Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/FiIrhTLc0T0cR4NfZ5h2S70yG0Q.roa
File:                     FiIrhTLc0T0cR4NfZ5h2S70yG0Q.roa (raw, json)
Hash identifier:          7P+g9ZohCIv0bryDT7cswBBPLnCXfwYQjuSM/Nwxwpw=
Subject key identifier:   16:22:2B:85:32:DC:D1:3D:1C:47:83:5F:67:98:76:4B:BD:32:1B:44
Certificate issuer:       /CN=6b3a735d09aaa7970def12c4ac60e827fdb3f825
Certificate serial:       0194221F3167F9958A27D2FC5DDF2E666F9C
Authority key identifier: 6B:3A:73:5D:09:AA:A7:97:0D:EF:12:C4:AC:60:E8:27:FD:B3:F8:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/azpzXQmqp5cN7xLErGDoJ_2z-CU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/FiIrhTLc0T0cR4NfZ5h2S70yG0Q.roa
Signing time:             Wed 01 Jan 2025 13:47:37 +0000
ROA not before:           Wed 01 Jan 2025 13:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43685
IP address blocks:        2a0b:2280::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/azpzXQmqp5cN7xLErGDoJ_2z-CU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/azpzXQmqp5cN7xLErGDoJ_2z-CU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/azpzXQmqp5cN7xLErGDoJ_2z-CU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 20:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:31:67:f9:95:8a:27:d2:fc:5d:df:2e:66:6f:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b3a735d09aaa7970def12c4ac60e827fdb3f825
        Validity
            Not Before: Jan  1 13:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16222b8532dcd13d1c47835f6798764bbd321b44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:00:cd:0a:a1:8b:4a:54:00:49:da:a3:76:83:
                    f3:34:5e:ca:d4:c3:1d:71:fc:12:ee:6e:aa:25:f8:
                    23:41:cc:a3:58:c8:c7:2b:cd:59:b5:04:01:4d:ff:
                    72:55:6e:1d:75:a8:0e:b3:72:e4:73:9d:7d:c2:cd:
                    d9:e2:7c:81:9b:d7:35:89:28:2c:d8:a7:a9:65:bb:
                    5c:32:76:de:ff:8f:36:f7:50:76:09:69:a9:57:b0:
                    5b:70:86:4c:86:aa:74:7a:3c:50:e0:3a:5a:49:fc:
                    84:ee:9b:16:39:0b:e5:a3:38:09:e5:ef:04:91:59:
                    b0:a7:8e:8b:ba:c4:1b:48:8d:72:c5:cd:b2:81:09:
                    4f:8e:ee:39:8b:70:2c:1f:6c:a8:4c:6a:06:5f:17:
                    50:e6:aa:f3:24:ab:1d:45:aa:be:13:31:71:a1:5e:
                    ee:ad:87:c6:18:a1:89:e8:a5:63:44:63:3a:e7:90:
                    c1:75:7e:c9:dd:ed:fe:39:57:4d:57:aa:a5:4e:da:
                    9a:a0:97:19:59:6a:8a:e0:bf:e5:2f:6f:f2:a3:ff:
                    cf:7e:92:f1:f3:ae:74:67:0a:06:e6:db:2c:02:99:
                    35:89:20:66:ad:06:37:d9:fb:fc:fe:a5:25:7d:0b:
                    d6:69:f5:43:38:c9:96:98:71:f4:35:67:c8:01:2a:
                    b6:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:22:2B:85:32:DC:D1:3D:1C:47:83:5F:67:98:76:4B:BD:32:1B:44
            X509v3 Authority Key Identifier:
                keyid:6B:3A:73:5D:09:AA:A7:97:0D:EF:12:C4:AC:60:E8:27:FD:B3:F8:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/azpzXQmqp5cN7xLErGDoJ_2z-CU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/FiIrhTLc0T0cR4NfZ5h2S70yG0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/azpzXQmqp5cN7xLErGDoJ_2z-CU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2280::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:d7:de:9f:e0:18:c0:78:be:b4:6f:bd:01:9c:d4:01:c8:09:
         f3:da:c4:65:8f:f5:35:c1:12:29:8a:62:f4:b9:82:51:d9:cf:
         06:a7:a2:95:e3:74:82:c7:a0:fc:ea:28:29:68:73:af:01:90:
         3d:39:6b:c5:e6:f7:85:f2:d9:dd:a7:3d:6b:de:14:70:3a:ec:
         a6:92:26:7d:d0:b2:57:f1:76:0f:b9:7e:16:b6:96:50:d6:c8:
         06:b8:1b:1d:1d:d1:f1:b7:fb:1c:b8:ae:67:ce:a5:69:ce:7c:
         92:01:30:ad:36:0d:c9:62:e7:e2:94:a3:d7:10:7c:10:97:c8:
         0b:95:01:cc:31:a6:3a:cc:72:bd:58:f5:74:16:c1:79:a4:e5:
         ea:c0:4a:2b:3e:8f:a8:fd:48:ce:13:7d:40:90:ff:4b:93:6d:
         45:18:06:70:81:0d:20:f7:72:7b:4c:09:f5:cf:10:df:75:5b:
         ea:40:9c:76:41:8a:53:97:a6:6e:8f:24:d7:d4:82:5c:31:3e:
         74:e8:95:20:3f:26:7c:45:b8:bc:82:50:ef:67:8e:32:86:b1:
         6f:99:d4:02:55:fa:7c:2c:8e:9d:3c:2a:f3:ae:65:4e:f0:02:
         95:f7:2f:95:ec:19:18:73:fa:22:da:b7:77:b4:a9:dc:45:05:
         e2:5c:2a:d3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQiHzFn+ZWKJ9L8Xd8uZm+cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiM2E3MzVkMDlhYWE3OTcwZGVmMTJjNGFjNjBlODI3ZmRi
M2Y4MjUwHhcNMjUwMTAxMTM0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjIyMmI4NTMyZGNkMTNkMWM0NzgzNWY2Nzk4NzY0YmJkMzIxYjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgDNCqGLSlQASdqjdoPzNF7K1MMd
cfwS7m6qJfgjQcyjWMjHK81ZtQQBTf9yVW4ddagOs3Lkc519ws3Z4nyBm9c1iSgs
2KepZbtcMnbe/48291B2CWmpV7BbcIZMhqp0ejxQ4DpaSfyE7psWOQvlozgJ5e8E
kVmwp46LusQbSI1yxc2ygQlPju45i3AsH2yoTGoGXxdQ5qrzJKsdRaq+EzFxoV7u
rYfGGKGJ6KVjRGM655DBdX7J3e3+OVdNV6qlTtqaoJcZWWqK4L/lL2/yo//PfpLx
8650ZwoG5tssApk1iSBmrQY32fv8/qUlfQvWafVDOMmWmHH0NWfIASq2vwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBYiK4Uy3NE9HEeDX2eYdku9MhtEMB8GA1UdIwQY
MBaAFGs6c10JqqeXDe8SxKxg6Cf9s/glMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXpwelhRbXFwNWNON3hMRXJHRG9KXzJ6LUNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jYzcyNDctNmYwYy00Yjc0LTg2OTAt
MDUxMDc2NzQ0YTY1LzEvRmlJcmhUTGMwVDBjUjROZlo1aDJTNzB5RzBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jYzcyNDctNmYwYy00Yjc0LTg2OTAtMDUxMDc2NzQ0YTY1
LzEvYXpwelhRbXFwNWNON3hMRXJHRG9KXzJ6LUNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgsigDAN
BgkqhkiG9w0BAQsFAAOCAQEACdfen+AYwHi+tG+9AZzUAcgJ89rEZY/1NcESKYpi
9LmCUdnPBqeileN0gseg/OooKWhzrwGQPTlrxeb3hfLZ3ac9a94UcDrsppImfdCy
V/F2D7l+FraWUNbIBrgbHR3R8bf7HLiuZ86lac58kgEwrTYNyWLn4pSj1xB8EJfI
C5UBzDGmOsxyvVj1dBbBeaTl6sBKKz6PqP1IzhN9QJD/S5NtRRgGcIENIPdye0wJ
9c8Q33Vb6kCcdkGKU5embo8k19SCXDE+dOiVID8mfEW4vIJQ72eOMoaxb5nUAlX6
fCyOnTwq865lTvAClfcvlewZGHP6Itq3d7Sp3EUF4lwq0w==
-----END CERTIFICATE-----