Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/o_0FvKZy2sCl-lW0YYSWjBR8xw4.roa
File:                     o_0FvKZy2sCl-lW0YYSWjBR8xw4.roa (raw, json)
Hash identifier:          tubkXy6y714ZDaavV7HFDqe83b8kWltVaHWqaVPG5o0=
Subject key identifier:   A3:FD:05:BC:A6:72:DA:C0:A5:FA:55:B4:61:84:96:8C:14:7C:C7:0E
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       019425FCB085345F7073B340A327EFA03133
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/o_0FvKZy2sCl-lW0YYSWjBR8xw4.roa
Signing time:             Thu 02 Jan 2025 07:48:24 +0000
ROA not before:           Thu 02 Jan 2025 07:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57723
IP address blocks:        2001:1a68:21::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:b0:85:34:5f:70:73:b3:40:a3:27:ef:a0:31:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 07:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3fd05bca672dac0a5fa55b46184968c147cc70e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:55:8b:93:a6:9b:95:02:4f:3e:84:e5:6b:9f:
                    db:ca:5a:0e:d3:22:05:21:9f:3e:62:22:16:98:ee:
                    09:b1:c7:1e:35:b0:28:cc:e6:c2:e8:a7:7e:b0:64:
                    f4:97:a7:92:35:c1:ac:41:29:42:4c:64:9b:07:1d:
                    17:4a:57:0d:48:c3:8c:6b:57:03:7d:b6:cc:25:4c:
                    66:8e:4f:2a:ae:41:1a:95:a4:e2:17:e2:7f:89:3b:
                    d1:d7:06:a3:22:16:76:82:8a:52:36:b6:bb:dd:8c:
                    9e:60:16:8b:fd:6b:71:cb:b4:2f:e9:78:34:27:6c:
                    b2:f1:97:4f:a3:4a:ac:1c:9e:1b:3a:6b:e7:96:b3:
                    f2:4e:cf:72:10:67:18:34:87:0f:d2:9d:79:48:d0:
                    8d:36:3a:96:ee:44:b0:56:ff:be:c3:5d:5a:47:be:
                    21:de:c2:68:14:75:d0:09:7a:16:f6:a6:68:83:39:
                    4c:04:c1:16:74:ad:b6:bb:48:39:a5:2d:51:3f:c3:
                    60:c1:12:d3:d4:d2:5b:4e:97:ee:bf:0c:cc:92:58:
                    88:91:ce:f2:47:9f:4c:38:09:50:93:0e:36:ea:24:
                    57:fd:01:9e:49:f2:6e:00:fa:f3:27:7e:cb:df:d0:
                    24:14:1b:3e:c7:90:7b:c5:1d:e6:d2:15:56:fb:12:
                    b0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:FD:05:BC:A6:72:DA:C0:A5:FA:55:B4:61:84:96:8C:14:7C:C7:0E
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/o_0FvKZy2sCl-lW0YYSWjBR8xw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1a68:21::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:00:ce:3c:e3:6c:9e:50:46:51:16:c8:13:fa:da:68:75:86:
         56:fd:83:e7:20:09:2e:ac:4a:72:be:83:4f:c8:f1:79:85:be:
         b3:e6:f8:a2:7e:96:f4:a5:e7:70:e7:ad:d6:4a:d0:e7:04:61:
         5a:53:97:8e:9b:f2:f1:30:41:2c:4c:93:24:0c:4f:47:6d:39:
         17:ad:d3:c1:dc:ba:ad:a4:94:70:b5:a5:f0:b3:59:63:85:b8:
         0a:83:df:77:ed:6f:d9:06:05:06:f8:5f:44:7a:dd:de:40:60:
         b0:2e:7a:ee:17:f1:c9:1c:f0:6e:4c:73:ef:ea:a8:87:12:e3:
         9e:7b:20:47:ec:59:bb:ec:d6:97:79:47:39:83:b0:71:1e:f7:
         75:e1:78:60:be:5d:1e:44:22:83:5b:a5:f3:f6:06:cc:f1:61:
         a1:24:87:7e:25:6e:65:5d:95:a3:36:17:c8:c8:08:4c:7b:17:
         52:f6:6d:9e:fb:5b:e8:b9:40:52:71:98:21:5b:f0:d0:54:21:
         4c:01:90:63:98:a1:30:10:43:8f:2a:ac:8b:b4:cc:f3:2c:a0:
         dc:77:3f:ce:c2:51:f7:e7:81:02:58:8e:23:72:34:cb:71:e4:
         ae:c0:9a:23:19:7e:1d:a0:cb:53:4b:65:7b:aa:fb:e9:3b:4b:
         1d:c7:cd:da
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/LCFNF9wc7NAoyfvoDEzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjUwMTAyMDc0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2ZkMDViY2E2NzJkYWMwYTVmYTU1YjQ2MTg0OTY4YzE0N2NjNzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVWLk6ablQJPPoTla5/byloO0yIF
IZ8+YiIWmO4JscceNbAozObC6Kd+sGT0l6eSNcGsQSlCTGSbBx0XSlcNSMOMa1cD
fbbMJUxmjk8qrkEalaTiF+J/iTvR1wajIhZ2gopSNra73YyeYBaL/Wtxy7Qv6Xg0
J2yy8ZdPo0qsHJ4bOmvnlrPyTs9yEGcYNIcP0p15SNCNNjqW7kSwVv++w11aR74h
3sJoFHXQCXoW9qZogzlMBMEWdK22u0g5pS1RP8NgwRLT1NJbTpfuvwzMkliIkc7y
R59MOAlQkw426iRX/QGeSfJuAPrzJ37L39AkFBs+x5B7xR3m0hVW+xKwmQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKP9BbymctrApfpVtGGElowUfMcOMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvb18wRnZLWnkyc0NsLWxXMFlZU1dqQlI4eHc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEaaAAh
MA0GCSqGSIb3DQEBCwUAA4IBAQBZAM4842yeUEZRFsgT+tpodYZW/YPnIAkurEpy
voNPyPF5hb6z5viifpb0pedw563WStDnBGFaU5eOm/LxMEEsTJMkDE9HbTkXrdPB
3LqtpJRwtaXws1ljhbgKg9937W/ZBgUG+F9Eet3eQGCwLnruF/HJHPBuTHPv6qiH
EuOeeyBH7Fm77NaXeUc5g7BxHvd14Xhgvl0eRCKDW6Xz9gbM8WGhJId+JW5lXZWj
NhfIyAhMexdS9m2e+1vouUBScZghW/DQVCFMAZBjmKEwEEOPKqyLtMzzLKDcdz/O
wlH354ECWI4jcjTLceSuwJojGX4doMtTS2V7qvvpO0sdx83a
-----END CERTIFICATE-----