Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/0a9b31-7ed7-48ca-a304-aee567173615/1/m_DyVhepA8h1XGWM-orUdoIVf7o.roa
File:                     m_DyVhepA8h1XGWM-orUdoIVf7o.roa (raw, json)
Hash identifier:          saVyyQ5v2TSsmPKMina7v4SF//mHS3btHrahjrjyKxE=
Subject key identifier:   9B:F0:F2:56:17:A9:03:C8:75:5C:65:8C:FA:8A:D4:76:82:15:7F:BA
Certificate issuer:       /CN=8fe692658aef093d9e3603132b965bf1be075d37
Certificate serial:       0194266A3223BC32201A02BD23530C2CC37E
Authority key identifier: 8F:E6:92:65:8A:EF:09:3D:9E:36:03:13:2B:96:5B:F1:BE:07:5D:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j-aSZYrvCT2eNgMTK5Zb8b4HXTc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/0a9b31-7ed7-48ca-a304-aee567173615/1/m_DyVhepA8h1XGWM-orUdoIVf7o.roa
Signing time:             Thu 02 Jan 2025 09:48:01 +0000
ROA not before:           Thu 02 Jan 2025 09:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213997
IP address blocks:        2001:67c:f48::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/0a9b31-7ed7-48ca-a304-aee567173615/1/j-aSZYrvCT2eNgMTK5Zb8b4HXTc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/0a9b31-7ed7-48ca-a304-aee567173615/1/j-aSZYrvCT2eNgMTK5Zb8b4HXTc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j-aSZYrvCT2eNgMTK5Zb8b4HXTc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:32:23:bc:32:20:1a:02:bd:23:53:0c:2c:c3:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fe692658aef093d9e3603132b965bf1be075d37
        Validity
            Not Before: Jan  2 09:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9bf0f25617a903c8755c658cfa8ad47682157fba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:cb:cb:44:3b:a9:6f:42:59:f6:37:b0:e0:1e:
                    ca:e6:af:61:73:9b:4b:ec:1c:ff:f1:9f:f0:7d:e6:
                    ef:aa:65:38:88:78:ae:aa:eb:b1:eb:15:99:cb:1f:
                    ac:75:26:6e:43:7e:85:ba:a0:54:7a:09:62:96:11:
                    6f:a4:77:97:8f:fb:9a:0e:5d:f0:86:8e:08:5f:e4:
                    c1:90:8d:aa:ec:5a:08:66:ef:d0:d7:fe:9c:18:63:
                    4b:af:06:cf:4d:8e:8a:a0:ec:6e:f7:ad:6b:ff:d3:
                    44:c0:bd:fa:27:95:33:f6:55:a5:a2:75:33:79:e3:
                    96:7c:de:af:5d:ed:51:1d:d8:51:c5:79:05:f9:9a:
                    7d:bd:3b:fb:24:3b:e3:7e:74:cf:af:22:44:c2:9c:
                    8b:82:06:b4:a0:57:d3:0d:2d:96:f2:0c:49:62:84:
                    b7:fa:23:97:93:40:d7:d6:f6:bb:7d:7e:90:84:0c:
                    2a:dc:4e:0c:e7:60:2e:d3:cf:b7:5e:25:c9:7a:6d:
                    90:90:a2:ea:c4:84:c5:1d:fc:ff:79:c1:bf:bc:aa:
                    21:e4:e1:78:57:3f:20:3a:9d:82:1a:52:43:08:d8:
                    8f:85:61:ef:4b:58:a3:13:22:f9:ec:85:ff:f9:99:
                    07:a4:59:a4:57:47:a3:22:fa:30:25:e0:80:90:6b:
                    f7:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:F0:F2:56:17:A9:03:C8:75:5C:65:8C:FA:8A:D4:76:82:15:7F:BA
            X509v3 Authority Key Identifier:
