Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/7f02b0-d9ad-4f5d-9b69-48f621acb9b7/1/_esauh0bwxU4lPvXm-nLiVYT1MY.roa
File:                     _esauh0bwxU4lPvXm-nLiVYT1MY.roa (raw, json)
Hash identifier:          dg/Xh0ZCbSrkvMtC9w3xbJVNO3y7y3uRRsJgcH21rXg=
Subject key identifier:   FD:EB:1A:BA:1D:1B:C3:15:38:94:FB:D7:9B:E9:CB:89:56:13:D4:C6
Certificate issuer:       /CN=9474b5241b63c3afbdb342cc47634c55ab2ff846
Certificate serial:       01963EFF23FE9AC5867A1E90A556B5A19737
Authority key identifier: 94:74:B5:24:1B:63:C3:AF:BD:B3:42:CC:47:63:4C:55:AB:2F:F8:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lHS1JBtjw6-9s0LMR2NMVasv-EY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/7f02b0-d9ad-4f5d-9b69-48f621acb9b7/1/_esauh0bwxU4lPvXm-nLiVYT1MY.roa
Signing time:             Wed 16 Apr 2025 14:27:10 +0000
ROA not before:           Wed 16 Apr 2025 14:27:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210320
IP address blocks:        2001:67c:d4::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/7f02b0-d9ad-4f5d-9b69-48f621acb9b7/1/lHS1JBtjw6-9s0LMR2NMVasv-EY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/7f02b0-d9ad-4f5d-9b69-48f621acb9b7/1/lHS1JBtjw6-9s0LMR2NMVasv-EY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lHS1JBtjw6-9s0LMR2NMVasv-EY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3e:ff:23:fe:9a:c5:86:7a:1e:90:a5:56:b5:a1:97:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9474b5241b63c3afbdb342cc47634c55ab2ff846
        Validity
            Not Before: Apr 16 14:27:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdeb1aba1d1bc3153894fbd79be9cb895613d4c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:0b:da:b7:3e:91:e7:1a:40:8b:b5:af:34:fc:
                    4a:bd:cd:88:cc:b3:a5:55:1c:e8:6a:e2:06:83:78:
                    5c:ea:79:54:4b:ed:ad:16:fd:b9:c2:44:a0:86:6c:
                    40:08:aa:07:ed:3a:a6:d0:b2:4b:e1:e6:a5:2c:a9:
                    31:a2:25:92:d0:8d:4d:f3:db:15:3d:1d:88:92:c8:
                    e6:25:5a:28:88:a5:23:35:38:e0:34:d7:d9:19:71:
                    84:95:40:2b:81:ae:fe:1d:19:d7:43:47:a1:ae:1b:
                    51:f8:68:55:f3:d8:90:62:99:b1:20:55:74:e2:7d:
                    eb:a0:de:69:64:cc:8f:16:20:27:30:92:0d:07:de:
                    a2:b7:5d:fd:3f:2b:8b:97:a5:20:8a:93:66:99:c2:
                    d5:8c:6e:f5:3e:67:13:5b:52:93:24:54:f0:f8:48:
                    50:5d:35:96:78:24:8d:0c:41:c4:32:bd:a0:70:fb:
                    0d:97:c2:85:c7:49:f7:1e:eb:f3:60:dc:4c:c7:82:
                    34:a3:c8:c0:9e:36:89:0c:31:c4:4a:33:57:a9:6f:
                    0a:50:7f:70:0d:2e:8d:d1:76:99:70:e2:09:23:95:
                    38:a9:53:46:d8:bb:fc:df:47:a5:6d:f0:34:3e:b7:
                    35:f6:a8:07:9b:8a:98:81:86:a0:8b:d4:56:fe:2f:
                    4c:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:EB:1A:BA:1D:1B:C3:15:38:94:FB:D7:9B:E9:CB:89:56:13:D4:C6
            X509v3 Authority Key Identifier:
