Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/53aca2-e888-421c-b59a-c958bf4f8991/1/jkQdp6EX7jHh6f31YxZYZhR0C8U.roa
File:                     jkQdp6EX7jHh6f31YxZYZhR0C8U.roa (raw, json)
Hash identifier:          FmayEZ/+k7yvcImZRXEurVZdNlGpk+kZM2DFLPiqTu8=
Subject key identifier:   8E:44:1D:A7:A1:17:EE:31:E1:E9:FD:F5:63:16:58:66:14:74:0B:C5
Certificate issuer:       /CN=6a3a8b74ad4ed673797a9f6b7749c223456979d0
Certificate serial:       01942520ABC9B92F6C8193264868BD1A77CB
Authority key identifier: 6A:3A:8B:74:AD:4E:D6:73:79:7A:9F:6B:77:49:C2:23:45:69:79:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ajqLdK1O1nN5ep9rd0nCI0VpedA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/53aca2-e888-421c-b59a-c958bf4f8991/1/jkQdp6EX7jHh6f31YxZYZhR0C8U.roa
Signing time:             Thu 02 Jan 2025 03:48:05 +0000
ROA not before:           Thu 02 Jan 2025 03:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210140
IP address blocks:        2001:67c:2e48::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/53aca2-e888-421c-b59a-c958bf4f8991/1/ajqLdK1O1nN5ep9rd0nCI0VpedA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/53aca2-e888-421c-b59a-c958bf4f8991/1/ajqLdK1O1nN5ep9rd0nCI0VpedA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ajqLdK1O1nN5ep9rd0nCI0VpedA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:20:ab:c9:b9:2f:6c:81:93:26:48:68:bd:1a:77:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a3a8b74ad4ed673797a9f6b7749c223456979d0
        Validity
            Not Before: Jan  2 03:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e441da7a117ee31e1e9fdf56316586614740bc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d1:19:6b:0d:3f:e5:06:8b:b5:f6:73:69:12:
                    e4:a0:db:79:7e:a7:81:d3:13:9e:c7:22:5b:1c:b1:
                    6c:18:73:4a:c2:ba:12:d1:94:7b:4d:32:b6:bb:52:
                    47:27:01:e7:0f:7d:85:bb:9d:91:b3:d4:5c:f6:ca:
                    b5:4c:6c:88:43:78:29:cf:f5:97:f6:91:4a:30:73:
                    a7:61:f1:63:4a:71:93:92:87:d0:f7:8b:b4:22:a4:
                    59:3c:71:67:91:0d:59:af:0e:34:e8:11:5a:9d:77:
                    d7:ad:43:2b:fa:8a:03:06:79:f3:07:12:64:a0:fe:
                    b3:41:96:ef:6f:64:af:29:be:be:a3:68:e6:15:01:
                    a6:8b:85:81:37:5a:d1:65:a3:b7:39:a0:99:13:1c:
                    1c:15:1b:85:97:3c:3c:7d:0e:0c:5a:ab:49:bd:d4:
                    d2:42:aa:ad:19:b6:e1:02:f3:c1:09:e2:5d:00:8e:
                    37:af:0f:c4:46:19:a6:b6:37:d4:01:f6:7b:b0:15:
                    27:b4:11:37:3e:58:36:0b:83:7f:eb:15:88:d4:82:
                    2f:f2:71:23:9c:6e:ae:08:7f:34:50:b5:54:2d:a9:
                    55:10:7b:22:bc:c3:5d:38:50:40:4a:32:6c:56:ad:
                    ae:96:97:e6:b5:e6:34:88:d7:3d:ea:dc:57:b0:e3:
                    e2:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:44:1D:A7:A1:17:EE:31:E1:E9:FD:F5:63:16:58:66:14:74:0B:C5
            X509v3 Authority Key Identifier:
