Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/fkWlT9PgiHrt21vPWUF4x1XaOLY.roa
File:                     fkWlT9PgiHrt21vPWUF4x1XaOLY.roa (raw, json)
Hash identifier:          x7UGdmB+xVRIAlEZvuthxI7D4dWajJ53Iu1moiHZnkA=
Subject key identifier:   7E:45:A5:4F:D3:E0:88:7A:ED:DB:5B:CF:59:41:78:C7:55:DA:38:B6
Certificate issuer:       /CN=ad1d2a562c7db21151b4a0926b8d6feeacef8857
Certificate serial:       0194221F5C0DBE4760223438C91BD94DAF12
Authority key identifier: AD:1D:2A:56:2C:7D:B2:11:51:B4:A0:92:6B:8D:6F:EE:AC:EF:88:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rR0qVix9shFRtKCSa41v7qzviFc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/fkWlT9PgiHrt21vPWUF4x1XaOLY.roa
Signing time:             Wed 01 Jan 2025 13:47:47 +0000
ROA not before:           Wed 01 Jan 2025 13:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20495
IP address blocks:        2a04:d9c0::/32 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/rR0qVix9shFRtKCSa41v7qzviFc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/rR0qVix9shFRtKCSa41v7qzviFc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rR0qVix9shFRtKCSa41v7qzviFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 22:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:5c:0d:be:47:60:22:34:38:c9:1b:d9:4d:af:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad1d2a562c7db21151b4a0926b8d6feeacef8857
        Validity
            Not Before: Jan  1 13:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e45a54fd3e0887aeddb5bcf594178c755da38b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b4:16:e8:8c:74:2e:f2:64:db:2f:c6:6a:a0:
                    48:0c:b6:0c:2c:a1:ad:37:ff:4e:67:a8:eb:d5:80:
                    46:0e:dd:14:b9:10:43:36:c7:ff:e1:e3:89:a0:e4:
                    84:3d:39:79:95:e6:db:69:13:e6:0f:5f:67:00:73:
                    43:f5:f4:a2:b7:93:63:7b:0d:ed:7a:20:bc:54:91:
                    da:4e:81:4c:5b:09:46:4e:86:e8:de:78:39:4e:07:
                    f3:40:ba:0d:39:e5:2d:60:58:48:ea:f8:c9:54:14:
                    fa:86:53:4f:8b:d9:09:4c:5f:3b:0b:d4:3e:b2:a2:
                    99:b3:cd:df:53:16:90:10:26:54:74:68:e7:e9:1a:
                    5e:b7:4a:39:c3:bd:7c:86:a0:33:b0:74:af:98:cf:
                    e5:2f:b1:c8:c0:bd:d6:6a:a2:3f:f5:dd:e5:31:72:
                    f2:f1:ea:29:20:87:e4:f6:56:4d:ca:30:6d:16:d0:
                    b0:e2:b1:72:7f:a6:94:96:b0:50:ae:10:46:7b:f8:
                    c3:fe:c3:f3:bf:b0:e8:54:05:c1:3a:a3:38:4f:d0:
                    29:a4:d1:e7:57:5c:3b:05:7e:25:eb:f5:63:ee:c8:
                    d6:fa:7d:00:98:1d:dc:7c:62:79:29:3a:a5:7a:7e:
                    9b:f8:9b:8a:1d:9f:ca:76:55:1c:fb:af:22:0d:2a:
                    3e:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:45:A5:4F:D3:E0:88:7A:ED:DB:5B:CF:59:41:78:C7:55:DA:38:B6
            X509v3 Authority Key Identifier:
