Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/364ab5-de95-4259-8927-9d2e42f7f9ac/1/Njt0C_REwUu3SbLYdsWOldKXTok.roa
File:                     Njt0C_REwUu3SbLYdsWOldKXTok.roa (raw, json)
Hash identifier:          FKU9goGKUIXguBLGBxGdYgnZkFhCbVsBMNq8D5V01Qo=
Subject key identifier:   36:3B:74:0B:F4:44:C1:4B:B7:49:B2:D8:76:C5:8E:95:D2:97:4E:89
Certificate issuer:       /CN=ccffe64f42a9f04b9fd6cd758372a1db5cd8b191
Certificate serial:       019424B3D4A1EA9E476C698B7064BD0DD232
Authority key identifier: CC:FF:E6:4F:42:A9:F0:4B:9F:D6:CD:75:83:72:A1:DB:5C:D8:B1:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zP_mT0Kp8Euf1s11g3Kh21zYsZE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/364ab5-de95-4259-8927-9d2e42f7f9ac/1/Njt0C_REwUu3SbLYdsWOldKXTok.roa
Signing time:             Thu 02 Jan 2025 01:49:12 +0000
ROA not before:           Thu 02 Jan 2025 01:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8220
IP address blocks:        2001:67c:2b34::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/364ab5-de95-4259-8927-9d2e42f7f9ac/1/zP_mT0Kp8Euf1s11g3Kh21zYsZE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/364ab5-de95-4259-8927-9d2e42f7f9ac/1/zP_mT0Kp8Euf1s11g3Kh21zYsZE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zP_mT0Kp8Euf1s11g3Kh21zYsZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 04:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:d4:a1:ea:9e:47:6c:69:8b:70:64:bd:0d:d2:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccffe64f42a9f04b9fd6cd758372a1db5cd8b191
        Validity
            Not Before: Jan  2 01:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=363b740bf444c14bb749b2d876c58e95d2974e89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c3:6a:51:8c:98:fe:0f:f6:8b:97:98:ed:79:
                    46:05:05:b0:09:4b:ba:5a:91:19:af:71:f3:0e:58:
                    c6:b7:9e:21:62:48:38:76:df:0e:d0:61:77:70:01:
                    b0:43:be:0f:69:0b:35:23:17:2b:68:dd:a0:07:01:
                    19:95:99:1f:b9:6c:59:aa:59:bf:f1:34:dc:22:7b:
                    3f:6f:0b:4b:22:92:e2:43:dd:a5:0b:9d:b2:d2:d7:
                    a6:6a:67:8f:57:23:92:85:ea:fd:a2:6d:a2:76:f0:
                    c0:a8:ea:b3:6b:0a:9f:b6:f5:fb:23:a7:da:1d:52:
                    98:9c:0a:07:ad:48:e8:73:76:78:b0:47:56:ce:23:
                    13:54:87:a5:a9:02:24:70:d0:87:c2:95:32:eb:fc:
                    f3:08:1e:9f:45:d1:7a:fc:57:fe:13:55:88:01:55:
                    6b:fb:ec:aa:a2:64:54:dd:a8:02:2c:83:bd:c6:d2:
                    7e:2f:ca:da:f3:c1:60:a2:61:7d:d0:b3:19:d2:d9:
                    2c:e7:29:1c:e9:83:6f:7e:58:4c:da:e0:cf:a5:73:
                    01:77:1e:46:ae:9e:f1:5f:57:9f:a5:44:34:49:c5:
                    39:82:93:6c:b6:91:19:ba:91:cd:58:6a:e5:e2:60:
                    89:72:e6:4e:02:f8:7c:c3:82:7f:b4:5a:fa:11:ed:
                    7c:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:3B:74:0B:F4:44:C1:4B:B7:49:B2:D8:76:C5:8E:95:D2:97:4E:89
            X509v3 Authority Key Identifier:
                keyid:CC:FF:E6:4F:42:A9:F0:4B:9F:D6:CD:75:83:72:A1:DB:5C:D8:B1:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zP_mT0Kp8Euf1s11g3Kh21zYsZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/364ab5-de95-4259-8927-9d2e42f7f9ac/1/Njt0C_REwUu3SbLYdsWOldKXTok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/364ab5-de95-4259-8927-9d2e42f7f9ac/1/zP_mT0Kp8Euf1s11g3Kh21zYsZE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2b34::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:23:b3:34:b4:1d:d1:2b:a2:09:0f:89:8a:05:d5:fb:74:e1:
         21:3d:9b:17:0b:18:e2:79:ef:d6:1b:ed:08:d1:77:47:b7:d2:
         43:83:cc:c9:41:46:40:77:9f:f3:1e:c2:3e:55:62:a9:96:61:
         19:1e:ad:5f:e7:5d:16:63:26:5c:ce:41:7b:e8:83:4d:70:e1:
         66:53:f6:a4:8e:fd:d0:c9:2b:18:54:1c:12:c5:33:2e:73:da:
         b4:87:61:8e:cc:8c:a3:57:02:98:37:ca:48:be:1b:e3:ea:fc:
         e2:6c:b6:a4:48:59:cc:83:23:5f:d8:eb:b3:66:70:4a:1f:21:
         3d:c0:6d:1f:68:fe:47:b7:3f:93:28:0c:ea:5f:4d:33:6b:45:
         2b:84:10:f0:fc:6a:85:b4:66:d8:88:05:4b:ac:c0:a7:64:15:
         82:33:a4:97:be:c7:53:2f:6a:11:7c:6e:2d:a6:d3:b0:b2:fc:
         3d:d3:8f:35:5d:37:39:ec:80:51:18:85:55:54:41:a8:ea:e4:
         19:99:35:fa:0f:f7:35:25:00:b6:c6:f3:a8:b2:aa:5f:e5:5a:
         0a:30:15:a9:09:79:ff:0d:89:96:96:d6:6b:bd:47:58:03:7e:
         00:f2:23:ba:1b:5c:4e:aa:c1:6e:51:03:a3:b4:3f:c1:6e:14:
         85:fb:9d:b8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQks9Sh6p5HbGmLcGS9DdIyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZmZlNjRmNDJhOWYwNGI5ZmQ2Y2Q3NTgzNzJhMWRiNWNk
OGIxOTEwHhcNMjUwMTAyMDE0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjNiNzQwYmY0NDRjMTRiYjc0OWIyZDg3NmM1OGU5NWQyOTc0ZTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucNqUYyY/g/2i5eY7XlGBQWwCUu6
WpEZr3HzDljGt54hYkg4dt8O0GF3cAGwQ74PaQs1IxcraN2gBwEZlZkfuWxZqlm/
8TTcIns/bwtLIpLiQ92lC52y0temamePVyOSher9om2idvDAqOqzawqftvX7I6fa
HVKYnAoHrUjoc3Z4sEdWziMTVIelqQIkcNCHwpUy6/zzCB6fRdF6/Ff+E1WIAVVr
++yqomRU3agCLIO9xtJ+L8ra88FgomF90LMZ0tks5ykc6YNvflhM2uDPpXMBdx5G
rp7xX1efpUQ0ScU5gpNstpEZupHNWGrl4mCJcuZOAvh8w4J/tFr6Ee18RwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDY7dAv0RMFLt0my2HbFjpXSl06JMB8GA1UdIwQY
MBaAFMz/5k9CqfBLn9bNdYNyodtc2LGRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelBfbVQwS3A4RXVmMXMxMWczS2gyMXpZc1pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zNjRhYjUtZGU5NS00MjU5LTg5Mjct
OWQyZTQyZjdmOWFjLzEvTmp0MENfUkV3VXUzU2JMWWRzV09sZEtYVG9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zNjRhYjUtZGU5NS00MjU5LTg5MjctOWQyZTQyZjdmOWFj
LzEvelBfbVQwS3A4RXVmMXMxMWczS2gyMXpZc1pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCs0
MA0GCSqGSIb3DQEBCwUAA4IBAQAaI7M0tB3RK6IJD4mKBdX7dOEhPZsXCxjiee/W
G+0I0XdHt9JDg8zJQUZAd5/zHsI+VWKplmEZHq1f510WYyZczkF76INNcOFmU/ak
jv3QySsYVBwSxTMuc9q0h2GOzIyjVwKYN8pIvhvj6vzibLakSFnMgyNf2OuzZnBK
HyE9wG0faP5Htz+TKAzqX00za0UrhBDw/GqFtGbYiAVLrMCnZBWCM6SXvsdTL2oR
fG4tptOwsvw90481XTc57IBRGIVVVEGo6uQZmTX6D/c1JQC2xvOosqpf5VoKMBWp
CXn/DYmWltZrvUdYA34A8iO6G1xOqsFuUQOjtD/BbhSF+524
-----END CERTIFICATE-----