Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/fm5A4Lmh3Dyoqm8phCUbdJ-SJ50.roa
File:                     fm5A4Lmh3Dyoqm8phCUbdJ-SJ50.roa (raw, json)
Hash identifier:          y1l9jzGOcVZ0GENozcALgbMdp6ZfPx8sRn42vZfb0eg=
Subject key identifier:   7E:6E:40:E0:B9:A1:DC:3C:A8:AA:6F:29:84:25:1B:74:9F:92:27:9D
Certificate issuer:       /CN=5f0226a704cf620eb2000f27e7a919ce730991be
Certificate serial:       01942143F53A77A90A313CE51917BC93D292
Authority key identifier: 5F:02:26:A7:04:CF:62:0E:B2:00:0F:27:E7:A9:19:CE:73:09:91:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XwImpwTPYg6yAA8n56kZznMJkb4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/fm5A4Lmh3Dyoqm8phCUbdJ-SJ50.roa
Signing time:             Wed 01 Jan 2025 09:48:09 +0000
ROA not before:           Wed 01 Jan 2025 09:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        2a0c:b840:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/XwImpwTPYg6yAA8n56kZznMJkb4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/XwImpwTPYg6yAA8n56kZznMJkb4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XwImpwTPYg6yAA8n56kZznMJkb4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f5:3a:77:a9:0a:31:3c:e5:19:17:bc:93:d2:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f0226a704cf620eb2000f27e7a919ce730991be
        Validity
            Not Before: Jan  1 09:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e6e40e0b9a1dc3ca8aa6f2984251b749f92279d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:3e:06:21:3c:12:fa:21:00:d2:9b:47:2e:49:
                    93:e3:ef:bf:39:ca:eb:fb:73:d3:4b:5f:ae:d4:d5:
                    e8:e7:40:00:3b:ea:6d:4d:b2:67:7a:52:7c:73:46:
                    64:c8:09:e1:3b:7c:b7:f7:88:4d:5f:a1:f4:d2:88:
                    82:dd:08:c1:43:28:0c:97:87:d5:ca:8c:7f:13:2d:
                    de:69:07:1f:56:23:da:92:cf:e1:91:f2:b0:2d:3c:
                    39:73:5f:85:2a:fc:91:56:7b:37:74:fe:9e:99:50:
                    e4:c3:c0:a9:9a:07:09:ea:c2:56:1b:d3:ce:dd:21:
                    a8:9b:09:55:8e:4c:59:8f:6b:dc:02:0b:9f:bb:36:
                    b5:f7:98:d7:55:70:60:3a:cf:49:d9:62:54:7d:cd:
                    d8:a7:91:b8:46:70:d7:cb:9d:30:9d:ab:89:30:e7:
                    12:21:4b:4a:6c:d9:ef:69:aa:d5:3a:5a:5d:13:29:
                    1b:d2:85:b4:a5:f9:46:0b:a6:91:65:bf:52:ac:51:
                    5d:83:23:e6:29:2f:40:1f:89:fd:f0:c9:c1:c7:d5:
                    fe:c0:15:cc:b8:f3:34:0c:9b:a5:86:5c:77:d3:ec:
                    ce:1a:32:13:94:cd:90:1f:c1:30:5e:a6:10:ee:7b:
                    0d:18:2f:e0:50:6f:16:72:db:ae:bf:a3:63:dc:6e:
                    6b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:6E:40:E0:B9:A1:DC:3C:A8:AA:6F:29:84:25:1B:74:9F:92:27:9D
            X509v3 Authority Key Identifier:
                keyid:5F:02:26:A7:04:CF:62:0E:B2:00:0F:27:E7:A9:19:CE:73:09:91:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XwImpwTPYg6yAA8n56kZznMJkb4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/fm5A4Lmh3Dyoqm8phCUbdJ-SJ50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/XwImpwTPYg6yAA8n56kZznMJkb4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b840:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         d2:40:96:12:3e:56:57:c0:38:be:4f:66:6a:09:ae:b5:ec:69:
         b4:73:37:7b:a6:d9:05:c7:ce:54:b6:61:5b:f8:0b:37:87:8d:
         ab:83:16:23:ed:d7:3f:5a:50:5d:07:d9:7c:57:f9:d4:a8:90:
         14:97:fa:eb:84:80:94:a7:2b:0e:81:5a:bc:69:5e:03:48:dd:
         20:43:a6:a1:a8:04:40:7d:e4:f6:95:57:45:45:6c:af:8d:6f:
         f4:b2:dd:d0:70:f8:39:85:6d:75:71:d9:49:dd:77:3d:5c:f1:
         3a:3a:22:12:17:9f:c5:b7:8f:34:e3:66:b3:5a:51:42:c5:1e:
         fc:71:68:c4:f8:a9:0a:dd:cf:a1:9e:6d:8d:5e:f3:f5:82:4c:
         54:49:31:55:09:42:e6:e2:14:fd:b5:11:6a:e4:3d:af:47:8e:
         b8:88:c1:8d:0e:25:cd:3b:13:69:37:fc:03:f1:48:01:9b:44:
         b3:fb:dc:11:01:cc:9f:d3:ba:7c:18:79:81:3c:8e:6a:f0:2d:
         be:21:d8:09:59:5d:7f:e8:14:0c:84:df:7e:93:a5:29:e8:9c:
         54:4f:31:ae:40:6b:85:91:51:dd:74:1e:ea:87:c9:ca:3b:68:
         22:94:3f:b3:c4:4d:2a:a4:9b:cf:e2:48:87:dc:07:9d:86:68:
         f9:60:1e:22
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhQ/U6d6kKMTzlGRe8k9KSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMDIyNmE3MDRjZjYyMGViMjAwMGYyN2U3YTkxOWNlNzMw
OTkxYmUwHhcNMjUwMTAxMDk0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTZlNDBlMGI5YTFkYzNjYThhYTZmMjk4NDI1MWI3NDlmOTIyNzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoj4GITwS+iEA0ptHLkmT4++/Ocrr
+3PTS1+u1NXo50AAO+ptTbJnelJ8c0ZkyAnhO3y394hNX6H00oiC3QjBQygMl4fV
yox/Ey3eaQcfViPaks/hkfKwLTw5c1+FKvyRVns3dP6emVDkw8CpmgcJ6sJWG9PO
3SGomwlVjkxZj2vcAgufuza195jXVXBgOs9J2WJUfc3Yp5G4RnDXy50wnauJMOcS
IUtKbNnvaarVOlpdEykb0oW0pflGC6aRZb9SrFFdgyPmKS9AH4n98MnBx9X+wBXM
uPM0DJulhlx30+zOGjITlM2QH8EwXqYQ7nsNGC/gUG8Wctuuv6Nj3G5rEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH5uQOC5odw8qKpvKYQlG3SfkiedMB8GA1UdIwQY
MBaAFF8CJqcEz2IOsgAPJ+epGc5zCZG+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHdJbXB3VFBZZzZ5QUE4bjU2a1p6bk1Ka2I0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC82M2VmYjgtYmYyNC00OGMyLThjNTAt
NzVkOWNlNWI4ZDljLzEvZm01QTRMbWgzRHlvcW04cGhDVWJkSi1TSjUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC82M2VmYjgtYmYyNC00OGMyLThjNTAtNzVkOWNlNWI4ZDlj
LzEvWHdJbXB3VFBZZzZ5QUE4bjU2a1p6bk1Ka2I0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgy4QAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQDSQJYSPlZXwDi+T2ZqCa617Gm0czd7ptkFx85U
tmFb+As3h42rgxYj7dc/WlBdB9l8V/nUqJAUl/rrhICUpysOgVq8aV4DSN0gQ6ah
qARAfeT2lVdFRWyvjW/0st3QcPg5hW11cdlJ3Xc9XPE6OiISF5/Ft48042azWlFC
xR78cWjE+KkK3c+hnm2NXvP1gkxUSTFVCULm4hT9tRFq5D2vR464iMGNDiXNOxNp
N/wD8UgBm0Sz+9wRAcyf07p8GHmBPI5q8C2+IdgJWV1/6BQMhN9+k6Up6JxUTzGu
QGuFkVHddB7qh8nKO2gilD+zxE0qpJvP4kiH3Aedhmj5YB4i
-----END CERTIFICATE-----