Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/7e6369-5adb-45cd-bd2f-3b8b0d1a59a9/1/1F7uxkd5CHW5Nl3RYcymdv41PuQ.roa
File:                     1F7uxkd5CHW5Nl3RYcymdv41PuQ.roa (raw, json)
Hash identifier:          CcbwxJuJRF3/aA4m69pX7txPfcLVx2hNzHSkmTtnNVg=
Subject key identifier:   D4:5E:EE:C6:47:79:08:75:B9:36:5D:D1:61:CC:A6:76:FE:35:3E:E4
Certificate issuer:       /CN=af938503d72931626dcb8d1e946b2ae06a73d02e
Certificate serial:       0196CED1FCB302CB56B26C0FE39BB2344B76
Authority key identifier: AF:93:85:03:D7:29:31:62:6D:CB:8D:1E:94:6B:2A:E0:6A:73:D0:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r5OFA9cpMWJty40elGsq4Gpz0C4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/7e6369-5adb-45cd-bd2f-3b8b0d1a59a9/1/1F7uxkd5CHW5Nl3RYcymdv41PuQ.roa
Signing time:             Wed 14 May 2025 12:43:10 +0000
ROA not before:           Wed 14 May 2025 12:43:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2116
IP address blocks:        2a0a:d381:202::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/7e6369-5adb-45cd-bd2f-3b8b0d1a59a9/1/r5OFA9cpMWJty40elGsq4Gpz0C4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/7e6369-5adb-45cd-bd2f-3b8b0d1a59a9/1/r5OFA9cpMWJty40elGsq4Gpz0C4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r5OFA9cpMWJty40elGsq4Gpz0C4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ce:d1:fc:b3:02:cb:56:b2:6c:0f:e3:9b:b2:34:4b:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af938503d72931626dcb8d1e946b2ae06a73d02e
        Validity
            Not Before: May 14 12:43:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d45eeec647790875b9365dd161cca676fe353ee4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:39:6e:93:3a:ed:5e:b3:da:69:c7:3a:4d:e8:
                    50:33:11:fb:bd:2b:26:68:f3:41:0b:46:13:a1:b4:
                    f7:12:8b:89:e7:1f:7c:ba:7e:da:ff:6e:d5:1f:d0:
                    ef:72:22:eb:99:eb:be:b7:ec:25:3c:99:00:9b:7a:
                    5c:22:f8:0a:b0:4f:92:32:34:c5:75:a5:dc:da:4c:
                    62:97:4f:e6:2d:eb:19:99:88:d9:16:e5:55:37:ad:
                    53:a6:b8:eb:d0:f8:6e:bd:66:72:32:3f:12:aa:d8:
                    38:99:cf:54:66:1a:45:c5:23:09:af:a2:ce:93:7e:
                    c4:09:79:39:93:34:b1:a8:7f:ee:c2:3a:3c:c5:5a:
                    11:a6:16:15:e4:7d:3a:2f:29:ce:51:cb:8f:0c:e7:
                    a5:2b:18:10:91:9a:35:bb:4b:8a:d0:38:5c:d7:e6:
                    22:b5:89:7b:ec:9f:57:f3:70:7f:bd:c1:5a:86:14:
                    38:00:53:a9:71:31:ab:88:10:ec:b2:16:42:26:cc:
                    af:cd:2c:26:53:1b:a3:82:31:99:61:e6:a2:8d:e8:
                    d7:80:ad:31:d2:60:97:f1:bb:11:c4:c7:65:11:87:
                    f9:8b:84:97:86:1e:9c:0e:05:68:11:0b:8b:43:13:
                    69:83:06:27:90:1a:99:b6:c1:31:7e:3c:aa:53:2f:
                    68:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:5E:EE:C6:47:79:08:75:B9:36:5D:D1:61:CC:A6:76:FE:35:3E:E4
            X509v3 Authority Key Identifier:
                keyid:AF:93:85:03:D7:29:31:62:6D:CB:8D:1E:94:6B:2A:E0:6A:73:D0:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r5OFA9cpMWJty40elGsq4Gpz0C4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/7e6369-5adb-45cd-bd2f-3b8b0d1a59a9/1/1F7uxkd5CHW5Nl3RYcymdv41PuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/7e6369-5adb-45cd-bd2f-3b8b0d1a59a9/1/r5OFA9cpMWJty40elGsq4Gpz0C4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:d381:202::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:74:19:74:01:9d:26:ba:1b:8c:aa:2d:66:37:ea:d6:8d:2b:
         46:77:1d:b0:0c:09:e7:aa:20:78:93:cc:3a:38:98:c9:2a:5f:
         d8:61:fb:f2:40:d0:27:e8:fa:cb:e1:7f:03:9e:0e:b4:7e:a5:
         f6:ab:61:a3:53:52:9c:a2:c2:22:de:0e:c7:d1:96:d8:e7:8b:
         50:84:f7:9c:3b:e9:08:02:b3:6a:64:a8:7b:1b:0b:c0:f3:55:
         39:26:4e:7e:9d:d4:8d:93:f9:6a:3c:01:bc:26:ab:be:25:49:
         f6:95:44:99:ff:58:20:44:f0:6b:cc:1c:4e:82:8f:40:bb:ff:
         fa:a5:9c:f9:2f:08:69:e8:a6:d1:90:b7:fc:44:16:6d:f7:a5:
         5d:ee:46:86:94:3e:c6:ae:e3:04:43:b5:06:cc:81:b1:2d:46:
         99:60:84:1a:42:c6:f0:f3:03:bf:34:6c:a9:2e:0c:6b:c3:db:
         82:c0:0c:e6:1b:1f:10:91:ab:fb:da:17:4b:a0:92:ad:fc:61:
         ec:cb:be:6d:14:af:94:cc:ce:dd:2d:67:21:2f:89:ce:db:68:
         73:34:77:51:ee:0f:07:a3:70:c4:98:56:fb:0d:f4:c8:dc:8a:
         99:3d:85:2f:3e:0a:5a:db:b3:da:94:2c:f4:86:f0:28:19:ea:
         21:01:1e:79
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZbO0fyzAstWsmwP45uyNEt2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmOTM4NTAzZDcyOTMxNjI2ZGNiOGQxZTk0NmIyYWUwNmE3
M2QwMmUwHhcNMjUwNTE0MTI0MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDVlZWVjNjQ3NzkwODc1YjkzNjVkZDE2MWNjYTY3NmZlMzUzZWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizlukzrtXrPaacc6TehQMxH7vSsm
aPNBC0YTobT3EouJ5x98un7a/27VH9DvciLrmeu+t+wlPJkAm3pcIvgKsE+SMjTF
daXc2kxil0/mLesZmYjZFuVVN61Tprjr0PhuvWZyMj8Sqtg4mc9UZhpFxSMJr6LO
k37ECXk5kzSxqH/uwjo8xVoRphYV5H06LynOUcuPDOelKxgQkZo1u0uK0Dhc1+Yi
tYl77J9X83B/vcFahhQ4AFOpcTGriBDsshZCJsyvzSwmUxujgjGZYeaijejXgK0x
0mCX8bsRxMdlEYf5i4SXhh6cDgVoEQuLQxNpgwYnkBqZtsExfjyqUy9oGwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNRe7sZHeQh1uTZd0WHMpnb+NT7kMB8GA1UdIwQY
MBaAFK+ThQPXKTFibcuNHpRrKuBqc9AuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjVPRkE5Y3BNV0p0eTQwZWxHc3E0R3B6MEM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi83ZTYzNjktNWFkYi00NWNkLWJkMmYt
M2I4YjBkMWE1OWE5LzEvMUY3dXhrZDVDSFc1TmwzUlljeW1kdjQxUHVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi83ZTYzNjktNWFkYi00NWNkLWJkMmYtM2I4YjBkMWE1OWE5
LzEvcjVPRkE5Y3BNV0p0eTQwZWxHc3E0R3B6MEM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgrTgQIC
MA0GCSqGSIb3DQEBCwUAA4IBAQAidBl0AZ0muhuMqi1mN+rWjStGdx2wDAnnqiB4
k8w6OJjJKl/YYfvyQNAn6PrL4X8Dng60fqX2q2GjU1KcosIi3g7H0ZbY54tQhPec
O+kIArNqZKh7GwvA81U5Jk5+ndSNk/lqPAG8Jqu+JUn2lUSZ/1ggRPBrzBxOgo9A
u//6pZz5Lwhp6KbRkLf8RBZt96Vd7kaGlD7GruMEQ7UGzIGxLUaZYIQaQsbw8wO/
NGypLgxrw9uCwAzmGx8Qkav72hdLoJKt/GHsy75tFK+UzM7dLWchL4nO22hzNHdR
7g8Ho3DEmFb7DfTI3IqZPYUvPgpa27PalCz0hvAoGeohAR55
-----END CERTIFICATE-----