                keyid:6A:3A:8B:74:AD:4E:D6:73:79:7A:9F:6B:77:49:C2:23:45:69:79:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ajqLdK1O1nN5ep9rd0nCI0VpedA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/53aca2-e888-421c-b59a-c958bf4f8991/1/jkQdp6EX7jHh6f31YxZYZhR0C8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/53aca2-e888-421c-b59a-c958bf4f8991/1/ajqLdK1O1nN5ep9rd0nCI0VpedA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2e48::/48

    Signature Algorithm: sha256WithRSAEncryption
         b7:a2:f5:f5:a4:38:dd:66:92:58:b0:e2:97:de:1a:d0:bd:89:
         14:8a:07:e1:65:a3:d2:da:81:68:cd:ea:03:71:67:d2:6a:7c:
         77:04:93:6f:0f:04:4d:34:8d:0d:00:e0:da:a3:f6:48:4f:01:
         2b:36:7e:cc:5a:f7:a5:f2:ff:8c:dd:3a:db:4f:db:7a:83:c4:
         97:ea:8b:49:d5:f5:fd:cc:10:02:c0:12:dc:29:2a:22:cc:7e:
         94:a7:d2:f2:6b:8b:1e:95:74:44:2d:dc:a2:ce:2e:b4:c4:c7:
         b8:2a:7b:6b:30:a2:d8:b7:19:6b:f5:50:6c:6d:ee:ce:95:4b:
         08:df:9d:fe:9a:18:a4:f2:76:4b:21:70:8e:90:53:f9:d5:ba:
         41:02:0b:4f:b8:74:13:d6:76:e0:52:9f:b2:56:22:7e:74:30:
         66:c2:f4:e3:21:51:00:70:2f:a5:5c:87:99:a2:1b:e9:b8:f7:
         e8:c1:20:e4:10:82:da:0b:c8:06:6c:3e:ad:be:72:c1:41:fc:
         a5:67:b7:59:41:85:76:71:72:08:5f:87:28:02:93:20:1b:ff:
         39:41:91:20:39:cd:2e:89:59:4f:df:48:2e:ad:da:e1:b4:c0:
         72:13:79:fa:2e:88:82:54:d8:8a:26:13:a2:1b:56:25:6e:1f:
         99:f7:36:68
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIKvJuS9sgZMmSGi9GnfLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhM2E4Yjc0YWQ0ZWQ2NzM3OTdhOWY2Yjc3NDljMjIzNDU2
OTc5ZDAwHhcNMjUwMTAyMDM0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTQ0MWRhN2ExMTdlZTMxZTFlOWZkZjU2MzE2NTg2NjE0NzQwYmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtEZaw0/5QaLtfZzaRLkoNt5fqeB
0xOexyJbHLFsGHNKwroS0ZR7TTK2u1JHJwHnD32Fu52Rs9Rc9sq1TGyIQ3gpz/WX
9pFKMHOnYfFjSnGTkofQ94u0IqRZPHFnkQ1Zrw406BFanXfXrUMr+ooDBnnzBxJk
oP6zQZbvb2SvKb6+o2jmFQGmi4WBN1rRZaO3OaCZExwcFRuFlzw8fQ4MWqtJvdTS
QqqtGbbhAvPBCeJdAI43rw/ERhmmtjfUAfZ7sBUntBE3Plg2C4N/6xWI1IIv8nEj
nG6uCH80ULVULalVEHsivMNdOFBASjJsVq2ulpfmteY0iNc96txXsOPi3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI5EHaehF+4x4en99WMWWGYUdAvFMB8GA1UdIwQY
MBaAFGo6i3StTtZzeXqfa3dJwiNFaXnQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWpxTGRLMU8xbk41ZXA5cmQwbkNJMFZwZWRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81M2FjYTItZTg4OC00MjFjLWI1OWEt
Yzk1OGJmNGY4OTkxLzEvamtRZHA2RVg3akhoNmYzMVl4WllaaFIwQzhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81M2FjYTItZTg4OC00MjFjLWI1OWEtYzk1OGJmNGY4OTkx
LzEvYWpxTGRLMU8xbk41ZXA5cmQwbkNJMFZwZWRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC5I
MA0GCSqGSIb3DQEBCwUAA4IBAQC3ovX1pDjdZpJYsOKX3hrQvYkUigfhZaPS2oFo
zeoDcWfSanx3BJNvDwRNNI0NAODao/ZITwErNn7MWvel8v+M3TrbT9t6g8SX6otJ
1fX9zBACwBLcKSoizH6Up9Lya4selXRELdyizi60xMe4KntrMKLYtxlr9VBsbe7O
lUsI353+mhik8nZLIXCOkFP51bpBAgtPuHQT1nbgUp+yViJ+dDBmwvTjIVEAcC+l
XIeZohvpuPfowSDkEILaC8gGbD6tvnLBQfylZ7dZQYV2cXIIX4coApMgG/85QZEg
Oc0uiVlP30gurdrhtMByE3n6LoiCVNiKJhOiG1Ylbh+Z9zZo
-----END CERTIFICATE-----