Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/e8f727-cb23-43ce-85d2-d48b7d2624db/1/y5czNixkNluft47-krcqIbdqVD0.roa
File:                     y5czNixkNluft47-krcqIbdqVD0.roa (raw, json)
Hash identifier:          AmEHJkAG0oDmal6HjQJOOd7Nfm7cgEA//96C9SqFxV0=
Subject key identifier:   CB:97:33:36:2C:64:36:5B:9F:B7:8E:FE:92:B7:2A:21:B7:6A:54:3D
Certificate issuer:       /CN=e3011f0859d06a084975f4e8bd2b556710dd8c30
Certificate serial:       01941FFAAE1B8CB8DCFD13BECAD72814FC63
Authority key identifier: E3:01:1F:08:59:D0:6A:08:49:75:F4:E8:BD:2B:55:67:10:DD:8C:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4wEfCFnQaghJdfTovStVZxDdjDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/e8f727-cb23-43ce-85d2-d48b7d2624db/1/y5czNixkNluft47-krcqIbdqVD0.roa
Signing time:             Wed 01 Jan 2025 03:48:29 +0000
ROA not before:           Wed 01 Jan 2025 03:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211696
IP address blocks:        2001:67c:2724::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/e8f727-cb23-43ce-85d2-d48b7d2624db/1/4wEfCFnQaghJdfTovStVZxDdjDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/e8f727-cb23-43ce-85d2-d48b7d2624db/1/4wEfCFnQaghJdfTovStVZxDdjDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4wEfCFnQaghJdfTovStVZxDdjDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 06:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:ae:1b:8c:b8:dc:fd:13:be:ca:d7:28:14:fc:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3011f0859d06a084975f4e8bd2b556710dd8c30
        Validity
            Not Before: Jan  1 03:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb9733362c64365b9fb78efe92b72a21b76a543d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:f1:ed:02:27:44:e9:5b:ea:b4:75:68:e9:7d:
                    63:d9:87:aa:8c:57:37:00:cb:3c:54:e7:8e:4b:b8:
                    ff:9c:77:d9:1e:42:1e:5d:26:b2:7e:6a:ae:67:de:
                    23:9f:f7:46:ab:c5:5a:a3:ad:df:20:54:76:76:f1:
                    96:31:86:50:1b:2e:f4:3d:f1:2d:7b:b1:67:14:d6:
                    e1:7e:9f:89:b3:d8:f6:07:5d:db:6b:31:e1:51:61:
                    c6:2e:d0:33:8e:0c:d6:ec:32:1d:80:a7:ca:9e:3f:
                    00:31:0f:ff:fa:e2:36:3c:44:a0:47:1c:dd:c1:b4:
                    6c:58:70:26:ee:5c:c3:23:86:04:6f:f7:e0:a6:47:
                    23:45:a4:76:5e:ee:04:e8:f0:a7:e7:cf:0f:66:dd:
                    40:91:6b:71:94:6c:3b:83:64:bd:9f:2f:83:0b:93:
                    af:b0:94:37:3e:a2:bb:19:13:5d:b0:52:be:81:f2:
                    6f:a3:eb:30:87:1f:52:5e:51:9d:8c:5f:e0:7c:35:
                    00:62:3e:2c:d1:71:bf:e6:82:f7:ba:0f:c1:a6:82:
                    49:5d:cd:8b:96:fe:a2:4f:0e:18:48:57:94:c4:36:
                    ef:1d:81:9d:96:a3:49:47:fb:f4:0a:43:b7:e1:b7:
                    0c:76:94:62:02:8e:0f:da:2a:ad:c2:63:f2:f6:7b:
                    07:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:97:33:36:2C:64:36:5B:9F:B7:8E:FE:92:B7:2A:21:B7:6A:54:3D
            X509v3 Authority Key Identifier:
                keyid:E3:01:1F:08:59:D0:6A:08:49:75:F4:E8:BD:2B:55:67:10:DD:8C:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4wEfCFnQaghJdfTovStVZxDdjDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/e8f727-cb23-43ce-85d2-d48b7d2624db/1/y5czNixkNluft47-krcqIbdqVD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/e8f727-cb23-43ce-85d2-d48b7d2624db/1/4wEfCFnQaghJdfTovStVZxDdjDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2724::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:1c:84:51:fe:30:28:35:55:9c:97:52:84:5c:ff:48:88:9b:
         81:96:b4:94:7f:f2:c7:ba:81:a0:70:39:2d:14:7f:f7:85:1b:
         5f:d9:88:02:47:c0:18:a2:10:f6:f5:54:2c:ec:f1:fa:b0:2c:
         a5:9f:2f:98:b7:dc:ad:7f:20:a9:b5:98:0a:d1:71:14:27:9c:
         d0:b2:40:70:8d:ee:73:5c:3b:49:0d:83:21:de:39:b8:04:d2:
         11:c6:e5:f6:6c:59:52:19:45:ac:2d:a1:a6:f0:4b:bf:fe:ad:
         87:c8:89:e0:22:3d:74:67:1b:37:cb:19:cf:39:52:38:8f:04:
         93:50:76:a6:98:f0:2f:b4:1d:7b:c9:02:da:70:d1:9a:93:8a:
         6b:a1:9f:f8:52:fb:5e:cd:24:0c:bb:40:1f:60:a5:8d:07:1c:
         26:8f:8c:76:a3:38:fd:67:0f:68:8b:c2:65:01:4e:54:0c:14:
         a0:76:b0:20:17:a8:c5:5e:ce:f0:6d:02:9a:9c:83:05:37:0b:
         80:be:2d:9d:07:c3:a0:68:47:b9:96:7f:69:2b:34:73:b1:60:
         37:97:18:e5:84:5f:8c:29:30:d0:8a:e8:a4:0b:d1:1d:7e:d8:
         33:de:58:10:2b:ff:e2:54:96:94:7c:a3:48:06:e8:fe:ae:1b:
         69:8e:3e:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+q4bjLjc/RO+ytcoFPxjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMDExZjA4NTlkMDZhMDg0OTc1ZjRlOGJkMmI1NTY3MTBk
ZDhjMzAwHhcNMjUwMTAxMDM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjk3MzMzNjJjNjQzNjViOWZiNzhlZmU5MmI3MmEyMWI3NmE1NDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/PHtAidE6VvqtHVo6X1j2YeqjFc3
AMs8VOeOS7j/nHfZHkIeXSayfmquZ94jn/dGq8Vao63fIFR2dvGWMYZQGy70PfEt
e7FnFNbhfp+Js9j2B13bazHhUWHGLtAzjgzW7DIdgKfKnj8AMQ//+uI2PESgRxzd
wbRsWHAm7lzDI4YEb/fgpkcjRaR2Xu4E6PCn588PZt1AkWtxlGw7g2S9ny+DC5Ov
sJQ3PqK7GRNdsFK+gfJvo+swhx9SXlGdjF/gfDUAYj4s0XG/5oL3ug/BpoJJXc2L
lv6iTw4YSFeUxDbvHYGdlqNJR/v0CkO34bcMdpRiAo4P2iqtwmPy9nsHiQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMuXMzYsZDZbn7eO/pK3KiG3alQ9MB8GA1UdIwQY
MBaAFOMBHwhZ0GoISXX06L0rVWcQ3YwwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHdFZkNGblFhZ2hKZGZUb3ZTdFZaeERkakRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lOGY3MjctY2IyMy00M2NlLTg1ZDIt
ZDQ4YjdkMjYyNGRiLzEveTVjek5peGtObHVmdDQ3LWtyY3FJYmRxVkQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lOGY3MjctY2IyMy00M2NlLTg1ZDItZDQ4YjdkMjYyNGRi
LzEvNHdFZkNGblFhZ2hKZGZUb3ZTdFZaeERkakRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCck
MA0GCSqGSIb3DQEBCwUAA4IBAQAGHIRR/jAoNVWcl1KEXP9IiJuBlrSUf/LHuoGg
cDktFH/3hRtf2YgCR8AYohD29VQs7PH6sCylny+Yt9ytfyCptZgK0XEUJ5zQskBw
je5zXDtJDYMh3jm4BNIRxuX2bFlSGUWsLaGm8Eu//q2HyIngIj10Zxs3yxnPOVI4
jwSTUHammPAvtB17yQLacNGak4proZ/4UvtezSQMu0AfYKWNBxwmj4x2ozj9Zw9o
i8JlAU5UDBSgdrAgF6jFXs7wbQKanIMFNwuAvi2dB8OgaEe5ln9pKzRzsWA3lxjl
hF+MKTDQiuikC9Edftgz3lgQK//iVJaUfKNIBuj+rhtpjj4s
-----END CERTIFICATE-----