Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/_fuT4R68BHlPpUP6HiVZDSmxINI.roa
File:                     _fuT4R68BHlPpUP6HiVZDSmxINI.roa (raw, json)
Hash identifier:          bvu+tWo4UXme3jTLsLEJ6SMX9XI3uAoVhAKkTxW9r90=
Subject key identifier:   FD:FB:93:E1:1E:BC:04:79:4F:A5:43:FA:1E:25:59:0D:29:B1:20:D2
Certificate issuer:       /CN=9d6b9774c94876c98321de3201b11b75a1358d19
Certificate serial:       01941F8C4928731364E19F09CEDC950F7907
Authority key identifier: 9D:6B:97:74:C9:48:76:C9:83:21:DE:32:01:B1:1B:75:A1:35:8D:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nWuXdMlIdsmDId4yAbEbdaE1jRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/_fuT4R68BHlPpUP6HiVZDSmxINI.roa
Signing time:             Wed 01 Jan 2025 01:47:55 +0000
ROA not before:           Wed 01 Jan 2025 01:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215740
IP address blocks:        2a0d:8140:1fff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/nWuXdMlIdsmDId4yAbEbdaE1jRk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/nWuXdMlIdsmDId4yAbEbdaE1jRk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWuXdMlIdsmDId4yAbEbdaE1jRk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:49:28:73:13:64:e1:9f:09:ce:dc:95:0f:79:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d6b9774c94876c98321de3201b11b75a1358d19
        Validity
            Not Before: Jan  1 01:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdfb93e11ebc04794fa543fa1e25590d29b120d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:e8:1e:d7:5d:4d:e4:92:da:6b:e6:f1:df:63:
                    38:bc:8b:c1:17:0d:5e:bd:78:83:6a:15:71:30:2a:
                    d4:cf:13:e4:fb:e2:1e:d9:7a:a4:99:5d:30:46:11:
                    c3:9c:d4:1d:4a:54:0e:e5:0b:92:5e:18:6b:00:7d:
                    d4:77:54:da:b6:3a:ac:24:86:25:61:31:d6:79:4a:
                    c0:94:3b:5a:ea:ed:e3:56:e1:c7:14:0b:f8:15:2b:
                    fa:fa:6f:c6:c5:3a:3e:38:9c:59:6d:11:d9:15:94:
                    d8:9b:a8:36:80:10:4c:b0:b3:de:dc:87:5e:e9:6a:
                    c0:09:39:9c:b4:02:c6:1e:0b:74:53:d6:11:85:81:
                    1a:cd:af:4d:34:fc:fd:26:31:c7:9f:2e:43:29:04:
                    64:e7:06:78:4e:62:1a:23:5b:83:9d:b7:b1:c6:f0:
                    58:43:62:e4:ab:ab:21:26:27:c2:fc:9a:b6:82:5b:
                    f8:ea:6f:d2:f5:cd:be:53:65:f8:c3:99:b9:9c:2b:
                    71:1f:45:6e:06:3d:e0:9a:fa:39:ec:84:8c:65:ad:
                    02:8a:ab:1c:da:bc:94:45:24:4b:c3:9b:a5:f9:9c:
                    63:c0:05:33:b3:d8:09:25:d5:ec:ba:8a:bb:b8:6f:
                    bf:0c:5c:2a:1b:8d:da:85:0a:1c:a0:b7:20:a4:89:
                    f7:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:FB:93:E1:1E:BC:04:79:4F:A5:43:FA:1E:25:59:0D:29:B1:20:D2
            X509v3 Authority Key Identifier:
                keyid:9D:6B:97:74:C9:48:76:C9:83:21:DE:32:01:B1:1B:75:A1:35:8D:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nWuXdMlIdsmDId4yAbEbdaE1jRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/_fuT4R68BHlPpUP6HiVZDSmxINI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/nWuXdMlIdsmDId4yAbEbdaE1jRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:8140:1fff::/48

    Signature Algorithm: sha256WithRSAEncryption
         d6:b3:25:68:68:b9:2d:96:27:3d:73:f2:8f:d0:52:8a:75:79:
         3e:d6:b3:61:27:d7:f3:7c:a1:54:96:8a:da:d0:10:4e:9d:6e:
         db:51:38:b3:76:4a:61:a3:14:2a:87:a8:9f:1a:22:41:11:da:
         8c:fe:c2:93:8d:06:72:70:4c:0a:e2:23:fe:2a:31:8d:bf:3c:
         03:b2:c0:c9:f3:4d:af:32:6c:f3:84:6d:73:80:b4:5a:06:54:
         22:aa:dc:05:45:cc:2c:57:6a:de:ab:8e:0c:16:46:05:fb:2c:
         73:6b:44:13:7c:b7:68:ea:74:26:f7:8c:a7:38:21:f2:c2:46:
         bf:21:01:7a:ec:28:82:5c:7e:63:51:9b:ad:de:ce:5c:93:d2:
         7b:b0:47:8c:b6:ff:48:2e:dc:ea:90:21:fd:57:d6:b1:d8:a6:
         e8:3e:ce:84:90:4d:e0:0a:b3:2c:d5:50:ec:bf:e5:51:d5:fe:
         bd:f3:65:2b:02:fc:1b:ee:46:f1:aa:4d:41:90:a1:8e:e5:a9:
         9a:39:9e:f1:93:a4:9e:ee:84:06:d9:3a:39:41:4a:3f:20:c0:
         c1:4f:2e:b0:3d:b5:bf:5f:0c:05:f1:18:65:77:32:bd:90:b5:
         ba:20:a2:e8:8b:35:ea:fc:b7:5f:0f:16:78:cb:ab:af:ba:e6:
         9a:2c:93:ad
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjEkocxNk4Z8JztyVD3kHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNmI5Nzc0Yzk0ODc2Yzk4MzIxZGUzMjAxYjExYjc1YTEz
NThkMTkwHhcNMjUwMTAxMDE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGZiOTNlMTFlYmMwNDc5NGZhNTQzZmExZTI1NTkwZDI5YjEyMGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ege111N5JLaa+bx32M4vIvBFw1e
vXiDahVxMCrUzxPk++Ie2XqkmV0wRhHDnNQdSlQO5QuSXhhrAH3Ud1TatjqsJIYl
YTHWeUrAlDta6u3jVuHHFAv4FSv6+m/GxTo+OJxZbRHZFZTYm6g2gBBMsLPe3Ide
6WrACTmctALGHgt0U9YRhYEaza9NNPz9JjHHny5DKQRk5wZ4TmIaI1uDnbexxvBY
Q2Lkq6shJifC/Jq2glv46m/S9c2+U2X4w5m5nCtxH0VuBj3gmvo57ISMZa0Ciqsc
2ryURSRLw5ul+ZxjwAUzs9gJJdXsuoq7uG+/DFwqG43ahQocoLcgpIn3iQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP37k+EevAR5T6VD+h4lWQ0psSDSMB8GA1UdIwQY
MBaAFJ1rl3TJSHbJgyHeMgGxG3WhNY0ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbld1WGRNbElkc21ESWQ0eUFiRWJkYUUxalJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS80MGNiOWMtYzQyNi00OGFiLTk5Njgt
YTU2YmRmYWRiODFlLzEvX2Z1VDRSNjhCSGxQcFVQNkhpVlpEU214SU5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS80MGNiOWMtYzQyNi00OGFiLTk5NjgtYTU2YmRmYWRiODFl
LzEvbld1WGRNbElkc21ESWQ0eUFiRWJkYUUxalJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg2BQB//
MA0GCSqGSIb3DQEBCwUAA4IBAQDWsyVoaLktlic9c/KP0FKKdXk+1rNhJ9fzfKFU
lora0BBOnW7bUTizdkphoxQqh6ifGiJBEdqM/sKTjQZycEwK4iP+KjGNvzwDssDJ
802vMmzzhG1zgLRaBlQiqtwFRcwsV2req44MFkYF+yxza0QTfLdo6nQm94ynOCHy
wka/IQF67CiCXH5jUZut3s5ck9J7sEeMtv9ILtzqkCH9V9ax2KboPs6EkE3gCrMs
1VDsv+VR1f6982UrAvwb7kbxqk1BkKGO5amaOZ7xk6Se7oQG2To5QUo/IMDBTy6w
PbW/XwwF8RhldzK9kLW6IKLoizXq/LdfDxZ4y6uvuuaaLJOt
-----END CERTIFICATE-----