Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/8cf51c-54d7-4c3a-90c4-bd512ed58f78/1/vOfFSwnv08l6OdPeZZK6ruAsY5E.roa
File:                     vOfFSwnv08l6OdPeZZK6ruAsY5E.roa (raw, json)
Hash identifier:          HCrYAQ+7uNSAWRDrRhQ/VN8mpYkiEOW8ifFbRzWfvZA=
Subject key identifier:   BC:E7:C5:4B:09:EF:D3:C9:7A:39:D3:DE:65:92:BA:AE:E0:2C:63:91
Certificate issuer:       /CN=4eaf14b67e051cfbd5e1b1d51693d44682392792
Certificate serial:       019433CC5ECE691A80C19E6286D401A8D879
Authority key identifier: 4E:AF:14:B6:7E:05:1C:FB:D5:E1:B1:D5:16:93:D4:46:82:39:27:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tq8Utn4FHPvV4bHVFpPURoI5J5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/8cf51c-54d7-4c3a-90c4-bd512ed58f78/1/vOfFSwnv08l6OdPeZZK6ruAsY5E.roa
Signing time:             Sun 05 Jan 2025 00:10:19 +0000
ROA not before:           Sun 05 Jan 2025 00:10:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49752
IP address blocks:        2001:67c:e78::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/8cf51c-54d7-4c3a-90c4-bd512ed58f78/1/Tq8Utn4FHPvV4bHVFpPURoI5J5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/8cf51c-54d7-4c3a-90c4-bd512ed58f78/1/Tq8Utn4FHPvV4bHVFpPURoI5J5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tq8Utn4FHPvV4bHVFpPURoI5J5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 08:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:33:cc:5e:ce:69:1a:80:c1:9e:62:86:d4:01:a8:d8:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4eaf14b67e051cfbd5e1b1d51693d44682392792
        Validity
            Not Before: Jan  5 00:10:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bce7c54b09efd3c97a39d3de6592baaee02c6391
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d2:34:96:bd:4a:bb:de:bb:c7:bb:48:8b:a4:
                    b0:dd:8b:4b:2f:72:5a:dc:9d:03:46:bd:cb:a8:db:
                    54:db:80:57:4f:0c:e1:46:2e:b7:bc:74:70:04:a7:
                    f9:26:d4:c6:10:6d:06:06:74:0c:69:c0:2c:c4:fd:
                    fe:63:5e:e7:eb:91:d5:8e:29:58:43:e3:d2:a4:e8:
                    f8:1f:50:ea:fc:12:bb:3e:40:e2:86:cf:d6:c4:f6:
                    c8:e6:94:a7:a3:6f:70:27:71:53:a0:b3:ef:2d:0a:
                    0b:94:4c:ac:70:15:08:e5:e6:91:d7:61:b0:05:3d:
                    ac:9a:12:82:4e:be:14:ce:53:0f:90:f1:d4:39:b7:
                    19:f0:94:af:77:22:70:a6:40:27:06:c4:48:f7:fe:
                    50:6b:7d:b2:3c:f8:1b:13:98:ac:4d:90:da:d7:21:
                    c2:75:9d:c7:b6:9c:b8:a6:86:68:11:50:fd:57:1b:
                    09:15:bf:d3:9c:47:9e:1e:d8:a6:88:f5:46:d0:7b:
                    65:48:9c:9a:b4:b7:09:22:62:0c:ca:39:e2:0f:69:
                    ce:5d:a4:00:47:5c:4c:23:78:2a:7e:18:f9:f5:ef:
                    50:22:6e:3c:95:90:98:2d:3d:0d:8d:02:8b:b1:da:
                    f9:9c:7e:07:bc:50:48:17:b0:d0:f5:f7:d2:ed:70:
                    a6:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:E7:C5:4B:09:EF:D3:C9:7A:39:D3:DE:65:92:BA:AE:E0:2C:63:91
            X509v3 Authority Key Identifier:
