Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/8e4bdc-e6eb-4208-9b13-a2efae3f9cab/1/1-y2wf-G4h6MfUPnkVrxK0Xw2vJg.roa
File:                     1-y2wf-G4h6MfUPnkVrxK0Xw2vJg.roa (raw, json)
Hash identifier:          x9mX2Y1MAhdwF1gl0VV9Ix6fABygQ0MjlMVoP/8g9iM=
Subject key identifier:   FB:2D:B0:7F:E1:B8:87:A3:1F:50:F9:E4:56:BC:4A:D1:7C:36:BC:98
Certificate issuer:       /CN=971a799c6a663439d74450dfb38993571f98e15d
Certificate serial:       019424B28C52D314415ACEC78D8464992010
Authority key identifier: 97:1A:79:9C:6A:66:34:39:D7:44:50:DF:B3:89:93:57:1F:98:E1:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lxp5nGpmNDnXRFDfs4mTVx-Y4V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/8e4bdc-e6eb-4208-9b13-a2efae3f9cab/1/1-y2wf-G4h6MfUPnkVrxK0Xw2vJg.roa
Signing time:             Thu 02 Jan 2025 01:47:48 +0000
ROA not before:           Thu 02 Jan 2025 01:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12816
IP address blocks:        2001:4ca0::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/8e4bdc-e6eb-4208-9b13-a2efae3f9cab/1/lxp5nGpmNDnXRFDfs4mTVx-Y4V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/8e4bdc-e6eb-4208-9b13-a2efae3f9cab/1/lxp5nGpmNDnXRFDfs4mTVx-Y4V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lxp5nGpmNDnXRFDfs4mTVx-Y4V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:8c:52:d3:14:41:5a:ce:c7:8d:84:64:99:20:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=971a799c6a663439d74450dfb38993571f98e15d
        Validity
            Not Before: Jan  2 01:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb2db07fe1b887a31f50f9e456bc4ad17c36bc98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:cd:76:6b:b6:3d:7b:b7:e8:1e:36:b4:00:40:
                    98:9b:b0:fa:21:51:41:09:81:58:40:ed:a0:31:81:
                    17:6c:0e:76:04:35:c9:a7:94:8a:ed:49:7d:51:58:
                    fe:08:ae:14:9b:2e:0b:19:55:54:a6:9b:00:51:75:
                    bf:01:a2:42:12:91:e8:42:aa:9e:e9:cf:a0:d0:37:
                    6d:8e:5a:e8:5d:42:83:8e:1f:fe:c1:08:38:93:da:
                    89:30:8f:67:3e:0a:23:72:01:be:4b:39:b9:b8:6c:
                    63:18:b0:c8:be:ad:e9:55:7a:83:c1:05:c5:17:cd:
                    08:b3:45:e0:58:5f:9c:a7:3e:1d:bf:79:13:9c:f1:
                    a7:d4:0f:b7:09:c5:81:e0:88:61:c7:6b:c2:9d:e7:
                    ab:8c:d5:90:9e:aa:b5:46:01:a1:8d:ba:df:a9:be:
                    f5:37:57:40:f5:0b:ae:60:64:6b:85:17:0c:b5:e1:
                    51:ca:12:59:99:53:75:b5:99:e7:7b:e5:d4:5c:e8:
                    ef:57:1a:7d:71:15:0b:26:e4:79:da:44:e7:ac:e7:
                    35:b1:f6:21:92:c6:62:b0:77:ed:9d:5b:5e:04:4f:
                    d8:70:42:bc:38:e2:c5:e3:c1:6a:3f:0a:4f:14:42:
                    80:d5:dc:9d:ad:f1:64:71:97:2e:91:ba:59:67:32:
                    66:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:2D:B0:7F:E1:B8:87:A3:1F:50:F9:E4:56:BC:4A:D1:7C:36:BC:98
            X509v3 Authority Key Identifier:
                keyid:97:1A:79:9C:6A:66:34:39:D7:44:50:DF:B3:89:93:57:1F:98:E1:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lxp5nGpmNDnXRFDfs4mTVx-Y4V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/8e4bdc-e6eb-4208-9b13-a2efae3f9cab/1/1-y2wf-G4h6MfUPnkVrxK0Xw2vJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/8e4bdc-e6eb-4208-9b13-a2efae3f9cab/1/lxp5nGpmNDnXRFDfs4mTVx-Y4V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:4ca0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a2:96:1b:e5:e3:b9:66:2f:8b:57:db:c8:04:03:fe:e4:34:74:
         2c:ae:79:75:8c:de:d3:49:6f:ab:fe:1d:3d:88:69:24:5e:fa:
         c7:9f:10:30:b3:a0:13:17:d2:4c:51:e0:28:18:18:a7:c4:d1:
         e2:a3:f2:71:fe:02:9e:5e:d6:25:5f:70:3f:a7:da:8c:be:cd:
         cc:e6:20:a2:e9:b2:5c:6a:f9:db:e8:45:0c:80:54:e3:af:2d:
         7c:4b:c3:95:2c:a4:57:f0:9f:95:02:b4:50:ca:7b:8b:7b:3c:
         48:ef:83:cc:a2:53:94:c9:65:ed:81:e9:20:d7:b9:05:04:4c:
         df:5b:05:e5:fe:cf:38:e1:d5:44:82:7c:58:8c:b5:25:91:20:
         81:26:c5:bf:51:29:4c:41:44:48:cb:b0:72:13:aa:ec:50:e5:
         f8:6f:54:b2:ba:bd:08:a9:d8:fe:9e:d6:70:95:cb:80:1a:4b:
         02:7c:c1:22:07:72:ca:41:2d:d1:5f:07:3c:1d:85:a2:92:fe:
         5b:89:ba:b8:6b:3f:d6:9f:3b:78:04:0f:fd:9d:c9:29:e3:50:
         5a:e0:03:30:1c:73:21:66:87:a2:38:52:02:81:c4:ba:be:b4:
         ee:86:10:7a:10:83:a9:bc:3a:f1:11:5b:55:33:bf:ad:c7:02:
         4e:f6:9f:eb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQksoxS0xRBWs7HjYRkmSAQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MWE3OTljNmE2NjM0MzlkNzQ0NTBkZmIzODk5MzU3MWY5
OGUxNWQwHhcNMjUwMTAyMDE0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjJkYjA3ZmUxYjg4N2EzMWY1MGY5ZTQ1NmJjNGFkMTdjMzZiYzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuM12a7Y9e7foHja0AECYm7D6IVFB
CYFYQO2gMYEXbA52BDXJp5SK7Ul9UVj+CK4Umy4LGVVUppsAUXW/AaJCEpHoQqqe
6c+g0DdtjlroXUKDjh/+wQg4k9qJMI9nPgojcgG+Szm5uGxjGLDIvq3pVXqDwQXF
F80Is0XgWF+cpz4dv3kTnPGn1A+3CcWB4Ihhx2vCneerjNWQnqq1RgGhjbrfqb71
N1dA9QuuYGRrhRcMteFRyhJZmVN1tZnne+XUXOjvVxp9cRULJuR52kTnrOc1sfYh
ksZisHftnVteBE/YcEK8OOLF48FqPwpPFEKA1dydrfFkcZcukbpZZzJmfwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPstsH/huIejH1D55Fa8StF8NryYMB8GA1UdIwQY
MBaAFJcaeZxqZjQ510RQ37OJk1cfmOFdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHhwNW5HcG1ORG5YUkZEZnM0bVRWeC1ZNFYwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS84ZTRiZGMtZTZlYi00MjA4LTliMTMt
YTJlZmFlM2Y5Y2FiLzEvMS15MndmLUc0aDZNZlVQbmtWcnhLMFh3MnZKZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjUvOGU0YmRjLWU2ZWItNDIwOC05YjEzLWEyZWZhZTNmOWNh
Yi8xL2x4cDVuR3BtTkRuWFJGRGZzNG1UVngtWTRWMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyABTKAw
DQYJKoZIhvcNAQELBQADggEBAKKWG+XjuWYvi1fbyAQD/uQ0dCyueXWM3tNJb6v+
HT2IaSRe+sefEDCzoBMX0kxR4CgYGKfE0eKj8nH+Ap5e1iVfcD+n2oy+zczmIKLp
slxq+dvoRQyAVOOvLXxLw5UspFfwn5UCtFDKe4t7PEjvg8yiU5TJZe2B6SDXuQUE
TN9bBeX+zzjh1USCfFiMtSWRIIEmxb9RKUxBREjLsHITquxQ5fhvVLK6vQip2P6e
1nCVy4AaSwJ8wSIHcspBLdFfBzwdhaKS/luJurhrP9afO3gED/2dySnjUFrgAzAc
cyFmh6I4UgKBxLq+tO6GEHoQg6m8OvERW1Uzv63HAk72n+s=
-----END CERTIFICATE-----