Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/8cf51c-54d7-4c3a-90c4-bd512ed58f78/1/M-D765qKLa5rpx98GwEizjipWV0.roa
File:                     M-D765qKLa5rpx98GwEizjipWV0.roa (raw, json)
Hash identifier:          sZVekYH0lnyQrwkjPmHgYKbukfVk03AtK4DNYJI9l9w=
Subject key identifier:   33:E0:FB:EB:9A:8A:2D:AE:6B:A7:1F:7C:1B:01:22:CE:38:A9:59:5D
Certificate issuer:       /CN=4eaf14b67e051cfbd5e1b1d51693d44682392792
Certificate serial:       019433C50B9C61AF9459FEF04FD73DA90550
Authority key identifier: 4E:AF:14:B6:7E:05:1C:FB:D5:E1:B1:D5:16:93:D4:46:82:39:27:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tq8Utn4FHPvV4bHVFpPURoI5J5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/8cf51c-54d7-4c3a-90c4-bd512ed58f78/1/M-D765qKLa5rpx98GwEizjipWV0.roa
Signing time:             Sun 05 Jan 2025 00:02:19 +0000
ROA not before:           Sun 05 Jan 2025 00:02:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64289
IP address blocks:        2001:67c:e74::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/8cf51c-54d7-4c3a-90c4-bd512ed58f78/1/Tq8Utn4FHPvV4bHVFpPURoI5J5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/8cf51c-54d7-4c3a-90c4-bd512ed58f78/1/Tq8Utn4FHPvV4bHVFpPURoI5J5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tq8Utn4FHPvV4bHVFpPURoI5J5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:33:c5:0b:9c:61:af:94:59:fe:f0:4f:d7:3d:a9:05:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4eaf14b67e051cfbd5e1b1d51693d44682392792
        Validity
            Not Before: Jan  5 00:02:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33e0fbeb9a8a2dae6ba71f7c1b0122ce38a9595d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7d:c0:a6:c6:85:1b:fc:4c:8f:b8:97:d7:c5:
                    dc:58:8a:8e:7f:99:11:3b:48:e2:bb:9c:61:1b:cc:
                    eb:0e:06:7e:b3:29:4f:c9:1b:4c:3f:54:55:bd:33:
                    8f:76:1e:c5:8f:5c:a7:87:25:da:1a:b1:b6:75:ce:
                    d0:fe:ee:af:29:a0:43:0e:a9:c5:c4:4b:c5:08:e9:
                    17:71:f0:20:d3:45:23:c1:cc:fb:ac:25:28:46:40:
                    25:a0:1b:f8:7f:11:92:c6:04:c9:1f:11:c2:08:2c:
                    12:b4:f3:04:c5:e5:4c:a2:cb:c1:cb:d3:ed:9e:1c:
                    04:e0:39:50:a2:18:fa:7d:38:a3:f8:53:80:58:8a:
                    e8:22:d9:be:6e:b0:42:ae:f0:5a:af:c8:57:d9:7f:
                    e2:0c:0f:0f:72:b2:c6:8a:3b:06:7d:e0:0d:5b:2c:
                    b8:c4:83:f0:59:9b:ae:7b:40:bf:33:96:bd:d8:d9:
                    b4:aa:74:24:f7:63:01:37:da:e1:6a:d3:a2:36:7a:
                    ee:82:cb:11:18:7c:b8:06:18:66:25:04:f8:b8:7f:
                    2f:a7:68:e0:26:0e:59:87:42:40:fa:6f:2a:d1:ba:
                    f7:55:7e:c5:9a:e0:cc:37:f2:3a:e0:b2:99:3d:5e:
                    71:64:5d:dc:e5:6c:0c:fc:eb:b7:c0:43:67:ad:90:
                    5f:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:E0:FB:EB:9A:8A:2D:AE:6B:A7:1F:7C:1B:01:22:CE:38:A9:59:5D
            X509v3 Authority Key Identifier:
