Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/07d146-ef22-4e5c-bd5c-42ed3e373679/1/penXvalgbMBLZqcx96rUayqK3NQ.roa
File:                     penXvalgbMBLZqcx96rUayqK3NQ.roa (raw, json)
Hash identifier:          vb/Iw29Kb6TCjGenAwHcr/Ra62ZOMD3/iU+HDEP/27c=
Subject key identifier:   A5:E9:D7:BD:A9:60:6C:C0:4B:66:A7:31:F7:AA:D4:6B:2A:8A:DC:D4
Certificate issuer:       /CN=317bf260bcda302be2c207628cfb164478614fe5
Certificate serial:       019427B588160143762FD7B775520F9A971F
Authority key identifier: 31:7B:F2:60:BC:DA:30:2B:E2:C2:07:62:8C:FB:16:44:78:61:4F:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MXvyYLzaMCviwgdijPsWRHhhT-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/07d146-ef22-4e5c-bd5c-42ed3e373679/1/penXvalgbMBLZqcx96rUayqK3NQ.roa
Signing time:             Thu 02 Jan 2025 15:49:55 +0000
ROA not before:           Thu 02 Jan 2025 15:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207716
IP address blocks:        2001:67c:988::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/07d146-ef22-4e5c-bd5c-42ed3e373679/1/MXvyYLzaMCviwgdijPsWRHhhT-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/07d146-ef22-4e5c-bd5c-42ed3e373679/1/MXvyYLzaMCviwgdijPsWRHhhT-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MXvyYLzaMCviwgdijPsWRHhhT-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 03:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:88:16:01:43:76:2f:d7:b7:75:52:0f:9a:97:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=317bf260bcda302be2c207628cfb164478614fe5
        Validity
            Not Before: Jan  2 15:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5e9d7bda9606cc04b66a731f7aad46b2a8adcd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c5:0b:60:0c:bd:2d:be:b9:bf:49:50:ab:30:
                    5f:32:8b:b6:a7:82:a1:c4:b5:62:8e:32:42:d4:e9:
                    6f:32:50:82:86:f0:f3:dd:f7:f7:03:55:82:1f:37:
                    61:4f:35:2e:e0:94:9e:26:54:0b:1b:84:57:7f:8d:
                    a6:c7:7a:ac:30:ec:61:4d:a3:44:4f:5b:89:62:9b:
                    1d:45:d9:87:f5:4d:8d:94:21:04:f7:11:d4:57:70:
                    f7:be:e8:e3:54:f7:68:e4:e4:41:2b:d3:42:04:1e:
                    d7:62:f7:01:60:31:db:1c:2e:40:1e:fb:58:66:5a:
                    f3:8f:c2:3f:1c:8c:c2:6a:3e:5a:03:53:bd:8a:ff:
                    0a:71:fc:f7:be:14:24:6e:b1:1f:63:72:e8:55:64:
                    74:d6:cf:ae:a4:b7:52:0f:64:ed:c7:62:00:1e:50:
                    72:f9:42:22:65:7d:1a:42:ab:fa:7b:e3:07:c8:b7:
                    4b:0c:1f:39:eb:c5:c5:28:3f:66:b7:0a:95:e7:b1:
                    c6:ac:1e:f5:e2:35:ec:62:5c:d8:b1:fe:02:ef:ee:
                    83:b7:d9:58:ba:fb:26:82:93:6f:7a:a7:cf:b6:33:
                    cd:8c:57:02:94:0b:11:6e:59:38:df:b6:99:cd:6e:
                    ee:0a:9f:e2:5f:65:0f:48:16:75:0e:c1:25:3b:8f:
                    f4:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:E9:D7:BD:A9:60:6C:C0:4B:66:A7:31:F7:AA:D4:6B:2A:8A:DC:D4
            X509v3 Authority Key Identifier:
                keyid:31:7B:F2:60:BC:DA:30:2B:E2:C2:07:62:8C:FB:16:44:78:61:4F:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MXvyYLzaMCviwgdijPsWRHhhT-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/07d146-ef22-4e5c-bd5c-42ed3e373679/1/penXvalgbMBLZqcx96rUayqK3NQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/07d146-ef22-4e5c-bd5c-42ed3e373679/1/MXvyYLzaMCviwgdijPsWRHhhT-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:988::/48

    Signature Algorithm: sha256WithRSAEncryption
         b1:7b:6b:9a:a2:ac:0e:a8:b6:a4:71:52:33:ba:e7:f0:1d:de:
         81:63:29:85:c9:62:f0:1f:ff:b7:fc:aa:9d:44:bb:ec:d7:ea:
         21:c4:d8:e6:1f:ad:ac:77:0e:60:e7:37:08:92:6b:ed:fd:72:
         69:98:69:a0:7a:31:10:9b:55:d3:e4:a3:cd:f1:67:fc:9b:44:
         1a:31:45:7c:59:7d:c1:b9:ae:48:fc:52:92:06:a6:80:a4:f2:
         d4:63:f4:db:51:66:4e:f7:eb:7b:6f:99:c6:26:6f:17:3b:81:
         6d:cc:67:aa:58:c2:39:58:ee:5f:df:6e:12:32:aa:69:d5:4b:
         bf:6d:80:47:6b:3e:24:e4:61:74:37:fc:05:94:58:df:46:54:
         11:2b:d9:41:ba:b3:e4:76:ec:75:2f:19:60:7f:2d:d3:fe:63:
         a5:17:cb:9b:83:45:41:6e:e2:5c:75:96:a0:e9:90:52:c5:b9:
         aa:60:74:9a:9d:ca:63:50:d7:8f:a3:2b:eb:1b:88:12:be:0d:
         e3:fd:22:7d:36:34:07:e1:b5:22:06:8d:5f:1e:63:cd:c6:b5:
         d8:72:56:18:46:2f:e8:3f:90:f9:6e:0f:20:38:58:1c:de:ad:
         33:fd:48:80:38:18:79:03:c2:d0:2e:c1:b9:93:04:52:16:28:
         48:b3:14:80
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntYgWAUN2L9e3dVIPmpcfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxN2JmMjYwYmNkYTMwMmJlMmMyMDc2MjhjZmIxNjQ0Nzg2
MTRmZTUwHhcNMjUwMTAyMTU0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWU5ZDdiZGE5NjA2Y2MwNGI2NmE3MzFmN2FhZDQ2YjJhOGFkY2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycULYAy9Lb65v0lQqzBfMou2p4Kh
xLVijjJC1OlvMlCChvDz3ff3A1WCHzdhTzUu4JSeJlQLG4RXf42mx3qsMOxhTaNE
T1uJYpsdRdmH9U2NlCEE9xHUV3D3vujjVPdo5ORBK9NCBB7XYvcBYDHbHC5AHvtY
Zlrzj8I/HIzCaj5aA1O9iv8Kcfz3vhQkbrEfY3LoVWR01s+upLdSD2Ttx2IAHlBy
+UIiZX0aQqv6e+MHyLdLDB8568XFKD9mtwqV57HGrB714jXsYlzYsf4C7+6Dt9lY
uvsmgpNveqfPtjPNjFcClAsRblk437aZzW7uCp/iX2UPSBZ1DsElO4/0hwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKXp172pYGzAS2anMfeq1GsqitzUMB8GA1UdIwQY
MBaAFDF78mC82jAr4sIHYoz7FkR4YU/lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVh2eVlMemFNQ3Zpd2dkaWpQc1dSSGhoVC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8wN2QxNDYtZWYyMi00ZTVjLWJkNWMt
NDJlZDNlMzczNjc5LzEvcGVuWHZhbGdiTUJMWnFjeDk2clVheXFLM05RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8wN2QxNDYtZWYyMi00ZTVjLWJkNWMtNDJlZDNlMzczNjc5
LzEvTVh2eVlMemFNQ3Zpd2dkaWpQc1dSSGhoVC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAmI
MA0GCSqGSIb3DQEBCwUAA4IBAQCxe2uaoqwOqLakcVIzuufwHd6BYymFyWLwH/+3
/KqdRLvs1+ohxNjmH62sdw5g5zcIkmvt/XJpmGmgejEQm1XT5KPN8Wf8m0QaMUV8
WX3Bua5I/FKSBqaApPLUY/TbUWZO9+t7b5nGJm8XO4FtzGeqWMI5WO5f324SMqpp
1Uu/bYBHaz4k5GF0N/wFlFjfRlQRK9lBurPkdux1Lxlgfy3T/mOlF8ubg0VBbuJc
dZag6ZBSxbmqYHSancpjUNePoyvrG4gSvg3j/SJ9NjQH4bUiBo1fHmPNxrXYclYY
Ri/oP5D5bg8gOFgc3q0z/UiAOBh5A8LQLsG5kwRSFihIsxSA
-----END CERTIFICATE-----