Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/fwidfOE9wLJVHvxvqo5WJpziTPQ.roa
File:                     fwidfOE9wLJVHvxvqo5WJpziTPQ.roa (raw, json)
Hash identifier:          IACsOvvmqe0JcAwbYBZ0v3eyApUMtt8c8HlehAuYS/w=
Subject key identifier:   7F:08:9D:7C:E1:3D:C0:B2:55:1E:FC:6F:AA:8E:56:26:9C:E2:4C:F4
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0196821F972D2C85793D5DC85EFAF715AA17
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/fwidfOE9wLJVHvxvqo5WJpziTPQ.roa
Signing time:             Tue 29 Apr 2025 15:17:10 +0000
ROA not before:           Tue 29 Apr 2025 15:17:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50340
IP address blocks:        2a11:7887::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:82:1f:97:2d:2c:85:79:3d:5d:c8:5e:fa:f7:15:aa:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Apr 29 15:17:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f089d7ce13dc0b2551efc6faa8e56269ce24cf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:15:f6:8c:eb:9e:18:e9:90:77:74:5b:f4:4c:
                    7c:07:78:e7:5b:a8:bf:74:53:88:64:c6:cc:af:93:
                    3d:60:44:23:fd:89:bb:19:a3:ed:3b:b1:f0:b6:5c:
                    76:20:d7:22:58:d9:9e:29:d7:93:10:89:72:33:08:
                    61:36:e4:2c:91:42:13:6b:33:d7:4e:1c:b0:6a:b1:
                    ba:bf:28:18:8d:14:7a:b7:cb:8d:3a:f1:a6:8d:b7:
                    51:53:1e:99:0e:07:2b:9a:c8:eb:50:1c:32:ac:95:
                    f6:e3:c8:b9:a5:7f:82:fe:49:6e:f9:5f:fb:38:c9:
                    2e:28:a5:f0:f3:cf:a9:c2:55:fc:3e:bd:cc:06:4a:
                    3e:51:98:97:d7:e8:c5:75:58:09:a3:0f:ce:e0:dd:
                    d2:c1:83:b2:a5:b7:33:f1:d9:e6:69:ad:d5:73:b1:
                    f2:94:61:d2:81:d2:ee:eb:6b:1e:26:5b:cb:a3:03:
                    28:e0:cb:86:48:1b:8d:6d:b5:30:0d:73:ea:fe:d9:
                    33:6f:2e:00:4b:10:5e:96:da:41:8b:59:80:96:de:
                    09:53:ac:27:37:b9:83:9b:15:2e:61:76:79:7b:4f:
                    c4:80:c4:08:d4:18:2f:a2:d8:8a:be:30:7f:3e:49:
                    7e:58:55:7b:95:d6:9b:0f:14:b3:07:93:98:c6:6f:
                    f7:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:08:9D:7C:E1:3D:C0:B2:55:1E:FC:6F:AA:8E:56:26:9C:E2:4C:F4
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/fwidfOE9wLJVHvxvqo5WJpziTPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:7887::/32

    Signature Algorithm: sha256WithRSAEncryption
         8b:f2:d1:4b:3e:c6:4d:4a:8a:29:69:b0:0b:98:13:8d:4a:98:
         27:c1:54:b6:e4:30:5a:a9:f4:d2:d4:95:fd:40:76:c9:68:95:
         98:a1:5e:c5:8a:33:78:39:1b:a1:c3:a4:c3:b8:c7:af:8f:67:
         80:14:1b:05:be:94:c7:76:b0:f2:5d:8e:1b:d3:75:6b:90:e3:
         40:8b:e8:57:9f:f3:30:dc:32:f2:9c:ba:dc:5e:c9:47:62:44:
         21:a5:97:b9:f3:53:9a:92:63:00:0f:87:e9:fa:90:32:82:ae:
         73:76:06:6b:ad:b3:13:46:1d:2b:c1:0d:35:0c:00:08:19:95:
         8c:7d:e9:b2:b1:fd:ca:24:b2:d0:ba:58:63:f7:89:b2:28:af:
         13:16:27:46:0c:d8:9c:eb:a4:88:23:fa:d4:fa:9b:b4:1b:fa:
         a5:4f:72:98:ae:33:f1:71:fc:ba:3f:04:96:ea:51:79:ea:a2:
         db:0b:b7:3d:82:29:a9:6e:6c:37:9b:a1:78:4f:3d:34:79:58:
         b5:54:0a:54:19:4a:1c:9b:53:82:18:86:67:49:ef:e8:ce:19:
         c0:59:6e:11:f5:e3:62:99:d7:3d:57:cf:60:05:ba:f6:f3:f8:
         0f:9a:70:44:fe:ee:c7:d7:a1:a4:ef:97:6d:19:27:70:28:81:
         5c:61:17:b2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZaCH5ctLIV5PV3IXvr3FaoXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNDI5MTUxNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjA4OWQ3Y2UxM2RjMGIyNTUxZWZjNmZhYThlNTYyNjljZTI0Y2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hX2jOueGOmQd3Rb9Ex8B3jnW6i/
dFOIZMbMr5M9YEQj/Ym7GaPtO7Hwtlx2INciWNmeKdeTEIlyMwhhNuQskUITazPX
ThywarG6vygYjRR6t8uNOvGmjbdRUx6ZDgcrmsjrUBwyrJX248i5pX+C/klu+V/7
OMkuKKXw88+pwlX8Pr3MBko+UZiX1+jFdVgJow/O4N3SwYOypbcz8dnmaa3Vc7Hy
lGHSgdLu62seJlvLowMo4MuGSBuNbbUwDXPq/tkzby4ASxBeltpBi1mAlt4JU6wn
N7mDmxUuYXZ5e0/EgMQI1BgvotiKvjB/Pkl+WFV7ldabDxSzB5OYxm/30QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFH8InXzhPcCyVR78b6qOViac4kz0MB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvZndpZGZPRTl3TEpWSHZ4dnFvNVdKcHppVFBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhF4hzAN
BgkqhkiG9w0BAQsFAAOCAQEAi/LRSz7GTUqKKWmwC5gTjUqYJ8FUtuQwWqn00tSV
/UB2yWiVmKFexYozeDkbocOkw7jHr49ngBQbBb6Ux3aw8l2OG9N1a5DjQIvoV5/z
MNwy8py63F7JR2JEIaWXufNTmpJjAA+H6fqQMoKuc3YGa62zE0YdK8ENNQwACBmV
jH3psrH9yiSy0LpYY/eJsiivExYnRgzYnOukiCP61PqbtBv6pU9ymK4z8XH8uj8E
lupReeqi2wu3PYIpqW5sN5uheE89NHlYtVQKVBlKHJtTghiGZ0nv6M4ZwFluEfXj
YpnXPVfPYAW69vP4D5pwRP7ux9ehpO+XbRkncCiBXGEXsg==
-----END CERTIFICATE-----