                keyid:94:74:B5:24:1B:63:C3:AF:BD:B3:42:CC:47:63:4C:55:AB:2F:F8:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lHS1JBtjw6-9s0LMR2NMVasv-EY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/7f02b0-d9ad-4f5d-9b69-48f621acb9b7/1/_esauh0bwxU4lPvXm-nLiVYT1MY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/7f02b0-d9ad-4f5d-9b69-48f621acb9b7/1/lHS1JBtjw6-9s0LMR2NMVasv-EY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d4::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:bf:60:0a:2a:0d:d7:45:95:31:d5:30:50:74:cd:6b:4f:6d:
         bb:0b:36:53:29:0e:2a:14:4b:a9:59:a2:37:f4:0e:12:5d:26:
         38:c1:6e:a2:bc:40:0c:de:88:a0:36:da:02:ef:69:48:14:91:
         32:0a:1e:3e:c3:22:90:9c:dc:8a:84:75:4a:cf:0c:98:b5:a0:
         97:e9:99:7e:96:f1:0f:fd:9b:f7:3f:3b:50:6a:e3:f7:d3:c3:
         bc:f9:89:e7:0b:29:0c:54:48:53:25:00:85:40:73:cb:a0:8e:
         7d:29:70:16:66:94:a8:35:79:db:b7:7e:23:3d:a4:97:a5:f6:
         13:1d:08:a4:10:e7:8a:a5:4b:fb:28:06:a2:45:31:56:a5:3e:
         60:ba:fe:88:92:e1:7d:55:4a:8b:a9:c3:b6:f3:60:22:06:ea:
         89:56:87:70:b5:4e:74:fa:4d:ba:77:9a:e8:d0:d1:cf:df:1f:
         93:27:a9:40:3a:5d:46:ff:29:d4:11:08:c0:e2:0b:d7:19:98:
         9d:e6:78:01:33:83:4d:c9:54:85:e0:6f:8d:c5:1a:76:be:38:
         9c:4e:61:29:3b:d5:80:dd:f1:38:33:02:e4:cc:de:1a:1d:98:
         14:f3:32:2d:18:e2:bf:ce:94:85:f2:5c:79:69:6a:3a:08:2c:
         99:6c:52:5a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZY+/yP+msWGeh6QpVa1oZc3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0NzRiNTI0MWI2M2MzYWZiZGIzNDJjYzQ3NjM0YzU1YWIy
ZmY4NDYwHhcNMjUwNDE2MTQyNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGViMWFiYTFkMWJjMzE1Mzg5NGZiZDc5YmU5Y2I4OTU2MTNkNGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3wvatz6R5xpAi7WvNPxKvc2IzLOl
VRzoauIGg3hc6nlUS+2tFv25wkSghmxACKoH7Tqm0LJL4ealLKkxoiWS0I1N89sV
PR2IksjmJVooiKUjNTjgNNfZGXGElUArga7+HRnXQ0ehrhtR+GhV89iQYpmxIFV0
4n3roN5pZMyPFiAnMJINB96it139PyuLl6UgipNmmcLVjG71PmcTW1KTJFTw+EhQ
XTWWeCSNDEHEMr2gcPsNl8KFx0n3HuvzYNxMx4I0o8jAnjaJDDHESjNXqW8KUH9w
DS6N0XaZcOIJI5U4qVNG2Lv830elbfA0Prc19qgHm4qYgYagi9RW/i9M1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP3rGrodG8MVOJT715vpy4lWE9TGMB8GA1UdIwQY
MBaAFJR0tSQbY8OvvbNCzEdjTFWrL/hGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEhTMUpCdGp3Ni05czBMTVIyTk1WYXN2LUVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83ZjAyYjAtZDlhZC00ZjVkLTliNjkt
NDhmNjIxYWNiOWI3LzEvX2VzYXVoMGJ3eFU0bFB2WG0tbkxpVllUMU1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83ZjAyYjAtZDlhZC00ZjVkLTliNjktNDhmNjIxYWNiOWI3
LzEvbEhTMUpCdGp3Ni05czBMTVIyTk1WYXN2LUVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfADU
MA0GCSqGSIb3DQEBCwUAA4IBAQBpv2AKKg3XRZUx1TBQdM1rT227CzZTKQ4qFEup
WaI39A4SXSY4wW6ivEAM3oigNtoC72lIFJEyCh4+wyKQnNyKhHVKzwyYtaCX6Zl+
lvEP/Zv3PztQauP308O8+YnnCykMVEhTJQCFQHPLoI59KXAWZpSoNXnbt34jPaSX
pfYTHQikEOeKpUv7KAaiRTFWpT5guv6IkuF9VUqLqcO282AiBuqJVodwtU50+k26
d5ro0NHP3x+TJ6lAOl1G/ynUEQjA4gvXGZid5ngBM4NNyVSF4G+NxRp2vjicTmEp
O9WA3fE4MwLkzN4aHZgU8zItGOK/zpSF8lx5aWo6CCyZbFJa
-----END CERTIFICATE-----