3ac4685eee356f8e7
Certificate serial:       018ED1789E8E29712AFE85E2CFC9FAC551BD
Authority key identifier: F6:74:F0:C8:D1:6C:BB:51:0B:BA:1F:E3:AC:46:85:EE:E3:56:F8:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9nTwyNFsu1ELuh_jrEaF7uNW-Oc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/162560-b4c5-4f0d-9c06-18bdf8847418/1/AXFMAuQFiImdG2wTbjh2NfyFUIs.roa
Signing time:             Fri 12 Apr 2024 08:42:06 +0000
ROA not before:           Fri 12 Apr 2024 08:42:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215667
IP address blocks:        2a05:fd00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/162560-b4c5-4f0d-9c06-18bdf8847418/1/9nTwyNFsu1ELuh_jrEaF7uNW-Oc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/162560-b4c5-4f0d-9c06-18bdf8847418/1/9nTwyNFsu1ELuh_jrEaF7uNW-Oc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9nTwyNFsu1ELuh_jrEaF7uNW-Oc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d1:78:9e:8e:29:71:2a:fe:85:e2:cf:c9:fa:c5:51:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f674f0c8d16cbb510bba1fe3ac4685eee356f8e7
        Validity
            Not Before: Apr 12 08:42:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01714c02e40588899d1b6c136e387635fc85508b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:bb:1a:68:08:b8:15:bf:58:a6:c6:c0:09:3c:
                    05:08:a4:29:22:e0:0e:ee:6c:6b:36:3f:b8:10:2f:
                    77:6f:9d:86:d9:75:48:43:ab:48:e5:c9:2d:f3:59:
                    7e:63:9a:45:76:d0:8c:75:6d:c3:db:fd:12:59:97:
                    74:53:e6:29:38:b7:39:d2:8c:9e:d3:56:72:85:9d:
                    7f:9e:e7:b3:cc:2e:b9:37:31:ee:7b:8d:6d:bc:bd:
                    5c:6a:74:1a:a2:69:8b:62:75:77:3e:be:61:a5:61:
                    98:7c:17:b2:36:a8:5f:d9:5c:17:9e:9f:42:8a:a8:
                    31:a9:e2:3b:03:eb:f8:30:0d:c5:b1:31:84:61:ce:
                    16:9f:6a:7a:79:c1:96:d2:0a:39:3e:a8:70:3b:c9:
                    4a:1f:6b:de:68:f9:09:7b:4e:33:09:ad:88:d3:3b:
                    96:07:b1:ec:15:2e:b6:ae:41:a0:bc:47:ff:1d:24:
                    40:c4:7c:30:f8:8b:f4:cb:fe:bf:c9:b7:7a:48:fc:
                    c3:a3:ae:fb:e4:73:b4:1a:b5:86:13:1c:76:4c:be:
                    1c:59:63:46:71:ec:7b:9e:b1:d3:c8:24:5c:3e:ed:
                    9c:89:03:d3:fc:78:63:af:92:1a:cc:3f:7c:87:eb:
                    31:76:03:87:d3:f0:81:d2:4b:1c:21:b8:67:1f:48:
                    2c:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:71:4C:02:E4:05:88:89:9D:1B:6C:13:6E:38:76:35:FC:85:50:8B
            X509v3 Authority Key Identifier:
                keyid:F6:74:F0:C8:D1:6C:BB:51:0B:BA:1F:E3:AC:46:85:EE:E3:56:F8:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9nTwyNFsu1ELuh_jrEaF7uNW-Oc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/162560-b4c5-4f0d-9c06-18bdf8847418/1/AXFMAuQFiImdG2wTbjh2NfyFUIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/162560-b4c5-4f0d-9c06-18bdf8847418/1/9nTwyNFsu1ELuh_jrEaF7uNW-Oc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:fd00::/29

