Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/bc658f-a528-4360-b58c-07b09e465119/1/4PNlkOPWAaPkvxKKyZ24ywHUUNs.roa
File:                     4PNlkOPWAaPkvxKKyZ24ywHUUNs.roa (raw, json)
Hash identifier:          eaQPOrhXnd6IgLBTpKSTCgVJBcG3spHBZu3BsMLZw3g=
Subject key identifier:   E0:F3:65:90:E3:D6:01:A3:E4:BF:12:8A:C9:9D:B8:CB:01:D4:50:DB
Certificate issuer:       /CN=1e5703846d7a8364bec303034db91acbff42da0c
Certificate serial:       0194266C3090EEBCEFEE935EB38A3C19D3FE
Authority key identifier: 1E:57:03:84:6D:7A:83:64:BE:C3:03:03:4D:B9:1A:CB:FF:42:DA:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlcDhG16g2S-wwMDTbkay_9C2gw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/bc658f-a528-4360-b58c-07b09e465119/1/4PNlkOPWAaPkvxKKyZ24ywHUUNs.roa
Signing time:             Thu 02 Jan 2025 09:50:12 +0000
ROA not before:           Thu 02 Jan 2025 09:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13127
IP address blocks:        2001:67c:14b0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/bc658f-a528-4360-b58c-07b09e465119/1/HlcDhG16g2S-wwMDTbkay_9C2gw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/bc658f-a528-4360-b58c-07b09e465119/1/HlcDhG16g2S-wwMDTbkay_9C2gw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlcDhG16g2S-wwMDTbkay_9C2gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:30:90:ee:bc:ef:ee:93:5e:b3:8a:3c:19:d3:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5703846d7a8364bec303034db91acbff42da0c
        Validity
            Not Before: Jan  2 09:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0f36590e3d601a3e4bf128ac99db8cb01d450db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:fa:15:1e:a3:05:09:8b:de:49:e4:c3:a0:07:
                    b6:eb:ac:96:77:03:a7:61:ae:c0:5b:79:c1:b4:10:
                    43:d8:e1:c7:5e:41:7b:76:eb:ea:ae:e6:eb:36:93:
                    0c:23:2c:e0:c2:b4:07:f0:92:18:38:5f:b2:50:8b:
                    ea:d3:d8:8e:68:36:cc:a6:8e:89:07:c8:50:ca:67:
                    cf:87:88:bf:3f:98:c5:58:0a:30:83:35:95:3c:6f:
                    8f:17:39:4e:52:90:ea:02:53:13:dd:c5:35:9b:42:
                    f7:c9:cd:fb:a8:44:b0:eb:a6:ba:a0:f7:f9:16:43:
                    ce:30:1b:6f:a7:2d:42:22:4e:2f:9a:36:02:6a:a4:
                    73:32:55:f4:87:6e:9f:9b:d5:98:82:20:c1:b6:a2:
                    c3:7c:25:bb:c4:17:ad:f2:3a:f7:ab:da:51:3d:45:
                    13:21:7c:33:21:b0:58:4e:ad:5b:e6:b5:8c:99:6e:
                    4b:d1:72:f7:ed:67:98:1b:c4:14:fc:5e:dc:1e:f8:
                    d6:f1:90:99:6c:0e:a7:82:6f:a9:c7:3e:6c:ef:9b:
                    fc:fd:3d:78:09:49:07:3e:c6:7f:50:84:e0:28:88:
                    35:6c:f9:05:e4:6b:04:d8:21:93:2d:b4:0b:1c:9a:
                    c4:9c:8b:3f:d4:50:f6:0d:c0:34:c5:08:fe:92:23:
                    49:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:F3:65:90:E3:D6:01:A3:E4:BF:12:8A:C9:9D:B8:CB:01:D4:50:DB
            X509v3 Authority Key Identifier:
                keyid:1E:57:03:84:6D:7A:83:64:BE:C3:03:03:4D:B9:1A:CB:FF:42:DA:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlcDhG16g2S-wwMDTbkay_9C2gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/bc658f-a528-4360-b58c-07b09e465119/1/4PNlkOPWAaPkvxKKyZ24ywHUUNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/bc658f-a528-4360-b58c-07b09e465119/1/HlcDhG16g2S-wwMDTbkay_9C2gw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:14b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:01:65:48:29:4d:5b:10:fb:4c:61:31:12:65:0b:d0:e3:44:
         5c:74:51:62:5b:82:15:fe:e0:3f:1a:65:42:82:20:31:6f:2e:
         66:6a:56:1b:11:74:65:07:8f:b7:d4:8b:c9:ec:46:b8:bb:57:
         0d:f2:0f:cd:77:e3:e6:26:a2:6c:cd:e5:f5:e6:ff:6e:12:11:
         c6:80:16:c5:28:1a:81:78:df:7d:61:2b:1f:c6:98:c9:9d:2a:
         33:25:73:7f:b3:e4:2d:e2:68:df:10:5e:82:69:62:76:8a:37:
         20:f8:13:88:dd:a0:47:f7:12:50:15:d4:82:bb:14:34:ea:34:
         41:cc:e8:66:ed:8e:f2:c7:56:e6:38:31:67:21:6a:48:d2:a1:
         46:f4:66:1b:d1:ab:f7:9f:8d:c5:56:98:3f:f3:13:c7:a0:de:
         f0:81:2d:d5:f0:9e:d2:b0:38:eb:22:6a:bc:86:9f:da:21:19:
         e6:48:81:d6:e6:be:9d:9f:24:6e:79:fa:4a:72:fa:6e:0e:5d:
         93:c3:68:ed:b8:7c:cf:7d:70:c9:34:3a:85:56:43:cc:d9:de:
         39:af:cf:66:14:a9:36:81:b3:a4:4d:a9:c2:8c:b3:63:8d:d5:
         7c:e8:16:18:d5:50:98:07:ed:cc:99:f7:2d:76:68:53:b4:94:
         7c:bd:fc:f7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQmbDCQ7rzv7pNes4o8GdP+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNTcwMzg0NmQ3YTgzNjRiZWMzMDMwMzRkYjkxYWNiZmY0
MmRhMGMwHhcNMjUwMTAyMDk1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGYzNjU5MGUzZDYwMWEzZTRiZjEyOGFjOTlkYjhjYjAxZDQ1MGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PoVHqMFCYveSeTDoAe266yWdwOn
Ya7AW3nBtBBD2OHHXkF7duvqrubrNpMMIyzgwrQH8JIYOF+yUIvq09iOaDbMpo6J
B8hQymfPh4i/P5jFWAowgzWVPG+PFzlOUpDqAlMT3cU1m0L3yc37qESw66a6oPf5
FkPOMBtvpy1CIk4vmjYCaqRzMlX0h26fm9WYgiDBtqLDfCW7xBet8jr3q9pRPUUT
IXwzIbBYTq1b5rWMmW5L0XL37WeYG8QU/F7cHvjW8ZCZbA6ngm+pxz5s75v8/T14
CUkHPsZ/UITgKIg1bPkF5GsE2CGTLbQLHJrEnIs/1FD2DcA0xQj+kiNJvQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFODzZZDj1gGj5L8SismduMsB1FDbMB8GA1UdIwQY
MBaAFB5XA4RteoNkvsMDA025Gsv/QtoMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxjRGhHMTZnMlMtd3dNRFRia2F5XzlDMmd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9iYzY1OGYtYTUyOC00MzYwLWI1OGMt
MDdiMDllNDY1MTE5LzEvNFBObGtPUFdBYVBrdnhLS3laMjR5d0hVVU5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9iYzY1OGYtYTUyOC00MzYwLWI1OGMtMDdiMDllNDY1MTE5
LzEvSGxjRGhHMTZnMlMtd3dNRFRia2F5XzlDMmd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBSw
MA0GCSqGSIb3DQEBCwUAA4IBAQCHAWVIKU1bEPtMYTESZQvQ40RcdFFiW4IV/uA/
GmVCgiAxby5malYbEXRlB4+31IvJ7Ea4u1cN8g/Nd+PmJqJszeX15v9uEhHGgBbF
KBqBeN99YSsfxpjJnSozJXN/s+Qt4mjfEF6CaWJ2ijcg+BOI3aBH9xJQFdSCuxQ0
6jRBzOhm7Y7yx1bmODFnIWpI0qFG9GYb0av3n43FVpg/8xPHoN7wgS3V8J7SsDjr
Imq8hp/aIRnmSIHW5r6dnyRuefpKcvpuDl2Tw2jtuHzPfXDJNDqFVkPM2d45r89m
FKk2gbOkTanCjLNjjdV86BYY1VCYB+3MmfctdmhTtJR8vfz3
-----END CERTIFICATE-----