Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/Avsyu6b6NVxYkf6X_q_nnw7ehoc.roa
File:                     Avsyu6b6NVxYkf6X_q_nnw7ehoc.roa (raw, json)
Hash identifier:          4zpQXnbZi1DFLcalMENFIs49gI1fkeakU+6rA+Vt+Zk=
Subject key identifier:   02:FB:32:BB:A6:FA:35:5C:58:91:FE:97:FE:AF:E7:9F:0E:DE:86:87
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       019427B56523E20BE9E9F09BEE05DEFC243B
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/Avsyu6b6NVxYkf6X_q_nnw7ehoc.roa
Signing time:             Thu 02 Jan 2025 15:49:46 +0000
ROA not before:           Thu 02 Jan 2025 15:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        2a11:5780::/30 maxlen: 30
                          2a11:5784::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:65:23:e2:0b:e9:e9:f0:9b:ee:05:de:fc:24:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jan  2 15:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02fb32bba6fa355c5891fe97feafe79f0ede8687
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:12:19:f3:b0:58:00:44:8e:ed:e4:37:8b:b2:
                    f1:b9:40:d3:0a:b7:84:0f:bc:a7:29:5f:5d:8b:85:
                    17:a5:b8:f6:f8:3b:fc:fe:ad:56:57:df:d9:72:9b:
                    c6:cd:fc:11:bd:62:a4:b3:0d:e5:99:9a:ab:d8:a2:
                    ef:1e:8c:aa:24:76:4a:a6:b8:cc:e2:fc:b5:cf:93:
                    af:17:e1:1f:85:26:8f:a7:0e:e5:d9:c4:2a:75:4a:
                    9f:d9:6b:fa:49:5e:1f:98:7a:da:0b:46:25:dd:28:
                    74:eb:22:ce:f6:86:c5:ed:37:7f:3f:1e:21:c2:ad:
                    95:0a:d4:b0:e9:8e:68:5e:14:47:b6:75:da:bb:d2:
                    27:0e:26:9c:b6:2c:6f:ba:58:dd:b7:df:29:07:23:
                    c8:91:ed:74:45:f7:b0:9c:5f:56:70:f5:c4:72:d4:
                    44:02:ff:bf:b7:41:d3:82:6c:ec:da:70:dc:f2:f3:
                    d8:c3:33:cd:57:a5:1e:1b:26:fb:ec:c8:e2:1c:3d:
                    17:de:85:c2:69:1a:f7:26:41:e4:7f:b5:06:2d:14:
                    bf:cd:28:c9:8f:12:aa:b7:d8:0a:5d:b4:71:3e:9b:
                    8a:33:0c:4c:14:2d:cf:b7:b7:fd:0b:de:15:0f:50:
                    b0:21:d6:e5:31:16:95:aa:0a:7a:9a:b2:fe:99:70:
                    03:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:FB:32:BB:A6:FA:35:5C:58:91:FE:97:FE:AF:E7:9F:0E:DE:86:87
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/Avsyu6b6NVxYkf6X_q_nnw7ehoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:5780::/29

    Signature Algorithm: sha256WithRSAEncryption
         04:2f:4a:5b:a9:24:8b:7d:8c:1e:8c:6e:39:d6:08:d4:f9:ed:
         fd:40:41:27:0d:6b:ad:b3:67:a9:b2:ae:6e:dc:45:86:75:c2:
         f3:01:b6:6b:7d:01:dd:28:2d:7d:cc:30:00:ae:3b:85:22:f9:
         76:27:5e:b9:dd:b2:95:d5:b1:11:8b:44:d9:d5:9d:ca:0b:40:
         fb:b5:62:b5:18:8b:00:ea:65:6b:75:ec:b9:bc:70:17:1c:12:
         e8:d3:9d:f3:4c:84:94:d7:c8:6a:8e:6e:fb:6b:1e:5f:f1:b3:
         3b:af:fb:a0:6f:61:a8:52:69:54:b4:07:c5:5a:68:95:86:b4:
         a6:53:41:ef:cb:ab:10:11:bb:61:3e:22:61:15:d7:da:a4:5b:
         a0:9f:8c:f3:86:48:9c:54:43:f3:b1:ea:c0:46:ac:6f:86:72:
         4b:45:b7:33:8f:e2:97:ca:0e:c1:d9:12:6c:66:e4:95:d1:60:
         32:05:34:d2:18:88:72:bb:13:0a:58:c1:c4:a6:96:6d:e8:a3:
         04:0d:8e:eb:47:6a:d0:61:75:44:f0:57:aa:2f:32:88:98:15:
         5c:9e:12:42:6e:b4:9e:90:52:2d:59:12:33:3f:fe:e3:f4:36:
         e9:ee:c4:7a:c0:c5:2b:ca:6b:f0:48:e0:38:19:3c:1d:78:00:
         29:a2:c9:ed
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQntWUj4gvp6fCb7gXe/CQ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwMTAyMTU0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmZiMzJiYmE2ZmEzNTVjNTg5MWZlOTdmZWFmZTc5ZjBlZGU4Njg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphIZ87BYAESO7eQ3i7LxuUDTCreE
D7ynKV9di4UXpbj2+Dv8/q1WV9/ZcpvGzfwRvWKksw3lmZqr2KLvHoyqJHZKprjM
4vy1z5OvF+EfhSaPpw7l2cQqdUqf2Wv6SV4fmHraC0Yl3Sh06yLO9obF7Td/Px4h
wq2VCtSw6Y5oXhRHtnXau9InDiactixvuljdt98pByPIke10RfewnF9WcPXEctRE
Av+/t0HTgmzs2nDc8vPYwzPNV6UeGyb77MjiHD0X3oXCaRr3JkHkf7UGLRS/zSjJ
jxKqt9gKXbRxPpuKMwxMFC3Pt7f9C94VD1CwIdblMRaVqgp6mrL+mXADWQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAL7Mrum+jVcWJH+l/6v558O3oaHMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvQXZzeXU2YjZOVnhZa2Y2WF9xX25udzdlaG9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhFXgDAN
BgkqhkiG9w0BAQsFAAOCAQEABC9KW6kki32MHoxuOdYI1Pnt/UBBJw1rrbNnqbKu
btxFhnXC8wG2a30B3SgtfcwwAK47hSL5dideud2yldWxEYtE2dWdygtA+7VitRiL
AOpla3XsubxwFxwS6NOd80yElNfIao5u+2seX/GzO6/7oG9hqFJpVLQHxVpolYa0
plNB78urEBG7YT4iYRXX2qRboJ+M84ZInFRD87HqwEasb4ZyS0W3M4/il8oOwdkS
bGbkldFgMgU00hiIcrsTCljBxKaWbeijBA2O60dq0GF1RPBXqi8yiJgVXJ4SQm60
npBSLVkSMz/+4/Q26e7EesDFK8pr8EjgOBk8HXgAKaLJ7Q==
-----END CERTIFICATE-----