Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/shFSKFhffIiUAgxysGmRtXRHjKM.roa
File:                     shFSKFhffIiUAgxysGmRtXRHjKM.roa (raw, json)
Hash identifier:          dQvH9QymMjpXXdgyrmMvhjbB83wD/WfhP9dhFWk+qZg=
Subject key identifier:   B2:11:52:28:58:5F:7C:88:94:02:0C:72:B0:69:91:B5:74:47:8C:A3
Certificate issuer:       /CN=5c746e9f12c2c0e5459fe4e3d413c1c89de6db0e
Certificate serial:       01941F8C2AA8E92930EA9D0C6AF1E65A9FDA
Authority key identifier: 5C:74:6E:9F:12:C2:C0:E5:45:9F:E4:E3:D4:13:C1:C8:9D:E6:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XHRunxLCwOVFn-Tj1BPByJ3m2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/shFSKFhffIiUAgxysGmRtXRHjKM.roa
Signing time:             Wed 01 Jan 2025 01:47:47 +0000
ROA not before:           Wed 01 Jan 2025 01:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2119
IP address blocks:        2a02:7720::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/XHRunxLCwOVFn-Tj1BPByJ3m2w4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/XHRunxLCwOVFn-Tj1BPByJ3m2w4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XHRunxLCwOVFn-Tj1BPByJ3m2w4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:2a:a8:e9:29:30:ea:9d:0c:6a:f1:e6:5a:9f:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c746e9f12c2c0e5459fe4e3d413c1c89de6db0e
        Validity
            Not Before: Jan  1 01:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2115228585f7c8894020c72b06991b574478ca3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:94:55:25:5a:17:28:4f:83:87:38:2a:52:cd:
                    e5:4f:82:29:53:d9:09:59:a6:97:2e:a7:39:4e:c8:
                    92:0f:4e:15:c3:f5:3b:71:b7:09:5b:b3:a0:01:09:
                    4b:e9:5b:d5:22:cc:98:a7:71:4f:4c:8d:cd:8e:3b:
                    4e:d4:8f:c5:a9:8b:8c:f8:74:bd:57:19:bc:0b:a0:
                    5a:1b:5f:b6:86:9c:15:e0:c4:3b:c7:5e:80:4c:ea:
                    f9:38:19:c2:ff:24:d5:c4:d2:90:f3:9b:bc:e3:94:
                    55:22:a9:59:f9:9e:d4:bf:0f:06:48:c7:1b:6d:fa:
                    48:fc:67:08:ba:c2:2b:b9:6a:14:68:9f:20:b5:99:
                    72:5a:ae:cf:c6:03:39:5f:05:7e:b3:c6:64:f3:7e:
                    7d:2a:4e:8d:4a:95:d6:5b:b0:2c:93:34:5b:0f:7b:
                    94:e7:88:e7:d3:50:af:90:05:92:42:61:e3:a7:db:
                    e2:fb:05:79:fb:5b:a8:d2:64:8a:ff:be:02:1c:bf:
                    43:4e:ce:df:8a:48:89:a0:5f:5e:f4:ef:2c:4a:f5:
                    77:dc:fe:e7:74:f5:5c:a2:fc:07:dd:d2:aa:fc:70:
                    9e:0b:e5:c6:cb:f5:0c:ac:f1:20:4d:55:89:6c:54:
                    ca:22:07:a5:65:5a:ab:f9:25:47:19:5d:d3:dd:e3:
                    a4:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:11:52:28:58:5F:7C:88:94:02:0C:72:B0:69:91:B5:74:47:8C:A3
            X509v3 Authority Key Identifier:
