Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/cecd3a-e92a-4509-b590-9f307574051e/1/erRTM1_91VtMTpdLg1tFc8DEnKQ.roa
File:                     erRTM1_91VtMTpdLg1tFc8DEnKQ.roa (raw, json)
Hash identifier:          igv5stthjArSt6knKlRkVvpjhTI9/bVwYZs5FEOn1NI=
Subject key identifier:   7A:B4:53:33:5F:FD:D5:5B:4C:4E:97:4B:83:5B:45:73:C0:C4:9C:A4
Certificate issuer:       /CN=c833a0389592756e415cde348abbc24312b02df6
Certificate serial:       019420D5E910C0FA54B61168E6C0964135E8
Authority key identifier: C8:33:A0:38:95:92:75:6E:41:5C:DE:34:8A:BB:C2:43:12:B0:2D:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yDOgOJWSdW5BXN40irvCQxKwLfY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/cecd3a-e92a-4509-b590-9f307574051e/1/erRTM1_91VtMTpdLg1tFc8DEnKQ.roa
Signing time:             Wed 01 Jan 2025 07:47:57 +0000
ROA not before:           Wed 01 Jan 2025 07:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204254
IP address blocks:        2001:67c:754::/48 maxlen: 48
                          2001:67c:758::/48 maxlen: 48
                          2001:67c:75c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/cecd3a-e92a-4509-b590-9f307574051e/1/yDOgOJWSdW5BXN40irvCQxKwLfY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/cecd3a-e92a-4509-b590-9f307574051e/1/yDOgOJWSdW5BXN40irvCQxKwLfY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yDOgOJWSdW5BXN40irvCQxKwLfY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:e9:10:c0:fa:54:b6:11:68:e6:c0:96:41:35:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c833a0389592756e415cde348abbc24312b02df6
        Validity
            Not Before: Jan  1 07:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ab453335ffdd55b4c4e974b835b4573c0c49ca4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:8a:4b:c7:bf:b0:6a:7b:cc:6a:34:8f:86:44:
                    f9:43:80:08:31:1c:57:de:a9:c6:4b:18:5a:b9:b9:
                    cd:c4:1f:45:5a:27:2d:30:30:be:0e:93:4a:9e:f9:
                    f3:ad:de:0f:29:a8:6e:4c:cf:22:4b:bc:8d:23:6a:
                    b4:fb:5e:63:d0:2e:9b:7b:ea:bd:21:c7:d7:f6:d0:
                    4a:87:0b:f9:49:44:fd:7f:a7:81:05:a3:fe:2e:ee:
                    96:55:cc:d5:b6:71:1f:9f:1a:11:a8:9b:d0:8f:49:
                    aa:3b:60:a1:ab:0b:94:f8:a1:ee:d4:f6:fc:2e:cf:
                    1b:61:5c:fe:93:02:a3:b7:e8:a4:da:22:c0:70:b8:
                    01:f2:9e:66:5a:f1:5b:5a:97:d9:e5:f1:c1:f7:4b:
                    d3:30:77:b5:b7:5d:32:3b:3c:62:33:b3:7c:72:6b:
                    ae:1e:b6:62:be:77:82:d7:8b:4e:e8:f0:c6:56:8b:
                    a3:be:ef:3f:14:46:5a:af:08:d6:70:85:4b:31:00:
                    f2:fb:f5:91:c6:ef:5a:eb:00:97:07:4b:6b:95:50:
                    f3:9b:5c:63:82:17:2a:4b:6b:c9:68:88:c9:8b:6b:
                    a2:1a:d8:89:b8:49:28:85:88:73:98:1d:c3:3b:71:
                    89:d3:59:c1:cf:c8:9e:e1:e9:64:99:08:20:2c:89:
                    be:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:B4:53:33:5F:FD:D5:5B:4C:4E:97:4B:83:5B:45:73:C0:C4:9C:A4
            X509v3 Authority Key Identifier:
                keyid:C8:33:A0:38:95:92:75:6E:41:5C:DE:34:8A:BB:C2:43:12:B0:2D:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yDOgOJWSdW5BXN40irvCQxKwLfY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/cecd3a-e92a-4509-b590-9f307574051e/1/erRTM1_91VtMTpdLg1tFc8DEnKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/cecd3a-e92a-4509-b590-9f307574051e/1/yDOgOJWSdW5BXN40irvCQxKwLfY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:754::/48
                  2001:67c:758::/48
                  2001:67c:75c::/48

    Signature Algorithm: sha256WithRSAEncryption
         ba:f1:5f:f1:4b:13:cd:d9:73:fb:d6:1e:71:2a:80:fd:7e:3b:
         70:76:68:ee:f0:fe:de:8d:8b:56:54:0e:52:15:35:00:60:87:
         ca:0a:78:43:df:46:cc:67:12:e4:72:35:88:6e:28:d9:72:10:
         6a:d0:fe:66:19:3f:2d:cb:74:57:3e:c3:c3:73:22:51:e4:62:
         3e:c0:19:73:1c:b3:b1:72:13:e9:63:29:e6:51:b3:a1:f6:1f:
         8e:c7:09:b0:1e:6d:b6:a7:33:37:0d:b5:85:09:59:a2:b2:e5:
         62:33:30:6b:cd:c0:bd:7e:94:73:77:a7:c4:50:c0:c2:3a:cb:
         15:13:d4:3c:fe:d8:c9:d5:ba:ae:ca:d6:78:ff:16:a2:ab:f0:
         4e:1a:5e:af:40:e8:e2:24:52:9b:9b:73:da:a2:f2:e4:e8:e9:
         a9:97:43:2d:30:3e:b3:9f:34:fc:d0:7c:bd:3d:7f:b3:1a:23:
         63:66:ba:3c:2e:bd:93:74:57:2c:ac:1c:10:9b:c1:7e:25:f1:
         70:d6:e2:21:4b:3e:bb:f1:4e:03:0a:7e:db:bb:16:57:96:ef:
         b3:37:dd:7e:c5:a6:80:59:3f:32:16:93:71:95:06:b4:72:57:
         c0:e9:42:72:0c:62:61:cd:17:6f:ac:a4:31:d7:3e:9f:3c:fc:
         50:6e:17:6d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQg1ekQwPpUthFo5sCWQTXoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4MzNhMDM4OTU5Mjc1NmU0MTVjZGUzNDhhYmJjMjQzMTJi
MDJkZjYwHhcNMjUwMTAxMDc0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWI0NTMzMzVmZmRkNTViNGM0ZTk3NGI4MzViNDU3M2MwYzQ5Y2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4pLx7+wanvMajSPhkT5Q4AIMRxX
3qnGSxhaubnNxB9FWictMDC+DpNKnvnzrd4PKahuTM8iS7yNI2q0+15j0C6be+q9
IcfX9tBKhwv5SUT9f6eBBaP+Lu6WVczVtnEfnxoRqJvQj0mqO2ChqwuU+KHu1Pb8
Ls8bYVz+kwKjt+ik2iLAcLgB8p5mWvFbWpfZ5fHB90vTMHe1t10yOzxiM7N8cmuu
HrZivneC14tO6PDGVoujvu8/FEZarwjWcIVLMQDy+/WRxu9a6wCXB0trlVDzm1xj
ghcqS2vJaIjJi2uiGtiJuEkohYhzmB3DO3GJ01nBz8ie4elkmQggLIm+NwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHq0UzNf/dVbTE6XS4NbRXPAxJykMB8GA1UdIwQY
MBaAFMgzoDiVknVuQVzeNIq7wkMSsC32MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveURPZ09KV1NkVzVCWE40MGlydkNReEt3TGZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9jZWNkM2EtZTkyYS00NTA5LWI1OTAt
OWYzMDc1NzQwNTFlLzEvZXJSVE0xXzkxVnRNVHBkTGcxdEZjOERFbktRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9jZWNkM2EtZTkyYS00NTA5LWI1OTAtOWYzMDc1NzQwNTFl
LzEveURPZ09KV1NkVzVCWE40MGlydkNReEt3TGZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAIAEGfAdU
AwcAIAEGfAdYAwcAIAEGfAdcMA0GCSqGSIb3DQEBCwUAA4IBAQC68V/xSxPN2XP7
1h5xKoD9fjtwdmju8P7ejYtWVA5SFTUAYIfKCnhD30bMZxLkcjWIbijZchBq0P5m
GT8ty3RXPsPDcyJR5GI+wBlzHLOxchPpYynmUbOh9h+OxwmwHm22pzM3DbWFCVmi
suViMzBrzcC9fpRzd6fEUMDCOssVE9Q8/tjJ1bquytZ4/xaiq/BOGl6vQOjiJFKb
m3PaovLk6Ompl0MtMD6znzT80Hy9PX+zGiNjZro8Lr2TdFcsrBwQm8F+JfFw1uIh
Sz678U4DCn7buxZXlu+zN91+xaaAWT8yFpNxlQa0clfA6UJyDGJhzRdvrKQx1z6f
PPxQbhdt
-----END CERTIFICATE-----