Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/cce012-2cb9-4be6-a1b6-d5167e6756b6/1/rwuE2HeUale_KAQK1oOeIO9teNQ.roa
File:                     rwuE2HeUale_KAQK1oOeIO9teNQ.roa (raw, json)
Hash identifier:          1njSxFnxGZ0NzAHsH1imJbJ+hQrmgk75hjXn6T/fBr0=
Subject key identifier:   AF:0B:84:D8:77:94:6A:57:BF:28:04:0A:D6:83:9E:20:EF:6D:78:D4
Certificate issuer:       /CN=a3f0099ad86dd8434e52f8c6fddeeb2c3ed6c6ca
Certificate serial:       0194258F4A8D480D36D3BDA7EA3888FA4A85
Authority key identifier: A3:F0:09:9A:D8:6D:D8:43:4E:52:F8:C6:FD:DE:EB:2C:3E:D6:C6:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o_AJmtht2ENOUvjG_d7rLD7Wxso.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/cce012-2cb9-4be6-a1b6-d5167e6756b6/1/rwuE2HeUale_KAQK1oOeIO9teNQ.roa
Signing time:             Thu 02 Jan 2025 05:48:55 +0000
ROA not before:           Thu 02 Jan 2025 05:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202728
IP address blocks:        2001:67c:a7c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/cce012-2cb9-4be6-a1b6-d5167e6756b6/1/o_AJmtht2ENOUvjG_d7rLD7Wxso.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/cce012-2cb9-4be6-a1b6-d5167e6756b6/1/o_AJmtht2ENOUvjG_d7rLD7Wxso.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o_AJmtht2ENOUvjG_d7rLD7Wxso.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 23:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:4a:8d:48:0d:36:d3:bd:a7:ea:38:88:fa:4a:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3f0099ad86dd8434e52f8c6fddeeb2c3ed6c6ca
        Validity
            Not Before: Jan  2 05:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af0b84d877946a57bf28040ad6839e20ef6d78d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:08:b4:e2:36:70:04:ec:f9:0a:c5:8b:47:0f:
                    92:50:4c:8e:9c:cd:bd:ae:b5:bd:85:87:a2:db:66:
                    a2:ab:eb:7b:67:0e:7d:a1:fe:62:ab:81:cf:1a:24:
                    36:bd:12:20:1d:93:6e:7e:b0:8f:5f:35:bb:37:a9:
                    1f:2c:d7:79:81:d2:20:19:0b:16:16:11:4d:34:7f:
                    02:a1:7e:42:a3:d6:21:26:c9:60:2e:93:11:a8:29:
                    f0:35:2f:14:b1:ed:4d:7d:e6:4b:4d:d4:fd:cd:07:
                    89:96:95:bd:e5:3b:15:f3:cc:1b:b2:0f:0f:f0:35:
                    0a:f1:17:e7:eb:7d:30:d0:04:d5:86:1e:37:ea:77:
                    cb:0d:38:54:43:90:63:a9:6c:7e:58:7c:d2:28:22:
                    5b:38:9e:b5:15:c7:2c:87:7e:f5:8e:27:ca:ad:36:
                    f4:e6:45:be:a9:56:db:ba:66:da:45:3f:1c:e7:98:
                    5d:4a:d8:d6:b4:1c:ca:3e:a1:35:3c:b9:e1:7f:cc:
                    63:9c:3a:a7:84:1d:9b:1a:0f:a8:ac:e1:2e:11:e7:
                    b4:d2:9f:b0:eb:93:ab:69:a2:3d:a0:15:a8:ed:39:
                    75:e6:3e:6e:f0:1c:76:d5:5a:b4:60:ab:62:4e:87:
                    ae:77:7c:3d:16:18:00:41:a6:73:41:ce:bd:fc:68:
                    f0:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:0B:84:D8:77:94:6A:57:BF:28:04:0A:D6:83:9E:20:EF:6D:78:D4
            X509v3 Authority Key Identifier:
