Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/2fce5e-c915-4f02-ad3a-55eb5bb99e45/1/K-gQWrDorOWk95T1Ck9YnvOvyOw.roa
File:                     K-gQWrDorOWk95T1Ck9YnvOvyOw.roa (raw, json)
Hash identifier:          M7ISU7dx2mACRrVyXnpQ2vx1ALS4joyLkkEwNFtNto0=
Subject key identifier:   2B:E8:10:5A:B0:E8:AC:E5:A4:F7:94:F5:0A:4F:58:9E:F3:AF:C8:EC
Certificate issuer:       /CN=68bf1c5a21c3825b8b86516a1a597121b54b3cc3
Certificate serial:       01942143DB2B10EDC5CA4836679FC6AA24E3
Authority key identifier: 68:BF:1C:5A:21:C3:82:5B:8B:86:51:6A:1A:59:71:21:B5:4B:3C:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aL8cWiHDgluLhlFqGllxIbVLPMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/2fce5e-c915-4f02-ad3a-55eb5bb99e45/1/K-gQWrDorOWk95T1Ck9YnvOvyOw.roa
Signing time:             Wed 01 Jan 2025 09:48:02 +0000
ROA not before:           Wed 01 Jan 2025 09:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57288
IP address blocks:        176.97.8.0/21 maxlen: 21
                          2001:67c:1138::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/2fce5e-c915-4f02-ad3a-55eb5bb99e45/1/aL8cWiHDgluLhlFqGllxIbVLPMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/2fce5e-c915-4f02-ad3a-55eb5bb99e45/1/aL8cWiHDgluLhlFqGllxIbVLPMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aL8cWiHDgluLhlFqGllxIbVLPMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 18:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:db:2b:10:ed:c5:ca:48:36:67:9f:c6:aa:24:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68bf1c5a21c3825b8b86516a1a597121b54b3cc3
        Validity
            Not Before: Jan  1 09:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2be8105ab0e8ace5a4f794f50a4f589ef3afc8ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:49:37:ba:92:92:3a:00:b5:ad:56:1e:57:68:
                    c2:22:44:fe:94:01:55:46:4b:07:ff:02:4a:e3:7c:
                    12:a9:81:95:c9:47:df:3c:db:0f:56:b4:85:47:12:
                    c0:b9:19:12:53:9a:d6:99:83:bb:c4:65:71:3b:da:
                    2b:20:d1:e1:1e:84:9d:4d:d5:d6:37:3f:d2:29:58:
                    d2:c4:e3:70:10:e7:83:59:11:e1:87:ab:7c:ae:b9:
                    72:1c:a6:b7:81:cd:02:22:ae:de:5d:52:ab:a8:f5:
                    5b:a7:cf:6b:37:fb:21:78:40:0c:49:6c:b9:b7:3a:
                    b0:d0:51:87:6c:b3:99:2b:72:ee:03:0a:a4:54:ff:
                    58:e1:e9:bd:a7:6e:d2:f4:be:4e:a8:ff:c1:81:14:
                    45:a9:d0:d6:b6:41:5b:05:58:f6:eb:2d:e2:6d:68:
                    ca:17:ae:bd:d4:b4:dc:46:a4:17:b8:e8:8c:81:e8:
                    9f:f0:30:90:25:75:1c:ad:08:5a:a9:76:58:80:44:
                    35:e7:23:31:42:ae:58:90:40:6a:00:f9:dd:e2:61:
                    b8:f0:1f:74:28:45:21:64:04:d3:3f:25:49:29:7b:
                    58:42:54:90:c1:56:87:61:3e:98:3b:90:b2:d4:a0:
                    a4:b7:b3:77:dc:12:31:cd:8c:58:28:d9:e8:65:e4:
                    dc:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:E8:10:5A:B0:E8:AC:E5:A4:F7:94:F5:0A:4F:58:9E:F3:AF:C8:EC
            X509v3 Authority Key Identifier:
