Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/abac14-6eab-4985-867a-c8e863c1a8d1/1/NKe-wrE2WicgBb0c0Ud-bVOtGPw.roa
File:                     NKe-wrE2WicgBb0c0Ud-bVOtGPw.roa (raw, json)
Hash identifier:          gADDqpEfldBNZqdg/FkPxqfMdnRA+6kZ643uxJ4620k=
Subject key identifier:   34:A7:BE:C2:B1:36:5A:27:20:05:BD:1C:D1:47:7E:6D:53:AD:18:FC
Certificate issuer:       /CN=d2c2b0ee187928409065d19ee9c0858e8c17ea13
Certificate serial:       0194252210677A1B62F5DD7682E62D0E4B53
Authority key identifier: D2:C2:B0:EE:18:79:28:40:90:65:D1:9E:E9:C0:85:8E:8C:17:EA:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0sKw7hh5KECQZdGe6cCFjowX6hM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/abac14-6eab-4985-867a-c8e863c1a8d1/1/NKe-wrE2WicgBb0c0Ud-bVOtGPw.roa
Signing time:             Thu 02 Jan 2025 03:49:36 +0000
ROA not before:           Thu 02 Jan 2025 03:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215088
IP address blocks:        2001:67c:e6c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/abac14-6eab-4985-867a-c8e863c1a8d1/1/0sKw7hh5KECQZdGe6cCFjowX6hM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/abac14-6eab-4985-867a-c8e863c1a8d1/1/0sKw7hh5KECQZdGe6cCFjowX6hM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0sKw7hh5KECQZdGe6cCFjowX6hM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:10:67:7a:1b:62:f5:dd:76:82:e6:2d:0e:4b:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2c2b0ee187928409065d19ee9c0858e8c17ea13
        Validity
            Not Before: Jan  2 03:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34a7bec2b1365a272005bd1cd1477e6d53ad18fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:78:33:02:aa:68:bb:7f:1d:b3:06:27:c2:5d:
                    24:3a:dd:7a:6b:c0:c9:6f:13:b8:c0:a8:69:2f:c9:
                    88:00:fe:1b:b0:73:12:82:ca:d6:0a:69:65:42:0a:
                    c4:e0:bb:ea:aa:38:02:a7:dd:0a:a4:e5:f7:92:c2:
                    b8:2f:41:3a:6f:20:9f:e5:ec:92:be:e9:9d:ea:3e:
                    13:ae:01:e6:63:06:99:a7:35:f7:6b:a1:74:df:e7:
                    35:29:e5:6d:12:2f:cf:3f:92:41:40:31:ff:8d:f8:
                    02:e5:eb:51:c0:c2:da:c5:3f:4f:74:e7:24:84:c4:
                    e3:73:82:50:41:fe:87:e6:a8:af:1a:12:69:5a:53:
                    b8:8b:bb:a8:b3:85:09:1b:26:84:42:03:fd:f8:6b:
                    3f:4c:89:98:e7:83:fe:2e:3b:80:50:58:25:32:f1:
                    59:dd:14:43:4b:12:85:af:f8:08:12:66:57:11:a1:
                    5a:b5:40:3d:a4:6d:1d:69:20:45:fb:e2:15:b0:6d:
                    00:4c:8d:25:5e:81:60:e3:f8:4a:6b:bc:ce:8a:ac:
                    32:2f:5a:a0:cf:74:c9:7f:fd:8b:33:4d:5a:2a:69:
                    25:ee:43:cd:8c:71:fd:d6:6e:b5:ce:7e:6f:d7:2d:
                    83:22:e5:b4:f0:1c:aa:6d:ed:83:cf:7c:51:b4:38:
                    1f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:A7:BE:C2:B1:36:5A:27:20:05:BD:1C:D1:47:7E:6D:53:AD:18:FC
            X509v3 Authority Key Identifier:
                keyid:D2:C2:B0:EE:18:79:28:40:90:65:D1:9E:E9:C0:85:8E:8C:17:EA:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0sKw7hh5KECQZdGe6cCFjowX6hM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/abac14-6eab-4985-867a-c8e863c1a8d1/1/NKe-wrE2WicgBb0c0Ud-bVOtGPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/abac14-6eab-4985-867a-c8e863c1a8d1/1/0sKw7hh5KECQZdGe6cCFjowX6hM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e6c::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:7a:f6:ad:3d:24:19:0d:d5:98:f9:03:93:80:79:89:d8:94:
         e0:5c:bc:c9:ee:f4:26:0f:09:75:ad:c6:ff:ee:69:e5:d5:e0:
         df:36:90:6a:97:fc:d0:1f:c0:5e:11:fc:e0:24:30:22:49:c1:
         6a:4d:e6:f1:33:0c:b4:27:84:77:93:36:fc:a8:85:5a:9c:88:
         48:9a:3a:02:92:06:32:56:88:49:4b:51:5d:70:25:02:cb:b6:
         2c:e1:bc:c6:e4:a6:3f:4d:92:3e:b7:de:2f:99:ca:f2:f7:19:
         f2:f2:93:a6:48:6c:2d:aa:5b:8d:61:95:70:86:45:cd:a0:a6:
         32:9e:0a:88:f1:b6:4b:77:8b:47:95:7b:f2:a4:80:3c:cb:41:
         d0:f8:c2:a5:c8:6a:75:54:26:24:4f:73:24:c3:57:e0:4f:46:
         46:66:af:67:c8:07:94:0a:97:f0:17:13:d7:bf:df:ed:84:8e:
         4d:81:06:02:66:97:b2:2e:17:6a:b8:10:a9:a6:54:c3:08:5c:
         5d:ea:68:4e:40:d9:6c:ef:1a:89:b0:68:e9:a2:6b:dd:f5:9b:
         55:d6:fe:ed:e1:cd:11:e6:13:6c:9d:57:f8:b4:1b:88:c4:ef:
         9f:4f:7e:b3:11:e2:46:66:ef:15:31:b8:8b:8b:2c:64:df:a0:
         c4:6e:af:a3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIhBnehti9d12guYtDktTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYzJiMGVlMTg3OTI4NDA5MDY1ZDE5ZWU5YzA4NThlOGMx
N2VhMTMwHhcNMjUwMTAyMDM0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGE3YmVjMmIxMzY1YTI3MjAwNWJkMWNkMTQ3N2U2ZDUzYWQxOGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2XgzAqpou38dswYnwl0kOt16a8DJ
bxO4wKhpL8mIAP4bsHMSgsrWCmllQgrE4LvqqjgCp90KpOX3ksK4L0E6byCf5eyS
vumd6j4TrgHmYwaZpzX3a6F03+c1KeVtEi/PP5JBQDH/jfgC5etRwMLaxT9PdOck
hMTjc4JQQf6H5qivGhJpWlO4i7uos4UJGyaEQgP9+Gs/TImY54P+LjuAUFglMvFZ
3RRDSxKFr/gIEmZXEaFatUA9pG0daSBF++IVsG0ATI0lXoFg4/hKa7zOiqwyL1qg
z3TJf/2LM01aKmkl7kPNjHH91m61zn5v1y2DIuW08Byqbe2Dz3xRtDgfcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDSnvsKxNlonIAW9HNFHfm1TrRj8MB8GA1UdIwQY
MBaAFNLCsO4YeShAkGXRnunAhY6MF+oTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHNLdzdoaDVLRUNRWmRHZTZjQ0Zqb3dYNmhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9hYmFjMTQtNmVhYi00OTg1LTg2N2Et
YzhlODYzYzFhOGQxLzEvTktlLXdyRTJXaWNnQmIwYzBVZC1iVk90R1B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9hYmFjMTQtNmVhYi00OTg1LTg2N2EtYzhlODYzYzFhOGQx
LzEvMHNLdzdoaDVLRUNRWmRHZTZjQ0Zqb3dYNmhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA5s
MA0GCSqGSIb3DQEBCwUAA4IBAQAmevatPSQZDdWY+QOTgHmJ2JTgXLzJ7vQmDwl1
rcb/7mnl1eDfNpBql/zQH8BeEfzgJDAiScFqTebxMwy0J4R3kzb8qIVanIhImjoC
kgYyVohJS1FdcCUCy7Ys4bzG5KY/TZI+t94vmcry9xny8pOmSGwtqluNYZVwhkXN
oKYyngqI8bZLd4tHlXvypIA8y0HQ+MKlyGp1VCYkT3Mkw1fgT0ZGZq9nyAeUCpfw
FxPXv9/thI5NgQYCZpeyLhdquBCpplTDCFxd6mhOQNls7xqJsGjpomvd9ZtV1v7t
4c0R5hNsnVf4tBuIxO+fT36zEeJGZu8VMbiLiyxk36DEbq+j
-----END CERTIFICATE-----