Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/BrfY4YW_yXK06U0eOLt-LobfjzY.roa
File:                     BrfY4YW_yXK06U0eOLt-LobfjzY.roa (raw, json)
Hash identifier:          Hv6+aEBXmMC9XH4TQkng0p4jntb620WSOaHbhPCP9JQ=
Subject key identifier:   06:B7:D8:E1:85:BF:C9:72:B4:E9:4D:1E:38:BB:7E:2E:86:DF:8F:36
Certificate issuer:       /CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
Certificate serial:       0194221FF3F2DE06F9A3954367796888AE9C
Authority key identifier: 47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/BrfY4YW_yXK06U0eOLt-LobfjzY.roa
Signing time:             Wed 01 Jan 2025 13:48:26 +0000
ROA not before:           Wed 01 Jan 2025 13:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212391
IP address blocks:        2a04:2b00:14ee::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 19:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f3:f2:de:06:f9:a3:95:43:67:79:68:88:ae:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
        Validity
            Not Before: Jan  1 13:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06b7d8e185bfc972b4e94d1e38bb7e2e86df8f36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ac:06:de:8c:6f:18:85:7d:df:45:61:a1:14:
                    86:91:fc:2d:e0:ea:c3:75:e2:05:2b:54:ad:08:3b:
                    75:70:f5:00:e0:f2:02:7d:63:85:ba:b4:37:34:f9:
                    61:9f:86:b2:2b:89:86:5e:61:eb:d4:4a:a4:4e:90:
                    c3:e5:94:75:a0:fc:dc:23:6a:3b:5b:37:ad:46:dc:
                    28:6f:9e:f9:89:c4:cf:d1:80:6f:9c:fb:64:7f:51:
                    79:bb:cb:ed:b9:8e:5a:f9:4d:b2:37:ac:ad:37:1f:
                    57:c9:7b:e9:1b:5c:d7:3e:9d:0f:e2:50:5b:8e:f4:
                    dd:19:fd:c5:de:c3:a8:27:ee:32:d4:f5:ea:8e:aa:
                    75:d8:17:79:aa:e2:95:79:18:41:7c:c0:b9:7f:c2:
                    af:3e:7d:72:86:ae:09:d4:66:a9:23:d6:c5:f3:49:
                    fe:d8:66:6d:27:57:8e:3c:ce:5a:7f:c5:5c:bb:5c:
                    20:66:88:4f:58:f3:3f:27:04:34:e5:2e:9c:d9:bb:
                    00:63:77:4b:ca:dd:bf:e7:01:bd:5c:ac:0e:e6:21:
                    58:6b:d8:d5:85:63:38:39:5d:c6:6d:ec:30:8e:5c:
                    ef:d8:11:1e:47:80:ae:1d:fc:8d:e1:d7:4a:26:c9:
                    de:d8:01:8e:46:40:90:11:5d:e4:f2:0c:c5:07:72:
                    51:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:B7:D8:E1:85:BF:C9:72:B4:E9:4D:1E:38:BB:7E:2E:86:DF:8F:36
            X509v3 Authority Key Identifier:
                keyid:47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/BrfY4YW_yXK06U0eOLt-LobfjzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:2b00:14ee::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:b5:cc:b1:66:eb:c6:8e:15:06:da:ec:64:c2:fe:c5:2a:7b:
         4b:55:cb:b9:85:da:c4:e2:13:03:f3:60:e7:14:a0:25:91:a4:
         08:5c:f9:ec:6c:78:2d:8c:95:f1:a3:d9:57:14:04:8f:00:90:
         b7:e1:0b:f7:42:43:65:8a:1d:77:22:31:b2:1c:93:59:31:b6:
         85:d7:c7:19:b0:96:ad:6b:8b:cc:60:3d:29:1e:9f:62:12:8e:
         3b:3f:1e:1e:50:1c:fa:2e:4f:ee:f3:9e:73:1f:22:21:58:9f:
         74:3f:a4:be:47:f8:f7:47:e8:c1:1f:c1:e7:cb:3a:6c:8b:0a:
         48:1d:19:86:2b:b6:7f:fe:be:54:b0:7b:49:11:59:10:83:9a:
         38:82:81:84:1a:36:00:03:7c:ed:61:e4:0e:64:6f:b7:16:26:
         7e:11:b7:f0:8e:11:df:ad:4c:a6:cb:9b:e0:9b:79:c2:11:02:
         ce:27:91:35:38:85:18:9b:a1:b7:da:e6:a6:cb:f8:e6:5a:1d:
         fd:7d:14:5f:90:62:ef:a9:19:9f:7b:ba:de:5d:18:9b:f0:02:
         76:8d:16:9c:90:98:80:0f:37:61:63:24:59:15:83:91:a2:98:
         b7:53:cb:43:1c:3a:21:97:38:16:21:50:c2:a2:b9:24:05:59:
         7d:d8:26:c0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH/Py3gb5o5VDZ3loiK6cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzZhZmI3NGZhZDViYWYwYTYxODBiNDk1MTBkOGI4NDk3
ZGY4ZDMwHhcNMjUwMTAxMTM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmI3ZDhlMTg1YmZjOTcyYjRlOTRkMWUzOGJiN2UyZTg2ZGY4ZjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6wG3oxvGIV930VhoRSGkfwt4OrD
deIFK1StCDt1cPUA4PICfWOFurQ3NPlhn4ayK4mGXmHr1EqkTpDD5ZR1oPzcI2o7
WzetRtwob575icTP0YBvnPtkf1F5u8vtuY5a+U2yN6ytNx9XyXvpG1zXPp0P4lBb
jvTdGf3F3sOoJ+4y1PXqjqp12Bd5quKVeRhBfMC5f8KvPn1yhq4J1GapI9bF80n+
2GZtJ1eOPM5af8Vcu1wgZohPWPM/JwQ05S6c2bsAY3dLyt2/5wG9XKwO5iFYa9jV
hWM4OV3Gbewwjlzv2BEeR4CuHfyN4ddKJsne2AGORkCQEV3k8gzFB3JRJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAa32OGFv8lytOlNHji7fi6G3482MB8GA1UdIwQY
MBaAFEd2r7dPrVuvCmGAtJUQ2LhJffjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEt
MDUzOGU5NWYzZjEyLzEvQnJmWTRZV195WEswNlUwZU9MdC1Mb2JmanpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEtMDUzOGU5NWYzZjEy
LzEvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgQrABTu
MA0GCSqGSIb3DQEBCwUAA4IBAQALtcyxZuvGjhUG2uxkwv7FKntLVcu5hdrE4hMD
82DnFKAlkaQIXPnsbHgtjJXxo9lXFASPAJC34Qv3QkNlih13IjGyHJNZMbaF18cZ
sJata4vMYD0pHp9iEo47Px4eUBz6Lk/u855zHyIhWJ90P6S+R/j3R+jBH8Hnyzps
iwpIHRmGK7Z//r5UsHtJEVkQg5o4goGEGjYAA3ztYeQOZG+3FiZ+EbfwjhHfrUym
y5vgm3nCEQLOJ5E1OIUYm6G32uamy/jmWh39fRRfkGLvqRmfe7reXRib8AJ2jRac
kJiADzdhYyRZFYORopi3U8tDHDohlzgWIVDCorkkBVl92CbA
-----END CERTIFICATE-----