Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/6222f1-f4dc-4704-b946-1906a4a1f993/1/OxQ5KD2enOW3Q6SG5w9YoHDtQi4.roa
File:                     OxQ5KD2enOW3Q6SG5w9YoHDtQi4.roa (raw, json)
Hash identifier:          7v/MM1L+QU9CF1kjU9dOBbxcjiq8aqzftr7NOP1GZsU=
Subject key identifier:   3B:14:39:28:3D:9E:9C:E5:B7:43:A4:86:E7:0F:58:A0:70:ED:42:2E
Certificate issuer:       /CN=be9fc3884705c4aedcfe7a4d17ddb752e1fe6198
Certificate serial:       01942068074D53359F597BAE000AB3CF2A34
Authority key identifier: BE:9F:C3:88:47:05:C4:AE:DC:FE:7A:4D:17:DD:B7:52:E1:FE:61:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vp_DiEcFxK7c_npNF923UuH-YZg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/6222f1-f4dc-4704-b946-1906a4a1f993/1/OxQ5KD2enOW3Q6SG5w9YoHDtQi4.roa
Signing time:             Wed 01 Jan 2025 05:47:56 +0000
ROA not before:           Wed 01 Jan 2025 05:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212737
IP address blocks:        2001:67c:2de0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/6222f1-f4dc-4704-b946-1906a4a1f993/1/vp_DiEcFxK7c_npNF923UuH-YZg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/6222f1-f4dc-4704-b946-1906a4a1f993/1/vp_DiEcFxK7c_npNF923UuH-YZg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vp_DiEcFxK7c_npNF923UuH-YZg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:07:4d:53:35:9f:59:7b:ae:00:0a:b3:cf:2a:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be9fc3884705c4aedcfe7a4d17ddb752e1fe6198
        Validity
            Not Before: Jan  1 05:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b1439283d9e9ce5b743a486e70f58a070ed422e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e4:0c:83:28:64:01:26:26:48:5c:3e:f9:d4:
                    47:8f:73:94:53:2d:29:6a:c2:3e:a6:3a:e2:91:b7:
                    0c:2b:cd:04:c7:77:5e:9d:2f:bb:59:ba:79:96:34:
                    db:28:13:79:60:b6:d1:68:fb:94:19:51:49:19:3d:
                    d7:a8:2c:19:4d:de:58:04:f7:72:be:64:92:8c:f9:
                    07:45:85:6d:a5:33:28:e3:20:95:ab:8b:67:d9:aa:
                    00:cd:1f:79:a8:64:cd:b6:59:c1:73:4f:6e:54:75:
                    de:0a:25:1b:7a:3d:a4:fc:ee:2f:31:d4:d2:d2:01:
                    69:a4:b5:49:fb:15:db:4a:3d:c4:65:a1:26:78:02:
                    4b:99:48:6d:b0:ac:e2:44:d4:db:5d:4d:0d:8e:16:
                    69:45:45:c4:af:18:73:92:61:6b:3d:62:f4:a6:ca:
                    0e:e0:4c:7b:4f:0e:34:43:ba:0e:c2:bb:e6:0f:c2:
                    94:64:e0:cb:02:49:b4:ff:2f:47:92:30:36:95:89:
                    30:25:d9:38:a2:d8:fc:6f:61:ca:ec:bf:d0:8b:a1:
                    f7:80:89:f4:3e:4e:8e:49:b3:e9:3a:bc:e0:f9:f0:
                    63:78:26:96:70:52:33:e3:6c:7e:2c:bd:b4:0d:2c:
                    21:c0:58:df:5d:b2:2a:fd:a2:1a:29:23:dc:3c:05:
                    e7:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:14:39:28:3D:9E:9C:E5:B7:43:A4:86:E7:0F:58:A0:70:ED:42:2E
            X509v3 Authority Key Identifier:
                keyid:BE:9F:C3:88:47:05:C4:AE:DC:FE:7A:4D:17:DD:B7:52:E1:FE:61:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vp_DiEcFxK7c_npNF923UuH-YZg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/6222f1-f4dc-4704-b946-1906a4a1f993/1/OxQ5KD2enOW3Q6SG5w9YoHDtQi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/6222f1-f4dc-4704-b946-1906a4a1f993/1/vp_DiEcFxK7c_npNF923UuH-YZg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2de0::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:c1:08:f0:a6:05:08:19:7b:aa:97:9a:07:f4:1d:0b:b4:8f:
         2b:64:f7:39:87:49:55:94:c8:bb:81:c2:ad:fa:13:63:30:89:
         68:ec:42:b8:d8:a5:eb:08:a2:31:37:e8:55:52:45:66:f3:fc:
         20:6d:81:78:a7:37:db:64:cc:3b:a5:b2:a0:b1:67:a7:4d:73:
         0d:01:b5:c7:26:7c:45:86:9c:a6:86:5b:3a:78:6b:18:02:f2:
         ad:a9:2b:e1:03:f0:92:a0:b5:a7:ab:74:f1:c6:e6:53:76:6b:
         3d:f0:ec:75:d4:01:fd:48:16:3d:70:0c:ff:5a:8c:89:e2:3c:
         63:01:55:65:fa:fc:0c:41:ab:98:f6:a9:85:6c:38:0d:21:30:
         b6:39:15:13:88:53:50:a4:e5:00:6b:35:cc:8b:e7:70:8c:8c:
         36:82:f2:60:5b:95:bf:a0:f6:1e:9f:50:64:d7:4b:96:db:58:
         c2:ad:c0:83:86:1a:d9:db:f8:1a:35:f5:61:c8:54:ed:ec:6f:
         ff:10:72:0c:58:17:1b:19:35:3c:0a:67:0e:21:23:8e:ea:07:
         79:5b:74:21:2b:65:31:84:de:e1:bd:2b:3a:5c:0e:81:8f:31:
         62:6d:e1:26:d0:61:d8:8c:e6:7b:0c:be:04:26:f2:13:d7:26:
         8b:0d:90:15
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQgaAdNUzWfWXuuAAqzzyo0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlOWZjMzg4NDcwNWM0YWVkY2ZlN2E0ZDE3ZGRiNzUyZTFm
ZTYxOTgwHhcNMjUwMTAxMDU0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjE0MzkyODNkOWU5Y2U1Yjc0M2E0ODZlNzBmNThhMDcwZWQ0MjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+QMgyhkASYmSFw++dRHj3OUUy0p
asI+pjrikbcMK80Ex3denS+7Wbp5ljTbKBN5YLbRaPuUGVFJGT3XqCwZTd5YBPdy
vmSSjPkHRYVtpTMo4yCVq4tn2aoAzR95qGTNtlnBc09uVHXeCiUbej2k/O4vMdTS
0gFppLVJ+xXbSj3EZaEmeAJLmUhtsKziRNTbXU0NjhZpRUXErxhzkmFrPWL0psoO
4Ex7Tw40Q7oOwrvmD8KUZODLAkm0/y9HkjA2lYkwJdk4otj8b2HK7L/Qi6H3gIn0
Pk6OSbPpOrzg+fBjeCaWcFIz42x+LL20DSwhwFjfXbIq/aIaKSPcPAXnEQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDsUOSg9npzlt0OkhucPWKBw7UIuMB8GA1UdIwQY
MBaAFL6fw4hHBcSu3P56TRfdt1Lh/mGYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnBfRGlFY0Z4SzdjX25wTkY5MjNVdUgtWVpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC82MjIyZjEtZjRkYy00NzA0LWI5NDYt
MTkwNmE0YTFmOTkzLzEvT3hRNUtEMmVuT1czUTZTRzV3OVlvSER0UWk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC82MjIyZjEtZjRkYy00NzA0LWI5NDYtMTkwNmE0YTFmOTkz
LzEvdnBfRGlFY0Z4SzdjX25wTkY5MjNVdUgtWVpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC3g
MA0GCSqGSIb3DQEBCwUAA4IBAQCHwQjwpgUIGXuql5oH9B0LtI8rZPc5h0lVlMi7
gcKt+hNjMIlo7EK42KXrCKIxN+hVUkVm8/wgbYF4pzfbZMw7pbKgsWenTXMNAbXH
JnxFhpymhls6eGsYAvKtqSvhA/CSoLWnq3TxxuZTdms98Ox11AH9SBY9cAz/WoyJ
4jxjAVVl+vwMQauY9qmFbDgNITC2ORUTiFNQpOUAazXMi+dwjIw2gvJgW5W/oPYe
n1Bk10uW21jCrcCDhhrZ2/gaNfVhyFTt7G//EHIMWBcbGTU8CmcOISOO6gd5W3Qh
K2UxhN7hvSs6XA6BjzFibeEm0GHYjOZ7DL4EJvIT1yaLDZAV
-----END CERTIFICATE-----