Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/83535a-e1bd-4fb7-9f09-7b7e976c8412/1/43gEJXLRZhBLeSI-aOiwsJo8t18.roa
File:                     43gEJXLRZhBLeSI-aOiwsJo8t18.roa (raw, json)
Hash identifier:          hJ2/LJzxG3xhi0jErGx6Rimn7Tgu+B52/B5v7PqA0Q4=
Subject key identifier:   E3:78:04:25:72:D1:66:10:4B:79:22:3E:68:E8:B0:B0:9A:3C:B7:5F
Certificate issuer:       /CN=1fa795167d2d9fb420941f17287bdf3c5eed8df9
Certificate serial:       019420D5BB4D7DD8640AA3F36518A9D9632C
Authority key identifier: 1F:A7:95:16:7D:2D:9F:B4:20:94:1F:17:28:7B:DF:3C:5E:ED:8D:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H6eVFn0tn7QglB8XKHvfPF7tjfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/83535a-e1bd-4fb7-9f09-7b7e976c8412/1/43gEJXLRZhBLeSI-aOiwsJo8t18.roa
Signing time:             Wed 01 Jan 2025 07:47:45 +0000
ROA not before:           Wed 01 Jan 2025 07:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202818
IP address blocks:        2a01:8280:3330::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/83535a-e1bd-4fb7-9f09-7b7e976c8412/1/H6eVFn0tn7QglB8XKHvfPF7tjfk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/83535a-e1bd-4fb7-9f09-7b7e976c8412/1/H6eVFn0tn7QglB8XKHvfPF7tjfk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H6eVFn0tn7QglB8XKHvfPF7tjfk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:bb:4d:7d:d8:64:0a:a3:f3:65:18:a9:d9:63:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fa795167d2d9fb420941f17287bdf3c5eed8df9
        Validity
            Not Before: Jan  1 07:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e378042572d166104b79223e68e8b0b09a3cb75f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:5d:f2:bf:59:1d:d4:f5:38:0b:2e:1c:9d:f7:
                    6f:23:bd:b6:26:10:81:ab:80:86:5d:de:4a:97:aa:
                    32:90:53:42:c2:d9:44:ee:96:5b:57:6c:6e:fb:3d:
                    7d:5a:64:31:ba:ed:93:d9:ee:96:3f:14:b0:c6:a7:
                    8b:40:44:aa:b9:60:18:fc:ed:de:34:6f:64:3a:f9:
                    2a:ae:b4:40:f9:d5:43:fb:f5:7b:c6:18:91:ca:94:
                    00:bd:51:dd:66:5c:c3:b3:a8:cd:ab:09:c1:43:c1:
                    94:15:0f:90:71:35:ca:ce:68:88:15:7c:e6:0b:c9:
                    91:2b:d7:a4:3b:94:a0:7e:bc:76:aa:2a:0a:c1:dc:
                    44:ef:cf:87:5f:fc:ae:42:eb:6a:65:8d:7a:40:8d:
                    6c:cc:d0:00:42:cd:b0:16:2f:db:3f:df:18:b0:9f:
                    5b:f5:39:27:e2:15:08:63:95:eb:e0:fb:54:22:31:
                    d3:d1:2b:8b:c3:11:e6:5b:d2:85:ea:47:68:aa:5e:
                    be:23:bd:99:12:ae:24:67:e6:57:26:8c:40:1d:0a:
                    62:be:86:d9:1e:bc:ab:f1:87:ae:66:df:77:4d:71:
                    a6:ef:e4:8f:13:ae:4d:7a:9f:4c:ce:96:7e:bc:68:
                    f0:a6:88:49:68:31:dc:32:2f:94:8d:87:67:82:2a:
                    6c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:78:04:25:72:D1:66:10:4B:79:22:3E:68:E8:B0:B0:9A:3C:B7:5F
            X509v3 Authority Key Identifier:
                keyid:1F:A7:95:16:7D:2D:9F:B4:20:94:1F:17:28:7B:DF:3C:5E:ED:8D:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H6eVFn0tn7QglB8XKHvfPF7tjfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/83535a-e1bd-4fb7-9f09-7b7e976c8412/1/43gEJXLRZhBLeSI-aOiwsJo8t18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/83535a-e1bd-4fb7-9f09-7b7e976c8412/1/H6eVFn0tn7QglB8XKHvfPF7tjfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:8280:3330::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:fe:c5:4b:c2:d6:52:08:f7:c2:d8:7a:08:13:2d:3d:d6:da:
         0c:15:9f:3d:02:ff:1e:56:b9:8f:a7:73:dd:22:a4:97:87:2a:
         0d:c9:70:83:63:2b:13:f5:31:92:2f:68:4a:ec:52:26:47:40:
         ca:d7:82:00:a8:a1:fa:97:55:7e:20:6c:70:31:95:d2:3b:e6:
         e0:87:f1:43:c2:3e:fa:b9:55:c9:a7:7f:40:6b:f0:47:61:82:
         60:ac:f9:14:8f:d4:34:84:b5:78:9d:bf:04:26:d5:d5:65:dd:
         4e:9a:eb:76:00:25:ec:42:40:c9:8c:91:0c:7f:a1:37:71:38:
         35:c3:90:8d:e0:08:2d:e7:f3:25:43:fe:0f:3d:d4:a9:6f:46:
         c1:ca:4a:ee:be:ac:f0:06:3b:e7:d0:b7:ff:97:c3:90:b2:d1:
         73:ea:37:8d:20:d0:d5:9e:da:e2:bd:de:24:a9:0d:ba:8f:d4:
         a9:0b:ec:2b:f4:0a:19:c0:c5:aa:4c:52:77:11:8c:b4:b6:02:
         e8:14:85:6f:8c:00:7f:44:30:8a:95:07:a0:d2:9f:69:36:6f:
         70:44:72:13:1f:d9:52:40:59:e9:1c:da:c5:4f:2e:01:6e:27:
         19:c3:3f:10:d7:e6:b5:68:03:19:97:77:52:1c:28:42:35:35:
         15:23:76:14
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1btNfdhkCqPzZRip2WMsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmYTc5NTE2N2QyZDlmYjQyMDk0MWYxNzI4N2JkZjNjNWVl
ZDhkZjkwHhcNMjUwMTAxMDc0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzc4MDQyNTcyZDE2NjEwNGI3OTIyM2U2OGU4YjBiMDlhM2NiNzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt13yv1kd1PU4Cy4cnfdvI722JhCB
q4CGXd5Kl6oykFNCwtlE7pZbV2xu+z19WmQxuu2T2e6WPxSwxqeLQESquWAY/O3e
NG9kOvkqrrRA+dVD+/V7xhiRypQAvVHdZlzDs6jNqwnBQ8GUFQ+QcTXKzmiIFXzm
C8mRK9ekO5Sgfrx2qioKwdxE78+HX/yuQutqZY16QI1szNAAQs2wFi/bP98YsJ9b
9Tkn4hUIY5Xr4PtUIjHT0SuLwxHmW9KF6kdoql6+I72ZEq4kZ+ZXJoxAHQpivobZ
Hryr8YeuZt93TXGm7+SPE65Nep9MzpZ+vGjwpohJaDHcMi+UjYdngipsLwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFON4BCVy0WYQS3kiPmjosLCaPLdfMB8GA1UdIwQY
MBaAFB+nlRZ9LZ+0IJQfFyh73zxe7Y35MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDZlVkZuMHRuN1FnbEI4WEtIdmZQRjd0amZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC84MzUzNWEtZTFiZC00ZmI3LTlmMDkt
N2I3ZTk3NmM4NDEyLzEvNDNnRUpYTFJaaEJMZVNJLWFPaXdzSm84dDE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC84MzUzNWEtZTFiZC00ZmI3LTlmMDktN2I3ZTk3NmM4NDEy
LzEvSDZlVkZuMHRuN1FnbEI4WEtIdmZQRjd0amZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgGCgDMw
MA0GCSqGSIb3DQEBCwUAA4IBAQAo/sVLwtZSCPfC2HoIEy091toMFZ89Av8eVrmP
p3PdIqSXhyoNyXCDYysT9TGSL2hK7FImR0DK14IAqKH6l1V+IGxwMZXSO+bgh/FD
wj76uVXJp39Aa/BHYYJgrPkUj9Q0hLV4nb8EJtXVZd1Omut2ACXsQkDJjJEMf6E3
cTg1w5CN4Agt5/MlQ/4PPdSpb0bBykruvqzwBjvn0Lf/l8OQstFz6jeNINDVntri
vd4kqQ26j9SpC+wr9AoZwMWqTFJ3EYy0tgLoFIVvjAB/RDCKlQeg0p9pNm9wRHIT
H9lSQFnpHNrFTy4BbicZwz8Q1+a1aAMZl3dSHChCNTUVI3YU
-----END CERTIFICATE-----