Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/SFzr9Ki77G7wMcqqTfdC5lXPnIg.roa
File:                     SFzr9Ki77G7wMcqqTfdC5lXPnIg.roa (raw, json)
Hash identifier:          GkIzIhzpTqpbuxedhM4RgpuS0saQkzxJTdCaME513TY=
Subject key identifier:   48:5C:EB:F4:A8:BB:EC:6E:F0:31:CA:AA:4D:F7:42:E6:55:CF:9C:88
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01900BC0ABD2585D86E15E7F1179C940EC43
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/SFzr9Ki77G7wMcqqTfdC5lXPnIg.roa
Signing time:             Wed 12 Jun 2024 09:21:34 +0000
ROA not before:           Wed 12 Jun 2024 09:21:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28459
IP address blocks:        2a0e:1a83:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 12:39:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0b:c0:ab:d2:58:5d:86:e1:5e:7f:11:79:c9:40:ec:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun 12 09:21:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=485cebf4a8bbec6ef031caaa4df742e655cf9c88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:87:1e:9f:f1:e5:b3:c6:e3:6a:ab:77:89:21:
                    47:8a:c2:69:fc:e6:d6:fc:3e:7d:bb:7f:c1:37:0d:
                    d7:e3:1b:e6:88:d1:d0:f0:09:74:f7:2d:6e:30:26:
                    1f:25:91:21:34:08:72:45:19:1b:1c:e4:33:07:c0:
                    f5:03:54:5d:f7:35:d0:91:d2:12:b8:d5:2d:09:55:
                    f1:5b:6b:09:fa:1f:4f:27:d5:7d:35:56:6b:5f:2f:
                    04:12:87:bc:b4:bc:f7:7e:67:1c:f2:93:ed:f5:eb:
                    65:55:ba:7a:58:bf:30:a6:a3:c5:44:b2:08:af:8b:
                    35:f6:ee:cd:aa:46:cc:f9:09:e1:60:d4:b2:d7:e6:
                    09:1e:44:54:d0:d9:14:cc:c6:ae:c3:d5:14:b9:35:
                    24:be:6d:dd:a4:26:61:a4:f1:31:1f:17:f7:9d:61:
                    ed:e9:a3:15:57:0f:b4:df:9c:d9:7d:65:91:fb:26:
                    89:da:d0:8c:5e:6b:ba:21:a1:ac:a1:d0:b2:a3:6f:
                    3d:20:1a:b1:d0:9a:4b:3a:c1:b5:8d:8d:b5:29:49:
                    17:7e:d8:d0:83:92:c2:80:a8:49:cb:2f:ca:c8:02:
                    a3:a8:7b:69:b9:9b:d5:b7:3f:87:71:2b:6c:3f:0a:
                    d5:38:53:72:54:c2:4f:be:77:82:3d:24:7c:a3:d6:
                    2e:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:5C:EB:F4:A8:BB:EC:6E:F0:31:CA:AA:4D:F7:42:E6:55:CF:9C:88
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/SFzr9Ki77G7wMcqqTfdC5lXPnIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:1a83:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:f5:e2:30:90:6b:9c:50:4b:b6:45:7b:a2:18:cf:16:62:7b:
         87:1e:ac:ec:32:3c:80:9d:20:7a:ca:3f:37:91:5e:2a:e8:65:
         95:43:0b:33:b4:32:f6:4f:c9:bd:13:2d:5b:45:c9:5a:18:73:
         02:bc:32:cb:47:c6:22:72:8b:8c:86:c7:c0:7c:57:5c:e2:7d:
         cf:6a:7d:82:d5:cb:8b:9d:89:35:f4:bd:5f:f1:7b:16:7c:5b:
         d6:d9:e2:8e:5e:5e:e8:e6:f2:7c:3f:97:fe:85:7f:83:98:43:
         c9:84:71:bd:4d:f6:a9:10:fe:d1:2b:32:2a:a6:df:13:d9:c6:
         46:1c:df:7d:38:76:77:69:04:41:89:e3:39:41:66:cc:a6:27:
         5b:b7:ae:f9:93:c6:db:15:b4:e0:e0:24:04:fc:52:2e:e6:ca:
         2c:5e:b0:c0:ff:86:26:a1:fb:a1:4c:a6:ca:62:e7:32:3d:9c:
         91:ed:c0:70:52:c0:d9:59:e5:a6:3c:ab:0d:04:1a:6d:25:95:
         cb:47:0b:26:d9:3c:5e:ba:35:f4:4e:94:23:63:2c:21:ae:4e:
         d5:de:e0:2d:2f:b4:0d:8e:74:b2:a4:b4:69:40:ee:e1:b3:bf:
         be:e0:0d:40:ce:1a:21:94:4f:cc:d3:f3:c7:47:ee:4a:ee:3a:
         c9:79:03:7c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZALwKvSWF2G4V5/EXnJQOxDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwNjEyMDkyMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODVjZWJmNGE4YmJlYzZlZjAzMWNhYWE0ZGY3NDJlNjU1Y2Y5Yzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYcen/Hls8bjaqt3iSFHisJp/ObW
/D59u3/BNw3X4xvmiNHQ8Al09y1uMCYfJZEhNAhyRRkbHOQzB8D1A1Rd9zXQkdIS
uNUtCVXxW2sJ+h9PJ9V9NVZrXy8EEoe8tLz3fmcc8pPt9etlVbp6WL8wpqPFRLII
r4s19u7NqkbM+QnhYNSy1+YJHkRU0NkUzMauw9UUuTUkvm3dpCZhpPExHxf3nWHt
6aMVVw+035zZfWWR+yaJ2tCMXmu6IaGsodCyo289IBqx0JpLOsG1jY21KUkXftjQ
g5LCgKhJyy/KyAKjqHtpuZvVtz+HcStsPwrVOFNyVMJPvneCPSR8o9YuOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEhc6/Sou+xu8DHKqk33QuZVz5yIMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvU0Z6cjlLaTc3Rzd3TWNxcVRmZEM1bFhQbklnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg4agwAB
MA0GCSqGSIb3DQEBCwUAA4IBAQAN9eIwkGucUEu2RXuiGM8WYnuHHqzsMjyAnSB6
yj83kV4q6GWVQwsztDL2T8m9Ey1bRclaGHMCvDLLR8YicouMhsfAfFdc4n3Pan2C
1cuLnYk19L1f8XsWfFvW2eKOXl7o5vJ8P5f+hX+DmEPJhHG9TfapEP7RKzIqpt8T
2cZGHN99OHZ3aQRBieM5QWbMpidbt675k8bbFbTg4CQE/FIu5sosXrDA/4Ymofuh
TKbKYucyPZyR7cBwUsDZWeWmPKsNBBptJZXLRwsm2TxeujX0TpQjYywhrk7V3uAt
L7QNjnSypLRpQO7hs7++4A1AzhohlE/M0/PHR+5K7jrJeQN8
-----END CERTIFICATE-----