Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/4ef1a8-6790-44dd-9d24-88e2adc2030b/1/z7Y6upJ_TkHMEGYoplQxNU1SqZQ.roa
File:                     z7Y6upJ_TkHMEGYoplQxNU1SqZQ.roa (raw, json)
Hash identifier:          g8ersIEKF+DbLZ7cbrjxi/sIsUM2GOmUMJe3QIftaDQ=
Subject key identifier:   CF:B6:3A:BA:92:7F:4E:41:CC:10:66:28:A6:54:31:35:4D:52:A9:94
Certificate issuer:       /CN=d6e04d509ed1e9cdb354b745999db9417a8cb873
Certificate serial:       01942143C0AC924B8BF7F4328E7F021B2314
Authority key identifier: D6:E0:4D:50:9E:D1:E9:CD:B3:54:B7:45:99:9D:B9:41:7A:8C:B8:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1uBNUJ7R6c2zVLdFmZ25QXqMuHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/4ef1a8-6790-44dd-9d24-88e2adc2030b/1/z7Y6upJ_TkHMEGYoplQxNU1SqZQ.roa
Signing time:             Wed 01 Jan 2025 09:47:55 +0000
ROA not before:           Wed 01 Jan 2025 09:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49283
IP address blocks:        2001:67c:27b0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/4ef1a8-6790-44dd-9d24-88e2adc2030b/1/1uBNUJ7R6c2zVLdFmZ25QXqMuHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/4ef1a8-6790-44dd-9d24-88e2adc2030b/1/1uBNUJ7R6c2zVLdFmZ25QXqMuHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1uBNUJ7R6c2zVLdFmZ25QXqMuHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:c0:ac:92:4b:8b:f7:f4:32:8e:7f:02:1b:23:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6e04d509ed1e9cdb354b745999db9417a8cb873
        Validity
            Not Before: Jan  1 09:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cfb63aba927f4e41cc106628a65431354d52a994
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:75:bc:3e:0f:ef:65:da:1d:55:27:50:e1:4d:
                    06:49:28:0e:0c:1e:f1:0c:89:d3:71:25:e5:e7:ce:
                    6c:bc:e6:d0:ec:1c:4b:ff:91:0e:04:dd:87:34:64:
                    b8:31:8f:92:75:e0:3e:98:d0:f7:ff:bc:ad:2a:43:
                    77:6a:d5:fc:44:04:71:c5:23:32:5c:b9:fa:ee:c7:
                    d2:56:69:7e:72:d0:16:4e:08:e4:e4:89:62:8c:32:
                    0f:e1:bc:fa:ef:a4:2b:13:ec:ee:b4:d5:a1:fa:80:
                    aa:4a:48:9c:fc:26:33:c3:8b:04:a1:d9:50:68:3d:
                    c1:b9:09:6a:cf:a0:64:07:e4:a1:1b:6c:9a:dc:cd:
                    5c:9c:6a:8e:d5:a2:7b:47:79:d3:71:8c:aa:c5:18:
                    8a:6c:b6:6a:99:11:8d:78:90:3d:94:5f:f9:26:55:
                    24:b5:1f:f4:52:14:ea:31:fd:2a:d5:a8:d4:74:78:
                    8a:a7:7d:62:5f:35:38:45:7e:de:2a:f3:5a:36:fa:
                    35:10:dd:08:f9:c3:2b:4b:3b:f9:2f:e2:c9:f5:09:
                    bb:52:ca:fb:13:91:f7:45:5a:0b:80:79:8e:60:cf:
                    e8:47:cc:f8:e5:0b:b8:b7:a7:1d:d9:7f:d1:67:cb:
                    48:7d:2e:56:9e:1e:2f:58:df:32:05:26:07:84:d4:
                    7b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:B6:3A:BA:92:7F:4E:41:CC:10:66:28:A6:54:31:35:4D:52:A9:94
            X509v3 Authority Key Identifier:
                keyid:D6:E0:4D:50:9E:D1:E9:CD:B3:54:B7:45:99:9D:B9:41:7A:8C:B8:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1uBNUJ7R6c2zVLdFmZ25QXqMuHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/4ef1a8-6790-44dd-9d24-88e2adc2030b/1/z7Y6upJ_TkHMEGYoplQxNU1SqZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/4ef1a8-6790-44dd-9d24-88e2adc2030b/1/1uBNUJ7R6c2zVLdFmZ25QXqMuHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:27b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:7c:cf:ba:c6:a7:af:6b:fa:5f:8f:df:b5:05:f0:f8:5c:c2:
         92:0e:23:c7:49:0a:d9:a7:24:bb:6e:5c:73:45:0d:55:a3:b6:
         71:13:19:fe:56:69:0c:09:b4:e4:dd:02:14:b5:66:94:fd:96:
         43:19:28:75:65:42:d9:4d:39:69:2b:51:34:a3:6e:fa:97:d3:
         99:09:a9:68:7a:47:12:7d:de:e7:05:01:a2:93:21:24:f3:4d:
         58:39:8c:21:c9:56:ce:82:4e:67:69:f2:2c:6a:cd:a2:82:4f:
         34:02:43:59:38:8f:6e:3f:ae:7d:1d:4d:bd:2f:22:62:df:bc:
         1e:52:96:9d:a7:83:bd:79:af:79:ca:e5:88:fd:85:95:6a:6f:
         b1:c1:07:44:26:c9:5d:82:6e:d0:48:c7:62:4c:23:b7:9a:b6:
         20:8f:58:4c:13:a1:13:ef:8a:da:e6:78:d0:0e:fe:b5:6c:14:
         36:bb:41:73:8c:3c:d7:95:15:92:82:8b:da:80:c9:13:6e:c3:
         3c:e0:f8:ba:9e:98:13:a5:4e:87:dd:f8:5a:d8:75:79:9f:57:
         eb:8b:60:73:96:35:c9:f6:4f:ec:6d:71:8f:7f:cc:b4:f5:ba:
         52:f8:dc:47:92:c0:01:0a:5a:42:00:cb:c6:b6:fd:3a:32:03:
         3e:e0:30:ce
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhQ8CskkuL9/Qyjn8CGyMUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZTA0ZDUwOWVkMWU5Y2RiMzU0Yjc0NTk5OWRiOTQxN2E4
Y2I4NzMwHhcNMjUwMTAxMDk0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmI2M2FiYTkyN2Y0ZTQxY2MxMDY2MjhhNjU0MzEzNTRkNTJhOTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnW8Pg/vZdodVSdQ4U0GSSgODB7x
DInTcSXl585svObQ7BxL/5EOBN2HNGS4MY+SdeA+mND3/7ytKkN3atX8RARxxSMy
XLn67sfSVml+ctAWTgjk5IlijDIP4bz676QrE+zutNWh+oCqSkic/CYzw4sEodlQ
aD3BuQlqz6BkB+ShG2ya3M1cnGqO1aJ7R3nTcYyqxRiKbLZqmRGNeJA9lF/5JlUk
tR/0UhTqMf0q1ajUdHiKp31iXzU4RX7eKvNaNvo1EN0I+cMrSzv5L+LJ9Qm7Usr7
E5H3RVoLgHmOYM/oR8z45Qu4t6cd2X/RZ8tIfS5Wnh4vWN8yBSYHhNR7uQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM+2OrqSf05BzBBmKKZUMTVNUqmUMB8GA1UdIwQY
MBaAFNbgTVCe0enNs1S3RZmduUF6jLhzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXVCTlVKN1I2YzJ6VkxkRm1aMjVRWHFNdUhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS80ZWYxYTgtNjc5MC00NGRkLTlkMjQt
ODhlMmFkYzIwMzBiLzEvejdZNnVwSl9Ua0hNRUdZb3BsUXhOVTFTcVpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS80ZWYxYTgtNjc5MC00NGRkLTlkMjQtODhlMmFkYzIwMzBi
LzEvMXVCTlVKN1I2YzJ6VkxkRm1aMjVRWHFNdUhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCew
MA0GCSqGSIb3DQEBCwUAA4IBAQBCfM+6xqeva/pfj9+1BfD4XMKSDiPHSQrZpyS7
blxzRQ1Vo7ZxExn+VmkMCbTk3QIUtWaU/ZZDGSh1ZULZTTlpK1E0o276l9OZCalo
ekcSfd7nBQGikyEk801YOYwhyVbOgk5nafIsas2igk80AkNZOI9uP659HU29LyJi
37weUpadp4O9ea95yuWI/YWVam+xwQdEJsldgm7QSMdiTCO3mrYgj1hME6ET74ra
5njQDv61bBQ2u0FzjDzXlRWSgovagMkTbsM84Pi6npgTpU6H3fha2HV5n1fri2Bz
ljXJ9k/sbXGPf8y09bpS+NxHksABClpCAMvGtv06MgM+4DDO
-----END CERTIFICATE-----