Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/d45469-0c7b-4410-bb5e-7dc528aa5d4e/1/6pWip88KFCQlBaqpP5OAyYyKKL0.roa
File:                     6pWip88KFCQlBaqpP5OAyYyKKL0.roa (raw, json)
Hash identifier:          2kxcH3Ha1RRmUiGnKMePTKTFBssB2qkinO67e/D6ssU=
Subject key identifier:   EA:95:A2:A7:CF:0A:14:24:25:05:AA:A9:3F:93:80:C9:8C:8A:28:BD
Certificate issuer:       /CN=e0d5d561e76ef259c4a02df30f35064dededf2d7
Certificate serial:       0194221F76BA31D9A236DC3720EDF88CBB58
Authority key identifier: E0:D5:D5:61:E7:6E:F2:59:C4:A0:2D:F3:0F:35:06:4D:ED:ED:F2:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4NXVYedu8lnEoC3zDzUGTe3t8tc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/d45469-0c7b-4410-bb5e-7dc528aa5d4e/1/6pWip88KFCQlBaqpP5OAyYyKKL0.roa
Signing time:             Wed 01 Jan 2025 13:47:54 +0000
ROA not before:           Wed 01 Jan 2025 13:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20570
IP address blocks:        2001:67c:d70::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/d45469-0c7b-4410-bb5e-7dc528aa5d4e/1/4NXVYedu8lnEoC3zDzUGTe3t8tc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/d45469-0c7b-4410-bb5e-7dc528aa5d4e/1/4NXVYedu8lnEoC3zDzUGTe3t8tc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4NXVYedu8lnEoC3zDzUGTe3t8tc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:76:ba:31:d9:a2:36:dc:37:20:ed:f8:8c:bb:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0d5d561e76ef259c4a02df30f35064dededf2d7
        Validity
            Not Before: Jan  1 13:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea95a2a7cf0a14242505aaa93f9380c98c8a28bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:71:6b:19:b7:f7:55:85:ff:2c:08:25:ed:46:
                    27:c6:b2:0c:ec:d4:49:af:07:ab:3c:b8:fc:e7:43:
                    bd:79:9e:10:14:27:df:7c:9b:d4:e5:84:1f:a6:cb:
                    1b:8f:d9:54:a4:21:29:69:fe:b6:03:52:e8:9b:aa:
                    af:65:f9:81:62:88:2c:f5:a9:da:23:63:b1:8d:a0:
                    3a:47:83:ed:f1:08:95:f7:35:e9:4e:d8:6c:47:57:
                    d2:ce:e0:7b:7d:68:22:e8:94:5a:7e:e1:c1:25:3f:
                    4a:91:03:1f:d5:b4:dc:c2:81:b4:98:08:c0:fb:6d:
                    5a:eb:4c:26:1d:7a:fd:63:06:13:54:de:37:06:29:
                    e6:06:02:0a:8e:ea:55:47:2b:fa:4d:33:4e:5c:c3:
                    da:f9:82:70:d2:47:03:6c:e3:fe:3f:a9:c0:37:e3:
                    3c:a7:de:93:68:ee:e5:ae:90:03:73:05:97:57:f5:
                    a3:46:1c:26:aa:f7:92:46:aa:9f:4b:e0:1f:7b:e7:
                    b5:0c:81:14:76:b9:79:cf:8b:9b:58:67:1f:1a:21:
                    e0:df:30:ef:d6:09:29:f2:ad:4a:74:f2:44:a5:77:
                    ca:4d:96:74:8e:af:ba:85:ad:26:27:2d:28:9c:0a:
                    2e:ff:e5:9e:ec:77:b8:8c:18:88:58:78:ef:45:76:
                    ec:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:95:A2:A7:CF:0A:14:24:25:05:AA:A9:3F:93:80:C9:8C:8A:28:BD
            X509v3 Authority Key Identifier:
                keyid:E0:D5:D5:61:E7:6E:F2:59:C4:A0:2D:F3:0F:35:06:4D:ED:ED:F2:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4NXVYedu8lnEoC3zDzUGTe3t8tc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/d45469-0c7b-4410-bb5e-7dc528aa5d4e/1/6pWip88KFCQlBaqpP5OAyYyKKL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/d45469-0c7b-4410-bb5e-7dc528aa5d4e/1/4NXVYedu8lnEoC3zDzUGTe3t8tc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d70::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:b1:6e:46:5e:8c:c2:c1:3e:95:37:73:da:6d:c8:98:02:0f:
         51:c4:eb:88:7d:d9:84:1f:c2:69:d0:46:bd:88:3e:d9:ef:ef:
         e7:23:5d:9a:0e:b6:74:88:06:58:1d:8a:fa:51:dc:c9:1c:0b:
         51:a8:c6:24:82:f5:22:c0:54:b2:cb:0a:b4:4b:58:f9:a2:91:
         c7:07:33:70:e4:75:4e:45:9d:4e:38:0d:b1:14:d4:39:81:54:
         bd:62:d9:00:82:38:c5:fa:60:2f:de:47:0d:62:58:8b:a4:fc:
         a6:64:01:fd:37:fc:2a:2d:13:52:26:87:55:20:c5:0a:67:04:
         5e:c7:01:c4:28:15:15:be:3c:b6:bc:b2:0e:fe:14:80:00:da:
         76:e4:ab:4e:9c:95:4f:a5:f1:01:40:f9:1a:42:f6:32:d4:6b:
         d1:3f:d7:1a:d8:df:19:43:6c:d6:a6:18:cf:16:aa:2d:46:d7:
         cc:87:b0:cd:e2:a3:9f:39:77:8c:8b:48:36:b9:98:3a:ff:ca:
         2c:4a:6b:98:75:4e:a6:72:fe:45:b3:fa:1d:fd:06:0a:87:b1:
         c2:06:41:79:a8:59:48:b0:27:61:7d:9b:db:22:e0:dc:2c:2a:
         47:74:07:78:ba:ba:08:9d:37:56:f3:7f:03:45:0d:88:c5:44:
         9a:5e:dc:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH3a6MdmiNtw3IO34jLtYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZDVkNTYxZTc2ZWYyNTljNGEwMmRmMzBmMzUwNjRkZWRl
ZGYyZDcwHhcNMjUwMTAxMTM0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTk1YTJhN2NmMGExNDI0MjUwNWFhYTkzZjkzODBjOThjOGEyOGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3FrGbf3VYX/LAgl7UYnxrIM7NRJ
rwerPLj850O9eZ4QFCfffJvU5YQfpssbj9lUpCEpaf62A1Lom6qvZfmBYogs9ana
I2OxjaA6R4Pt8QiV9zXpTthsR1fSzuB7fWgi6JRafuHBJT9KkQMf1bTcwoG0mAjA
+21a60wmHXr9YwYTVN43BinmBgIKjupVRyv6TTNOXMPa+YJw0kcDbOP+P6nAN+M8
p96TaO7lrpADcwWXV/WjRhwmqveSRqqfS+Afe+e1DIEUdrl5z4ubWGcfGiHg3zDv
1gkp8q1KdPJEpXfKTZZ0jq+6ha0mJy0onAou/+We7He4jBiIWHjvRXbsBwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOqVoqfPChQkJQWqqT+TgMmMiii9MB8GA1UdIwQY
MBaAFODV1WHnbvJZxKAt8w81Bk3t7fLXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE5YVlllZHU4bG5Fb0MzekR6VUdUZTN0OHRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9kNDU0NjktMGM3Yi00NDEwLWJiNWUt
N2RjNTI4YWE1ZDRlLzEvNnBXaXA4OEtGQ1FsQmFxcFA1T0F5WXlLS0wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9kNDU0NjktMGM3Yi00NDEwLWJiNWUtN2RjNTI4YWE1ZDRl
LzEvNE5YVlllZHU4bG5Fb0MzekR6VUdUZTN0OHRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA1w
MA0GCSqGSIb3DQEBCwUAA4IBAQCXsW5GXozCwT6VN3PabciYAg9RxOuIfdmEH8Jp
0Ea9iD7Z7+/nI12aDrZ0iAZYHYr6UdzJHAtRqMYkgvUiwFSyywq0S1j5opHHBzNw
5HVORZ1OOA2xFNQ5gVS9YtkAgjjF+mAv3kcNYliLpPymZAH9N/wqLRNSJodVIMUK
ZwRexwHEKBUVvjy2vLIO/hSAANp25KtOnJVPpfEBQPkaQvYy1GvRP9ca2N8ZQ2zW
phjPFqotRtfMh7DN4qOfOXeMi0g2uZg6/8osSmuYdU6mcv5Fs/od/QYKh7HCBkF5
qFlIsCdhfZvbIuDcLCpHdAd4uroInTdW838DRQ2IxUSaXtx7
-----END CERTIFICATE-----