                keyid:4E:AF:14:B6:7E:05:1C:FB:D5:E1:B1:D5:16:93:D4:46:82:39:27:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tq8Utn4FHPvV4bHVFpPURoI5J5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/8cf51c-54d7-4c3a-90c4-bd512ed58f78/1/vOfFSwnv08l6OdPeZZK6ruAsY5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/8cf51c-54d7-4c3a-90c4-bd512ed58f78/1/Tq8Utn4FHPvV4bHVFpPURoI5J5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e78::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:e7:0b:e2:4b:2a:ba:e7:9a:4e:4f:b4:3d:32:c9:d0:6f:37:
         43:44:31:5a:9e:35:57:d4:e2:c8:b4:72:6f:f4:e8:9f:1b:60:
         95:99:97:67:a6:72:77:20:58:d0:f8:9f:4d:47:3a:ef:66:6e:
         b5:16:70:30:7c:9b:7b:31:04:53:ee:fe:07:f8:0c:56:39:0e:
         d9:7d:25:93:e1:ec:de:88:09:c3:fb:3c:67:2b:ea:ca:10:84:
         fa:98:94:14:43:66:82:3b:48:df:84:33:37:7e:96:bb:bc:2c:
         8f:38:14:aa:3d:a0:33:99:f1:0c:b0:72:65:22:67:ba:99:95:
         9a:5e:c7:75:c1:d5:81:a0:a1:33:39:50:b4:5e:9c:c7:08:ac:
         22:2e:61:9a:01:78:dc:e9:3f:1f:78:76:4d:28:39:81:58:c1:
         94:ce:b2:13:fd:8f:99:ea:f6:cb:7f:ec:5f:72:a4:a3:b4:6f:
         e1:24:0b:0c:eb:13:45:ab:14:77:23:07:f2:cd:d2:34:13:ea:
         aa:e2:9a:61:ee:49:34:82:ac:39:e8:2b:83:fd:94:25:75:3b:
         6d:f5:92:c0:80:57:27:80:10:5b:52:79:02:d9:6d:a1:e2:42:
         4f:1d:7d:60:72:b9:f8:25:b2:6e:b5:73:f9:30:22:84:40:c2:
         af:9b:8f:94
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQzzF7OaRqAwZ5ihtQBqNh5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlYWYxNGI2N2UwNTFjZmJkNWUxYjFkNTE2OTNkNDQ2ODIz
OTI3OTIwHhcNMjUwMTA1MDAxMDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2U3YzU0YjA5ZWZkM2M5N2EzOWQzZGU2NTkyYmFhZWUwMmM2MzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtI0lr1Ku967x7tIi6Sw3YtLL3Ja
3J0DRr3LqNtU24BXTwzhRi63vHRwBKf5JtTGEG0GBnQMacAsxP3+Y17n65HVjilY
Q+PSpOj4H1Dq/BK7PkDihs/WxPbI5pSno29wJ3FToLPvLQoLlEyscBUI5eaR12Gw
BT2smhKCTr4UzlMPkPHUObcZ8JSvdyJwpkAnBsRI9/5Qa32yPPgbE5isTZDa1yHC
dZ3Htpy4poZoEVD9VxsJFb/TnEeeHtimiPVG0HtlSJyatLcJImIMyjniD2nOXaQA
R1xMI3gqfhj59e9QIm48lZCYLT0NjQKLsdr5nH4HvFBIF7DQ9ffS7XCm/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLznxUsJ79PJejnT3mWSuq7gLGORMB8GA1UdIwQY
MBaAFE6vFLZ+BRz71eGx1RaT1EaCOSeSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHE4VXRuNEZIUHZWNGJIVkZwUFVSb0k1SjVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS84Y2Y1MWMtNTRkNy00YzNhLTkwYzQt
YmQ1MTJlZDU4Zjc4LzEvdk9mRlN3bnYwOGw2T2RQZVpaSzZydUFzWTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS84Y2Y1MWMtNTRkNy00YzNhLTkwYzQtYmQ1MTJlZDU4Zjc4
LzEvVHE4VXRuNEZIUHZWNGJIVkZwUFVSb0k1SjVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA54
MA0GCSqGSIb3DQEBCwUAA4IBAQCK5wviSyq655pOT7Q9MsnQbzdDRDFanjVX1OLI
tHJv9OifG2CVmZdnpnJ3IFjQ+J9NRzrvZm61FnAwfJt7MQRT7v4H+AxWOQ7ZfSWT
4ezeiAnD+zxnK+rKEIT6mJQUQ2aCO0jfhDM3fpa7vCyPOBSqPaAzmfEMsHJlIme6
mZWaXsd1wdWBoKEzOVC0XpzHCKwiLmGaAXjc6T8feHZNKDmBWMGUzrIT/Y+Z6vbL
f+xfcqSjtG/hJAsM6xNFqxR3IwfyzdI0E+qq4pph7kk0gqw56CuD/ZQldTtt9ZLA
gFcngBBbUnkC2W2h4kJPHX1gcrn4JbJutXP5MCKEQMKvm4+U
-----END CERTIFICATE-----