Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/b15286-fd4d-49fe-a69e-7fadf50a2e37/1/_4IIJhtFlJdrkjSOppTsaFBNkrg.roa
File:                     _4IIJhtFlJdrkjSOppTsaFBNkrg.roa (raw, json)
Hash identifier:          r5hI609ZhZ4xyXvkrk1Z26XwV02QOdDJJ0CIfMyhg7s=
Subject key identifier:   FF:82:08:26:1B:45:94:97:6B:92:34:8E:A6:94:EC:68:50:4D:92:B8
Certificate issuer:       /CN=7f168028ec0dab668a67d5bf6f5358caabe337a8
Certificate serial:       0194266C42A1BEC933DF9345E0CEC8C296FB
Authority key identifier: 7F:16:80:28:EC:0D:AB:66:8A:67:D5:BF:6F:53:58:CA:AB:E3:37:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fxaAKOwNq2aKZ9W_b1NYyqvjN6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/b15286-fd4d-49fe-a69e-7fadf50a2e37/1/_4IIJhtFlJdrkjSOppTsaFBNkrg.roa
Signing time:             Thu 02 Jan 2025 09:50:16 +0000
ROA not before:           Thu 02 Jan 2025 09:50:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51105
IP address blocks:        2a01:8ae0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/b15286-fd4d-49fe-a69e-7fadf50a2e37/1/fxaAKOwNq2aKZ9W_b1NYyqvjN6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/b15286-fd4d-49fe-a69e-7fadf50a2e37/1/fxaAKOwNq2aKZ9W_b1NYyqvjN6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fxaAKOwNq2aKZ9W_b1NYyqvjN6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 02:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:42:a1:be:c9:33:df:93:45:e0:ce:c8:c2:96:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f168028ec0dab668a67d5bf6f5358caabe337a8
        Validity
            Not Before: Jan  2 09:50:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff8208261b4594976b92348ea694ec68504d92b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:aa:7a:2a:77:c0:2e:bb:a7:e1:e0:7c:02:cf:
                    35:18:82:e6:c1:d3:27:b1:47:76:25:ae:13:2b:53:
                    6d:04:37:7e:33:14:6a:5f:3b:44:10:72:3e:d8:58:
                    d5:13:d8:56:fe:1d:9d:0f:dc:1e:8d:68:95:0f:ca:
                    41:8d:93:0c:bb:ab:89:cc:24:46:fa:52:26:d0:bd:
                    f9:25:c3:41:3c:39:cf:b8:26:47:34:09:03:99:9a:
                    c8:0d:da:f9:fa:b2:75:48:54:21:fa:f4:65:83:ba:
                    a6:4a:5f:eb:4d:bc:eb:bd:b3:56:71:c9:3a:21:b2:
                    11:84:3f:57:37:ae:7d:78:0b:49:58:f9:a6:1e:c7:
                    95:06:3e:56:07:58:20:a6:2a:74:b6:af:22:af:62:
                    21:ae:9a:18:bf:71:51:00:5f:21:30:b5:ca:fb:bb:
                    04:73:7f:35:29:05:4d:2b:c2:86:05:e9:9a:f7:bc:
                    88:c2:9e:69:d1:15:fe:0d:8b:ac:cf:1f:5a:35:f7:
                    65:1e:f4:8c:92:5e:9b:7e:a5:82:92:40:07:25:2d:
                    c1:2e:24:f1:e8:e1:de:5d:34:71:8d:e9:bc:75:27:
                    71:ce:81:39:8c:c2:ea:a1:ed:68:56:f2:38:f8:97:
                    59:de:4f:20:93:0a:63:e7:2b:61:e6:c7:ad:81:5d:
                    4d:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:82:08:26:1B:45:94:97:6B:92:34:8E:A6:94:EC:68:50:4D:92:B8
            X509v3 Authority Key Identifier:
