Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/rYugMFgVZ8X-I2-jsX4dF3aTxvQ.roa
File:                     rYugMFgVZ8X-I2-jsX4dF3aTxvQ.roa (raw, json)
Hash identifier:          k+GFKByMw5K8SoNqNuEda0gdRBQB4x51TeQEsjZVh6w=
Subject key identifier:   AD:8B:A0:30:58:15:67:C5:FE:23:6F:A3:B1:7E:1D:17:76:93:C6:F4
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       01942823D73C22D865702CBD26299B2C2B6B
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/rYugMFgVZ8X-I2-jsX4dF3aTxvQ.roa
Signing time:             Thu 02 Jan 2025 17:50:24 +0000
ROA not before:           Thu 02 Jan 2025 17:50:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207808
IP address blocks:        2a00:7180:8008::/46 maxlen: 46
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 04:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:d7:3c:22:d8:65:70:2c:bd:26:29:9b:2c:2b:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Jan  2 17:50:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad8ba030581567c5fe236fa3b17e1d177693c6f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:33:f9:ca:ff:c1:3b:18:77:0d:76:11:d1:df:
                    4d:fd:8a:a9:fc:f6:c5:99:be:8e:67:15:0a:33:23:
                    21:47:f1:34:4b:7a:5c:a0:cf:b0:ba:7d:68:0b:49:
                    7e:91:a9:13:55:c6:5e:10:30:42:f9:b9:04:53:53:
                    cc:fc:46:15:a6:81:a5:1d:14:e3:a1:ef:9e:f3:39:
                    9d:03:54:45:48:37:f1:df:60:27:c5:8f:12:7b:54:
                    d3:3f:39:1c:32:19:b9:c8:67:19:26:fc:c8:05:ce:
                    37:20:63:34:87:0d:ce:65:fa:7f:f6:72:ae:8b:2b:
                    99:a3:a7:aa:b9:de:ba:a9:eb:39:b0:8e:5e:7d:7f:
                    28:85:8b:cf:a4:84:db:fc:45:fa:3d:ed:ae:d4:5f:
                    fb:5d:fe:ef:ad:88:f5:e1:b7:9f:35:18:fb:37:48:
                    f4:98:f1:3d:f7:44:42:30:0a:a3:cd:1b:3d:4f:09:
                    dc:f9:d9:95:65:98:7e:bf:03:82:82:30:3f:94:e2:
                    d4:16:98:cf:b3:fc:e0:17:86:83:16:45:32:47:1a:
                    03:a5:66:a1:34:a8:35:8a:cf:49:0c:bb:79:f2:87:
                    1a:1a:b0:e3:5a:ad:17:f8:f3:c3:8a:90:a4:28:b8:
                    e1:9d:c5:a9:d1:f4:d4:e6:74:eb:1d:54:fd:0d:2d:
                    c4:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:8B:A0:30:58:15:67:C5:FE:23:6F:A3:B1:7E:1D:17:76:93:C6:F4
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/rYugMFgVZ8X-I2-jsX4dF3aTxvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:7180:8008::/46

    Signature Algorithm: sha256WithRSAEncryption
         71:4d:ed:db:60:75:6d:eb:c4:59:ef:39:1c:d3:fe:07:22:5f:
         8d:1c:0c:ee:2f:b5:88:92:7e:3f:2e:34:33:ac:2f:cd:da:8f:
         15:89:dc:8c:93:ca:d5:c6:e2:45:32:86:26:68:1a:55:f1:64:
         6c:b5:d5:52:5c:54:1e:43:4f:9f:27:26:e9:12:93:c7:b3:5b:
         73:cb:58:59:7a:52:12:a4:75:00:ae:32:88:15:16:bd:c9:da:
         32:61:7b:bf:0f:e8:45:85:24:d0:37:0b:fd:c8:09:1e:59:59:
         24:b7:c7:81:9c:20:38:a4:6b:6b:41:00:2b:b9:5a:60:db:d2:
         ce:5b:d5:83:f5:d4:d9:6d:fd:0c:bd:9f:53:b7:d7:58:37:ff:
         92:81:ee:8b:a4:6b:78:71:90:19:1c:d3:33:71:44:8f:f8:3d:
         2e:85:88:55:6f:ce:4d:16:66:c4:7d:a1:44:d2:1b:e1:54:7f:
         29:89:9f:f9:3f:f1:7d:28:7a:e4:7a:cb:14:c5:2c:09:09:6d:
         3a:29:df:b5:e4:ba:cc:23:85:32:51:1b:0e:e4:90:13:6e:07:
         cf:2a:19:74:fa:e4:75:76:dd:20:8c:13:5b:63:f4:85:df:a1:
         c6:96:18:87:e1:3d:7c:52:80:02:03:3a:92:21:cf:bf:7b:6d:
         8e:97:c8:19
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQoI9c8IthlcCy9JimbLCtrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjUwMTAyMTc1MDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDhiYTAzMDU4MTU2N2M1ZmUyMzZmYTNiMTdlMWQxNzc2OTNjNmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDP5yv/BOxh3DXYR0d9N/Yqp/PbF
mb6OZxUKMyMhR/E0S3pcoM+wun1oC0l+kakTVcZeEDBC+bkEU1PM/EYVpoGlHRTj
oe+e8zmdA1RFSDfx32AnxY8Se1TTPzkcMhm5yGcZJvzIBc43IGM0hw3OZfp/9nKu
iyuZo6equd66qes5sI5efX8ohYvPpITb/EX6Pe2u1F/7Xf7vrYj14befNRj7N0j0
mPE990RCMAqjzRs9Twnc+dmVZZh+vwOCgjA/lOLUFpjPs/zgF4aDFkUyRxoDpWah
NKg1is9JDLt58ocaGrDjWq0X+PPDipCkKLjhncWp0fTU5nTrHVT9DS3EuwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK2LoDBYFWfF/iNvo7F+HRd2k8b0MB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvcll1Z01GZ1ZaOFgtSTItanNYNGRGM2FUeHZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgBxgIAI
MA0GCSqGSIb3DQEBCwUAA4IBAQBxTe3bYHVt68RZ7zkc0/4HIl+NHAzuL7WIkn4/
LjQzrC/N2o8VidyMk8rVxuJFMoYmaBpV8WRstdVSXFQeQ0+fJybpEpPHs1tzy1hZ
elISpHUArjKIFRa9ydoyYXu/D+hFhSTQNwv9yAkeWVkkt8eBnCA4pGtrQQAruVpg
29LOW9WD9dTZbf0MvZ9Tt9dYN/+Sge6LpGt4cZAZHNMzcUSP+D0uhYhVb85NFmbE
faFE0hvhVH8piZ/5P/F9KHrkessUxSwJCW06Kd+15LrMI4UyURsO5JATbgfPKhl0
+uR1dt0gjBNbY/SF36HGlhiH4T18UoACAzqSIc+/e22Ol8gZ
-----END CERTIFICATE-----