Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/917d50-fc64-4b3e-91e9-a31893b0eafc/1/SGExsZYw7zZNQMmCejqPLZCEzR4.roa
File:                     SGExsZYw7zZNQMmCejqPLZCEzR4.roa (raw, json)
Hash identifier:          lywDbb/BT202qwVyQW4Rrl3AkbHkGjJUpz5yvpYCOaU=
Subject key identifier:   48:61:31:B1:96:30:EF:36:4D:40:C9:82:7A:3A:8F:2D:90:84:CD:1E
Certificate issuer:       /CN=7008acce90d475a0faa11d285486a453520b81f0
Certificate serial:       0197D4557FFFD766E4BF45165B18AE075AA4
Authority key identifier: 70:08:AC:CE:90:D4:75:A0:FA:A1:1D:28:54:86:A4:53:52:0B:81:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cAiszpDUdaD6oR0oVIakU1ILgfA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/917d50-fc64-4b3e-91e9-a31893b0eafc/1/SGExsZYw7zZNQMmCejqPLZCEzR4.roa
Signing time:             Fri 04 Jul 2025 07:27:42 +0000
ROA not before:           Fri 04 Jul 2025 07:27:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210434
IP address blocks:        2001:67c:16cc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/917d50-fc64-4b3e-91e9-a31893b0eafc/1/cAiszpDUdaD6oR0oVIakU1ILgfA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/917d50-fc64-4b3e-91e9-a31893b0eafc/1/cAiszpDUdaD6oR0oVIakU1ILgfA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cAiszpDUdaD6oR0oVIakU1ILgfA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d4:55:7f:ff:d7:66:e4:bf:45:16:5b:18:ae:07:5a:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7008acce90d475a0faa11d285486a453520b81f0
        Validity
            Not Before: Jul  4 07:27:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=486131b19630ef364d40c9827a3a8f2d9084cd1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:20:26:9e:00:fa:81:32:0f:ce:26:d5:dc:4d:
                    90:5a:82:37:2d:fb:fe:24:a2:d4:58:aa:ef:fb:e1:
                    eb:8a:c1:11:21:e8:f2:97:33:31:fb:0e:1c:98:d7:
                    2c:6c:9f:1a:89:be:b8:3b:16:b4:4d:d1:0b:e1:01:
                    74:2d:0b:80:3d:89:70:f0:66:ff:8f:6a:76:53:2a:
                    cb:cd:f7:cc:32:b9:5b:f2:0c:53:68:09:1f:f6:92:
                    c1:61:dc:4c:ed:05:ed:13:bd:1f:a9:37:6a:91:b5:
                    5a:cb:04:e7:59:43:b4:a4:20:ea:97:4b:2e:72:83:
                    42:15:7f:23:3e:82:48:9a:18:8e:9c:64:9a:62:8c:
                    3f:1e:71:03:c4:8d:c9:24:ef:b8:f5:e4:59:5a:b2:
                    c8:cf:3b:00:5b:82:f5:40:07:94:bd:70:8c:2b:0d:
                    e8:8a:8f:0d:45:72:cb:50:49:31:67:c5:77:7b:4e:
                    08:18:e9:be:a4:fc:7f:98:97:2c:e1:8f:d2:58:c8:
                    5c:1a:fb:c7:16:8a:f9:95:08:09:48:c9:26:97:c2:
                    3d:ca:2b:aa:cb:d2:8b:b4:34:eb:98:ab:17:e0:9b:
                    e8:5b:dd:f2:da:c0:51:5c:69:88:a4:d6:17:ad:d9:
                    05:4a:a6:92:f0:f7:f1:ef:05:bd:86:af:a7:a0:4b:
                    6d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:61:31:B1:96:30:EF:36:4D:40:C9:82:7A:3A:8F:2D:90:84:CD:1E
            X509v3 Authority Key Identifier:
                keyid:70:08:AC:CE:90:D4:75:A0:FA:A1:1D:28:54:86:A4:53:52:0B:81:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cAiszpDUdaD6oR0oVIakU1ILgfA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/917d50-fc64-4b3e-91e9-a31893b0eafc/1/SGExsZYw7zZNQMmCejqPLZCEzR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/917d50-fc64-4b3e-91e9-a31893b0eafc/1/cAiszpDUdaD6oR0oVIakU1ILgfA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:16cc::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:13:2e:bf:c9:3e:59:9f:e4:10:95:12:71:3e:7e:df:90:0d:
         24:5c:23:c4:ea:e9:e4:92:42:4a:9d:1b:b9:a0:99:18:86:86:
         7b:ea:73:64:52:06:ac:d3:dc:5a:db:db:4d:e6:91:96:28:4b:
         c6:b0:43:49:4d:9a:66:61:6b:f3:0d:93:ad:72:80:69:20:63:
         15:ef:89:9f:5c:9b:fa:1c:8b:df:e5:97:6a:a4:4a:f2:82:bd:
         78:1a:19:57:3b:ac:56:6c:b0:7b:1c:81:c3:4e:5d:30:52:dc:
         d5:58:1e:60:95:82:0e:07:81:ee:a9:1c:c5:9f:64:f4:d4:c7:
         d0:d2:ac:32:a2:d8:fd:67:b2:91:35:fe:c0:96:b8:10:df:c8:
         ee:3e:8e:b4:d3:f1:f4:d1:10:36:3f:96:ba:83:4a:bd:05:b0:
         ae:1c:34:36:5f:8d:f3:de:87:1c:08:b9:a8:87:1f:97:18:fa:
         87:12:10:a0:a3:52:db:15:1c:e8:d8:7c:b2:e1:19:8c:17:db:
         b2:bb:b0:6c:86:08:b7:0d:04:b9:47:ff:6b:15:21:73:3c:5d:
         b2:c9:06:90:7c:ef:3e:b9:f0:1c:e2:80:b7:87:f9:25:6d:03:
         c7:2a:80:65:4e:59:44:d1:c9:6b:fa:83:11:2e:dd:70:6e:5d:
         8d:da:25:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZfUVX//12bkv0UWWxiuB1qkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMDhhY2NlOTBkNDc1YTBmYWExMWQyODU0ODZhNDUzNTIw
YjgxZjAwHhcNMjUwNzA0MDcyNzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODYxMzFiMTk2MzBlZjM2NGQ0MGM5ODI3YTNhOGYyZDkwODRjZDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyAmngD6gTIPzibV3E2QWoI3Lfv+
JKLUWKrv++HrisERIejylzMx+w4cmNcsbJ8aib64Oxa0TdEL4QF0LQuAPYlw8Gb/
j2p2UyrLzffMMrlb8gxTaAkf9pLBYdxM7QXtE70fqTdqkbVaywTnWUO0pCDql0su
coNCFX8jPoJImhiOnGSaYow/HnEDxI3JJO+49eRZWrLIzzsAW4L1QAeUvXCMKw3o
io8NRXLLUEkxZ8V3e04IGOm+pPx/mJcs4Y/SWMhcGvvHFor5lQgJSMkml8I9yiuq
y9KLtDTrmKsX4JvoW93y2sBRXGmIpNYXrdkFSqaS8Pfx7wW9hq+noEttxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEhhMbGWMO82TUDJgno6jy2QhM0eMB8GA1UdIwQY
MBaAFHAIrM6Q1HWg+qEdKFSGpFNSC4HwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0Fpc3pwRFVkYUQ2b1Iwb1ZJYWtVMUlMZ2ZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy85MTdkNTAtZmM2NC00YjNlLTkxZTkt
YTMxODkzYjBlYWZjLzEvU0dFeHNaWXc3elpOUU1tQ2VqcVBMWkNFelI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy85MTdkNTAtZmM2NC00YjNlLTkxZTktYTMxODkzYjBlYWZj
LzEvY0Fpc3pwRFVkYUQ2b1Iwb1ZJYWtVMUlMZ2ZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBbM
MA0GCSqGSIb3DQEBCwUAA4IBAQCIEy6/yT5Zn+QQlRJxPn7fkA0kXCPE6unkkkJK
nRu5oJkYhoZ76nNkUgas09xa29tN5pGWKEvGsENJTZpmYWvzDZOtcoBpIGMV74mf
XJv6HIvf5ZdqpErygr14GhlXO6xWbLB7HIHDTl0wUtzVWB5glYIOB4HuqRzFn2T0
1MfQ0qwyotj9Z7KRNf7AlrgQ38juPo600/H00RA2P5a6g0q9BbCuHDQ2X43z3occ
CLmohx+XGPqHEhCgo1LbFRzo2Hyy4RmMF9uyu7Bshgi3DQS5R/9rFSFzPF2yyQaQ
fO8+ufAc4oC3h/klbQPHKoBlTllE0clr+oMRLt1wbl2N2iUN
-----END CERTIFICATE-----