                keyid:5C:74:6E:9F:12:C2:C0:E5:45:9F:E4:E3:D4:13:C1:C8:9D:E6:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XHRunxLCwOVFn-Tj1BPByJ3m2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/shFSKFhffIiUAgxysGmRtXRHjKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/XHRunxLCwOVFn-Tj1BPByJ3m2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:7720::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:34:6a:e9:64:42:a6:d9:4d:90:0f:9f:29:c4:b4:ec:59:4b:
         ee:02:0e:32:ae:98:85:68:0b:f4:a5:f2:2e:e3:1c:5c:a8:31:
         78:91:0c:71:cc:72:ec:f0:97:ed:ef:82:04:30:63:aa:85:72:
         3a:4f:15:68:47:cd:a4:97:03:76:f4:f7:45:5a:43:99:be:96:
         eb:bb:c9:de:f6:3f:d3:51:1d:68:8f:0d:7f:36:d1:55:9e:69:
         37:0c:e3:2b:48:d8:73:6a:72:16:39:8a:0f:11:b9:03:ff:04:
         1e:66:9f:93:7a:c7:1d:d8:28:3d:9b:c4:64:76:a5:27:20:b5:
         2a:61:2e:16:cf:ad:55:a6:91:fb:25:7e:a0:e4:1f:c5:5c:4d:
         47:f1:0d:53:5d:21:8f:ce:f2:f5:52:3c:43:e6:a1:e0:ee:ee:
         b8:3c:54:7f:0f:7d:35:ae:62:b9:4a:23:5f:5c:de:c0:b2:46:
         5b:e9:fb:0f:6e:3d:58:70:83:d6:36:3a:9f:ba:e2:14:6f:11:
         45:f3:a8:db:e2:9f:9c:00:70:1a:93:cc:f3:64:41:d7:34:81:
         7d:04:51:ec:e7:26:31:b6:78:97:d4:4f:ab:c6:06:5e:d9:b6:
         4b:d5:fa:85:82:98:84:f2:04:48:be:47:8c:66:61:fc:ee:b0:
         da:fd:bf:d4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQfjCqo6Skw6p0MavHmWp/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNzQ2ZTlmMTJjMmMwZTU0NTlmZTRlM2Q0MTNjMWM4OWRl
NmRiMGUwHhcNMjUwMTAxMDE0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjExNTIyODU4NWY3Yzg4OTQwMjBjNzJiMDY5OTFiNTc0NDc4Y2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5RVJVoXKE+DhzgqUs3lT4IpU9kJ
WaaXLqc5TsiSD04Vw/U7cbcJW7OgAQlL6VvVIsyYp3FPTI3NjjtO1I/FqYuM+HS9
Vxm8C6BaG1+2hpwV4MQ7x16ATOr5OBnC/yTVxNKQ85u845RVIqlZ+Z7Uvw8GSMcb
bfpI/GcIusIruWoUaJ8gtZlyWq7PxgM5XwV+s8Zk8359Kk6NSpXWW7AskzRbD3uU
54jn01CvkAWSQmHjp9vi+wV5+1uo0mSK/74CHL9DTs7fikiJoF9e9O8sSvV33P7n
dPVcovwH3dKq/HCeC+XGy/UMrPEgTVWJbFTKIgelZVqr+SVHGV3T3eOkGQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLIRUihYX3yIlAIMcrBpkbV0R4yjMB8GA1UdIwQY
MBaAFFx0bp8SwsDlRZ/k49QTwcid5tsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEhSdW54TEN3T1ZGbi1UajFCUEJ5SjNtMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9kNmJmNWUtNDgxMi00MzBlLTlhMTMt
ZTU5NDc2MTRlZjNmLzEvc2hGU0tGaGZmSWlVQWd4eXNHbVJ0WFJIaktNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9kNmJmNWUtNDgxMi00MzBlLTlhMTMtZTU5NDc2MTRlZjNm
LzEvWEhSdW54TEN3T1ZGbi1UajFCUEJ5SjNtMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgJ3IDAN
BgkqhkiG9w0BAQsFAAOCAQEAdzRq6WRCptlNkA+fKcS07FlL7gIOMq6YhWgL9KXy
LuMcXKgxeJEMccxy7PCX7e+CBDBjqoVyOk8VaEfNpJcDdvT3RVpDmb6W67vJ3vY/
01EdaI8NfzbRVZ5pNwzjK0jYc2pyFjmKDxG5A/8EHmafk3rHHdgoPZvEZHalJyC1
KmEuFs+tVaaR+yV+oOQfxVxNR/ENU10hj87y9VI8Q+ah4O7uuDxUfw99Na5iuUoj
X1zewLJGW+n7D249WHCD1jY6n7riFG8RRfOo2+KfnABwGpPM82RB1zSBfQRR7Ocm
MbZ4l9RPq8YGXtm2S9X6hYKYhPIESL5HjGZh/O6w2v2/1A==
-----END CERTIFICATE-----