Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/80ed98-da84-4e4a-b86c-681862a18f0c/1/C7GNqkgz9p0zOIQbq1hmHpb1k10.roa
File:                     C7GNqkgz9p0zOIQbq1hmHpb1k10.roa (raw, json)
Hash identifier:          Ih5IZ06o7j/AaerWpaiGsplGlhC586fD+XGd+HNQexM=
Subject key identifier:   0B:B1:8D:AA:48:33:F6:9D:33:38:84:1B:AB:58:66:1E:96:F5:93:5D
Certificate issuer:       /CN=7dad62180863d722aaa4f0881e44378e3c808372
Certificate serial:       01963DE43F8760D485D434A0280E56EBC889
Authority key identifier: 7D:AD:62:18:08:63:D7:22:AA:A4:F0:88:1E:44:37:8E:3C:80:83:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fa1iGAhj1yKqpPCIHkQ3jjyAg3I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/80ed98-da84-4e4a-b86c-681862a18f0c/1/C7GNqkgz9p0zOIQbq1hmHpb1k10.roa
Signing time:             Wed 16 Apr 2025 09:18:10 +0000
ROA not before:           Wed 16 Apr 2025 09:18:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60275
IP address blocks:        2001:67c:2b10::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/80ed98-da84-4e4a-b86c-681862a18f0c/1/fa1iGAhj1yKqpPCIHkQ3jjyAg3I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/80ed98-da84-4e4a-b86c-681862a18f0c/1/fa1iGAhj1yKqpPCIHkQ3jjyAg3I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fa1iGAhj1yKqpPCIHkQ3jjyAg3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 21:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3d:e4:3f:87:60:d4:85:d4:34:a0:28:0e:56:eb:c8:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dad62180863d722aaa4f0881e44378e3c808372
        Validity
            Not Before: Apr 16 09:18:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0bb18daa4833f69d3338841bab58661e96f5935d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:3c:5b:b5:a2:1f:1c:e0:52:f1:05:d1:60:39:
                    14:f9:e2:b0:ef:82:c0:60:a5:56:34:c1:16:4b:5f:
                    00:34:15:77:52:f4:9c:9a:fe:64:51:df:4b:24:98:
                    bf:c9:02:92:73:55:b4:fb:4e:86:f1:05:33:4c:75:
                    bf:87:c1:33:25:f1:42:d6:a7:af:92:46:ea:bb:f1:
                    cd:ab:e7:f1:f2:46:88:f4:dc:ad:43:ce:0a:fa:4d:
                    50:21:f4:f2:f8:41:46:3a:8d:21:2b:54:f8:7d:e4:
                    e6:fb:f1:fe:e9:c5:71:de:ee:27:af:b5:a0:45:ee:
                    5f:03:d0:5d:b7:e3:b4:a7:80:47:e4:56:43:e1:19:
                    a2:bc:d3:c1:88:87:4e:34:90:c7:96:0d:3d:48:86:
                    4f:8f:cf:49:10:0f:36:4e:32:db:30:c8:93:12:dd:
                    45:8c:b7:1a:60:aa:b2:0c:69:42:66:98:29:b8:49:
                    e7:9b:33:eb:ea:48:c9:7f:dc:d8:6e:6a:e6:17:b0:
                    4f:03:70:fd:67:43:59:b5:c4:a7:ff:ae:05:54:0c:
                    23:0f:89:2f:59:5b:fa:0c:6f:9d:b8:b4:11:c0:47:
                    01:44:ff:f4:29:f8:21:cd:36:46:6c:90:8b:c3:d3:
                    15:e0:6e:34:3d:2c:27:d2:17:91:86:55:bc:2e:64:
                    dd:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:B1:8D:AA:48:33:F6:9D:33:38:84:1B:AB:58:66:1E:96:F5:93:5D
            X509v3 Authority Key Identifier:
