Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/cff630-6c8a-43bd-afb9-b07f016a1762/1/FYfGapYZgv1rSx7oxjUTR0AEqSI.roa
File:                     FYfGapYZgv1rSx7oxjUTR0AEqSI.roa (raw, json)
Hash identifier:          /yS9+tjgVqFWik3KkW3YA5pzZoZBBA4Y+IeN8zVnoxw=
Subject key identifier:   15:87:C6:6A:96:19:82:FD:6B:4B:1E:E8:C6:35:13:47:40:04:A9:22
Certificate issuer:       /CN=854c8176d9c42c704b310913309470351bb599e5
Certificate serial:       0194274782A4C58B71175B52887DC7355FB6
Authority key identifier: 85:4C:81:76:D9:C4:2C:70:4B:31:09:13:30:94:70:35:1B:B5:99:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hUyBdtnELHBLMQkTMJRwNRu1meU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/cff630-6c8a-43bd-afb9-b07f016a1762/1/FYfGapYZgv1rSx7oxjUTR0AEqSI.roa
Signing time:             Thu 02 Jan 2025 13:49:45 +0000
ROA not before:           Thu 02 Jan 2025 13:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52114
IP address blocks:        2a01:4a60:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/cff630-6c8a-43bd-afb9-b07f016a1762/1/hUyBdtnELHBLMQkTMJRwNRu1meU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/cff630-6c8a-43bd-afb9-b07f016a1762/1/hUyBdtnELHBLMQkTMJRwNRu1meU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hUyBdtnELHBLMQkTMJRwNRu1meU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:82:a4:c5:8b:71:17:5b:52:88:7d:c7:35:5f:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=854c8176d9c42c704b310913309470351bb599e5
        Validity
            Not Before: Jan  2 13:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1587c66a961982fd6b4b1ee8c63513474004a922
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:03:82:24:17:6f:a1:ba:62:3e:72:1d:bf:ac:
                    42:1c:5e:9b:f6:aa:5e:52:57:fc:cf:12:c6:e0:a0:
                    94:34:b3:15:ce:7a:09:e5:69:0f:bb:7d:1e:80:bd:
                    19:50:ec:8d:63:53:b2:e0:0e:bc:ba:58:22:77:1b:
                    d1:4f:c6:fa:9d:b2:dd:48:4b:f2:44:74:0e:b5:fb:
                    df:50:c1:42:25:36:c7:ca:2f:2c:0c:da:9e:ee:4f:
                    8c:6c:aa:71:9b:b4:57:ce:1a:6d:3b:b9:c4:c4:63:
                    d1:2d:93:8e:98:98:b6:d1:ed:7e:cb:56:f3:2f:be:
                    d6:a4:7d:71:fa:86:1d:7f:9c:f3:8a:87:4d:94:33:
                    66:b4:ad:ab:97:55:8c:63:1d:b2:64:64:a4:76:79:
                    f0:1c:47:da:18:74:a1:70:d4:e9:e4:ff:58:b5:d8:
                    6e:75:1e:19:9d:fc:0f:fd:8b:e7:16:45:f5:7d:d5:
                    8a:b6:6d:f5:c2:91:1a:63:38:73:e3:2a:1b:73:68:
                    99:30:11:65:e9:c7:d6:a2:e2:4d:62:57:f1:47:e0:
                    27:d2:7e:56:e9:77:af:fc:d2:75:b0:a0:0f:e7:4b:
                    dd:61:c1:3a:58:a2:b7:e8:4f:8a:ee:68:32:9d:f3:
                    f6:0f:64:05:79:50:f3:70:8d:97:12:49:5f:f9:cb:
                    19:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:87:C6:6A:96:19:82:FD:6B:4B:1E:E8:C6:35:13:47:40:04:A9:22
            X509v3 Authority Key Identifier:
                keyid:85:4C:81:76:D9:C4:2C:70:4B:31:09:13:30:94:70:35:1B:B5:99:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hUyBdtnELHBLMQkTMJRwNRu1meU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/cff630-6c8a-43bd-afb9-b07f016a1762/1/FYfGapYZgv1rSx7oxjUTR0AEqSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/cff630-6c8a-43bd-afb9-b07f016a1762/1/hUyBdtnELHBLMQkTMJRwNRu1meU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:4a60:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:80:fc:0d:2b:c0:9c:7e:04:40:31:36:67:00:40:b7:f5:bc:
         9b:ac:6f:8c:de:4c:1c:9d:70:db:fb:d9:ce:9a:fa:96:1e:a2:
         a2:db:5f:fb:22:5e:28:5e:45:7f:94:64:97:7d:72:6e:66:fa:
         64:3f:38:ff:53:19:af:ae:56:97:79:97:05:5d:67:57:4e:fe:
         bd:bf:40:8f:30:74:50:3c:6a:78:89:1a:e6:b3:bf:d7:6d:df:
         78:0d:39:72:5d:57:bc:5e:0a:d0:6a:e3:8e:f6:84:7d:9d:72:
         68:d3:5b:fa:c3:ac:2d:19:2b:46:6a:b3:16:be:1b:05:51:1c:
         aa:30:fe:4f:ee:e5:ba:cb:64:36:91:50:8e:92:6a:5c:fb:c8:
         7b:61:be:17:73:84:3e:f5:41:ca:d5:75:12:3b:c2:91:6f:1f:
         31:ac:ae:46:c2:a6:e9:4c:80:a2:d3:37:77:6f:d4:56:dd:82:
         eb:0c:1d:d1:a6:14:64:64:c7:32:26:6d:da:ab:11:1e:1f:d5:
         60:80:cd:62:0e:24:29:4b:33:cb:c6:94:0e:00:06:8f:75:3d:
         bd:e9:59:f1:2c:e4:a8:54:b4:5c:e8:ab:06:5f:f7:f2:5c:20:
         33:08:96:45:d7:db:76:13:69:8f:cf:67:a5:93:bf:68:d1:25:
         64:bf:59:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnR4KkxYtxF1tSiH3HNV+2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NGM4MTc2ZDljNDJjNzA0YjMxMDkxMzMwOTQ3MDM1MWJi
NTk5ZTUwHhcNMjUwMTAyMTM0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTg3YzY2YTk2MTk4MmZkNmI0YjFlZThjNjM1MTM0NzQwMDRhOTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwOCJBdvobpiPnIdv6xCHF6b9qpe
Ulf8zxLG4KCUNLMVznoJ5WkPu30egL0ZUOyNY1Oy4A68ulgidxvRT8b6nbLdSEvy
RHQOtfvfUMFCJTbHyi8sDNqe7k+MbKpxm7RXzhptO7nExGPRLZOOmJi20e1+y1bz
L77WpH1x+oYdf5zziodNlDNmtK2rl1WMYx2yZGSkdnnwHEfaGHShcNTp5P9Ytdhu
dR4ZnfwP/YvnFkX1fdWKtm31wpEaYzhz4yobc2iZMBFl6cfWouJNYlfxR+An0n5W
6Xev/NJ1sKAP50vdYcE6WKK36E+K7mgynfP2D2QFeVDzcI2XEklf+csZpwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBWHxmqWGYL9a0se6MY1E0dABKkiMB8GA1UdIwQY
MBaAFIVMgXbZxCxwSzEJEzCUcDUbtZnlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFV5QmR0bkVMSEJMTVFrVE1KUndOUnUxbWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9jZmY2MzAtNmM4YS00M2JkLWFmYjkt
YjA3ZjAxNmExNzYyLzEvRllmR2FwWVpndjFyU3g3b3hqVVRSMEFFcVNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9jZmY2MzAtNmM4YS00M2JkLWFmYjktYjA3ZjAxNmExNzYy
LzEvaFV5QmR0bkVMSEJMTVFrVE1KUndOUnUxbWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgFKYAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQCCgPwNK8CcfgRAMTZnAEC39bybrG+M3kwcnXDb
+9nOmvqWHqKi21/7Il4oXkV/lGSXfXJuZvpkPzj/UxmvrlaXeZcFXWdXTv69v0CP
MHRQPGp4iRrms7/Xbd94DTlyXVe8XgrQauOO9oR9nXJo01v6w6wtGStGarMWvhsF
URyqMP5P7uW6y2Q2kVCOkmpc+8h7Yb4Xc4Q+9UHK1XUSO8KRbx8xrK5GwqbpTICi
0zd3b9RW3YLrDB3RphRkZMcyJm3aqxEeH9VggM1iDiQpSzPLxpQOAAaPdT296Vnx
LOSoVLRc6KsGX/fyXCAzCJZF19t2E2mPz2elk79o0SVkv1lD
-----END CERTIFICATE-----