Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/a36dbb-6027-43c4-8194-4a0cb255d73a/1/f_eceN5c1fcC2-7BvLXjoYZrFeA.roa
File:                     f_eceN5c1fcC2-7BvLXjoYZrFeA.roa (raw, json)
Hash identifier:          T8Ft6ZHJs2jvkCQniG4S5pTmeN5xdFvyeJpjiSnqiYc=
Subject key identifier:   7F:F7:9C:78:DE:5C:D5:F7:02:DB:EE:C1:BC:B5:E3:A1:86:6B:15:E0
Certificate issuer:       /CN=9ef19871b1759f3237012e4b6dbb6c2fd2be8b4b
Certificate serial:       018CC56E4ECC6916CD259F64AC8AC1C01948
Authority key identifier: 9E:F1:98:71:B1:75:9F:32:37:01:2E:4B:6D:BB:6C:2F:D2:BE:8B:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nvGYcbF1nzI3AS5LbbtsL9K-i0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/a36dbb-6027-43c4-8194-4a0cb255d73a/1/f_eceN5c1fcC2-7BvLXjoYZrFeA.roa
Signing time:             Mon 01 Jan 2024 14:29:49 +0000
ROA not before:           Mon 01 Jan 2024 14:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213152
IP address blocks:        2a0f:b480::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/a36dbb-6027-43c4-8194-4a0cb255d73a/1/nvGYcbF1nzI3AS5LbbtsL9K-i0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/a36dbb-6027-43c4-8194-4a0cb255d73a/1/nvGYcbF1nzI3AS5LbbtsL9K-i0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nvGYcbF1nzI3AS5LbbtsL9K-i0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:4e:cc:69:16:cd:25:9f:64:ac:8a:c1:c0:19:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ef19871b1759f3237012e4b6dbb6c2fd2be8b4b
        Validity
            Not Before: Jan  1 14:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ff79c78de5cd5f702dbeec1bcb5e3a1866b15e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:1a:ee:d5:b4:b4:6a:43:65:41:d3:27:d8:1a:
                    9b:16:c7:cb:7f:ca:bf:4f:91:c0:a4:ab:aa:bd:fa:
                    61:99:82:b5:d7:f2:f8:37:c6:d7:66:4d:f7:62:f1:
                    54:5c:2e:5e:60:5e:0a:ac:4e:99:b2:88:d7:31:e0:
                    f9:56:e8:80:2d:e2:91:2c:2b:1d:62:00:fe:78:2b:
                    ba:bb:6b:1f:93:71:99:5b:96:98:cb:8c:3d:c0:ad:
                    e4:04:5c:78:8b:ef:62:75:c3:11:5b:88:b9:0d:97:
                    1c:0f:b4:c6:d5:da:a4:e2:0c:a3:d6:57:50:07:55:
                    22:f1:53:4b:96:5f:e9:00:fc:03:92:30:a6:f2:9e:
                    0d:ff:88:4a:2c:22:82:e6:67:73:b3:1d:ad:7c:99:
                    fa:be:02:04:ff:80:55:d3:fc:04:86:93:5a:4c:d4:
                    d3:a7:73:65:8c:86:3d:c0:6f:69:06:93:8d:c1:d5:
                    b3:d5:d8:82:1d:de:b4:28:b2:76:5a:a8:34:b6:db:
                    63:a0:05:0b:73:72:76:3e:f4:47:c6:83:48:1d:0f:
                    45:ac:1f:1f:01:6f:7a:e5:1c:cf:42:0b:44:e3:99:
                    38:25:d4:c3:97:0e:58:ee:50:46:0c:bf:5d:14:1f:
                    32:b0:0b:87:62:08:fe:f1:4d:c4:7f:4b:b0:0f:32:
                    72:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:F7:9C:78:DE:5C:D5:F7:02:DB:EE:C1:BC:B5:E3:A1:86:6B:15:E0
            X509v3 Authority Key Identifier:
                keyid:9E:F1:98:71:B1:75:9F:32:37:01:2E:4B:6D:BB:6C:2F:D2:BE:8B:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nvGYcbF1nzI3AS5LbbtsL9K-i0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/a36dbb-6027-43c4-8194-4a0cb255d73a/1/f_eceN5c1fcC2-7BvLXjoYZrFeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/a36dbb-6027-43c4-8194-4a0cb255d73a/1/nvGYcbF1nzI3AS5LbbtsL9K-i0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b480::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:f4:a5:49:f8:c7:93:48:c4:f1:64:92:0d:01:4d:92:84:7a:
         8d:3b:38:44:8c:42:ea:ad:50:45:6d:92:76:ed:b4:84:32:51:
         c6:2b:d2:e2:91:65:7d:75:6b:ea:17:c8:8f:cc:79:34:53:ad:
         5a:d8:45:a1:d4:ae:b6:80:fe:9a:d9:78:d1:5b:e0:63:44:fa:
         47:37:8d:ba:1a:5b:9c:2e:33:06:03:84:ed:f8:4c:bb:08:c4:
         22:90:cd:97:1b:7c:48:43:53:1c:9f:3c:17:88:bd:d3:48:f6:
         a2:e9:38:92:67:0a:b5:d9:82:12:bd:5d:a8:51:bd:1d:b1:25:
         8b:59:7f:02:4e:b6:6c:b3:dc:59:65:ad:20:a1:9a:88:f4:f2:
         96:83:1d:7a:85:f6:d4:b5:a9:a9:00:7c:91:f1:55:bd:c1:3f:
         fd:bf:60:fd:11:67:f6:fa:b9:db:da:c3:8a:d2:fc:2f:db:4b:
         0c:42:01:c3:04:3c:e0:62:35:90:ca:89:a1:33:7c:b8:95:0d:
         f2:60:5f:b3:16:a9:65:2a:7b:7b:e1:88:8e:43:29:82:ec:70:
         1d:54:57:aa:49:35:b6:f2:31:4a:fe:50:ad:28:6c:94:a9:e6:
         a4:bc:08:a0:11:54:93:8e:77:9a:7b:d1:29:84:93:bf:1d:8e:
         be:49:66:45
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFbk7MaRbNJZ9krIrBwBlIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllZjE5ODcxYjE3NTlmMzIzNzAxMmU0YjZkYmI2YzJmZDJi
ZThiNGIwHhcNMjQwMTAxMTQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmY3OWM3OGRlNWNkNWY3MDJkYmVlYzFiY2I1ZTNhMTg2NmIxNWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihru1bS0akNlQdMn2BqbFsfLf8q/
T5HApKuqvfphmYK11/L4N8bXZk33YvFUXC5eYF4KrE6ZsojXMeD5VuiALeKRLCsd
YgD+eCu6u2sfk3GZW5aYy4w9wK3kBFx4i+9idcMRW4i5DZccD7TG1dqk4gyj1ldQ
B1Ui8VNLll/pAPwDkjCm8p4N/4hKLCKC5mdzsx2tfJn6vgIE/4BV0/wEhpNaTNTT
p3NljIY9wG9pBpONwdWz1diCHd60KLJ2Wqg0tttjoAULc3J2PvRHxoNIHQ9FrB8f
AW965RzPQgtE45k4JdTDlw5Y7lBGDL9dFB8ysAuHYgj+8U3Ef0uwDzJyHQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFH/3nHjeXNX3Atvuwby146GGaxXgMB8GA1UdIwQY
MBaAFJ7xmHGxdZ8yNwEuS227bC/SvotLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnZHWWNiRjFuekkzQVM1TGJidHNMOUstaTBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9hMzZkYmItNjAyNy00M2M0LTgxOTQt
NGEwY2IyNTVkNzNhLzEvZl9lY2VONWMxZmNDMi03QnZMWGpvWVpyRmVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9hMzZkYmItNjAyNy00M2M0LTgxOTQtNGEwY2IyNTVkNzNh
LzEvbnZHWWNiRjFuekkzQVM1TGJidHNMOUstaTBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg+0gDAN
BgkqhkiG9w0BAQsFAAOCAQEAIPSlSfjHk0jE8WSSDQFNkoR6jTs4RIxC6q1QRW2S
du20hDJRxivS4pFlfXVr6hfIj8x5NFOtWthFodSutoD+mtl40VvgY0T6RzeNuhpb
nC4zBgOE7fhMuwjEIpDNlxt8SENTHJ88F4i900j2ouk4kmcKtdmCEr1dqFG9HbEl
i1l/Ak62bLPcWWWtIKGaiPTyloMdeoX21LWpqQB8kfFVvcE//b9g/RFn9vq529rD
itL8L9tLDEIBwwQ84GI1kMqJoTN8uJUN8mBfsxapZSp7e+GIjkMpguxwHVRXqkk1
tvIxSv5QrShslKnmpLwIoBFUk453mnvRKYSTvx2OvklmRQ==
-----END CERTIFICATE-----