                keyid:7D:AD:62:18:08:63:D7:22:AA:A4:F0:88:1E:44:37:8E:3C:80:83:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa1iGAhj1yKqpPCIHkQ3jjyAg3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/80ed98-da84-4e4a-b86c-681862a18f0c/1/C7GNqkgz9p0zOIQbq1hmHpb1k10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/80ed98-da84-4e4a-b86c-681862a18f0c/1/fa1iGAhj1yKqpPCIHkQ3jjyAg3I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2b10::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:f9:92:6b:e3:62:e1:46:7d:dd:60:21:0b:0e:3b:35:ad:c9:
         a7:1e:25:e2:a4:25:a5:f8:ce:64:a2:9b:2f:47:c8:c9:bf:10:
         1d:d1:db:a4:d5:6f:a6:eb:01:a7:4d:b9:16:f6:a9:76:93:11:
         6a:e2:0a:e7:8b:bd:36:3a:cd:9c:4f:2f:44:95:24:99:75:21:
         0b:e6:d1:57:86:a9:11:ee:de:fd:80:80:e4:a9:42:30:27:64:
         cd:0c:f8:52:5c:5c:70:69:7f:8b:94:25:f2:bc:6d:e7:77:9f:
         86:d4:fa:0a:fe:6a:99:31:89:63:61:27:35:94:82:d0:96:4e:
         ab:55:d9:6a:25:50:72:ee:f4:0b:f1:e4:c7:41:2a:78:b1:e1:
         4c:bb:90:51:fb:aa:a2:f9:bb:5f:70:1c:ff:57:86:48:7e:eb:
         bf:9b:d2:95:f6:1e:4a:c5:99:2c:1e:66:c5:75:7d:56:45:52:
         fb:14:0e:bb:32:6d:31:84:d4:9e:a9:7e:d3:a3:b1:3a:15:87:
         c0:75:a0:59:c1:95:e1:57:9e:ca:bf:60:fe:72:99:a3:49:05:
         3c:cf:3d:2f:d9:de:4c:e7:a5:63:76:1f:8e:27:f7:70:b7:30:
         21:a4:44:cb:fb:fd:6e:1a:69:5e:40:2e:93:46:b7:d4:1a:aa:
         07:0f:8b:fc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZY95D+HYNSF1DSgKA5W68iJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYWQ2MjE4MDg2M2Q3MjJhYWE0ZjA4ODFlNDQzNzhlM2M4
MDgzNzIwHhcNMjUwNDE2MDkxODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmIxOGRhYTQ4MzNmNjlkMzMzODg0MWJhYjU4NjYxZTk2ZjU5MzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1TxbtaIfHOBS8QXRYDkU+eKw74LA
YKVWNMEWS18ANBV3UvScmv5kUd9LJJi/yQKSc1W0+06G8QUzTHW/h8EzJfFC1qev
kkbqu/HNq+fx8kaI9NytQ84K+k1QIfTy+EFGOo0hK1T4feTm+/H+6cVx3u4nr7Wg
Re5fA9Bdt+O0p4BH5FZD4RmivNPBiIdONJDHlg09SIZPj89JEA82TjLbMMiTEt1F
jLcaYKqyDGlCZpgpuEnnmzPr6kjJf9zYbmrmF7BPA3D9Z0NZtcSn/64FVAwjD4kv
WVv6DG+duLQRwEcBRP/0KfghzTZGbJCLw9MV4G40PSwn0heRhlW8LmTd4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAuxjapIM/adMziEG6tYZh6W9ZNdMB8GA1UdIwQY
MBaAFH2tYhgIY9ciqqTwiB5EN448gINyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmExaUdBaGoxeUtxcFBDSUhrUTNqanlBZzNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy84MGVkOTgtZGE4NC00ZTRhLWI4NmMt
NjgxODYyYTE4ZjBjLzEvQzdHTnFrZ3o5cDB6T0lRYnExaG1IcGIxazEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy84MGVkOTgtZGE4NC00ZTRhLWI4NmMtNjgxODYyYTE4ZjBj
LzEvZmExaUdBaGoxeUtxcFBDSUhrUTNqanlBZzNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCsQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA9+ZJr42LhRn3dYCELDjs1rcmnHiXipCWl+M5k
opsvR8jJvxAd0duk1W+m6wGnTbkW9ql2kxFq4grni702Os2cTy9ElSSZdSEL5tFX
hqkR7t79gIDkqUIwJ2TNDPhSXFxwaX+LlCXyvG3nd5+G1PoK/mqZMYljYSc1lILQ
lk6rVdlqJVBy7vQL8eTHQSp4seFMu5BR+6qi+btfcBz/V4ZIfuu/m9KV9h5KxZks
HmbFdX1WRVL7FA67Mm0xhNSeqX7To7E6FYfAdaBZwZXhV57Kv2D+cpmjSQU8zz0v
2d5M56Vjdh+OJ/dwtzAhpETL+/1uGmleQC6TRrfUGqoHD4v8
-----END CERTIFICATE-----