Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/eac997-ce1e-459b-9436-ed7067f987d9/1/z5plCbvdkup7MxI7T8lBnb_bFXc.roa
File:                     z5plCbvdkup7MxI7T8lBnb_bFXc.roa (raw, json)
Hash identifier:          gJ70ebUSb97tS8RCU2JGa9RBjyi3gQiPSVEBaoEhFFM=
Subject key identifier:   CF:9A:65:09:BB:DD:92:EA:7B:33:12:3B:4F:C9:41:9D:BF:DB:15:77
Certificate issuer:       /CN=9e0de4f26275ea5fc2f23c8b4d7e06d72b3b73c7
Certificate serial:       019425FD6D69F20CAD6CE787B87AEF65DDD1
Authority key identifier: 9E:0D:E4:F2:62:75:EA:5F:C2:F2:3C:8B:4D:7E:06:D7:2B:3B:73:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ng3k8mJ16l_C8jyLTX4G1ys7c8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/eac997-ce1e-459b-9436-ed7067f987d9/1/z5plCbvdkup7MxI7T8lBnb_bFXc.roa
Signing time:             Thu 02 Jan 2025 07:49:13 +0000
ROA not before:           Thu 02 Jan 2025 07:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216428
IP address blocks:        2001:67c:11e4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/eac997-ce1e-459b-9436-ed7067f987d9/1/ng3k8mJ16l_C8jyLTX4G1ys7c8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/eac997-ce1e-459b-9436-ed7067f987d9/1/ng3k8mJ16l_C8jyLTX4G1ys7c8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ng3k8mJ16l_C8jyLTX4G1ys7c8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:6d:69:f2:0c:ad:6c:e7:87:b8:7a:ef:65:dd:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e0de4f26275ea5fc2f23c8b4d7e06d72b3b73c7
        Validity
            Not Before: Jan  2 07:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf9a6509bbdd92ea7b33123b4fc9419dbfdb1577
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:18:ff:d9:37:d1:13:74:c3:3d:53:1a:0e:8b:
                    8d:cd:3c:68:cc:3d:0f:7e:5c:b7:6c:6f:5f:a6:2c:
                    dd:d2:83:ac:85:59:5d:cc:6e:77:ea:f0:ac:a9:77:
                    f6:e1:c9:c5:ff:1f:54:f5:1a:20:e2:08:fa:23:02:
                    1f:e0:76:6b:6d:21:6b:f4:8f:d1:02:4b:51:3d:b5:
                    71:dc:c7:92:16:43:a0:98:7f:da:db:79:51:37:94:
                    1c:6a:bc:67:da:ef:bc:08:6d:9b:07:5b:0b:cc:37:
                    14:48:e8:d8:75:51:c5:9e:26:f1:c1:3d:db:90:e3:
                    34:a4:6c:c9:b1:a3:c9:9f:a6:6a:24:2a:ee:bf:81:
                    2e:0f:73:84:6c:47:95:02:14:b0:81:00:a5:12:6b:
                    66:86:b3:87:c2:76:9e:89:a7:da:43:69:1d:74:be:
                    69:db:17:3f:5c:37:9c:6b:04:d4:0f:3b:9f:a5:32:
                    16:b9:63:bb:f7:30:89:7f:41:25:c7:b1:1b:4e:ac:
                    08:0c:5a:9f:94:13:61:54:e4:b4:18:a0:b8:db:28:
                    df:10:f8:80:ac:d4:6b:9c:b3:91:70:53:ad:1e:48:
                    4e:6e:5e:4b:7f:6f:f3:f4:45:0b:a5:75:5a:97:c8:
                    b6:a7:1e:10:bc:eb:f7:ea:e0:ce:b9:4f:6c:d7:19:
                    25:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:9A:65:09:BB:DD:92:EA:7B:33:12:3B:4F:C9:41:9D:BF:DB:15:77
            X509v3 Authority Key Identifier:
