Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/d9e87b-450a-4152-a242-d6910b21ab42/1/oFklvX9KlU1NM_bVTSTtZ1s8fa8.roa
File:                     oFklvX9KlU1NM_bVTSTtZ1s8fa8.roa (raw, json)
Hash identifier:          4FiRkOjDg+qr7WljZjcDh3AhahDm0psFF2Z877w08JM=
Subject key identifier:   A0:59:25:BD:7F:4A:95:4D:4D:33:F6:D5:4D:24:ED:67:5B:3C:7D:AF
Certificate issuer:       /CN=a13471b5002a4eb6496125cf58737f0debadae7b
Certificate serial:       01942747B4579930B5EB468576FE8C2F1F76
Authority key identifier: A1:34:71:B5:00:2A:4E:B6:49:61:25:CF:58:73:7F:0D:EB:AD:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oTRxtQAqTrZJYSXPWHN_Deutrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/d9e87b-450a-4152-a242-d6910b21ab42/1/oFklvX9KlU1NM_bVTSTtZ1s8fa8.roa
Signing time:             Thu 02 Jan 2025 13:49:58 +0000
ROA not before:           Thu 02 Jan 2025 13:49:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215509
IP address blocks:        2001:67c:de8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/d9e87b-450a-4152-a242-d6910b21ab42/1/oTRxtQAqTrZJYSXPWHN_Deutrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/d9e87b-450a-4152-a242-d6910b21ab42/1/oTRxtQAqTrZJYSXPWHN_Deutrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oTRxtQAqTrZJYSXPWHN_Deutrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:b4:57:99:30:b5:eb:46:85:76:fe:8c:2f:1f:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a13471b5002a4eb6496125cf58737f0debadae7b
        Validity
            Not Before: Jan  2 13:49:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a05925bd7f4a954d4d33f6d54d24ed675b3c7daf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a4:cb:e0:a5:96:1f:67:e4:57:e0:e7:8a:57:
                    b9:5c:bd:14:c8:cb:eb:18:0d:82:6b:6c:f4:1f:1d:
                    c4:e5:56:83:65:ee:b0:94:e8:6a:68:af:63:7e:95:
                    90:15:6f:1c:bb:d9:05:d4:02:69:c2:90:f7:bf:de:
                    c6:f3:a3:8b:72:6d:f7:e7:3b:a1:f9:b2:28:e5:59:
                    f9:63:ab:cc:7b:0a:6e:cc:55:35:8d:a0:1d:1a:a1:
                    ba:be:94:4b:a8:69:d7:ec:25:ad:c4:18:50:db:6f:
                    43:32:4a:f0:9c:6b:af:9a:ac:31:6c:49:4a:0e:81:
                    65:d2:08:94:fc:3f:2d:7e:a6:fd:f7:94:71:ec:c7:
                    ba:d4:de:91:f1:d6:6a:b3:64:bc:6a:e7:a5:6e:36:
                    91:68:e0:65:25:e6:c4:a2:47:f0:b4:d5:ac:ba:29:
                    00:b0:be:bf:47:7c:c8:4e:2b:79:ca:aa:09:60:f0:
                    a3:66:bc:43:2d:73:b0:e0:7f:2b:7b:5f:d0:c9:5c:
                    26:13:d1:85:dc:1a:ef:43:90:c0:4b:08:33:5c:99:
                    0c:95:79:08:fc:ce:d1:18:75:12:87:cc:c4:e7:b2:
                    0e:06:34:4c:51:eb:1c:5c:ee:34:3d:b7:39:4c:a0:
                    e0:53:5e:4a:47:b0:30:99:87:3a:1c:cf:7a:57:b8:
                    68:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:59:25:BD:7F:4A:95:4D:4D:33:F6:D5:4D:24:ED:67:5B:3C:7D:AF
            X509v3 Authority Key Identifier:
                keyid:A1:34:71:B5:00:2A:4E:B6:49:61:25:CF:58:73:7F:0D:EB:AD:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oTRxtQAqTrZJYSXPWHN_Deutrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/d9e87b-450a-4152-a242-d6910b21ab42/1/oFklvX9KlU1NM_bVTSTtZ1s8fa8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/d9e87b-450a-4152-a242-d6910b21ab42/1/oTRxtQAqTrZJYSXPWHN_Deutrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:de8::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:9c:d6:43:68:ca:ff:c7:25:57:8a:76:11:9b:d6:51:32:ca:
         67:9e:ef:14:92:56:9b:a8:47:6e:5b:ae:de:1b:42:5a:10:04:
         fa:00:b4:fe:c8:3b:77:cd:b9:d9:36:11:28:5f:1c:34:d6:c3:
         fc:71:25:46:bf:86:01:79:c3:32:1a:c3:27:74:a5:98:22:54:
         02:3e:1a:75:27:d8:7a:35:e6:c3:b3:ac:12:94:67:90:16:bb:
         3e:1d:a0:7c:1d:5a:a6:26:73:65:6f:c6:7d:7d:40:a7:41:8e:
         d6:c7:41:86:ac:8c:34:c3:03:2b:85:ad:d0:a1:5e:d7:9b:4d:
         5d:16:31:ef:dc:f2:97:3a:42:b3:64:12:1e:fd:c6:ec:26:00:
         c3:a9:f3:76:25:11:50:bc:5f:61:be:e5:dd:07:6e:60:2b:dd:
         43:7d:b5:fb:ca:69:79:de:23:43:eb:e8:14:02:33:e7:6e:16:
         df:e3:95:f4:27:79:0e:92:c8:54:b3:6f:cc:f4:d6:68:b1:10:
         1a:c6:97:04:07:1b:37:3c:ee:b0:20:cb:67:a6:be:e2:89:c7:
         f6:d3:fb:99:ef:4b:1b:23:12:c3:8c:86:e9:58:41:2e:19:f6:
         ef:ab:b7:44:91:57:a7:d9:8e:e2:30:48:34:aa:ea:87:cb:6d:
         94:03:39:f3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnR7RXmTC160aFdv6MLx92MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExMzQ3MWI1MDAyYTRlYjY0OTYxMjVjZjU4NzM3ZjBkZWJh
ZGFlN2IwHhcNMjUwMTAyMTM0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDU5MjViZDdmNGE5NTRkNGQzM2Y2ZDU0ZDI0ZWQ2NzViM2M3ZGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaTL4KWWH2fkV+Dnile5XL0UyMvr
GA2Ca2z0Hx3E5VaDZe6wlOhqaK9jfpWQFW8cu9kF1AJpwpD3v97G86OLcm335zuh
+bIo5Vn5Y6vMewpuzFU1jaAdGqG6vpRLqGnX7CWtxBhQ229DMkrwnGuvmqwxbElK
DoFl0giU/D8tfqb995Rx7Me61N6R8dZqs2S8auelbjaRaOBlJebEokfwtNWsuikA
sL6/R3zITit5yqoJYPCjZrxDLXOw4H8re1/QyVwmE9GF3BrvQ5DASwgzXJkMlXkI
/M7RGHUSh8zE57IOBjRMUescXO40Pbc5TKDgU15KR7AwmYc6HM96V7hoLQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKBZJb1/SpVNTTP21U0k7WdbPH2vMB8GA1UdIwQY
MBaAFKE0cbUAKk62SWElz1hzfw3rra57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1RSeHRRQXFUclpKWVNYUFdITl9EZXV0cm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9kOWU4N2ItNDUwYS00MTUyLWEyNDIt
ZDY5MTBiMjFhYjQyLzEvb0ZrbHZYOUtsVTFOTV9iVlRTVHRaMXM4ZmE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9kOWU4N2ItNDUwYS00MTUyLWEyNDItZDY5MTBiMjFhYjQy
LzEvb1RSeHRRQXFUclpKWVNYUFdITl9EZXV0cm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA3o
MA0GCSqGSIb3DQEBCwUAA4IBAQAanNZDaMr/xyVXinYRm9ZRMspnnu8UklabqEdu
W67eG0JaEAT6ALT+yDt3zbnZNhEoXxw01sP8cSVGv4YBecMyGsMndKWYIlQCPhp1
J9h6NebDs6wSlGeQFrs+HaB8HVqmJnNlb8Z9fUCnQY7Wx0GGrIw0wwMrha3QoV7X
m01dFjHv3PKXOkKzZBIe/cbsJgDDqfN2JRFQvF9hvuXdB25gK91DfbX7yml53iND
6+gUAjPnbhbf45X0J3kOkshUs2/M9NZosRAaxpcEBxs3PO6wIMtnpr7iicf20/uZ
70sbIxLDjIbpWEEuGfbvq7dEkVen2Y7iMEg0quqHy22UAznz
-----END CERTIFICATE-----