                keyid:A3:F0:09:9A:D8:6D:D8:43:4E:52:F8:C6:FD:DE:EB:2C:3E:D6:C6:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o_AJmtht2ENOUvjG_d7rLD7Wxso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/cce012-2cb9-4be6-a1b6-d5167e6756b6/1/rwuE2HeUale_KAQK1oOeIO9teNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/cce012-2cb9-4be6-a1b6-d5167e6756b6/1/o_AJmtht2ENOUvjG_d7rLD7Wxso.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:a7c::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:95:b3:a9:1a:75:5b:78:61:4e:06:09:47:ef:b7:cd:4d:eb:
         35:22:77:39:ca:72:d2:2e:fa:8e:43:02:55:72:a7:bc:87:44:
         08:de:6a:b2:75:1a:b7:08:68:2a:57:47:f8:f2:5b:a0:7f:55:
         55:33:f6:fe:3b:ee:56:9d:55:87:a0:39:b3:94:54:13:2c:b4:
         51:ad:d3:3e:19:20:6a:2a:27:63:dc:da:ae:bb:40:09:b6:85:
         72:eb:12:fb:ce:06:97:8a:51:bd:57:e9:2d:46:5a:d4:a4:fe:
         31:6d:d1:26:a3:15:68:50:df:44:59:e2:45:a4:8b:da:05:3b:
         d9:ad:a3:b5:7e:26:9b:4d:4a:ec:5b:b7:9d:e4:d4:68:0f:b4:
         e6:f0:ce:83:b9:a6:25:31:c9:da:1d:43:31:cc:07:0b:17:d4:
         fb:14:07:9d:c8:e9:85:55:26:3b:7e:73:bb:8e:3f:42:e6:16:
         72:71:c1:39:f7:5a:66:43:ce:68:cf:58:30:58:ff:b8:a5:6d:
         14:56:41:9e:86:fb:78:7c:bb:02:13:fc:c4:29:aa:ee:20:18:
         b3:d8:bd:2f:9c:f8:75:bc:d4:a1:d4:9b:93:fb:ab:a7:ed:08:
         b9:7b:94:28:e6:82:9d:22:db:4b:35:82:36:84:74:33:f1:27:
         5c:99:f2:5e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlj0qNSA02072n6jiI+kqFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzZjAwOTlhZDg2ZGQ4NDM0ZTUyZjhjNmZkZGVlYjJjM2Vk
NmM2Y2EwHhcNMjUwMTAyMDU0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjBiODRkODc3OTQ2YTU3YmYyODA0MGFkNjgzOWUyMGVmNmQ3OGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQi04jZwBOz5CsWLRw+SUEyOnM29
rrW9hYei22aiq+t7Zw59of5iq4HPGiQ2vRIgHZNufrCPXzW7N6kfLNd5gdIgGQsW
FhFNNH8CoX5Co9YhJslgLpMRqCnwNS8Use1NfeZLTdT9zQeJlpW95TsV88wbsg8P
8DUK8Rfn630w0ATVhh436nfLDThUQ5BjqWx+WHzSKCJbOJ61Fccsh371jifKrTb0
5kW+qVbbumbaRT8c55hdStjWtBzKPqE1PLnhf8xjnDqnhB2bGg+orOEuEee00p+w
65OraaI9oBWo7Tl15j5u8Bx21Vq0YKtiToeud3w9FhgAQaZzQc69/GjwFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK8LhNh3lGpXvygECtaDniDvbXjUMB8GA1UdIwQY
MBaAFKPwCZrYbdhDTlL4xv3e6yw+1sbKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb19BSm10aHQyRU5PVXZqR19kN3JMRDdXeHNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9jY2UwMTItMmNiOS00YmU2LWExYjYt
ZDUxNjdlNjc1NmI2LzEvcnd1RTJIZVVhbGVfS0FRSzFvT2VJTzl0ZU5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9jY2UwMTItMmNiOS00YmU2LWExYjYtZDUxNjdlNjc1NmI2
LzEvb19BSm10aHQyRU5PVXZqR19kN3JMRDdXeHNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAp8
MA0GCSqGSIb3DQEBCwUAA4IBAQBOlbOpGnVbeGFOBglH77fNTes1Inc5ynLSLvqO
QwJVcqe8h0QI3mqydRq3CGgqV0f48lugf1VVM/b+O+5WnVWHoDmzlFQTLLRRrdM+
GSBqKidj3Nquu0AJtoVy6xL7zgaXilG9V+ktRlrUpP4xbdEmoxVoUN9EWeJFpIva
BTvZraO1fiabTUrsW7ed5NRoD7Tm8M6DuaYlMcnaHUMxzAcLF9T7FAedyOmFVSY7
fnO7jj9C5hZyccE591pmQ85oz1gwWP+4pW0UVkGehvt4fLsCE/zEKaruIBiz2L0v
nPh1vNSh1JuT+6un7Qi5e5Qo5oKdIttLNYI2hHQz8SdcmfJe
-----END CERTIFICATE-----