Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/c1f962-88d6-4642-a2d3-7a7473c545b1/1/JztZZ5jdsYiJwH6r3ruJ841yjPA.roa
File:                     JztZZ5jdsYiJwH6r3ruJ841yjPA.roa (raw, json)
Hash identifier:          fWtXOGVQeuynraDkbnyZnR91bHF3bELX/gnfpid099o=
Subject key identifier:   27:3B:59:67:98:DD:B1:88:89:C0:7E:AB:DE:BB:89:F3:8D:72:8C:F0
Certificate issuer:       /CN=6ec24e2ac9cd53399651590cf391ad6bbf1b3e26
Certificate serial:       019424B38C998554374F68DCF93D10480159
Authority key identifier: 6E:C2:4E:2A:C9:CD:53:39:96:51:59:0C:F3:91:AD:6B:BF:1B:3E:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bsJOKsnNUzmWUVkM85Gta78bPiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/c1f962-88d6-4642-a2d3-7a7473c545b1/1/JztZZ5jdsYiJwH6r3ruJ841yjPA.roa
Signing time:             Thu 02 Jan 2025 01:48:54 +0000
ROA not before:           Thu 02 Jan 2025 01:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216441
IP address blocks:        2001:67c:98::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/c1f962-88d6-4642-a2d3-7a7473c545b1/1/bsJOKsnNUzmWUVkM85Gta78bPiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/c1f962-88d6-4642-a2d3-7a7473c545b1/1/bsJOKsnNUzmWUVkM85Gta78bPiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bsJOKsnNUzmWUVkM85Gta78bPiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:8c:99:85:54:37:4f:68:dc:f9:3d:10:48:01:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ec24e2ac9cd53399651590cf391ad6bbf1b3e26
        Validity
            Not Before: Jan  2 01:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=273b596798ddb18889c07eabdebb89f38d728cf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:9a:9d:d4:3f:00:8a:2d:df:fd:c0:e4:37:bd:
                    81:dd:85:e1:0f:94:b4:69:4f:1f:82:9a:e4:a9:44:
                    a6:41:c4:5a:38:e3:3a:3b:ea:ee:2f:01:7d:55:77:
                    7d:f3:f8:ab:5c:b4:c9:76:cd:50:d7:47:ec:10:70:
                    48:52:a2:99:4d:3d:24:f9:fd:77:af:0d:43:64:74:
                    89:8e:41:8f:ee:31:fa:c0:50:c9:e6:c4:00:50:5a:
                    7a:dc:da:a6:6c:31:75:4e:7c:ad:8e:8a:5e:16:9a:
                    f6:aa:ae:5a:5d:c3:da:1b:07:5d:de:97:01:19:85:
                    7e:88:f9:ba:dc:bf:1c:d4:fc:e7:3d:40:6b:51:8e:
                    e0:88:ec:38:31:65:9c:ed:f1:f7:6c:ff:5b:72:c3:
                    78:7b:c0:be:02:d0:e5:62:72:6c:24:58:73:1b:f7:
                    ff:5b:b3:f4:b0:29:52:fd:0d:47:ca:ba:b6:86:25:
                    7e:59:ae:3c:0e:fe:c4:2d:48:dd:79:91:fc:f5:53:
                    60:8a:f2:89:15:76:9f:a6:dd:9b:19:08:f5:2b:e3:
                    7e:02:b2:21:64:c8:4a:c8:c7:fc:d1:40:f4:b9:f7:
                    4b:c7:37:14:09:a2:c7:ae:1a:8c:ff:aa:3d:c4:68:
                    fc:3b:b3:61:9a:03:96:1a:34:23:9d:cb:ca:62:66:
                    d5:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:3B:59:67:98:DD:B1:88:89:C0:7E:AB:DE:BB:89:F3:8D:72:8C:F0
            X509v3 Authority Key Identifier:
                keyid:6E:C2:4E:2A:C9:CD:53:39:96:51:59:0C:F3:91:AD:6B:BF:1B:3E:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bsJOKsnNUzmWUVkM85Gta78bPiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/c1f962-88d6-4642-a2d3-7a7473c545b1/1/JztZZ5jdsYiJwH6r3ruJ841yjPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/c1f962-88d6-4642-a2d3-7a7473c545b1/1/bsJOKsnNUzmWUVkM85Gta78bPiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:98::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:8b:1b:ff:dc:c4:1e:47:a6:c7:3d:21:05:7f:fb:e5:cb:1a:
         15:27:17:ab:d5:70:1a:13:36:7c:01:17:b1:57:05:22:01:d6:
         48:f8:2c:e1:1f:aa:07:8e:91:56:c8:49:45:cc:2b:22:18:f0:
         fc:ae:03:04:96:74:18:3d:6c:da:5e:bb:a8:6e:9b:d8:ad:2a:
         f0:a0:61:f4:cf:81:b2:49:82:7e:d3:be:62:da:53:6e:bf:9a:
         06:0b:35:4a:cb:61:da:41:59:45:3f:5d:3e:db:64:e2:bb:ec:
         14:60:f0:ac:2d:bd:7d:0c:08:c8:71:84:f7:3c:d3:7e:a3:30:
         3a:66:b3:09:36:98:d6:c0:09:a9:c4:8e:fb:fd:de:81:d1:9f:
         1b:24:28:c1:ba:95:8a:09:b5:29:91:45:8c:f4:a6:43:9b:e0:
         c2:19:76:32:7c:7e:2e:be:74:e7:59:4d:c8:02:1a:67:c5:7e:
         a2:16:df:76:c6:fc:ee:5c:00:90:07:f1:d2:ea:26:73:ae:a3:
         a8:72:62:5b:a1:39:e7:ca:2c:b5:b7:81:97:6e:43:c4:5a:80:
         7e:fd:97:50:e4:d6:f6:73:5e:84:79:1c:80:9f:db:36:63:42:
         7b:82:92:48:62:3a:1f:b0:e1:1e:2f:13:d2:9f:30:df:99:69:
         b7:70:48:16
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQks4yZhVQ3T2jc+T0QSAFZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYzI0ZTJhYzljZDUzMzk5NjUxNTkwY2YzOTFhZDZiYmYx
YjNlMjYwHhcNMjUwMTAyMDE0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzNiNTk2Nzk4ZGRiMTg4ODljMDdlYWJkZWJiODlmMzhkNzI4Y2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopqd1D8Aii3f/cDkN72B3YXhD5S0
aU8fgprkqUSmQcRaOOM6O+ruLwF9VXd98/irXLTJds1Q10fsEHBIUqKZTT0k+f13
rw1DZHSJjkGP7jH6wFDJ5sQAUFp63NqmbDF1TnytjopeFpr2qq5aXcPaGwdd3pcB
GYV+iPm63L8c1PznPUBrUY7giOw4MWWc7fH3bP9bcsN4e8C+AtDlYnJsJFhzG/f/
W7P0sClS/Q1Hyrq2hiV+Wa48Dv7ELUjdeZH89VNgivKJFXafpt2bGQj1K+N+ArIh
ZMhKyMf80UD0ufdLxzcUCaLHrhqM/6o9xGj8O7NhmgOWGjQjncvKYmbV3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCc7WWeY3bGIicB+q967ifONcozwMB8GA1UdIwQY
MBaAFG7CTirJzVM5llFZDPORrWu/Gz4mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnNKT0tzbk5Vem1XVVZrTTg1R3RhNzhiUGlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9jMWY5NjItODhkNi00NjQyLWEyZDMt
N2E3NDczYzU0NWIxLzEvSnp0Wlo1amRzWWlKd0g2cjNydUo4NDF5alBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9jMWY5NjItODhkNi00NjQyLWEyZDMtN2E3NDczYzU0NWIx
LzEvYnNKT0tzbk5Vem1XVVZrTTg1R3RhNzhiUGlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfACY
MA0GCSqGSIb3DQEBCwUAA4IBAQA6ixv/3MQeR6bHPSEFf/vlyxoVJxer1XAaEzZ8
ARexVwUiAdZI+CzhH6oHjpFWyElFzCsiGPD8rgMElnQYPWzaXruobpvYrSrwoGH0
z4GySYJ+075i2lNuv5oGCzVKy2HaQVlFP10+22Tiu+wUYPCsLb19DAjIcYT3PNN+
ozA6ZrMJNpjWwAmpxI77/d6B0Z8bJCjBupWKCbUpkUWM9KZDm+DCGXYyfH4uvnTn
WU3IAhpnxX6iFt92xvzuXACQB/HS6iZzrqOocmJboTnnyiy1t4GXbkPEWoB+/ZdQ
5Nb2c16EeRyAn9s2Y0J7gpJIYjofsOEeLxPSnzDfmWm3cEgW
-----END CERTIFICATE-----