Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/7cf0b1-2298-4484-bd80-6cc9f6cbaac4/1/bFysswJxqvMNZTsaf64flp1ZIQc.roa
File:                     bFysswJxqvMNZTsaf64flp1ZIQc.roa (raw, json)
Hash identifier:          uwCDzi7rd+IXP1Mw2HNimdPO1YXu5Quq3N1iTcDCSa4=
Subject key identifier:   6C:5C:AC:B3:02:71:AA:F3:0D:65:3B:1A:7F:AE:1F:96:9D:59:21:07
Certificate issuer:       /CN=f219383a3e3f116a9bcc4769c8517cdce40765c7
Certificate serial:       0194A1A84391B535A60D478B735EA790B07B
Authority key identifier: F2:19:38:3A:3E:3F:11:6A:9B:CC:47:69:C8:51:7C:DC:E4:07:65:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8hk4Oj4_EWqbzEdpyFF83OQHZcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/7cf0b1-2298-4484-bd80-6cc9f6cbaac4/1/bFysswJxqvMNZTsaf64flp1ZIQc.roa
Signing time:             Sun 26 Jan 2025 08:09:06 +0000
ROA not before:           Sun 26 Jan 2025 08:09:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203339
IP address blocks:        2a02:4840:1111::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/7cf0b1-2298-4484-bd80-6cc9f6cbaac4/1/8hk4Oj4_EWqbzEdpyFF83OQHZcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/7cf0b1-2298-4484-bd80-6cc9f6cbaac4/1/8hk4Oj4_EWqbzEdpyFF83OQHZcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8hk4Oj4_EWqbzEdpyFF83OQHZcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a1:a8:43:91:b5:35:a6:0d:47:8b:73:5e:a7:90:b0:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f219383a3e3f116a9bcc4769c8517cdce40765c7
        Validity
            Not Before: Jan 26 08:09:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c5cacb30271aaf30d653b1a7fae1f969d592107
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:cb:7e:33:81:24:ba:24:d8:d4:39:a9:1d:38:
                    7a:86:c4:a2:f7:d6:36:1b:38:5d:4c:2a:19:d6:ab:
                    1d:62:14:3a:33:90:ad:a1:9c:87:ca:fd:39:28:ec:
                    66:3f:a3:eb:2d:30:6b:c4:b5:7a:98:ee:3e:68:fe:
                    d9:06:a7:fe:55:ce:04:2d:2b:3d:4d:75:69:89:49:
                    ea:67:e3:3a:0e:04:33:00:69:7b:67:5e:d7:7f:ad:
                    26:c8:43:50:e2:f9:bc:8c:c7:d4:b8:f7:b6:d2:16:
                    62:4d:e4:5a:fb:34:7f:fc:46:7d:ca:20:3a:16:cb:
                    f4:ff:d3:aa:70:af:c2:b6:62:65:d0:71:50:55:24:
                    4d:aa:2d:8d:0e:83:14:0c:58:5d:66:dc:95:40:4e:
                    64:e6:e1:38:3a:a0:9f:bc:64:9e:5d:5e:7a:46:08:
                    09:7d:fe:26:ab:eb:e4:12:89:c4:24:2c:22:d1:6a:
                    98:6f:14:0f:6d:23:40:0a:7e:41:c4:66:65:e0:06:
                    9b:a2:49:e8:c8:c6:d1:8c:da:45:f5:6f:d0:f4:54:
                    22:1b:78:f9:e8:1b:fd:da:a3:ed:15:50:4a:89:b3:
                    37:b9:8e:dd:67:85:68:cb:a2:80:78:c0:79:45:b3:
                    3d:45:78:2e:5e:75:db:39:bb:4b:e3:98:dd:66:30:
                    52:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:5C:AC:B3:02:71:AA:F3:0D:65:3B:1A:7F:AE:1F:96:9D:59:21:07
            X509v3 Authority Key Identifier:
