Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/119402-b9bb-4374-bfea-988e770b015b/1/2DvVU95orox5IeGSdibufOYyF_M.roa
File:                     2DvVU95orox5IeGSdibufOYyF_M.roa (raw, json)
Hash identifier:          zYc2kejhvwZAMUP9rtgZ0VImRS6xXrZBfW+6RhgOP2c=
Subject key identifier:   D8:3B:D5:53:DE:68:AE:8C:79:21:E1:92:76:26:EE:7C:E6:32:17:F3
Certificate issuer:       /CN=7ce9782325d3054cb6956ad22704530de92a0f05
Certificate serial:       0194221FF1D6A5AEC2FB8F6F9CF135643FEA
Authority key identifier: 7C:E9:78:23:25:D3:05:4C:B6:95:6A:D2:27:04:53:0D:E9:2A:0F:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fOl4IyXTBUy2lWrSJwRTDekqDwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/119402-b9bb-4374-bfea-988e770b015b/1/2DvVU95orox5IeGSdibufOYyF_M.roa
Signing time:             Wed 01 Jan 2025 13:48:26 +0000
ROA not before:           Wed 01 Jan 2025 13:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2001:67c:e0c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/119402-b9bb-4374-bfea-988e770b015b/1/fOl4IyXTBUy2lWrSJwRTDekqDwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/119402-b9bb-4374-bfea-988e770b015b/1/fOl4IyXTBUy2lWrSJwRTDekqDwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fOl4IyXTBUy2lWrSJwRTDekqDwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f1:d6:a5:ae:c2:fb:8f:6f:9c:f1:35:64:3f:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ce9782325d3054cb6956ad22704530de92a0f05
        Validity
            Not Before: Jan  1 13:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d83bd553de68ae8c7921e1927626ee7ce63217f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6d:57:51:cb:58:99:e4:ac:ff:4a:9e:3e:20:
                    c1:6b:7a:3c:60:8a:5b:ec:b2:df:d9:2e:37:63:3e:
                    91:3d:cf:93:91:81:7a:54:f4:18:3b:94:ed:31:8e:
                    22:b1:ce:91:4c:4e:7a:a0:ef:67:c6:c3:38:54:e6:
                    5c:29:15:62:fe:4f:1c:73:d7:6a:8e:1f:66:7c:43:
                    36:da:0d:5d:07:f2:aa:5b:c0:14:90:cd:db:a2:83:
                    0b:c9:d3:eb:43:aa:10:b2:f9:aa:6a:65:38:47:61:
                    18:7a:f7:c4:bc:63:db:28:1b:83:5b:a9:8d:b7:cd:
                    62:c0:10:96:61:c7:f0:60:35:e8:91:40:f3:6e:08:
                    d6:34:cc:15:6b:99:ce:b5:8a:78:2f:73:11:28:1f:
                    ef:46:cc:ce:54:31:11:13:ea:cc:b8:63:3b:2f:f5:
                    44:0a:bf:6c:26:09:bb:8e:84:9e:43:b3:14:82:78:
                    3f:43:e7:ea:06:d0:de:23:ee:ff:5b:d3:fb:eb:b0:
                    c9:c8:93:57:8f:34:06:2c:ba:dc:74:69:94:fd:d5:
                    e9:87:b9:94:97:45:86:0f:73:01:aa:b6:cf:14:d9:
                    b4:8d:ea:85:8f:9f:5e:3d:f3:53:63:cc:33:d4:f7:
                    ab:61:74:9f:04:c4:15:2e:eb:ea:18:5b:5a:86:01:
                    9c:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:3B:D5:53:DE:68:AE:8C:79:21:E1:92:76:26:EE:7C:E6:32:17:F3
            X509v3 Authority Key Identifier:
                keyid:7C:E9:78:23:25:D3:05:4C:B6:95:6A:D2:27:04:53:0D:E9:2A:0F:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fOl4IyXTBUy2lWrSJwRTDekqDwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/119402-b9bb-4374-bfea-988e770b015b/1/2DvVU95orox5IeGSdibufOYyF_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/119402-b9bb-4374-bfea-988e770b015b/1/fOl4IyXTBUy2lWrSJwRTDekqDwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e0c::/48

    Signature Algorithm: sha256WithRSAEncryption
         d0:ee:d8:5e:fc:d0:e1:46:4d:d3:1c:52:ee:e2:bc:09:79:c4:
         3f:2e:8b:ae:da:22:d4:4d:4d:cd:4d:c1:64:ac:38:f5:1a:4c:
         c0:4f:e6:4d:a2:72:8e:50:e5:b6:95:cf:f4:99:b6:2f:51:fe:
         ce:88:3c:0f:62:3f:a6:93:22:1f:a3:36:53:0c:09:d6:b3:cb:
         d0:88:fb:d7:a9:63:f2:8c:a9:5c:f0:14:6f:0c:93:b8:ac:5f:
         d4:ab:84:1a:e5:84:92:3e:f9:7c:6d:fe:13:bb:fe:b5:e5:68:
         a5:f4:4e:d6:a7:5c:52:65:b9:bb:2f:03:69:06:66:9f:39:3d:
         c6:39:8a:f7:98:db:71:81:d4:65:48:94:c4:3e:8e:af:30:0c:
         62:53:4f:ea:3d:6c:4f:37:86:05:68:18:77:91:54:c8:84:d3:
         7a:29:ee:2e:b4:3c:bc:ca:32:84:64:24:03:2b:9a:38:82:ea:
         bb:3d:7c:85:dc:a1:af:58:8e:57:9d:bb:e4:68:3a:66:a5:a0:
         9b:3e:31:1b:10:b2:be:8e:3e:81:da:84:6e:79:9b:ca:81:43:
         ee:93:a7:3f:d6:c6:da:33:c9:77:69:a5:1d:e6:64:e6:f1:c6:
         8c:f8:78:9e:4d:1a:00:f7:f9:35:60:88:fa:10:94:46:20:aa:
         26:82:30:44
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH/HWpa7C+49vnPE1ZD/qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjZTk3ODIzMjVkMzA1NGNiNjk1NmFkMjI3MDQ1MzBkZTky
YTBmMDUwHhcNMjUwMTAxMTM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODNiZDU1M2RlNjhhZThjNzkyMWUxOTI3NjI2ZWU3Y2U2MzIxN2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwG1XUctYmeSs/0qePiDBa3o8YIpb
7LLf2S43Yz6RPc+TkYF6VPQYO5TtMY4isc6RTE56oO9nxsM4VOZcKRVi/k8cc9dq
jh9mfEM22g1dB/KqW8AUkM3booMLydPrQ6oQsvmqamU4R2EYevfEvGPbKBuDW6mN
t81iwBCWYcfwYDXokUDzbgjWNMwVa5nOtYp4L3MRKB/vRszOVDERE+rMuGM7L/VE
Cr9sJgm7joSeQ7MUgng/Q+fqBtDeI+7/W9P767DJyJNXjzQGLLrcdGmU/dXph7mU
l0WGD3MBqrbPFNm0jeqFj59ePfNTY8wz1PerYXSfBMQVLuvqGFtahgGc8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNg71VPeaK6MeSHhknYm7nzmMhfzMB8GA1UdIwQY
MBaAFHzpeCMl0wVMtpVq0icEUw3pKg8FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk9sNEl5WFRCVXkybFdyU0p3UlREZWtxRHdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8xMTk0MDItYjliYi00Mzc0LWJmZWEt
OTg4ZTc3MGIwMTViLzEvMkR2VlU5NW9yb3g1SWVHU2RpYnVmT1l5Rl9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8xMTk0MDItYjliYi00Mzc0LWJmZWEtOTg4ZTc3MGIwMTVi
LzEvZk9sNEl5WFRCVXkybFdyU0p3UlREZWtxRHdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA4M
MA0GCSqGSIb3DQEBCwUAA4IBAQDQ7the/NDhRk3THFLu4rwJecQ/Louu2iLUTU3N
TcFkrDj1GkzAT+ZNonKOUOW2lc/0mbYvUf7OiDwPYj+mkyIfozZTDAnWs8vQiPvX
qWPyjKlc8BRvDJO4rF/Uq4Qa5YSSPvl8bf4Tu/615Wil9E7Wp1xSZbm7LwNpBmaf
OT3GOYr3mNtxgdRlSJTEPo6vMAxiU0/qPWxPN4YFaBh3kVTIhNN6Ke4utDy8yjKE
ZCQDK5o4guq7PXyF3KGvWI5XnbvkaDpmpaCbPjEbELK+jj6B2oRueZvKgUPuk6c/
1sbaM8l3aaUd5mTm8caM+HieTRoA9/k1YIj6EJRGIKomgjBE
-----END CERTIFICATE-----