Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/SyGkL3rBSajZ3YGp2fRmisEBraQ.roa
File:                     SyGkL3rBSajZ3YGp2fRmisEBraQ.roa (raw, json)
Hash identifier:          nSTH58HwKxzQx8/qtfRlcIW0MscTWOTJv7YpRQgl9CU=
Subject key identifier:   4B:21:A4:2F:7A:C1:49:A8:D9:DD:81:A9:D9:F4:66:8A:C1:01:AD:A4
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01942369E5CE47B1E77A6178BA272A590460
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/SyGkL3rBSajZ3YGp2fRmisEBraQ.roa
Signing time:             Wed 01 Jan 2025 19:48:50 +0000
ROA not before:           Wed 01 Jan 2025 19:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51087
IP address blocks:        2a0f:7802:1000::/36 maxlen: 48
                          2a0f:7803:ff70::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:e5:ce:47:b1:e7:7a:61:78:ba:27:2a:59:04:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 19:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b21a42f7ac149a8d9dd81a9d9f4668ac101ada4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:1a:9d:66:47:dc:43:04:98:f0:07:0c:ab:5b:
                    fb:92:92:c5:77:ca:91:82:39:16:c0:b9:96:b7:59:
                    8e:5e:8d:7e:70:f0:33:19:8d:d6:5b:14:67:57:ae:
                    f2:0e:4e:da:23:78:1c:65:fc:0a:92:35:6e:22:5b:
                    bc:e4:2b:56:9f:5c:8f:f3:14:47:ee:36:24:9e:20:
                    69:f5:77:78:c7:54:f0:eb:c7:ce:8d:b8:71:07:6b:
                    d1:83:e4:93:5f:17:55:24:3e:c8:c1:cc:86:0b:aa:
                    0a:c9:f6:6f:ff:8b:c1:c5:b1:85:db:12:ba:c8:1b:
                    02:92:dd:dc:a4:46:92:0d:96:98:10:a7:85:7c:b6:
                    56:f6:9c:cc:13:d3:d0:15:1a:34:31:d9:69:23:ca:
                    f6:2c:ba:e5:7d:59:20:99:51:75:d7:19:b2:b8:69:
                    89:5b:25:fd:4c:db:97:a4:e6:b2:b1:38:71:3d:e8:
                    88:b2:c9:5d:eb:dc:76:0b:15:90:f6:4b:a3:7e:9d:
                    d5:95:35:c8:a6:78:34:27:99:cf:06:58:c0:56:6c:
                    39:1e:d6:7d:ea:66:67:9b:27:42:2d:a1:fd:8c:3f:
                    7f:d0:ca:f0:67:53:cc:e4:cd:67:d3:1c:61:1b:b0:
                    e2:26:cf:de:06:31:20:e9:77:b4:e9:fb:63:11:49:
                    8b:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:21:A4:2F:7A:C1:49:A8:D9:DD:81:A9:D9:F4:66:8A:C1:01:AD:A4
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/SyGkL3rBSajZ3YGp2fRmisEBraQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7802:1000::/36
                  2a0f:7803:ff70::/44

    Signature Algorithm: sha256WithRSAEncryption
         65:88:9c:94:9b:57:4e:39:b8:5f:28:b4:7c:2f:a4:a9:09:2a:
         6b:fd:49:d4:4e:e3:79:c5:57:bb:e1:7a:99:f8:ca:bc:55:90:
         ee:c9:8a:80:f4:0c:06:7e:90:a0:93:4a:f8:c4:ca:45:0e:67:
         39:39:c8:c0:e9:0b:bd:6f:04:87:85:1e:48:e8:47:1c:3f:4a:
         5f:99:60:a6:e5:55:39:16:e7:a8:da:34:8c:4a:b3:7a:fc:ef:
         22:cc:f5:29:ae:85:6f:79:e7:71:1e:89:dd:78:92:eb:13:41:
         02:17:ca:a6:fc:ae:ee:23:12:ef:9f:07:02:93:04:4a:fe:d0:
         cc:4e:f7:dd:1c:09:79:11:4c:be:7c:ec:71:72:5f:fa:5c:af:
         1a:d5:75:e6:73:34:e1:92:1c:04:22:07:a0:ab:02:3f:b0:a7:
         87:87:08:53:49:27:dc:75:ed:e2:f8:6d:40:b6:2f:c5:cc:3f:
         47:f0:d8:4b:8a:a1:a5:76:35:2d:c1:be:75:30:c1:36:97:03:
         a0:ea:6e:da:9c:e6:47:a7:5e:79:da:23:ea:8a:ef:4e:73:c2:
         6f:24:27:0c:00:35:36:c2:51:21:01:2b:7e:3c:68:ca:0b:de:
         03:d6:00:9c:41:90:78:b7:22:e4:f9:71:5c:bd:80:b4:86:8c:
         d1:74:a3:4e
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZQjaeXOR7HnemF4uicqWQRgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwMTAxMTk0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjIxYTQyZjdhYzE0OWE4ZDlkZDgxYTlkOWY0NjY4YWMxMDFhZGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhqdZkfcQwSY8AcMq1v7kpLFd8qR
gjkWwLmWt1mOXo1+cPAzGY3WWxRnV67yDk7aI3gcZfwKkjVuIlu85CtWn1yP8xRH
7jYkniBp9Xd4x1Tw68fOjbhxB2vRg+STXxdVJD7IwcyGC6oKyfZv/4vBxbGF2xK6
yBsCkt3cpEaSDZaYEKeFfLZW9pzME9PQFRo0MdlpI8r2LLrlfVkgmVF11xmyuGmJ
WyX9TNuXpOaysThxPeiIssld69x2CxWQ9kujfp3VlTXIpng0J5nPBljAVmw5HtZ9
6mZnmydCLaH9jD9/0MrwZ1PM5M1n0xxhG7DiJs/eBjEg6Xe06ftjEUmL5wIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFEshpC96wUmo2d2Bqdn0ZorBAa2kMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvU3lHa0wzckJTYWpaM1lHcDJmUm1pc0VCcmFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYEKg94AhAD
BwQqD3gD/3AwDQYJKoZIhvcNAQELBQADggEBAGWInJSbV045uF8otHwvpKkJKmv9
SdRO43nFV7vhepn4yrxVkO7JioD0DAZ+kKCTSvjEykUOZzk5yMDpC71vBIeFHkjo
Rxw/Sl+ZYKblVTkW56jaNIxKs3r87yLM9SmuhW9553Eeid14kusTQQIXyqb8ru4j
Eu+fBwKTBEr+0MxO990cCXkRTL587HFyX/pcrxrVdeZzNOGSHAQiB6CrAj+wp4eH
CFNJJ9x17eL4bUC2L8XMP0fw2EuKoaV2NS3BvnUwwTaXA6Dqbtqc5kenXnnaI+qK
705zwm8kJwwANTbCUSEBK348aMoL3gPWAJxBkHi3IuT5cVy9gLSGjNF0o04=
-----END CERTIFICATE-----