                keyid:AD:1D:2A:56:2C:7D:B2:11:51:B4:A0:92:6B:8D:6F:EE:AC:EF:88:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rR0qVix9shFRtKCSa41v7qzviFc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/fkWlT9PgiHrt21vPWUF4x1XaOLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/rR0qVix9shFRtKCSa41v7qzviFc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:d9c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:55:3f:57:14:cd:cb:50:44:64:d0:74:97:81:42:f9:fa:87:
         d9:c6:31:66:fc:b0:77:08:ee:9a:96:97:ca:12:91:1a:0e:e7:
         00:61:37:d8:ce:d5:9a:ee:f7:bf:d2:89:98:79:4b:b7:d4:c3:
         d0:6d:b7:1e:f7:99:36:d6:d0:c6:e5:76:5a:da:25:b8:f6:64:
         b8:fc:cf:6a:dd:8f:a8:6e:3b:d5:b6:f0:28:a4:bf:37:5b:f1:
         df:7a:51:bd:1b:92:72:30:4c:6f:12:c6:3c:1e:a7:fc:26:d4:
         5f:66:d1:b0:bb:6a:51:e8:72:15:0b:f2:e4:dd:ca:db:06:51:
         16:3d:03:c9:11:a0:9b:f0:8f:63:6c:50:f2:a3:0d:e2:89:61:
         b0:71:a3:8c:dd:5b:33:20:43:ef:6a:5a:4f:c3:af:b3:9c:db:
         e0:41:79:39:65:f7:f2:77:f2:b1:14:64:89:79:c8:44:26:3f:
         1a:17:cb:9f:54:7f:da:7e:c0:a5:02:64:32:68:d3:a4:b3:55:
         c1:4a:2c:b2:2d:05:f9:a8:a3:f7:55:14:91:4f:ca:29:09:8f:
         a6:a2:b1:13:72:5b:92:6f:f4:c6:32:09:54:41:38:72:4c:35:
         4e:2c:97:48:a3:48:c4:92:f4:2f:27:5c:bf:99:9b:0e:a1:44:
         da:0d:a3:79
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQiH1wNvkdgIjQ4yRvZTa8SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMWQyYTU2MmM3ZGIyMTE1MWI0YTA5MjZiOGQ2ZmVlYWNl
Zjg4NTcwHhcNMjUwMTAxMTM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTQ1YTU0ZmQzZTA4ODdhZWRkYjViY2Y1OTQxNzhjNzU1ZGEzOGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbQW6Ix0LvJk2y/GaqBIDLYMLKGt
N/9OZ6jr1YBGDt0UuRBDNsf/4eOJoOSEPTl5lebbaRPmD19nAHND9fSit5Njew3t
eiC8VJHaToFMWwlGTobo3ng5TgfzQLoNOeUtYFhI6vjJVBT6hlNPi9kJTF87C9Q+
sqKZs83fUxaQECZUdGjn6Rpet0o5w718hqAzsHSvmM/lL7HIwL3WaqI/9d3lMXLy
8eopIIfk9lZNyjBtFtCw4rFyf6aUlrBQrhBGe/jD/sPzv7DoVAXBOqM4T9AppNHn
V1w7BX4l6/Vj7sjW+n0AmB3cfGJ5KTqlen6b+JuKHZ/KdlUc+68iDSo+CQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFH5FpU/T4Ih67dtbz1lBeMdV2ji2MB8GA1UdIwQY
MBaAFK0dKlYsfbIRUbSgkmuNb+6s74hXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclIwcVZpeDlzaEZSdEtDU2E0MXY3cXp2aUZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS84M2FjZDctNWUxYS00OWY5LWI0MDkt
MzI5MzZjM2E0YTlkLzEvZmtXbFQ5UGdpSHJ0MjF2UFdVRjR4MVhhT0xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS84M2FjZDctNWUxYS00OWY5LWI0MDktMzI5MzZjM2E0YTlk
LzEvclIwcVZpeDlzaEZSdEtDU2E0MXY3cXp2aUZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgTZwDAN
BgkqhkiG9w0BAQsFAAOCAQEAPlU/VxTNy1BEZNB0l4FC+fqH2cYxZvywdwjumpaX
yhKRGg7nAGE32M7Vmu73v9KJmHlLt9TD0G23HveZNtbQxuV2WtoluPZkuPzPat2P
qG471bbwKKS/N1vx33pRvRuScjBMbxLGPB6n/CbUX2bRsLtqUehyFQvy5N3K2wZR
Fj0DyRGgm/CPY2xQ8qMN4olhsHGjjN1bMyBD72paT8Ovs5zb4EF5OWX38nfysRRk
iXnIRCY/GhfLn1R/2n7ApQJkMmjTpLNVwUossi0F+aij91UUkU/KKQmPpqKxE3Jb
km/0xjIJVEE4ckw1TiyXSKNIxJL0Lydcv5mbDqFE2g2jeQ==
-----END CERTIFICATE-----