Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/594e08-1665-4348-80a4-3be9a66972e7/1/Zw8tldKF4IamTYiqaUWTp-ORWaM.roa
File:                     Zw8tldKF4IamTYiqaUWTp-ORWaM.roa (raw, json)
Hash identifier:          +YY2MSi0DHjKWNmQtrNLuY1Ni5g7MizVHlrZ12WPMsk=
Subject key identifier:   67:0F:2D:95:D2:85:E0:86:A6:4D:88:AA:69:45:93:A7:E3:91:59:A3
Certificate issuer:       /CN=b63f9769df97b8b9aa88bd22e9f41cc27fcf16a7
Certificate serial:       0194228DAB1C31728BF7D5EEFC5AE095E5E7
Authority key identifier: B6:3F:97:69:DF:97:B8:B9:AA:88:BD:22:E9:F4:1C:C2:7F:CF:16:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tj-Xad-XuLmqiL0i6fQcwn_PFqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/594e08-1665-4348-80a4-3be9a66972e7/1/Zw8tldKF4IamTYiqaUWTp-ORWaM.roa
Signing time:             Wed 01 Jan 2025 15:48:17 +0000
ROA not before:           Wed 01 Jan 2025 15:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204181
IP address blocks:        2001:67c:a10::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/594e08-1665-4348-80a4-3be9a66972e7/1/tj-Xad-XuLmqiL0i6fQcwn_PFqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/594e08-1665-4348-80a4-3be9a66972e7/1/tj-Xad-XuLmqiL0i6fQcwn_PFqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tj-Xad-XuLmqiL0i6fQcwn_PFqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 12:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:ab:1c:31:72:8b:f7:d5:ee:fc:5a:e0:95:e5:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b63f9769df97b8b9aa88bd22e9f41cc27fcf16a7
        Validity
            Not Before: Jan  1 15:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=670f2d95d285e086a64d88aa694593a7e39159a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:2c:d0:c4:50:0d:e1:ad:c2:3b:ad:76:47:90:
                    e9:d5:e6:47:09:79:b1:c7:9e:17:2a:52:f9:2b:3d:
                    2e:3e:3f:1d:d1:ff:4e:b3:47:f6:bd:96:43:0c:0d:
                    ac:1b:b7:98:89:0d:6c:ac:1b:52:6a:d5:0f:bf:e0:
                    d2:61:2d:2e:af:ce:e6:12:ff:8c:95:00:d5:5d:3f:
                    7d:90:0d:fc:29:af:67:4b:a1:14:61:8b:c7:fc:e4:
                    37:92:1a:40:04:f0:f9:71:c2:d2:97:2f:74:7c:8f:
                    3f:ca:37:d5:d5:69:cc:49:0c:7f:a4:bb:71:35:a3:
                    70:30:bc:f2:24:c0:e2:8a:c8:9e:e5:a0:0a:b1:c3:
                    71:c4:06:ac:8f:cd:ae:31:92:d6:cf:bb:ac:15:9c:
                    be:76:74:c7:58:35:66:f8:bd:6a:7c:0a:01:97:a0:
                    14:a8:13:ef:97:47:05:83:83:d8:86:20:0c:24:62:
                    44:7e:c2:23:dc:20:c2:1d:6a:c8:6f:e8:ab:8e:e1:
                    32:c7:91:d8:e8:6b:07:61:21:72:eb:92:a1:1d:71:
                    b4:b0:ba:5c:bc:83:e0:10:9a:c1:7a:3a:20:e1:de:
                    65:6c:d8:61:71:ef:9b:e6:4c:03:fa:ea:aa:87:1a:
                    0b:b0:20:69:c3:b0:b8:c8:ba:79:dc:6a:6f:b3:82:
                    23:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:0F:2D:95:D2:85:E0:86:A6:4D:88:AA:69:45:93:A7:E3:91:59:A3
            X509v3 Authority Key Identifier:
                keyid:B6:3F:97:69:DF:97:B8:B9:AA:88:BD:22:E9:F4:1C:C2:7F:CF:16:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tj-Xad-XuLmqiL0i6fQcwn_PFqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/594e08-1665-4348-80a4-3be9a66972e7/1/Zw8tldKF4IamTYiqaUWTp-ORWaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/594e08-1665-4348-80a4-3be9a66972e7/1/tj-Xad-XuLmqiL0i6fQcwn_PFqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:a10::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:c1:b2:76:25:78:c5:23:4b:a8:fc:ab:f9:3f:ac:3f:8d:7d:
         dc:9a:ba:99:2c:ef:c6:06:96:7f:d0:c5:d9:83:b1:42:27:85:
         f6:27:97:70:53:db:fb:52:49:f6:62:f6:9a:2e:b8:14:f1:aa:
         f5:2f:d3:b3:46:52:20:1a:4d:22:f8:6a:f1:9d:f6:35:34:eb:
         57:1d:7a:4e:eb:a7:5c:82:7f:8b:68:aa:b2:d8:69:65:e1:4a:
         d7:6b:0e:34:b1:80:a3:48:9c:21:21:3b:d5:1a:91:13:1d:0d:
         5c:07:8b:6c:1b:cd:77:c2:ff:e0:55:1b:0a:82:86:0d:83:b1:
         65:ad:e7:0c:75:5e:60:3e:38:6e:78:35:27:90:da:66:40:3e:
         3f:3a:e1:9e:53:f1:1e:68:5d:e3:3e:3a:7f:73:c0:61:72:ee:
         2f:6a:df:e3:9f:b6:30:10:17:e2:a6:30:1d:c6:20:98:71:92:
         ab:c0:7c:75:4f:8e:51:87:6a:58:92:57:7b:d4:d0:c2:b5:cd:
         5d:5d:39:b1:44:5a:ff:21:29:97:24:c2:cd:2c:e9:03:df:b7:
         c6:04:de:ec:dd:d5:61:0e:a1:57:8a:8a:e7:83:be:7c:d1:6a:
         f6:32:ae:77:81:b8:ba:33:37:f0:66:d3:2b:81:e1:10:bc:d3:
         b2:f7:8c:7e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijascMXKL99Xu/FrgleXnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2M2Y5NzY5ZGY5N2I4YjlhYTg4YmQyMmU5ZjQxY2MyN2Zj
ZjE2YTcwHhcNMjUwMTAxMTU0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzBmMmQ5NWQyODVlMDg2YTY0ZDg4YWE2OTQ1OTNhN2UzOTE1OWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCzQxFAN4a3CO612R5Dp1eZHCXmx
x54XKlL5Kz0uPj8d0f9Os0f2vZZDDA2sG7eYiQ1srBtSatUPv+DSYS0ur87mEv+M
lQDVXT99kA38Ka9nS6EUYYvH/OQ3khpABPD5ccLSly90fI8/yjfV1WnMSQx/pLtx
NaNwMLzyJMDiisie5aAKscNxxAasj82uMZLWz7usFZy+dnTHWDVm+L1qfAoBl6AU
qBPvl0cFg4PYhiAMJGJEfsIj3CDCHWrIb+irjuEyx5HY6GsHYSFy65KhHXG0sLpc
vIPgEJrBejog4d5lbNhhce+b5kwD+uqqhxoLsCBpw7C4yLp53Gpvs4IjOQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGcPLZXSheCGpk2IqmlFk6fjkVmjMB8GA1UdIwQY
MBaAFLY/l2nfl7i5qoi9Iun0HMJ/zxanMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGotWGFkLVh1TG1xaUwwaTZmUWN3bl9QRnFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC81OTRlMDgtMTY2NS00MzQ4LTgwYTQt
M2JlOWE2Njk3MmU3LzEvWnc4dGxkS0Y0SWFtVFlpcWFVV1RwLU9SV2FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC81OTRlMDgtMTY2NS00MzQ4LTgwYTQtM2JlOWE2Njk3MmU3
LzEvdGotWGFkLVh1TG1xaUwwaTZmUWN3bl9QRnFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAoQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB2wbJ2JXjFI0uo/Kv5P6w/jX3cmrqZLO/GBpZ/
0MXZg7FCJ4X2J5dwU9v7Ukn2YvaaLrgU8ar1L9OzRlIgGk0i+GrxnfY1NOtXHXpO
66dcgn+LaKqy2Gll4UrXaw40sYCjSJwhITvVGpETHQ1cB4tsG813wv/gVRsKgoYN
g7FlrecMdV5gPjhueDUnkNpmQD4/OuGeU/EeaF3jPjp/c8Bhcu4vat/jn7YwEBfi
pjAdxiCYcZKrwHx1T45Rh2pYkld71NDCtc1dXTmxRFr/ISmXJMLNLOkD37fGBN7s
3dVhDqFXiorng7580Wr2Mq53gbi6MzfwZtMrgeEQvNOy94x+
-----END CERTIFICATE-----