    Signature Algorithm: sha256WithRSAEncryption
         66:3f:0f:02:ce:69:0d:84:71:fc:25:60:46:63:89:9a:c6:0b:
         6f:b5:45:24:92:7d:f4:3a:cd:d4:22:7b:24:60:eb:e4:d0:04:
         4d:36:1b:cb:dd:31:4b:2b:e5:33:3c:00:d8:1b:94:1b:64:e5:
         0d:d1:69:8b:df:37:4b:8f:a6:3c:f0:f8:53:c8:5f:c2:81:50:
         11:f7:ef:eb:ef:c7:ab:17:ba:fc:41:7d:f4:b6:e0:de:f0:7b:
         9c:9a:b5:3e:8e:36:95:aa:14:4e:3a:b4:23:96:e1:11:f1:08:
         2b:17:d7:e8:26:80:99:37:dc:3d:5d:64:89:b9:d3:ee:a6:18:
         10:bf:d8:05:37:80:9d:74:de:3d:a8:48:46:6c:d3:32:f5:dd:
         7b:08:7e:28:21:0f:0a:10:a6:1e:ff:11:96:fc:2f:53:cb:23:
         d2:32:27:6c:52:26:62:8e:4e:85:bb:aa:4c:58:c9:0b:1d:6a:
         3e:83:8d:5c:36:06:c3:60:06:76:12:06:4e:1e:95:1c:82:52:
         1a:91:9f:a4:7b:72:8a:30:db:ca:41:ca:e2:a2:0b:50:7c:6e:
         62:ce:aa:26:5e:93:55:a5:3d:d2:b6:85:1f:43:74:42:5c:f9:
         c5:45:ae:f7:2e:5b:96:d1:23:a6:b1:87:f0:60:bb:ad:3a:ef:
         53:44:9b:07
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY7ReJ6OKXEq/oXiz8n6xVG9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2NzRmMGM4ZDE2Y2JiNTEwYmJhMWZlM2FjNDY4NWVlZTM1
NmY4ZTcwHhcNMjQwNDEyMDg0MjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTcxNGMwMmU0MDU4ODg5OWQxYjZjMTM2ZTM4NzYzNWZjODU1MDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7saaAi4Fb9YpsbACTwFCKQpIuAO
7mxrNj+4EC93b52G2XVIQ6tI5ckt81l+Y5pFdtCMdW3D2/0SWZd0U+YpOLc50oye
01ZyhZ1/nuezzC65NzHue41tvL1canQaommLYnV3Pr5hpWGYfBeyNqhf2VwXnp9C
iqgxqeI7A+v4MA3FsTGEYc4Wn2p6ecGW0go5PqhwO8lKH2veaPkJe04zCa2I0zuW
B7HsFS62rkGgvEf/HSRAxHww+Iv0y/6/ybd6SPzDo6775HO0GrWGExx2TL4cWWNG
cex7nrHTyCRcPu2ciQPT/Hhjr5IazD98h+sxdgOH0/CB0kscIbhnH0gs/QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAFxTALkBYiJnRtsE244djX8hVCLMB8GA1UdIwQY
MBaAFPZ08MjRbLtRC7of46xGhe7jVvjnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOW5Ud3lORnN1MUVMdWhfanJFYUY3dU5XLU9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8xNjI1NjAtYjRjNS00ZjBkLTljMDYt
MThiZGY4ODQ3NDE4LzEvQVhGTUF1UUZpSW1kRzJ3VGJqaDJOZnlGVUlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8xNjI1NjAtYjRjNS00ZjBkLTljMDYtMThiZGY4ODQ3NDE4
LzEvOW5Ud3lORnN1MUVMdWhfanJFYUY3dU5XLU9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgX9ADAN
BgkqhkiG9w0BAQsFAAOCAQEAZj8PAs5pDYRx/CVgRmOJmsYLb7VFJJJ99DrN1CJ7
JGDr5NAETTYby90xSyvlMzwA2BuUG2TlDdFpi983S4+mPPD4U8hfwoFQEffv6+/H
qxe6/EF99Lbg3vB7nJq1Po42laoUTjq0I5bhEfEIKxfX6CaAmTfcPV1kibnT7qYY
EL/YBTeAnXTePahIRmzTMvXdewh+KCEPChCmHv8RlvwvU8sj0jInbFImYo5Ohbuq
TFjJCx1qPoONXDYGw2AGdhIGTh6VHIJSGpGfpHtyijDbykHK4qILUHxuYs6qJl6T
VaU90raFH0N0Qlz5xUWu9y5bltEjprGH8GC7rTrvU0SbBw==
-----END CERTIFICATE-----