                keyid:F2:19:38:3A:3E:3F:11:6A:9B:CC:47:69:C8:51:7C:DC:E4:07:65:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8hk4Oj4_EWqbzEdpyFF83OQHZcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/7cf0b1-2298-4484-bd80-6cc9f6cbaac4/1/bFysswJxqvMNZTsaf64flp1ZIQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/7cf0b1-2298-4484-bd80-6cc9f6cbaac4/1/8hk4Oj4_EWqbzEdpyFF83OQHZcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:4840:1111::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:ae:bc:9e:8f:83:63:d2:2b:f9:e4:98:a4:f3:5d:78:b5:8b:
         50:71:64:f5:9a:97:f2:8a:96:f7:8c:0b:f6:ae:9e:d0:b1:30:
         46:0f:3d:73:db:22:e1:c5:8e:59:f3:f8:cb:68:a7:34:d3:de:
         d1:fa:11:41:1e:1d:45:25:e0:16:23:2e:73:18:e7:b5:9d:10:
         cf:e4:e8:a0:c0:38:5d:32:9b:79:44:2f:f7:34:0a:0e:e8:21:
         15:3d:e1:f4:17:c9:f2:f1:75:a6:bc:fb:7c:e1:38:39:ef:49:
         48:0a:08:aa:93:7a:a1:81:d2:03:b6:d0:e2:b7:c9:58:60:8f:
         9b:c2:ed:d3:81:3c:fc:75:2a:43:4b:b6:64:49:bc:09:d7:50:
         4c:40:33:13:86:3b:f0:79:34:ca:f1:96:fd:e8:22:99:23:c4:
         82:9e:ad:46:9c:4b:a4:af:41:1f:1c:f6:a2:a3:40:b5:bc:3b:
         d8:9e:7d:11:ca:f1:13:1d:f7:4d:6e:16:06:9e:a9:49:67:cb:
         d1:4a:ed:1f:41:eb:0f:cf:c1:d1:05:32:93:42:0c:b5:10:e1:
         de:52:c8:7a:c3:4f:2d:f9:58:8f:d8:db:8e:0e:fa:37:41:be:
         38:c7:f3:d5:89:0f:f3:8c:a3:45:37:21:01:0e:1d:46:1e:ac:
         2d:c3:b0:4e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZShqEORtTWmDUeLc16nkLB7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMTkzODNhM2UzZjExNmE5YmNjNDc2OWM4NTE3Y2RjZTQw
NzY1YzcwHhcNMjUwMTI2MDgwOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzVjYWNiMzAyNzFhYWYzMGQ2NTNiMWE3ZmFlMWY5NjlkNTkyMTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMt+M4EkuiTY1DmpHTh6hsSi99Y2
GzhdTCoZ1qsdYhQ6M5CtoZyHyv05KOxmP6PrLTBrxLV6mO4+aP7ZBqf+Vc4ELSs9
TXVpiUnqZ+M6DgQzAGl7Z17Xf60myENQ4vm8jMfUuPe20hZiTeRa+zR//EZ9yiA6
Fsv0/9OqcK/CtmJl0HFQVSRNqi2NDoMUDFhdZtyVQE5k5uE4OqCfvGSeXV56RggJ
ff4mq+vkEonEJCwi0WqYbxQPbSNACn5BxGZl4AaboknoyMbRjNpF9W/Q9FQiG3j5
6Bv92qPtFVBKibM3uY7dZ4Voy6KAeMB5RbM9RXguXnXbObtL45jdZjBSCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGxcrLMCcarzDWU7Gn+uH5adWSEHMB8GA1UdIwQY
MBaAFPIZODo+PxFqm8xHachRfNzkB2XHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGhrNE9qNF9FV3FiekVkcHlGRjgzT1FIWmNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS83Y2YwYjEtMjI5OC00NDg0LWJkODAt
NmNjOWY2Y2JhYWM0LzEvYkZ5c3N3Snhxdk1OWlRzYWY2NGZscDFaSVFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS83Y2YwYjEtMjI5OC00NDg0LWJkODAtNmNjOWY2Y2JhYWM0
LzEvOGhrNE9qNF9FV3FiekVkcHlGRjgzT1FIWmNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgJIQBER
MA0GCSqGSIb3DQEBCwUAA4IBAQAarryej4Nj0iv55Jik8114tYtQcWT1mpfyipb3
jAv2rp7QsTBGDz1z2yLhxY5Z8/jLaKc0097R+hFBHh1FJeAWIy5zGOe1nRDP5Oig
wDhdMpt5RC/3NAoO6CEVPeH0F8ny8XWmvPt84Tg570lICgiqk3qhgdIDttDit8lY
YI+bwu3TgTz8dSpDS7ZkSbwJ11BMQDMThjvweTTK8Zb96CKZI8SCnq1GnEukr0Ef
HPaio0C1vDvYnn0RyvETHfdNbhYGnqlJZ8vRSu0fQesPz8HRBTKTQgy1EOHeUsh6
w08t+ViP2NuODvo3Qb44x/PViQ/zjKNFNyEBDh1GHqwtw7BO
-----END CERTIFICATE-----