                keyid:68:BF:1C:5A:21:C3:82:5B:8B:86:51:6A:1A:59:71:21:B5:4B:3C:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aL8cWiHDgluLhlFqGllxIbVLPMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/2fce5e-c915-4f02-ad3a-55eb5bb99e45/1/K-gQWrDorOWk95T1Ck9YnvOvyOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/2fce5e-c915-4f02-ad3a-55eb5bb99e45/1/aL8cWiHDgluLhlFqGllxIbVLPMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.8.0/21
                IPv6:
                  2001:67c:1138::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:0f:a7:d2:73:cf:76:24:51:7c:bd:83:ee:35:5a:37:35:b2:
         c9:e0:1a:78:09:90:ea:90:8a:64:28:57:23:1e:53:ea:75:3a:
         bd:2b:dd:e1:bd:fd:ae:9c:fb:df:26:2f:1e:6a:50:0f:30:f4:
         cf:2c:d7:58:17:a8:91:2c:ba:68:12:98:4a:8b:fa:82:ad:6b:
         ba:44:59:b1:bf:70:ba:07:05:e9:dd:d2:c1:cd:b6:b6:ab:13:
         99:a5:d9:c6:86:1f:a4:6a:bd:30:fe:70:34:a2:7d:49:82:3c:
         68:ff:1d:a5:a8:a3:a2:a0:88:48:37:d2:34:98:5f:91:b4:9e:
         df:09:a6:fe:b0:50:46:40:cd:3f:20:11:79:da:74:d8:fa:af:
         a7:a1:5c:ea:4c:3b:60:0f:13:69:15:83:a5:2b:fe:7a:56:8c:
         8c:59:e9:02:7f:7e:3c:03:85:a9:d4:b5:eb:b8:e6:4c:c8:8a:
         ee:4b:66:98:20:b6:01:da:63:1a:95:d2:55:28:5c:9a:27:eb:
         9d:d2:3c:89:93:c4:d5:3e:f2:34:98:a9:54:a0:93:b2:11:15:
         d1:54:26:eb:53:20:b0:32:63:bc:79:a0:ce:ad:fe:98:38:48:
         6b:7c:8d:5f:61:2e:69:80:e0:2b:19:96:f9:e9:b7:22:fa:df:
         68:25:0d:1d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhQ9srEO3Fykg2Z5/GqiTjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YmYxYzVhMjFjMzgyNWI4Yjg2NTE2YTFhNTk3MTIxYjU0
YjNjYzMwHhcNMjUwMTAxMDk0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmU4MTA1YWIwZThhY2U1YTRmNzk0ZjUwYTRmNTg5ZWYzYWZjOGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkk3upKSOgC1rVYeV2jCIkT+lAFV
RksH/wJK43wSqYGVyUffPNsPVrSFRxLAuRkSU5rWmYO7xGVxO9orINHhHoSdTdXW
Nz/SKVjSxONwEOeDWRHhh6t8rrlyHKa3gc0CIq7eXVKrqPVbp89rN/sheEAMSWy5
tzqw0FGHbLOZK3LuAwqkVP9Y4em9p27S9L5OqP/BgRRFqdDWtkFbBVj26y3ibWjK
F6691LTcRqQXuOiMgeif8DCQJXUcrQhaqXZYgEQ15yMxQq5YkEBqAPnd4mG48B90
KEUhZATTPyVJKXtYQlSQwVaHYT6YO5Cy1KCkt7N33BIxzYxYKNnoZeTcbQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCvoEFqw6KzlpPeU9QpPWJ7zr8jsMB8GA1UdIwQY
MBaAFGi/HFohw4Jbi4ZRahpZcSG1SzzDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUw4Y1dpSERnbHVMaGxGcUdsbHhJYlZMUE1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8yZmNlNWUtYzkxNS00ZjAyLWFkM2Et
NTVlYjViYjk5ZTQ1LzEvSy1nUVdyRG9yT1drOTVUMUNrOVludk92eU93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8yZmNlNWUtYzkxNS00ZjAyLWFkM2EtNTVlYjViYjk5ZTQ1
LzEvYUw4Y1dpSERnbHVMaGxGcUdsbHhJYlZMUE1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDsGEIMA8E
AgACMAkDBwAgAQZ8ETgwDQYJKoZIhvcNAQELBQADggEBACAPp9Jzz3YkUXy9g+41
Wjc1ssngGngJkOqQimQoVyMeU+p1Or0r3eG9/a6c+98mLx5qUA8w9M8s11gXqJEs
umgSmEqL+oKta7pEWbG/cLoHBend0sHNtrarE5ml2caGH6RqvTD+cDSifUmCPGj/
HaWoo6KgiEg30jSYX5G0nt8Jpv6wUEZAzT8gEXnadNj6r6ehXOpMO2APE2kVg6Ur
/npWjIxZ6QJ/fjwDhanUteu45kzIiu5LZpggtgHaYxqV0lUoXJon653SPImTxNU+
8jSYqVSgk7IRFdFUJutTILAyY7x5oM6t/pg4SGt8jV9hLmmA4CsZlvnptyL632gl
DR0=
-----END CERTIFICATE-----