                keyid:9E:0D:E4:F2:62:75:EA:5F:C2:F2:3C:8B:4D:7E:06:D7:2B:3B:73:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ng3k8mJ16l_C8jyLTX4G1ys7c8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/eac997-ce1e-459b-9436-ed7067f987d9/1/z5plCbvdkup7MxI7T8lBnb_bFXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/eac997-ce1e-459b-9436-ed7067f987d9/1/ng3k8mJ16l_C8jyLTX4G1ys7c8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:11e4::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:6c:a6:7c:fc:d1:56:d5:6b:29:91:07:c0:f7:b2:29:2d:97:
         5a:d7:d5:6c:71:f2:45:a4:6c:59:6c:c2:4a:42:74:b3:f1:02:
         0c:09:59:29:d6:53:2b:2b:3b:60:cd:b6:3c:b9:10:e3:8f:a8:
         f3:66:8e:83:8a:0a:31:8f:e0:97:55:44:79:3e:5b:7c:ff:e2:
         56:da:1d:41:32:3d:1e:58:a3:cc:e6:b6:30:5e:b1:e6:2f:39:
         81:70:c6:39:af:ec:86:f1:be:35:cb:34:9d:96:87:01:be:76:
         9b:ee:c2:43:57:5a:1a:d8:62:4a:0d:29:fb:02:f2:6f:7f:45:
         e6:fd:df:f0:46:26:0c:2b:22:8d:dc:db:d8:ac:4a:fd:b5:50:
         cc:3e:38:8a:01:49:2e:4d:93:5a:f2:a8:aa:bc:76:fa:97:92:
         6a:b0:96:0d:13:15:b2:a2:87:52:cf:33:46:e3:20:f6:64:79:
         e7:df:87:63:97:55:b1:c0:57:37:b6:98:5a:81:7d:29:c0:d5:
         ba:44:ba:f4:7f:d6:55:62:ba:f2:48:2e:c9:28:fc:3e:c9:16:
         97:19:85:db:51:90:33:f4:4b:ea:55:b6:9d:c3:2a:e7:ff:de:
         38:85:d9:88:bb:8a:31:7e:c7:5a:f2:b4:ba:7f:55:e6:17:1c:
         cb:5e:cd:ea
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/W1p8gytbOeHuHrvZd3RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMGRlNGYyNjI3NWVhNWZjMmYyM2M4YjRkN2UwNmQ3MmIz
YjczYzcwHhcNMjUwMTAyMDc0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjlhNjUwOWJiZGQ5MmVhN2IzMzEyM2I0ZmM5NDE5ZGJmZGIxNTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhj/2TfRE3TDPVMaDouNzTxozD0P
fly3bG9fpizd0oOshVldzG536vCsqXf24cnF/x9U9Rog4gj6IwIf4HZrbSFr9I/R
AktRPbVx3MeSFkOgmH/a23lRN5Qcarxn2u+8CG2bB1sLzDcUSOjYdVHFnibxwT3b
kOM0pGzJsaPJn6ZqJCruv4EuD3OEbEeVAhSwgQClEmtmhrOHwnaeiafaQ2kddL5p
2xc/XDecawTUDzufpTIWuWO79zCJf0Elx7EbTqwIDFqflBNhVOS0GKC42yjfEPiA
rNRrnLORcFOtHkhObl5Lf2/z9EULpXVal8i2px4QvOv36uDOuU9s1xklVwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM+aZQm73ZLqezMSO0/JQZ2/2xV3MB8GA1UdIwQY
MBaAFJ4N5PJidepfwvI8i01+BtcrO3PHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmczazhtSjE2bF9DOGp5TFRYNEcxeXM3YzhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lYWM5OTctY2UxZS00NTliLTk0MzYt
ZWQ3MDY3Zjk4N2Q5LzEvejVwbENidmRrdXA3TXhJN1Q4bEJuYl9iRlhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lYWM5OTctY2UxZS00NTliLTk0MzYtZWQ3MDY3Zjk4N2Q5
LzEvbmczazhtSjE2bF9DOGp5TFRYNEcxeXM3YzhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBHk
MA0GCSqGSIb3DQEBCwUAA4IBAQBpbKZ8/NFW1WspkQfA97IpLZda19VscfJFpGxZ
bMJKQnSz8QIMCVkp1lMrKztgzbY8uRDjj6jzZo6Digoxj+CXVUR5Plt8/+JW2h1B
Mj0eWKPM5rYwXrHmLzmBcMY5r+yG8b41yzSdlocBvnab7sJDV1oa2GJKDSn7AvJv
f0Xm/d/wRiYMKyKN3NvYrEr9tVDMPjiKAUkuTZNa8qiqvHb6l5JqsJYNExWyoodS
zzNG4yD2ZHnn34djl1WxwFc3tphagX0pwNW6RLr0f9ZVYrrySC7JKPw+yRaXGYXb
UZAz9EvqVbadwyrn/944hdmIu4oxfsda8rS6f1XmFxzLXs3q
-----END CERTIFICATE-----