Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/C3FHaTVyQ086WMPBag3rQPfajw8.roa
File:                     C3FHaTVyQ086WMPBag3rQPfajw8.roa (raw, json)
Hash identifier:          f/oNhKigKco9tBiGw31uoIotXboAy39S9i+k1rCBUzQ=
Subject key identifier:   0B:71:47:69:35:72:43:4F:3A:58:C3:C1:6A:0D:EB:40:F7:DA:8F:0F
Certificate issuer:       /CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
Certificate serial:       0194266AD7B601D23E2B18956DC5EB242815
Authority key identifier: 12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/C3FHaTVyQ086WMPBag3rQPfajw8.roa
Signing time:             Thu 02 Jan 2025 09:48:43 +0000
ROA not before:           Thu 02 Jan 2025 09:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53356
IP address blocks:        2a0e:5bc0::/29 maxlen: 29
                          2a0e:a800::/29 maxlen: 29
                          2a0f:780::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:d7:b6:01:d2:3e:2b:18:95:6d:c5:eb:24:28:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
        Validity
            Not Before: Jan  2 09:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b7147693572434f3a58c3c16a0deb40f7da8f0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:fa:56:64:d7:26:b3:40:e9:fc:b7:dd:68:93:
                    7e:ce:f6:92:d0:be:6e:91:30:94:a5:3c:9c:00:fc:
                    f0:d2:0b:d8:18:0e:e5:5f:21:01:40:c8:6b:db:34:
                    a1:68:be:3c:22:58:27:de:92:d8:73:1c:b9:f8:a2:
                    ed:a5:68:97:1a:59:81:29:81:c6:e7:73:a6:fa:4a:
                    5c:50:f3:ee:3b:33:e9:ba:c8:e4:25:d6:7c:5f:78:
                    1f:c7:cc:c7:b5:ff:c1:73:47:f9:d5:8e:93:ed:ca:
                    54:7b:25:0b:c5:80:a8:a1:fe:1c:23:c0:09:fb:07:
                    5b:df:3e:8d:68:3c:ef:13:0e:6f:2e:a6:4c:8a:a3:
                    ba:13:15:8c:10:30:10:ff:f0:d7:28:f9:82:13:a9:
                    fe:47:3e:d9:b8:81:f4:61:e5:7f:27:bf:bb:92:65:
                    73:45:2f:02:d8:a5:2c:31:d4:bc:56:96:a5:13:e4:
                    0e:c8:e1:28:8d:02:83:15:8d:07:38:7f:3b:2c:83:
                    81:9f:e8:07:98:3b:f1:00:9d:1e:64:e2:7d:b7:b5:
                    5f:11:af:f0:e6:4f:bf:d5:f2:b8:b6:62:78:4c:89:
                    ed:38:07:b8:93:06:14:01:a3:63:61:07:7b:23:d3:
                    84:d8:a6:3f:77:c8:df:3d:39:19:9b:39:a9:c4:bd:
                    39:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:71:47:69:35:72:43:4F:3A:58:C3:C1:6A:0D:EB:40:F7:DA:8F:0F
            X509v3 Authority Key Identifier:
                keyid:12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/C3FHaTVyQ086WMPBag3rQPfajw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:5bc0::/29
                  2a0e:a800::/29
                  2a0f:780::/29

    Signature Algorithm: sha256WithRSAEncryption
         68:6c:f2:7f:d3:67:71:1d:e5:0d:e3:1e:39:82:aa:24:bd:b0:
         a7:f4:35:f1:f8:31:33:69:bc:20:6c:d7:a3:8e:4b:80:57:50:
         b9:0f:9f:fd:9b:d2:4a:9d:ea:e5:c5:c0:58:28:29:08:b7:a7:
         cb:ce:f1:dc:73:44:4c:9a:d2:6b:ff:5b:8a:f9:ae:40:18:be:
         4f:27:5f:ce:fe:96:99:e3:ea:b6:c1:0a:63:69:52:4d:bc:1d:
         0d:0d:71:25:06:48:86:4c:7b:fb:6e:d3:94:bf:22:5c:74:a0:
         9d:cb:70:92:70:a8:07:d5:24:fa:bc:18:a2:4e:45:26:a7:39:
         fa:93:6a:e0:82:df:dd:aa:85:6f:85:d0:bb:94:9d:dd:79:00:
         4b:63:24:01:f2:70:20:51:ad:2d:04:e5:96:4d:04:d3:69:8c:
         7c:8d:cf:45:32:58:f3:7d:d8:a0:6a:fa:df:91:e6:2a:f9:58:
         29:e6:fb:f2:44:de:12:2c:2b:3b:a3:9c:ca:f4:ca:dd:c3:ec:
         49:4f:b0:e6:45:b7:47:c9:47:56:31:03:84:b3:1c:60:5f:dd:
         fc:bd:bf:b9:06:ed:0a:cf:0e:c9:f9:21:0f:a5:f8:22:ff:12:
         e6:8c:12:90:e3:f3:6a:73:e0:e9:ee:b7:00:ed:32:87:c2:24:
         bf:c5:1a:00
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQmate2AdI+KxiVbcXrJCgVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZmQ1NThhNjRlOTc1ODZhNDNkYzdlZTUwYThkNmIyOTIz
NjViNjAwHhcNMjUwMTAyMDk0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjcxNDc2OTM1NzI0MzRmM2E1OGMzYzE2YTBkZWI0MGY3ZGE4ZjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfpWZNcms0Dp/LfdaJN+zvaS0L5u
kTCUpTycAPzw0gvYGA7lXyEBQMhr2zShaL48Ilgn3pLYcxy5+KLtpWiXGlmBKYHG
53Om+kpcUPPuOzPpusjkJdZ8X3gfx8zHtf/Bc0f51Y6T7cpUeyULxYCoof4cI8AJ
+wdb3z6NaDzvEw5vLqZMiqO6ExWMEDAQ//DXKPmCE6n+Rz7ZuIH0YeV/J7+7kmVz
RS8C2KUsMdS8VpalE+QOyOEojQKDFY0HOH87LIOBn+gHmDvxAJ0eZOJ9t7VfEa/w
5k+/1fK4tmJ4TIntOAe4kwYUAaNjYQd7I9OE2KY/d8jfPTkZmzmpxL05lwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAtxR2k1ckNPOljDwWoN60D32o8PMB8GA1UdIwQY
MBaAFBL9VYpk6XWGpD3H7lCo1rKSNltgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMt
MjRkOGU3NDdjMzhmLzEvQzNGSGFUVnlRMDg2V01QQmFnM3JRUGZhanc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMtMjRkOGU3NDdjMzhm
LzEvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKg5bwAMF
AyoOqAADBQMqDweAMA0GCSqGSIb3DQEBCwUAA4IBAQBobPJ/02dxHeUN4x45gqok
vbCn9DXx+DEzabwgbNejjkuAV1C5D5/9m9JKnerlxcBYKCkIt6fLzvHcc0RMmtJr
/1uK+a5AGL5PJ1/O/paZ4+q2wQpjaVJNvB0NDXElBkiGTHv7btOUvyJcdKCdy3CS
cKgH1ST6vBiiTkUmpzn6k2rggt/dqoVvhdC7lJ3deQBLYyQB8nAgUa0tBOWWTQTT
aYx8jc9FMljzfdigavrfkeYq+Vgp5vvyRN4SLCs7o5zK9Mrdw+xJT7DmRbdHyUdW
MQOEsxxgX938vb+5Bu0Kzw7J+SEPpfgi/xLmjBKQ4/Nqc+Dp7rcA7TKHwiS/xRoA
-----END CERTIFICATE-----