Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/64d505-2204-4dca-a95e-8b5372584acd/1/AfxHVZhw7S6ij1s6ZJ4SMYoOQJc.roa
File:                     AfxHVZhw7S6ij1s6ZJ4SMYoOQJc.roa (raw, json)
Hash identifier:          LJW5Y4vZe3G/aI05TP+NUCTrdwpagASD2p69Aj70Dcw=
Subject key identifier:   01:FC:47:55:98:70:ED:2E:A2:8F:5B:3A:64:9E:12:31:8A:0E:40:97
Certificate issuer:       /CN=7f5689de4a7ce768bf3ab5d9f8546e856ccb1936
Certificate serial:       0194266C358088896AB204C6C50EA397724F
Authority key identifier: 7F:56:89:DE:4A:7C:E7:68:BF:3A:B5:D9:F8:54:6E:85:6C:CB:19:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f1aJ3kp852i_OrXZ-FRuhWzLGTY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/64d505-2204-4dca-a95e-8b5372584acd/1/AfxHVZhw7S6ij1s6ZJ4SMYoOQJc.roa
Signing time:             Thu 02 Jan 2025 09:50:13 +0000
ROA not before:           Thu 02 Jan 2025 09:50:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59990
IP address blocks:        2a00:1d60:f000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/64d505-2204-4dca-a95e-8b5372584acd/1/f1aJ3kp852i_OrXZ-FRuhWzLGTY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/64d505-2204-4dca-a95e-8b5372584acd/1/f1aJ3kp852i_OrXZ-FRuhWzLGTY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f1aJ3kp852i_OrXZ-FRuhWzLGTY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:35:80:88:89:6a:b2:04:c6:c5:0e:a3:97:72:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f5689de4a7ce768bf3ab5d9f8546e856ccb1936
        Validity
            Not Before: Jan  2 09:50:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01fc47559870ed2ea28f5b3a649e12318a0e4097
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:30:85:ff:68:af:e4:76:26:47:01:3a:b2:8d:
                    03:95:ab:f8:3c:d4:2c:13:e9:1e:fb:a3:0b:46:7c:
                    17:39:21:08:02:c6:a9:00:20:e4:3f:ec:e1:c8:d5:
                    46:03:01:23:79:93:24:05:32:53:d2:ab:f8:1c:14:
                    95:4e:69:6e:42:ee:4e:93:e0:4c:25:3b:da:64:fd:
                    55:2c:3e:15:a0:51:72:d1:28:e8:c0:94:24:25:aa:
                    b1:f4:ee:30:25:e3:14:4e:9a:44:d6:13:c2:da:61:
                    f1:97:7b:4c:2a:07:86:25:45:d2:f9:f0:68:8c:91:
                    cf:69:68:0c:47:4b:52:f1:2d:be:cd:51:e0:55:5c:
                    e7:8f:a7:38:51:a2:ee:b7:3e:f1:8f:cf:f0:77:31:
                    ae:f4:cf:06:d0:93:6e:33:c9:0b:88:fe:55:02:e5:
                    a3:9d:ff:1b:f4:14:c7:aa:13:f7:72:78:38:00:77:
                    f3:89:a3:ef:d4:1d:12:5d:66:99:b5:ec:ea:ba:d5:
                    6c:24:03:da:a1:ab:af:c3:4b:3b:5f:24:45:19:b5:
                    a2:3b:25:2c:ca:ae:19:2f:3b:4a:27:2c:2f:89:ae:
                    ae:5e:f7:7e:83:a7:f6:09:e7:07:15:dc:dc:82:58:
                    89:94:b8:8f:e2:27:53:73:ef:54:a3:55:8e:d4:51:
                    3b:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:FC:47:55:98:70:ED:2E:A2:8F:5B:3A:64:9E:12:31:8A:0E:40:97
            X509v3 Authority Key Identifier:
                keyid:7F:56:89:DE:4A:7C:E7:68:BF:3A:B5:D9:F8:54:6E:85:6C:CB:19:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1aJ3kp852i_OrXZ-FRuhWzLGTY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/64d505-2204-4dca-a95e-8b5372584acd/1/AfxHVZhw7S6ij1s6ZJ4SMYoOQJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/64d505-2204-4dca-a95e-8b5372584acd/1/f1aJ3kp852i_OrXZ-FRuhWzLGTY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1d60:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         2c:ce:b1:f2:06:6c:a8:22:79:7f:f1:d5:a6:3a:cc:0d:d6:85:
         a6:19:fb:eb:0b:8c:da:cf:5d:ae:25:99:69:fc:ea:d4:82:3a:
         f8:00:77:ac:6a:80:ca:fb:db:0c:7a:65:8b:48:37:4f:91:5c:
         66:d8:e5:de:1f:8d:9e:ff:39:bb:a9:4a:41:d3:b8:67:5d:32:
         6d:55:4d:e7:9d:1c:b2:75:67:24:28:74:64:29:50:f0:36:c9:
         e5:79:99:d1:fe:40:9b:5b:ac:73:36:83:16:35:54:c2:37:0e:
         0c:10:5e:d6:ab:29:c5:7e:f7:71:75:9b:49:79:88:0d:3b:fa:
         d6:06:93:d6:83:94:5f:36:0b:6b:4d:27:e5:89:db:f7:0e:97:
         55:8a:d9:b3:7a:3d:b2:1a:b5:1d:e3:bb:68:86:4b:6c:2a:f1:
         89:28:a8:63:16:90:9d:40:0d:89:cc:a1:83:fa:67:b6:60:98:
         84:ad:1b:2c:56:c1:58:f9:f2:96:09:15:b3:8f:62:c3:ed:d4:
         a9:3d:41:ea:78:d1:69:f3:7c:7f:6b:f9:93:95:38:6e:37:04:
         54:34:33:be:d4:cc:ab:f6:93:0d:e0:e1:b8:88:e7:59:79:04:
         4d:4c:41:1e:ec:fc:fb:bc:90:3b:cf:3f:7e:ec:cf:cc:2c:70:
         16:c1:f5:66
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQmbDWAiIlqsgTGxQ6jl3JPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNTY4OWRlNGE3Y2U3NjhiZjNhYjVkOWY4NTQ2ZTg1NmNj
YjE5MzYwHhcNMjUwMTAyMDk1MDEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWZjNDc1NTk4NzBlZDJlYTI4ZjViM2E2NDllMTIzMThhMGU0MDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzCF/2iv5HYmRwE6so0Dlav4PNQs
E+ke+6MLRnwXOSEIAsapACDkP+zhyNVGAwEjeZMkBTJT0qv4HBSVTmluQu5Ok+BM
JTvaZP1VLD4VoFFy0SjowJQkJaqx9O4wJeMUTppE1hPC2mHxl3tMKgeGJUXS+fBo
jJHPaWgMR0tS8S2+zVHgVVznj6c4UaLutz7xj8/wdzGu9M8G0JNuM8kLiP5VAuWj
nf8b9BTHqhP3cng4AHfziaPv1B0SXWaZtezqutVsJAPaoauvw0s7XyRFGbWiOyUs
yq4ZLztKJywvia6uXvd+g6f2CecHFdzcgliJlLiP4idTc+9Uo1WO1FE7XwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAH8R1WYcO0uoo9bOmSeEjGKDkCXMB8GA1UdIwQY
MBaAFH9Wid5KfOdovzq12fhUboVsyxk2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjFhSjNrcDg1MmlfT3JYWi1GUnVoV3pMR1RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny82NGQ1MDUtMjIwNC00ZGNhLWE5NWUt
OGI1MzcyNTg0YWNkLzEvQWZ4SFZaaHc3UzZpajFzNlpKNFNNWW9PUUpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny82NGQ1MDUtMjIwNC00ZGNhLWE5NWUtOGI1MzcyNTg0YWNk
LzEvZjFhSjNrcDg1MmlfT3JYWi1GUnVoV3pMR1RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgAdYPAw
DQYJKoZIhvcNAQELBQADggEBACzOsfIGbKgieX/x1aY6zA3WhaYZ++sLjNrPXa4l
mWn86tSCOvgAd6xqgMr72wx6ZYtIN0+RXGbY5d4fjZ7/ObupSkHTuGddMm1VTeed
HLJ1ZyQodGQpUPA2yeV5mdH+QJtbrHM2gxY1VMI3DgwQXtarKcV+93F1m0l5iA07
+tYGk9aDlF82C2tNJ+WJ2/cOl1WK2bN6PbIatR3ju2iGS2wq8YkoqGMWkJ1ADYnM
oYP6Z7ZgmIStGyxWwVj58pYJFbOPYsPt1Kk9Qep40WnzfH9r+ZOVOG43BFQ0M77U
zKv2kw3g4biI51l5BE1MQR7s/Pu8kDvPP37sz8wscBbB9WY=
-----END CERTIFICATE-----