                keyid:8F:E6:92:65:8A:EF:09:3D:9E:36:03:13:2B:96:5B:F1:BE:07:5D:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j-aSZYrvCT2eNgMTK5Zb8b4HXTc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/0a9b31-7ed7-48ca-a304-aee567173615/1/m_DyVhepA8h1XGWM-orUdoIVf7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/0a9b31-7ed7-48ca-a304-aee567173615/1/j-aSZYrvCT2eNgMTK5Zb8b4HXTc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:f48::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:69:97:40:40:e5:d3:44:80:30:67:4e:af:f5:16:f0:5c:e9:
         43:70:b6:0c:a5:c9:94:c3:ee:73:d4:ff:c8:83:0d:0f:73:57:
         32:35:4f:2c:71:33:27:da:bc:14:7e:d5:e6:bb:1c:9d:cd:6d:
         f6:e2:50:2b:58:c4:f8:85:a2:fd:e4:b3:43:60:14:4a:5b:3e:
         32:69:bc:1e:03:af:4a:ab:9f:da:77:b6:c1:50:b4:50:3a:8e:
         9f:49:02:cf:5c:63:30:cd:33:bf:06:cb:6d:61:6c:1c:7f:1e:
         d4:be:8f:a1:1a:01:14:23:af:c5:0d:ff:98:67:3f:8a:42:f0:
         c0:19:0c:81:77:22:52:3f:ae:a5:2f:b6:ab:df:57:51:b6:bb:
         ca:fe:7d:2b:d6:52:b7:e9:8f:8b:26:e4:4b:3f:44:b1:c6:a2:
         46:a8:0c:d5:d3:da:e2:32:79:c3:27:91:00:2f:8a:11:bb:62:
         d8:fb:2b:04:44:1b:e7:3d:61:9e:9d:8b:8a:7e:69:a5:00:90:
         43:81:87:6a:27:ff:7e:a1:4e:12:d6:da:61:aa:7d:9c:56:80:
         a8:37:9c:84:41:d8:ec:d7:11:1e:dc:58:51:5a:f5:0f:8b:5c:
         7a:f5:7f:07:27:e2:96:50:21:54:bb:69:7c:69:30:03:6b:d0:
         68:32:b0:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQmajIjvDIgGgK9I1MMLMN+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmZTY5MjY1OGFlZjA5M2Q5ZTM2MDMxMzJiOTY1YmYxYmUw
NzVkMzcwHhcNMjUwMTAyMDk0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmYwZjI1NjE3YTkwM2M4NzU1YzY1OGNmYThhZDQ3NjgyMTU3ZmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8vLRDupb0JZ9jew4B7K5q9hc5tL
7Bz/8Z/wfebvqmU4iHiuquux6xWZyx+sdSZuQ36FuqBUeglilhFvpHeXj/uaDl3w
ho4IX+TBkI2q7FoIZu/Q1/6cGGNLrwbPTY6KoOxu961r/9NEwL36J5Uz9lWlonUz
eeOWfN6vXe1RHdhRxXkF+Zp9vTv7JDvjfnTPryJEwpyLgga0oFfTDS2W8gxJYoS3
+iOXk0DX1va7fX6QhAwq3E4M52Au08+3XiXJem2QkKLqxITFHfz/ecG/vKoh5OF4
Vz8gOp2CGlJDCNiPhWHvS1ijEyL57IX/+ZkHpFmkV0ejIvowJeCAkGv3ZQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJvw8lYXqQPIdVxljPqK1HaCFX+6MB8GA1UdIwQY
MBaAFI/mkmWK7wk9njYDEyuWW/G+B103MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvai1hU1pZcnZDVDJlTmdNVEs1WmI4YjRIWFRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8wYTliMzEtN2VkNy00OGNhLWEzMDQt
YWVlNTY3MTczNjE1LzEvbV9EeVZoZXBBOGgxWEdXTS1vclVkb0lWZjdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8wYTliMzEtN2VkNy00OGNhLWEzMDQtYWVlNTY3MTczNjE1
LzEvai1hU1pZcnZDVDJlTmdNVEs1WmI4YjRIWFRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA9I
MA0GCSqGSIb3DQEBCwUAA4IBAQBBaZdAQOXTRIAwZ06v9RbwXOlDcLYMpcmUw+5z
1P/Igw0Pc1cyNU8scTMn2rwUftXmuxydzW324lArWMT4haL95LNDYBRKWz4yabwe
A69Kq5/ad7bBULRQOo6fSQLPXGMwzTO/BsttYWwcfx7Uvo+hGgEUI6/FDf+YZz+K
QvDAGQyBdyJSP66lL7ar31dRtrvK/n0r1lK36Y+LJuRLP0SxxqJGqAzV09riMnnD
J5EAL4oRu2LY+ysERBvnPWGenYuKfmmlAJBDgYdqJ/9+oU4S1tphqn2cVoCoN5yE
Qdjs1xEe3FhRWvUPi1x69X8HJ+KWUCFUu2l8aTADa9BoMrC7
-----END CERTIFICATE-----