                keyid:4E:AF:14:B6:7E:05:1C:FB:D5:E1:B1:D5:16:93:D4:46:82:39:27:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tq8Utn4FHPvV4bHVFpPURoI5J5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/8cf51c-54d7-4c3a-90c4-bd512ed58f78/1/M-D765qKLa5rpx98GwEizjipWV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/8cf51c-54d7-4c3a-90c4-bd512ed58f78/1/Tq8Utn4FHPvV4bHVFpPURoI5J5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e74::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:42:4b:97:2a:02:b3:71:74:12:03:ed:84:c2:2d:29:b9:96:
         7f:0b:04:f0:d9:3f:01:22:2c:3e:6c:02:5b:74:cc:e2:e3:af:
         49:d1:8e:fe:20:96:d3:14:d1:45:d5:bc:d4:13:d3:49:0c:6d:
         6c:8e:fd:a4:c4:b0:fa:2b:e2:cc:4a:cf:c7:1e:89:13:0f:22:
         1d:14:18:ac:4e:f8:01:32:a7:40:5c:90:dc:66:2f:eb:9a:c6:
         8c:59:40:4b:60:06:c7:8b:03:90:01:02:81:b2:5c:3e:d5:2f:
         5e:c3:47:b7:93:7d:0a:32:1c:a3:fe:33:53:fe:96:f9:8d:e2:
         fe:4e:73:ff:2c:27:2a:de:04:65:8d:21:aa:6c:40:06:b9:56:
         10:3e:f5:90:32:6b:39:7a:b3:90:65:1b:ec:c2:14:50:7f:00:
         23:fa:11:c5:96:4e:91:e0:a4:8e:5e:d3:32:0d:b2:86:12:3c:
         01:3b:93:e5:17:8f:55:0c:33:70:23:62:3e:a0:f6:46:95:1d:
         c7:93:81:52:66:0a:b2:ca:d2:c0:e3:fb:08:c3:e5:6a:91:aa:
         40:ee:ce:b0:23:b6:bf:e5:72:b4:48:70:1d:14:ad:6d:18:ba:
         2c:88:16:d8:09:f4:27:8f:e0:5f:7b:1e:96:2e:c1:7a:f5:55:
         42:48:f2:6b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQzxQucYa+UWf7wT9c9qQVQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlYWYxNGI2N2UwNTFjZmJkNWUxYjFkNTE2OTNkNDQ2ODIz
OTI3OTIwHhcNMjUwMTA1MDAwMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2UwZmJlYjlhOGEyZGFlNmJhNzFmN2MxYjAxMjJjZTM4YTk1OTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvn3ApsaFG/xMj7iX18XcWIqOf5kR
O0jiu5xhG8zrDgZ+sylPyRtMP1RVvTOPdh7Fj1ynhyXaGrG2dc7Q/u6vKaBDDqnF
xEvFCOkXcfAg00Ujwcz7rCUoRkAloBv4fxGSxgTJHxHCCCwStPMExeVMosvBy9Pt
nhwE4DlQohj6fTij+FOAWIroItm+brBCrvBar8hX2X/iDA8PcrLGijsGfeANWyy4
xIPwWZuue0C/M5a92Nm0qnQk92MBN9rhatOiNnrugssRGHy4BhhmJQT4uH8vp2jg
Jg5Zh0JA+m8q0br3VX7FmuDMN/I64LKZPV5xZF3c5WwM/Ou3wENnrZBfkwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDPg++uaii2ua6cffBsBIs44qVldMB8GA1UdIwQY
MBaAFE6vFLZ+BRz71eGx1RaT1EaCOSeSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHE4VXRuNEZIUHZWNGJIVkZwUFVSb0k1SjVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS84Y2Y1MWMtNTRkNy00YzNhLTkwYzQt
YmQ1MTJlZDU4Zjc4LzEvTS1ENzY1cUtMYTVycHg5OEd3RWl6amlwV1YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS84Y2Y1MWMtNTRkNy00YzNhLTkwYzQtYmQ1MTJlZDU4Zjc4
LzEvVHE4VXRuNEZIUHZWNGJIVkZwUFVSb0k1SjVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA50
MA0GCSqGSIb3DQEBCwUAA4IBAQAcQkuXKgKzcXQSA+2Ewi0puZZ/CwTw2T8BIiw+
bAJbdMzi469J0Y7+IJbTFNFF1bzUE9NJDG1sjv2kxLD6K+LMSs/HHokTDyIdFBis
TvgBMqdAXJDcZi/rmsaMWUBLYAbHiwOQAQKBslw+1S9ew0e3k30KMhyj/jNT/pb5
jeL+TnP/LCcq3gRljSGqbEAGuVYQPvWQMms5erOQZRvswhRQfwAj+hHFlk6R4KSO
XtMyDbKGEjwBO5PlF49VDDNwI2I+oPZGlR3Hk4FSZgqyytLA4/sIw+VqkapA7s6w
I7a/5XK0SHAdFK1tGLosiBbYCfQnj+Bfex6WLsF69VVCSPJr
-----END CERTIFICATE-----