Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/017f89-9130-4a4e-8547-f3b9741d1d4f/1/O8Js1mgAF0iv_PSwJLDMH2LqzNs.roa
File:                     O8Js1mgAF0iv_PSwJLDMH2LqzNs.roa (raw, json)
Hash identifier:          uCecidRlrlebYe8zpAxIMGUV7GE/OrG+H65AT04t1PQ=
Subject key identifier:   3B:C2:6C:D6:68:00:17:48:AF:FC:F4:B0:24:B0:CC:1F:62:EA:CC:DB
Certificate issuer:       /CN=ff2a50eedfe78040209d6c0ab95f83b5460398dd
Certificate serial:       0194221F9FE0287D9A1922340ABDF7C8E68B
Authority key identifier: FF:2A:50:EE:DF:E7:80:40:20:9D:6C:0A:B9:5F:83:B5:46:03:98:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_ypQ7t_ngEAgnWwKuV-DtUYDmN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/017f89-9130-4a4e-8547-f3b9741d1d4f/1/O8Js1mgAF0iv_PSwJLDMH2LqzNs.roa
Signing time:             Wed 01 Jan 2025 13:48:05 +0000
ROA not before:           Wed 01 Jan 2025 13:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207076
IP address blocks:        2001:67c:1430::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/017f89-9130-4a4e-8547-f3b9741d1d4f/1/_ypQ7t_ngEAgnWwKuV-DtUYDmN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/017f89-9130-4a4e-8547-f3b9741d1d4f/1/_ypQ7t_ngEAgnWwKuV-DtUYDmN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_ypQ7t_ngEAgnWwKuV-DtUYDmN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:9f:e0:28:7d:9a:19:22:34:0a:bd:f7:c8:e6:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff2a50eedfe78040209d6c0ab95f83b5460398dd
        Validity
            Not Before: Jan  1 13:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3bc26cd668001748affcf4b024b0cc1f62eaccdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:d8:36:c8:74:77:44:de:2e:76:54:37:d8:8f:
                    3d:60:62:c0:3e:7f:78:fc:ea:b2:02:82:de:51:21:
                    91:63:17:cd:ec:d9:c8:e4:b0:7c:3a:02:f4:2a:19:
                    7f:6a:81:6e:19:aa:b4:80:ba:43:ae:6f:0e:ed:b5:
                    09:67:7d:c3:49:12:bd:80:49:cb:c8:88:3c:49:55:
                    e3:7b:23:5a:e3:55:bd:c6:09:f7:bd:da:d3:de:17:
                    ec:36:48:7d:d6:2f:76:f0:49:63:04:10:a9:45:a7:
                    f4:35:52:3f:a5:42:12:da:bb:d6:c3:91:52:4f:a0:
                    94:80:b6:48:f6:2a:b6:ed:92:3a:26:33:b0:05:a1:
                    ca:3a:3e:07:86:4f:45:46:11:e3:ce:73:40:7e:cc:
                    18:29:f1:96:6b:ff:02:52:58:0b:8f:2f:97:a0:f6:
                    4b:54:6e:b8:5f:a1:54:23:16:9c:17:c4:f2:5a:62:
                    f1:fe:89:ee:c5:bc:e7:ba:12:09:99:29:b4:d8:8b:
                    63:6c:65:37:9b:9d:8b:50:36:13:86:c8:5b:be:84:
                    c0:82:a6:92:95:c6:7e:a0:91:ba:95:7e:77:c3:8e:
                    6e:3e:14:d9:c5:f1:5a:46:07:24:23:80:4a:9d:c4:
                    5c:08:d8:2e:0d:a4:70:e9:88:b3:40:de:05:e2:38:
                    ef:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:C2:6C:D6:68:00:17:48:AF:FC:F4:B0:24:B0:CC:1F:62:EA:CC:DB
            X509v3 Authority Key Identifier:
                keyid:FF:2A:50:EE:DF:E7:80:40:20:9D:6C:0A:B9:5F:83:B5:46:03:98:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_ypQ7t_ngEAgnWwKuV-DtUYDmN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/017f89-9130-4a4e-8547-f3b9741d1d4f/1/O8Js1mgAF0iv_PSwJLDMH2LqzNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/017f89-9130-4a4e-8547-f3b9741d1d4f/1/_ypQ7t_ngEAgnWwKuV-DtUYDmN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1430::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:61:91:94:92:3f:78:07:36:d9:7c:73:d4:d9:a3:ca:d2:b1:
         26:da:62:44:5d:21:a6:c0:fc:1c:89:87:5a:2f:45:b0:39:e5:
         ac:19:f3:0f:be:24:72:b3:7e:ea:0f:a0:78:29:8b:27:7d:80:
         85:9c:28:69:b6:33:90:72:29:dc:f6:5b:bf:5a:6e:fb:fe:a2:
         46:67:4e:8c:46:47:95:f4:11:0a:30:97:a2:20:82:b5:cf:0a:
         f5:71:e1:63:a7:fb:34:93:da:80:ad:d7:0e:3d:6e:62:cd:b3:
         07:2a:71:74:07:46:89:65:af:1e:58:da:d9:a1:24:3d:37:4b:
         88:cd:fb:d2:62:9d:96:1e:bb:84:c8:e5:a4:fa:21:45:ca:b1:
         55:b4:cb:c2:11:23:16:52:20:bf:02:a7:fb:54:fc:ec:64:0f:
         9c:0b:5c:4a:d5:b5:b4:b1:8d:6e:03:92:d0:22:84:9c:0e:97:
         29:c4:57:84:08:51:33:a7:8d:87:bf:e0:2f:2b:05:c8:3a:df:
         6a:6b:98:ca:19:f5:f8:1d:1e:2f:74:09:69:13:90:a0:50:57:
         5e:14:7c:e7:80:a3:8c:95:8e:9b:45:8c:ad:21:ca:4b:c1:ef:
         48:2b:d6:9a:bd:9a:67:a8:37:0a:14:36:78:cd:76:3c:e5:94:
         2b:7b:10:d8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH5/gKH2aGSI0Cr33yOaLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMmE1MGVlZGZlNzgwNDAyMDlkNmMwYWI5NWY4M2I1NDYw
Mzk4ZGQwHhcNMjUwMTAxMTM0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmMyNmNkNjY4MDAxNzQ4YWZmY2Y0YjAyNGIwY2MxZjYyZWFjY2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6tg2yHR3RN4udlQ32I89YGLAPn94
/OqyAoLeUSGRYxfN7NnI5LB8OgL0Khl/aoFuGaq0gLpDrm8O7bUJZ33DSRK9gEnL
yIg8SVXjeyNa41W9xgn3vdrT3hfsNkh91i928EljBBCpRaf0NVI/pUIS2rvWw5FS
T6CUgLZI9iq27ZI6JjOwBaHKOj4Hhk9FRhHjznNAfswYKfGWa/8CUlgLjy+XoPZL
VG64X6FUIxacF8TyWmLx/onuxbznuhIJmSm02ItjbGU3m52LUDYThshbvoTAgqaS
lcZ+oJG6lX53w45uPhTZxfFaRgckI4BKncRcCNguDaRw6YizQN4F4jjvzwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDvCbNZoABdIr/z0sCSwzB9i6szbMB8GA1UdIwQY
MBaAFP8qUO7f54BAIJ1sCrlfg7VGA5jdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3lwUTd0X25nRUFnbld3S3VWLUR0VVlEbU4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8wMTdmODktOTEzMC00YTRlLTg1NDct
ZjNiOTc0MWQxZDRmLzEvTzhKczFtZ0FGMGl2X1BTd0pMRE1IMkxxek5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8wMTdmODktOTEzMC00YTRlLTg1NDctZjNiOTc0MWQxZDRm
LzEvX3lwUTd0X25nRUFnbld3S3VWLUR0VVlEbU4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBQw
MA0GCSqGSIb3DQEBCwUAA4IBAQAEYZGUkj94BzbZfHPU2aPK0rEm2mJEXSGmwPwc
iYdaL0WwOeWsGfMPviRys37qD6B4KYsnfYCFnChptjOQcinc9lu/Wm77/qJGZ06M
RkeV9BEKMJeiIIK1zwr1ceFjp/s0k9qArdcOPW5izbMHKnF0B0aJZa8eWNrZoSQ9
N0uIzfvSYp2WHruEyOWk+iFFyrFVtMvCESMWUiC/Aqf7VPzsZA+cC1xK1bW0sY1u
A5LQIoScDpcpxFeECFEzp42Hv+AvKwXIOt9qa5jKGfX4HR4vdAlpE5CgUFdeFHzn
gKOMlY6bRYytIcpLwe9IK9aavZpnqDcKFDZ4zXY85ZQrexDY
-----END CERTIFICATE-----