Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/Fxqjt6X76bxQBXWwSZ7TE0DXZ4E.roa
File:                     Fxqjt6X76bxQBXWwSZ7TE0DXZ4E.roa (raw, json)
Hash identifier:          1w4Y/QhTTxCziVVyNTfr4p7dQVzXdB6YpDvNxykMieU=
Subject key identifier:   17:1A:A3:B7:A5:FB:E9:BC:50:05:75:B0:49:9E:D3:13:40:D7:67:81
Certificate issuer:       /CN=423d93054f063cf8a291861735f90059ab9ec169
Certificate serial:       0194236A25825C9B0AE54A91E8221E7F2D08
Authority key identifier: 42:3D:93:05:4F:06:3C:F8:A2:91:86:17:35:F9:00:59:AB:9E:C1:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qj2TBU8GPPiikYYXNfkAWauewWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/Fxqjt6X76bxQBXWwSZ7TE0DXZ4E.roa
Signing time:             Wed 01 Jan 2025 19:49:06 +0000
ROA not before:           Wed 01 Jan 2025 19:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42163
IP address blocks:        2a00:94c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/Qj2TBU8GPPiikYYXNfkAWauewWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/Qj2TBU8GPPiikYYXNfkAWauewWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qj2TBU8GPPiikYYXNfkAWauewWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 10:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:25:82:5c:9b:0a:e5:4a:91:e8:22:1e:7f:2d:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=423d93054f063cf8a291861735f90059ab9ec169
        Validity
            Not Before: Jan  1 19:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=171aa3b7a5fbe9bc500575b0499ed31340d76781
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:ea:30:b7:4d:50:8a:de:1a:45:a7:2d:ac:85:
                    1e:4a:22:0f:5f:5a:71:0a:0f:d1:5a:38:94:3b:f7:
                    4b:00:2b:08:93:5e:ff:87:a9:5a:fe:5c:25:7a:8b:
                    4a:18:b0:2c:c0:04:79:a8:26:99:23:47:2b:f2:4f:
                    32:5a:63:f7:6e:fc:6b:c1:d5:f3:f5:b2:df:e7:eb:
                    0c:a5:c1:9e:40:2b:83:e6:ec:b5:17:b6:e7:ec:3d:
                    d7:13:0b:67:77:44:2b:59:ca:37:3a:e6:0a:f0:da:
                    d6:cf:94:80:b3:4a:d0:f5:6f:07:36:3b:1f:ea:1f:
                    1c:b1:93:3f:d8:2f:26:b6:da:2a:33:f6:bc:9f:08:
                    10:08:60:4c:63:74:0f:24:e2:68:e4:5d:7c:20:ce:
                    97:67:64:66:9d:dd:b6:a9:2d:5e:f8:d0:62:3a:fc:
                    43:d8:68:2a:d9:dc:f3:90:db:79:41:c9:b8:23:55:
                    c0:69:37:ec:30:eb:cb:3a:a8:e9:f5:78:13:50:ab:
                    79:a6:ac:24:b2:b1:c2:7b:13:0d:e8:fc:bf:3d:d5:
                    e9:04:90:fe:34:d1:7e:23:9d:1f:63:b3:54:82:34:
                    9c:53:7c:55:86:c5:f4:8f:04:50:8e:f9:cf:a2:1f:
                    3f:7d:a7:1a:d7:db:49:a4:1e:07:5b:e0:f2:85:ee:
                    bf:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:1A:A3:B7:A5:FB:E9:BC:50:05:75:B0:49:9E:D3:13:40:D7:67:81
            X509v3 Authority Key Identifier:
                keyid:42:3D:93:05:4F:06:3C:F8:A2:91:86:17:35:F9:00:59:AB:9E:C1:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qj2TBU8GPPiikYYXNfkAWauewWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/Fxqjt6X76bxQBXWwSZ7TE0DXZ4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/Qj2TBU8GPPiikYYXNfkAWauewWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:94c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         93:d4:72:60:02:2a:b5:0a:62:1c:68:ba:31:33:88:12:2c:be:
         cb:0d:2d:1a:3c:0b:ae:d9:8b:b6:85:5b:81:89:78:80:d4:63:
         6f:31:c8:41:56:b3:68:3b:bf:1e:40:93:dd:cf:9f:69:dd:58:
         27:9b:54:93:de:5b:90:f4:59:f3:cd:89:d9:16:64:77:3e:5b:
         8e:b1:31:73:a5:5a:51:cb:c5:54:d8:dc:53:76:4d:b4:f8:68:
         d3:88:f3:a5:80:c6:3c:37:bc:5e:16:40:5c:58:23:8d:df:b0:
         3d:a6:93:45:e3:e9:03:94:39:4c:f1:22:ec:91:a6:79:19:d5:
         86:e3:57:48:53:21:2b:94:3c:69:d0:8e:a8:79:af:2d:29:64:
         3f:c6:d4:60:93:af:06:e7:5e:ed:93:de:a2:07:5c:dc:47:30:
         9e:d3:2c:67:74:12:d1:da:87:66:b0:e9:62:dd:9a:6e:22:d0:
         1f:ad:b3:07:92:43:cf:45:1a:70:50:d3:a3:59:5d:a9:ee:51:
         d6:ed:94:02:4f:c4:ae:e7:22:08:3c:a0:48:d8:d1:6b:42:f5:
         fc:05:06:1d:b6:a2:9f:01:27:78:29:13:0f:63:a2:be:fe:3b:
         b9:cd:95:28:a3:0f:f5:d8:fd:ce:8e:3e:c3:d5:a1:e9:e8:c0:
         19:41:55:20
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQjaiWCXJsK5UqR6CIefy0IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyM2Q5MzA1NGYwNjNjZjhhMjkxODYxNzM1ZjkwMDU5YWI5
ZWMxNjkwHhcNMjUwMTAxMTk0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzFhYTNiN2E1ZmJlOWJjNTAwNTc1YjA0OTllZDMxMzQwZDc2NzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3eowt01Qit4aRactrIUeSiIPX1px
Cg/RWjiUO/dLACsIk17/h6la/lwleotKGLAswAR5qCaZI0cr8k8yWmP3bvxrwdXz
9bLf5+sMpcGeQCuD5uy1F7bn7D3XEwtnd0QrWco3OuYK8NrWz5SAs0rQ9W8HNjsf
6h8csZM/2C8mttoqM/a8nwgQCGBMY3QPJOJo5F18IM6XZ2Rmnd22qS1e+NBiOvxD
2Ggq2dzzkNt5Qcm4I1XAaTfsMOvLOqjp9XgTUKt5pqwksrHCexMN6Py/PdXpBJD+
NNF+I50fY7NUgjScU3xVhsX0jwRQjvnPoh8/faca19tJpB4HW+Dyhe6/8QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBcao7el++m8UAV1sEme0xNA12eBMB8GA1UdIwQY
MBaAFEI9kwVPBjz4opGGFzX5AFmrnsFpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWoyVEJVOEdQUGlpa1lZWE5ma0FXYXVld1drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8wYzJlYzMtMzg0NC00YjVmLTlmNTgt
NWYxYjY5MDQ4ZmUyLzEvRnhxanQ2WDc2YnhRQlhXd1NaN1RFMERYWjRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8wYzJlYzMtMzg0NC00YjVmLTlmNTgtNWYxYjY5MDQ4ZmUy
LzEvUWoyVEJVOEdQUGlpa1lZWE5ma0FXYXVld1drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgCUwDAN
BgkqhkiG9w0BAQsFAAOCAQEAk9RyYAIqtQpiHGi6MTOIEiy+yw0tGjwLrtmLtoVb
gYl4gNRjbzHIQVazaDu/HkCT3c+fad1YJ5tUk95bkPRZ882J2RZkdz5bjrExc6Va
UcvFVNjcU3ZNtPho04jzpYDGPDe8XhZAXFgjjd+wPaaTRePpA5Q5TPEi7JGmeRnV
huNXSFMhK5Q8adCOqHmvLSlkP8bUYJOvBude7ZPeogdc3EcwntMsZ3QS0dqHZrDp
Yt2abiLQH62zB5JDz0UacFDTo1ldqe5R1u2UAk/EruciCDygSNjRa0L1/AUGHbai
nwEneCkTD2Oivv47uc2VKKMP9dj9zo4+w9Wh6ejAGUFVIA==
-----END CERTIFICATE-----