Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/1-Z-EbEbGe8yxK4SqLWDT6Ei8Xlk.roa
File:                     1-Z-EbEbGe8yxK4SqLWDT6Ei8Xlk.roa (raw, json)
Hash identifier:          bPXgwf4I2BdmZ9+4bAlYkkYHbKJWbKtWdjpO/HrVdSE=
Subject key identifier:   F9:9F:84:6C:46:C6:7B:CC:B1:2B:84:AA:2D:60:D3:E8:48:BC:5E:59
Certificate issuer:       /CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
Certificate serial:       01942521EF15C21B4A56965FEC1D0C883A0E
Authority key identifier: 4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/1-Z-EbEbGe8yxK4SqLWDT6Ei8Xlk.roa
Signing time:             Thu 02 Jan 2025 03:49:28 +0000
ROA not before:           Thu 02 Jan 2025 03:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32780
IP address blocks:        2a07:23c0::/48 maxlen: 48
                          2a07:23c0:8::/48 maxlen: 48
                          2a07:23c0:9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 20:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ef:15:c2:1b:4a:56:96:5f:ec:1d:0c:88:3a:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
        Validity
            Not Before: Jan  2 03:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f99f846c46c67bccb12b84aa2d60d3e848bc5e59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:60:59:49:f7:fd:90:b5:71:88:98:66:37:86:
                    f7:fb:67:55:9b:5d:e5:40:85:32:ab:c3:4a:7c:42:
                    d6:58:b3:77:2f:c5:db:a6:27:ef:69:0b:db:51:23:
                    4f:2b:67:9b:9c:ec:68:5c:ef:a7:24:e9:6d:b3:41:
                    94:0c:1c:95:f6:19:4c:6d:4b:06:1a:c3:4f:d1:0f:
                    61:78:4c:f3:bb:35:41:ad:23:f7:bd:23:51:22:4b:
                    a8:64:13:70:e0:d7:85:b1:64:bb:77:98:23:c1:78:
                    87:d8:7d:7a:4e:07:07:96:2d:5c:a2:f8:96:d6:ad:
                    28:c2:51:1c:7f:19:f7:f6:3f:4b:d0:d0:22:61:e3:
                    b1:29:88:59:47:61:dd:a5:a2:14:14:e2:09:3a:9c:
                    a5:4f:96:74:21:2c:4c:67:6a:3f:93:80:5f:d6:56:
                    bd:c7:c6:fa:8c:ee:07:5e:4f:3b:7e:44:6c:29:9e:
                    cc:16:8e:95:4a:58:0c:de:d9:0e:45:5a:35:5a:ee:
                    d1:96:56:12:4b:21:4a:e6:5e:a0:3e:0a:26:f1:65:
                    90:c3:09:7f:c6:af:ab:18:d6:15:1a:31:d5:e7:ce:
                    a3:72:a3:c8:fa:37:05:6d:14:11:62:60:cb:fb:16:
                    42:9f:16:41:d2:da:bf:4f:1d:82:e2:e0:1a:f9:9e:
                    65:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:9F:84:6C:46:C6:7B:CC:B1:2B:84:AA:2D:60:D3:E8:48:BC:5E:59
            X509v3 Authority Key Identifier:
                keyid:4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/1-Z-EbEbGe8yxK4SqLWDT6Ei8Xlk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:23c0::/48
