Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/FNiNdr2A7OQKs4Lh8NIXmrr0CpY.roa
File:                     FNiNdr2A7OQKs4Lh8NIXmrr0CpY.roa (raw, json)
Hash identifier:          lzfjAZjaBGiVtNnSHHAFnCh/6pNb/eM+js/obHoKL1U=
Subject key identifier:   14:D8:8D:76:BD:80:EC:E4:0A:B3:82:E1:F0:D2:17:9A:BA:F4:0A:96
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       01942143EBA88E5A6AB3746E89FD1C7A6E7E
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/FNiNdr2A7OQKs4Lh8NIXmrr0CpY.roa
Signing time:             Wed 01 Jan 2025 09:48:06 +0000
ROA not before:           Wed 01 Jan 2025 09:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213960
IP address blocks:        2a05:9080:5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:eb:a8:8e:5a:6a:b3:74:6e:89:fd:1c:7a:6e:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Jan  1 09:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14d88d76bd80ece40ab382e1f0d2179abaf40a96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:69:a5:ba:01:99:19:9d:0f:8e:dc:60:0e:7c:
                    80:c9:f2:67:c2:dd:9a:f4:7a:57:1a:3f:70:67:a8:
                    bf:de:c0:fb:7a:e2:01:fe:e9:1c:83:db:90:3f:a2:
                    9b:c9:ab:36:d5:75:c9:92:d1:8e:b3:b6:26:14:5d:
                    21:71:c1:90:94:94:6f:fa:31:5a:ed:07:8c:81:a4:
                    e0:23:32:57:68:eb:f5:9c:b9:80:95:8f:b5:d7:93:
                    04:2f:de:01:25:90:94:09:d7:d6:ed:78:a9:59:a9:
                    d0:00:94:3b:0d:60:62:15:37:3c:2c:c7:dd:6b:3d:
                    08:a9:e2:0a:41:83:55:52:a2:45:a7:40:a6:e4:43:
                    9d:cd:75:bb:df:a7:66:a2:3c:6d:a8:49:a9:79:46:
                    5c:d1:61:b9:4b:47:1a:e5:26:cc:cd:0b:b3:5a:54:
                    14:47:be:08:59:46:10:93:ab:1d:64:f2:ed:35:e8:
                    50:8d:13:19:f0:7e:b3:36:26:67:3e:4f:31:46:0a:
                    97:8a:01:fd:bf:c4:d0:d4:df:72:42:d6:8a:88:af:
                    f3:4b:17:39:dc:a3:93:a1:df:5f:7d:e7:64:c3:6a:
                    15:dc:a5:40:12:01:f3:3f:37:3f:a6:af:39:62:5e:
                    b2:d5:dc:0b:c9:b9:13:37:6b:b9:51:19:41:39:90:
                    3e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:D8:8D:76:BD:80:EC:E4:0A:B3:82:E1:F0:D2:17:9A:BA:F4:0A:96
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/FNiNdr2A7OQKs4Lh8NIXmrr0CpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9080:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:e1:9c:b0:e4:76:40:c9:4a:fb:49:b5:be:14:cd:b5:00:e6:
         25:04:40:55:19:66:ab:06:68:78:c5:21:9e:66:29:66:81:b5:
         ea:89:da:50:15:78:81:e4:e1:4c:47:b7:69:69:02:e0:6b:ce:
         7d:8c:11:8f:ba:1d:76:c8:3e:08:b1:da:f3:f4:bd:0f:58:76:
         63:3c:44:de:be:b7:31:06:8d:74:87:e7:35:a2:6d:d8:01:13:
         53:d2:c3:7b:f0:c5:5c:74:e2:a7:60:e4:20:7e:43:d1:7c:74:
         5e:14:d0:f3:a0:d3:b8:b1:3e:1e:b8:d8:82:52:ed:5d:e9:7b:
         54:80:33:01:1b:48:13:31:35:56:44:6b:3a:e4:9f:37:09:5c:
         7a:75:5f:cd:4a:9a:9d:34:bf:c7:de:b3:30:af:8f:55:7c:21:
         65:08:73:d9:1d:b4:78:53:ef:5e:58:f5:63:c1:7c:96:51:ed:
         16:11:ea:86:8c:69:48:77:a9:8c:7d:f5:f1:d3:53:9e:3c:26:
         f3:42:fe:64:93:cf:24:7a:9b:34:04:81:ad:65:d7:35:1c:46:
         f0:13:6e:58:93:a3:80:a0:9a:14:c4:dc:e6:6f:4d:6e:c1:56:
         9b:43:a5:55:6f:e2:82:d3:ee:94:68:4e:ba:c3:71:a8:eb:b1:
         0e:bd:dd:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhQ+uojlpqs3Ruif0cem5+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjUwMTAxMDk0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGQ4OGQ3NmJkODBlY2U0MGFiMzgyZTFmMGQyMTc5YWJhZjQwYTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA42mlugGZGZ0PjtxgDnyAyfJnwt2a
9HpXGj9wZ6i/3sD7euIB/ukcg9uQP6Kbyas21XXJktGOs7YmFF0hccGQlJRv+jFa
7QeMgaTgIzJXaOv1nLmAlY+115MEL94BJZCUCdfW7XipWanQAJQ7DWBiFTc8LMfd
az0IqeIKQYNVUqJFp0Cm5EOdzXW736dmojxtqEmpeUZc0WG5S0ca5SbMzQuzWlQU
R74IWUYQk6sdZPLtNehQjRMZ8H6zNiZnPk8xRgqXigH9v8TQ1N9yQtaKiK/zSxc5
3KOTod9ffedkw2oV3KVAEgHzPzc/pq85Yl6y1dwLybkTN2u5URlBOZA+6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBTYjXa9gOzkCrOC4fDSF5q69AqWMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvRk5pTmRyMkE3T1FLczRMaDhOSVhtcnIwQ3BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWQgAAF
MA0GCSqGSIb3DQEBCwUAA4IBAQA94Zyw5HZAyUr7SbW+FM21AOYlBEBVGWarBmh4
xSGeZilmgbXqidpQFXiB5OFMR7dpaQLga859jBGPuh12yD4Isdrz9L0PWHZjPETe
vrcxBo10h+c1om3YARNT0sN78MVcdOKnYOQgfkPRfHReFNDzoNO4sT4euNiCUu1d
6XtUgDMBG0gTMTVWRGs65J83CVx6dV/NSpqdNL/H3rMwr49VfCFlCHPZHbR4U+9e
WPVjwXyWUe0WEeqGjGlId6mMffXx01OePCbzQv5kk88keps0BIGtZdc1HEbwE25Y
k6OAoJoUxNzmb01uwVabQ6VVb+KC0+6UaE66w3Go67EOvd1D
-----END CERTIFICATE-----