Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/wj2VxfuvQPp_y-B-S4cBoG4no9E.roa
File:                     wj2VxfuvQPp_y-B-S4cBoG4no9E.roa (raw, json)
Hash identifier:          NUb/774hisZdKkcNsYbowzixlPdgcgSeN+DazRzxjeU=
Subject key identifier:   C2:3D:95:C5:FB:AF:40:FA:7F:CB:E0:7E:4B:87:01:A0:6E:27:A3:D1
Certificate issuer:       /CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
Certificate serial:       0194734235DD59A706803AEF3633490D84C8
Authority key identifier: F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/wj2VxfuvQPp_y-B-S4cBoG4no9E.roa
Signing time:             Fri 17 Jan 2025 07:55:06 +0000
ROA not before:           Fri 17 Jan 2025 07:55:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     393886
IP address blocks:        2a07:4a80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 15:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:73:42:35:dd:59:a7:06:80:3a:ef:36:33:49:0d:84:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
        Validity
            Not Before: Jan 17 07:55:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c23d95c5fbaf40fa7fcbe07e4b8701a06e27a3d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:30:ab:d8:ac:11:a8:61:9a:53:cc:c6:46:be:
                    48:48:2e:eb:58:61:8f:d5:13:07:f6:f7:a5:b1:98:
                    99:6b:e0:30:0a:2a:05:1b:d3:fe:cc:c5:e5:b5:25:
                    76:d1:60:98:0e:63:e1:9d:8a:5b:87:04:5b:19:bb:
                    0f:a4:01:df:a3:8a:b6:62:57:75:20:f1:5a:90:b7:
                    f8:ab:57:6a:89:d6:65:fc:82:01:fe:18:88:f1:51:
                    44:35:09:ce:6e:c6:e1:f3:0f:94:53:a3:e2:9f:e1:
                    27:24:9d:da:0d:e6:d3:03:0f:f3:c5:3d:5f:c2:d5:
                    b6:7f:3c:5a:dc:48:68:ba:a8:62:79:88:93:14:45:
                    64:ac:67:81:02:79:36:c2:90:27:c7:84:53:a9:32:
                    dd:53:57:c4:58:aa:ca:94:58:ed:75:a7:92:b7:02:
                    08:83:af:3d:e0:25:47:41:9e:cd:12:c0:4e:52:63:
                    e2:48:51:6f:62:68:c6:75:55:ac:1b:40:08:e3:69:
                    2d:2a:ee:4f:98:28:5b:e3:fd:83:14:6c:5f:e2:c9:
                    4c:a4:a3:de:2c:ec:d5:62:00:7c:0f:58:ba:e5:6b:
                    d7:60:02:a2:21:35:8d:24:ea:c9:57:79:db:c6:65:
                    01:0b:a9:2f:6b:48:1b:09:23:06:d5:9b:2b:79:26:
                    47:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:3D:95:C5:FB:AF:40:FA:7F:CB:E0:7E:4B:87:01:A0:6E:27:A3:D1
            X509v3 Authority Key Identifier:
                keyid:F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/wj2VxfuvQPp_y-B-S4cBoG4no9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:4a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         b9:61:fd:76:e3:25:75:ea:45:37:8a:2c:ab:28:dc:29:9c:ff:
         92:44:e5:67:ac:12:5a:99:a9:c0:f3:53:23:63:6c:cc:29:94:
         ed:40:82:58:a3:67:99:7a:32:98:47:47:c0:a2:b9:35:05:47:
         86:57:c0:39:b5:cc:65:91:64:1f:d2:93:37:9b:28:00:ea:fc:
         0b:8e:db:a9:4c:2f:4f:68:b0:c7:2b:cb:c4:10:ae:a9:0d:50:
         aa:9b:e9:8e:79:f0:64:a4:ab:2d:cc:46:77:ab:70:45:54:81:
         b7:58:e8:e7:86:1f:15:a5:0d:cf:2b:69:bc:4f:a4:59:6a:bd:
         4f:e8:c4:e0:53:23:88:c1:ec:eb:31:6f:e0:ca:3d:fe:4e:f9:
         d1:18:d4:e6:6a:1d:48:39:ee:ca:40:1f:8d:7a:ad:a3:f5:e0:
         4b:b6:aa:6b:f9:93:b0:e7:83:9d:64:3d:cd:0e:59:ae:09:51:
         b0:7a:8a:99:84:60:21:d5:e8:98:4e:d8:ad:c7:20:67:31:27:
         1c:6c:47:50:42:d2:c8:85:9c:51:8c:98:6a:c4:4c:a7:de:e6:
         85:2e:db:e7:56:fd:f5:49:fc:f4:7e:0b:49:bf:66:be:ef:eb:
         a2:59:34:16:0c:69:03:f6:95:bf:de:94:2e:1f:12:76:c2:2f:
         7c:54:7a:18
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZRzQjXdWacGgDrvNjNJDYTIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZmIzMmQyMjY2YjFmOWJjZTU3Y2FjOThiYzAyNDdmMmM5
MTk3ZjIwHhcNMjUwMTE3MDc1NTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjNkOTVjNWZiYWY0MGZhN2ZjYmUwN2U0Yjg3MDFhMDZlMjdhM2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzCr2KwRqGGaU8zGRr5ISC7rWGGP
1RMH9velsZiZa+AwCioFG9P+zMXltSV20WCYDmPhnYpbhwRbGbsPpAHfo4q2Yld1
IPFakLf4q1dqidZl/IIB/hiI8VFENQnObsbh8w+UU6Pin+EnJJ3aDebTAw/zxT1f
wtW2fzxa3EhouqhieYiTFEVkrGeBAnk2wpAnx4RTqTLdU1fEWKrKlFjtdaeStwII
g6894CVHQZ7NEsBOUmPiSFFvYmjGdVWsG0AI42ktKu5PmChb4/2DFGxf4slMpKPe
LOzVYgB8D1i65WvXYAKiITWNJOrJV3nbxmUBC6kva0gbCSMG1ZsreSZHuQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMI9lcX7r0D6f8vgfkuHAaBuJ6PRMB8GA1UdIwQY
MBaAFPX7MtImax+bzlfKyYvAJH8skZfyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAt
MmQxNDNkN2I4NTNjLzEvd2oyVnhmdXZRUHBfeS1CLVM0Y0JvRzRubzlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAtMmQxNDNkN2I4NTNj
LzEvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgdKgDAN
BgkqhkiG9w0BAQsFAAOCAQEAuWH9duMldepFN4osqyjcKZz/kkTlZ6wSWpmpwPNT
I2NszCmU7UCCWKNnmXoymEdHwKK5NQVHhlfAObXMZZFkH9KTN5soAOr8C47bqUwv
T2iwxyvLxBCuqQ1QqpvpjnnwZKSrLcxGd6twRVSBt1jo54YfFaUNzytpvE+kWWq9
T+jE4FMjiMHs6zFv4Mo9/k750RjU5modSDnuykAfjXqto/XgS7aqa/mTsOeDnWQ9
zQ5ZrglRsHqKmYRgIdXomE7YrccgZzEnHGxHUELSyIWcUYyYasRMp97mhS7b51b9
9Un89H4LSb9mvu/rolk0FgxpA/aVv96ULh8SdsIvfFR6GA==
-----END CERTIFICATE-----