                  2a07:23c0:8::/47

    Signature Algorithm: sha256WithRSAEncryption
         66:a8:f7:66:88:03:9b:df:c4:69:1d:00:f5:10:95:42:ac:27:
         e0:96:c0:f1:eb:f6:3c:85:77:fe:6e:18:65:f2:b0:ac:f5:04:
         16:28:7a:62:12:13:ca:ca:78:37:3a:a0:84:92:62:f6:db:bd:
         92:10:b8:37:69:b9:74:25:ff:2b:4d:e4:18:af:fc:5c:d8:f8:
         41:93:25:81:45:c9:e6:9e:c9:d5:50:cd:5e:5d:d4:98:7f:d2:
         d1:28:16:c9:02:ec:cc:e7:c4:88:c6:77:e4:9b:39:71:b0:cb:
         d4:c5:e8:7e:21:61:f0:69:8f:3b:2a:78:8f:42:73:2c:20:ef:
         51:c8:6f:ce:ad:82:6e:25:39:aa:f3:ac:0b:25:8e:c0:39:f6:
         f7:c5:82:ae:a1:5e:37:b9:d1:c6:a2:42:2c:e2:84:90:57:c9:
         1e:1b:ef:51:93:21:a0:e9:93:fe:c3:20:36:ed:56:87:2d:7d:
         a8:46:c8:2e:e9:3b:3c:10:d9:54:b1:0f:25:09:57:aa:bf:82:
         a0:84:f5:35:71:58:52:1a:b9:fd:62:57:54:93:d0:a8:c9:55:
         cd:64:25:57:44:63:d2:ac:bf:98:d0:cd:24:c1:d1:55:a4:c8:
         f1:cf:b6:f9:42:ce:06:cf:70:e5:41:40:73:c0:11:c0:7a:1c:
         60:51:ed:c5
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZQlIe8VwhtKVpZf7B0MiDoOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYjJiYjdiYWQ1MGYxOTIxODEwYTAyOGU3OGVkZDY1Zjgx
ZjZhN2QwHhcNMjUwMTAyMDM0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTlmODQ2YzQ2YzY3YmNjYjEyYjg0YWEyZDYwZDNlODQ4YmM1ZTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmBZSff9kLVxiJhmN4b3+2dVm13l
QIUyq8NKfELWWLN3L8XbpifvaQvbUSNPK2ebnOxoXO+nJOlts0GUDByV9hlMbUsG
GsNP0Q9heEzzuzVBrSP3vSNRIkuoZBNw4NeFsWS7d5gjwXiH2H16TgcHli1coviW
1q0owlEcfxn39j9L0NAiYeOxKYhZR2HdpaIUFOIJOpylT5Z0ISxMZ2o/k4Bf1la9
x8b6jO4HXk87fkRsKZ7MFo6VSlgM3tkORVo1Wu7RllYSSyFK5l6gPgom8WWQwwl/
xq+rGNYVGjHV586jcqPI+jcFbRQRYmDL+xZCnxZB0tq/Tx2C4uAa+Z5l7QIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFPmfhGxGxnvMsSuEqi1g0+hIvF5ZMB8GA1UdIwQY
MBaAFE+yu3utUPGSGBCgKOeO3WX4H2p9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYt
MjdmYmM5OWVhM2M2LzEvMS1aLUViRWJHZTh5eEs0U3FMV0RUNkVpOFhsay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmQvZmRhMzgyLTQyNTctNDFjMy04ZWM2LTI3ZmJjOTllYTNj
Ni8xL1Q3SzdlNjFROFpJWUVLQW81NDdkWmZnZmFuMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAIwEgMHACoHI8AA
AAMHASoHI8AACDANBgkqhkiG9w0BAQsFAAOCAQEAZqj3ZogDm9/EaR0A9RCVQqwn
4JbA8ev2PIV3/m4YZfKwrPUEFih6YhITysp4NzqghJJi9tu9khC4N2m5dCX/K03k
GK/8XNj4QZMlgUXJ5p7J1VDNXl3UmH/S0SgWyQLszOfEiMZ35Js5cbDL1MXofiFh
8GmPOyp4j0JzLCDvUchvzq2CbiU5qvOsCyWOwDn298WCrqFeN7nRxqJCLOKEkFfJ
HhvvUZMhoOmT/sMgNu1Why19qEbILuk7PBDZVLEPJQlXqr+CoIT1NXFYUhq5/WJX
VJPQqMlVzWQlV0Rj0qy/mNDNJMHRVaTI8c+2+ULOBs9w5UFAc8ARwHocYFHtxQ==
-----END CERTIFICATE-----