Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/307be8-5e11-4110-a1d3-3a9c0fbc8a0a/1/OBgfNHwDlYtlqjjhJRFUWeZDTUY.roa
File:                     OBgfNHwDlYtlqjjhJRFUWeZDTUY.roa (raw, json)
Hash identifier:          6sPRuYPKeEviFfVQ52vvMVNq0j09JkQvr2PG17VGRJU=
Subject key identifier:   38:18:1F:34:7C:03:95:8B:65:AA:38:E1:25:11:54:59:E6:43:4D:46
Certificate issuer:       /CN=6693f2b04eb85b6a2a6e21c03cfbb77287a45aff
Certificate serial:       0194274761E26891D3239460C41A9F30F744
Authority key identifier: 66:93:F2:B0:4E:B8:5B:6A:2A:6E:21:C0:3C:FB:B7:72:87:A4:5A:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZpPysE64W2oqbiHAPPu3coekWv8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/307be8-5e11-4110-a1d3-3a9c0fbc8a0a/1/OBgfNHwDlYtlqjjhJRFUWeZDTUY.roa
Signing time:             Thu 02 Jan 2025 13:49:37 +0000
ROA not before:           Thu 02 Jan 2025 13:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44227
IP address blocks:        156.67.15.0/24 maxlen: 24
                          2001:67c:978::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/307be8-5e11-4110-a1d3-3a9c0fbc8a0a/1/ZpPysE64W2oqbiHAPPu3coekWv8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/307be8-5e11-4110-a1d3-3a9c0fbc8a0a/1/ZpPysE64W2oqbiHAPPu3coekWv8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZpPysE64W2oqbiHAPPu3coekWv8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:61:e2:68:91:d3:23:94:60:c4:1a:9f:30:f7:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6693f2b04eb85b6a2a6e21c03cfbb77287a45aff
        Validity
            Not Before: Jan  2 13:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38181f347c03958b65aa38e125115459e6434d46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:10:05:44:de:0e:b7:31:e6:e6:9d:64:cd:2b:
                    20:90:71:3c:11:e9:35:07:8f:fb:50:31:eb:24:71:
                    72:20:c0:f1:52:41:69:1a:67:13:49:14:ec:9b:92:
                    1d:26:67:56:00:72:8a:ca:b9:1e:f9:35:02:5f:6d:
                    b5:f0:01:e4:49:9c:98:2f:51:14:a6:71:cb:e4:44:
                    e7:6c:c4:6c:5c:c3:33:94:e0:72:d0:66:68:97:59:
                    00:e0:e5:fe:99:0c:03:3d:50:47:e4:a9:20:fd:31:
                    85:98:9a:26:93:df:d8:2c:f4:6a:df:82:cc:f8:58:
                    a9:af:e9:12:1a:2d:f5:40:16:2e:21:1f:25:da:5c:
                    73:30:07:b1:e0:f8:5b:cc:85:7c:36:7a:c1:1f:17:
                    ea:93:f6:26:8a:09:27:23:fc:04:fd:ff:76:5c:fe:
                    43:ea:ca:07:b4:25:e1:f1:43:90:63:04:f6:c3:1b:
                    9c:18:ce:8c:cc:c1:94:59:41:d5:d2:a4:c6:b8:21:
                    4c:9a:9c:f5:9c:08:47:ff:f3:2b:81:a6:27:ee:7c:
                    1a:42:8f:ab:45:d6:be:d5:5d:19:4f:7e:25:f9:14:
                    12:74:18:dd:bc:6a:0d:fc:fe:58:19:cb:85:8c:d8:
                    20:11:00:98:94:cb:a9:7f:2c:af:fc:35:d1:88:1f:
                    d1:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:18:1F:34:7C:03:95:8B:65:AA:38:E1:25:11:54:59:E6:43:4D:46
            X509v3 Authority Key Identifier:
                keyid:66:93:F2:B0:4E:B8:5B:6A:2A:6E:21:C0:3C:FB:B7:72:87:A4:5A:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZpPysE64W2oqbiHAPPu3coekWv8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/307be8-5e11-4110-a1d3-3a9c0fbc8a0a/1/OBgfNHwDlYtlqjjhJRFUWeZDTUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/307be8-5e11-4110-a1d3-3a9c0fbc8a0a/1/ZpPysE64W2oqbiHAPPu3coekWv8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.67.15.0/24
                IPv6:
                  2001:67c:978::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:da:0c:8c:59:4a:bf:c9:d1:eb:39:f4:8e:18:85:e4:63:44:
         23:53:f9:02:5d:72:58:bf:26:1e:ce:23:7b:44:c3:96:88:bb:
         f6:3b:3b:a0:b6:92:48:65:ce:b4:2c:3e:99:c8:c1:39:6a:6b:
         b3:3b:b5:3d:3f:98:58:80:5a:42:dc:39:dd:dd:34:53:70:13:
         73:88:0d:10:c2:59:54:f2:38:6c:e5:e1:1a:2c:41:62:f1:d9:
         16:b7:77:97:ca:93:6e:a7:43:c4:f5:3e:7f:c2:e4:7f:dd:4b:
         26:1b:02:f1:ba:80:3b:b1:f8:db:69:5a:61:a2:b2:b9:5d:17:
         e0:22:f3:ed:02:01:7f:1a:ab:49:52:85:7d:54:38:ad:15:36:
         1b:f2:ff:19:ac:16:bc:c7:7d:21:89:6a:40:c2:b7:60:9e:93:
         2d:25:15:2e:eb:c1:42:30:d0:6c:9d:d3:56:28:41:ae:fa:f6:
         bf:bc:ae:83:dc:b6:26:f6:38:ea:96:fd:11:50:8b:86:03:57:
         9c:0f:bc:43:af:11:e3:84:50:10:8d:a3:42:b9:33:ff:67:47:
         d8:d9:8e:b0:e2:65:f9:29:34:64:72:6e:46:5f:cb:64:13:57:
         8c:78:03:4b:44:e1:71:65:eb:45:4e:97:02:52:53:ad:79:93:
         ec:e1:a0:ab
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQnR2HiaJHTI5RgxBqfMPdEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OTNmMmIwNGViODViNmEyYTZlMjFjMDNjZmJiNzcyODdh
NDVhZmYwHhcNMjUwMTAyMTM0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODE4MWYzNDdjMDM5NThiNjVhYTM4ZTEyNTExNTQ1OWU2NDM0ZDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhAFRN4OtzHm5p1kzSsgkHE8Eek1
B4/7UDHrJHFyIMDxUkFpGmcTSRTsm5IdJmdWAHKKyrke+TUCX2218AHkSZyYL1EU
pnHL5ETnbMRsXMMzlOBy0GZol1kA4OX+mQwDPVBH5Kkg/TGFmJomk9/YLPRq34LM
+Fipr+kSGi31QBYuIR8l2lxzMAex4PhbzIV8NnrBHxfqk/YmigknI/wE/f92XP5D
6soHtCXh8UOQYwT2wxucGM6MzMGUWUHV0qTGuCFMmpz1nAhH//MrgaYn7nwaQo+r
Rda+1V0ZT34l+RQSdBjdvGoN/P5YGcuFjNggEQCYlMupfyyv/DXRiB/R7QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDgYHzR8A5WLZao44SURVFnmQ01GMB8GA1UdIwQY
MBaAFGaT8rBOuFtqKm4hwDz7t3KHpFr/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnBQeXNFNjRXMm9xYmlIQVBQdTNjb2VrV3Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8zMDdiZTgtNWUxMS00MTEwLWExZDMt
M2E5YzBmYmM4YTBhLzEvT0JnZk5Id0RsWXRscWpqaEpSRlVXZVpEVFVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8zMDdiZTgtNWUxMS00MTEwLWExZDMtM2E5YzBmYmM4YTBh
LzEvWnBQeXNFNjRXMm9xYmlIQVBQdTNjb2VrV3Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAnEMPMA8E
AgACMAkDBwAgAQZ8CXgwDQYJKoZIhvcNAQELBQADggEBAGXaDIxZSr/J0es59I4Y
heRjRCNT+QJdcli/Jh7OI3tEw5aIu/Y7O6C2kkhlzrQsPpnIwTlqa7M7tT0/mFiA
WkLcOd3dNFNwE3OIDRDCWVTyOGzl4RosQWLx2Ra3d5fKk26nQ8T1Pn/C5H/dSyYb
AvG6gDux+NtpWmGisrldF+Ai8+0CAX8aq0lShX1UOK0VNhvy/xmsFrzHfSGJakDC
t2Ceky0lFS7rwUIw0Gyd01YoQa769r+8roPctib2OOqW/RFQi4YDV5wPvEOvEeOE
UBCNo0K5M/9nR9jZjrDiZfkpNGRybkZfy2QTV4x4A0tE4XFl60VOlwJSU615k+zh
oKs=
-----END CERTIFICATE-----