                keyid:7F:16:80:28:EC:0D:AB:66:8A:67:D5:BF:6F:53:58:CA:AB:E3:37:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fxaAKOwNq2aKZ9W_b1NYyqvjN6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b15286-fd4d-49fe-a69e-7fadf50a2e37/1/_4IIJhtFlJdrkjSOppTsaFBNkrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b15286-fd4d-49fe-a69e-7fadf50a2e37/1/fxaAKOwNq2aKZ9W_b1NYyqvjN6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:8ae0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:03:ba:dc:15:0e:38:cd:f6:31:64:3e:79:90:f0:3d:16:d0:
         82:71:cb:2c:24:29:4b:d5:00:7d:47:09:f2:95:07:6e:be:93:
         b3:7f:ed:14:14:63:91:fa:9c:b9:d5:ca:fe:49:b4:76:62:a3:
         f6:bd:0e:0a:31:91:ed:20:69:7d:fd:84:98:61:ea:74:fd:66:
         85:44:88:12:b0:c9:5a:60:cd:89:6c:a3:84:40:ef:34:4d:01:
         8d:93:8f:15:fa:fd:dc:a4:9f:33:47:48:17:10:fc:fd:4f:0f:
         9f:e3:4e:5f:cf:f9:aa:d2:2c:5e:cd:ed:ef:32:b4:01:31:c8:
         a6:59:df:71:be:58:a1:61:9e:87:87:6c:70:f7:b8:56:46:71:
         51:37:c8:69:aa:3b:53:41:e2:f3:5e:b1:03:7a:b9:4a:1f:04:
         2a:bc:91:4a:e8:4f:82:8f:39:54:ca:87:97:c3:08:17:4c:00:
         2c:a3:41:1e:79:2e:33:ff:21:f0:2f:fd:bb:ad:76:53:87:a1:
         13:0a:b8:56:a3:1d:c2:dc:4b:3b:a8:0c:e3:6f:33:54:3c:9f:
         bc:d1:8c:ef:d3:2d:98:6e:49:9e:0c:15:c0:b4:cd:9b:3d:1c:
         49:7e:9b:a4:c5:7c:75:3c:28:42:c1:df:a5:90:d4:81:d2:33:
         07:bc:42:6e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQmbEKhvskz35NF4M7Iwpb7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmMTY4MDI4ZWMwZGFiNjY4YTY3ZDViZjZmNTM1OGNhYWJl
MzM3YTgwHhcNMjUwMTAyMDk1MDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjgyMDgyNjFiNDU5NDk3NmI5MjM0OGVhNjk0ZWM2ODUwNGQ5MmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKp6KnfALrun4eB8As81GILmwdMn
sUd2Ja4TK1NtBDd+MxRqXztEEHI+2FjVE9hW/h2dD9wejWiVD8pBjZMMu6uJzCRG
+lIm0L35JcNBPDnPuCZHNAkDmZrIDdr5+rJ1SFQh+vRlg7qmSl/rTbzrvbNWcck6
IbIRhD9XN659eAtJWPmmHseVBj5WB1ggpip0tq8ir2IhrpoYv3FRAF8hMLXK+7sE
c381KQVNK8KGBema97yIwp5p0RX+DYuszx9aNfdlHvSMkl6bfqWCkkAHJS3BLiTx
6OHeXTRxjem8dSdxzoE5jMLqoe1oVvI4+JdZ3k8gkwpj5yth5setgV1NawIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFP+CCCYbRZSXa5I0jqaU7GhQTZK4MB8GA1UdIwQY
MBaAFH8WgCjsDatmimfVv29TWMqr4zeoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnhhQUtPd05xMmFLWjlXX2IxTll5cXZqTjZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9iMTUyODYtZmQ0ZC00OWZlLWE2OWUt
N2ZhZGY1MGEyZTM3LzEvXzRJSUpodEZsSmRya2pTT3BwVHNhRkJOa3JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9iMTUyODYtZmQ0ZC00OWZlLWE2OWUtN2ZhZGY1MGEyZTM3
LzEvZnhhQUtPd05xMmFLWjlXX2IxTll5cXZqTjZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgGK4DAN
BgkqhkiG9w0BAQsFAAOCAQEATAO63BUOOM32MWQ+eZDwPRbQgnHLLCQpS9UAfUcJ
8pUHbr6Ts3/tFBRjkfqcudXK/km0dmKj9r0OCjGR7SBpff2EmGHqdP1mhUSIErDJ
WmDNiWyjhEDvNE0BjZOPFfr93KSfM0dIFxD8/U8Pn+NOX8/5qtIsXs3t7zK0ATHI
plnfcb5YoWGeh4dscPe4VkZxUTfIaao7U0Hi816xA3q5Sh8EKryRSuhPgo85VMqH
l8MIF0wALKNBHnkuM/8h8C/9u612U4ehEwq4VqMdwtxLO6gM428zVDyfvNGM79Mt
mG5JngwVwLTNmz0cSX6bpMV8dTwoQsHfpZDUgdIzB7xCbg==
-----END CERTIFICATE-----