Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c54f42-912f-4b81-8b00-5c00fcd73619/1/7RtSvYvJ-s26z4jJmihBpc9PPTg.roa
File:                     7RtSvYvJ-s26z4jJmihBpc9PPTg.roa (raw, json)
Hash identifier:          +WPL+eLMOyDQbtRDqabesCoaqYzO2nUYgvkky6oLihM=
Subject key identifier:   ED:1B:52:BD:8B:C9:FA:CD:BA:CF:88:C9:9A:28:41:A5:CF:4F:3D:38
Certificate issuer:       /CN=2b3f6fa9f037765e74bdf2ac82ccbabc7e4fc8ed
Certificate serial:       0194875E380B5A7F17975BBD200BF00AF40D
Authority key identifier: 2B:3F:6F:A9:F0:37:76:5E:74:BD:F2:AC:82:CC:BA:BC:7E:4F:C8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kz9vqfA3dl50vfKsgsy6vH5PyO0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c54f42-912f-4b81-8b00-5c00fcd73619/1/7RtSvYvJ-s26z4jJmihBpc9PPTg.roa
Signing time:             Tue 21 Jan 2025 05:38:06 +0000
ROA not before:           Tue 21 Jan 2025 05:38:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213655
IP address blocks:        2001:67c:ffc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c54f42-912f-4b81-8b00-5c00fcd73619/1/Kz9vqfA3dl50vfKsgsy6vH5PyO0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c54f42-912f-4b81-8b00-5c00fcd73619/1/Kz9vqfA3dl50vfKsgsy6vH5PyO0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kz9vqfA3dl50vfKsgsy6vH5PyO0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:87:5e:38:0b:5a:7f:17:97:5b:bd:20:0b:f0:0a:f4:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b3f6fa9f037765e74bdf2ac82ccbabc7e4fc8ed
        Validity
            Not Before: Jan 21 05:38:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed1b52bd8bc9facdbacf88c99a2841a5cf4f3d38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d8:a4:b4:98:ad:d6:ed:1a:1c:11:56:60:e9:
                    7c:11:ac:14:9f:4a:e8:16:7d:9a:55:70:ec:6d:af:
                    81:8f:72:44:2c:00:d2:1d:57:bc:d9:c6:1f:fd:02:
                    cf:b2:e0:95:c0:a1:ac:58:1f:20:32:de:a2:92:a5:
                    01:93:d7:30:26:8e:68:54:c1:d3:7f:de:0c:48:5a:
                    b0:56:19:04:b9:9e:6f:03:a0:a2:21:8e:5b:04:18:
                    d8:9b:6d:5d:b0:b8:51:45:10:12:b1:e1:ce:06:ef:
                    6d:56:ea:f2:5a:f1:83:13:75:69:11:a2:ee:9b:b7:
                    95:e9:2f:dc:97:f4:57:3d:63:f2:9d:b5:c7:03:a8:
                    57:e3:95:e8:16:8f:93:9b:5d:d2:44:7a:10:5d:04:
                    0d:05:6a:31:a6:ab:f2:da:10:cc:56:a1:83:de:e6:
                    75:a8:0d:33:ea:c6:72:b0:56:36:8f:9b:b8:41:fe:
                    e5:10:2c:33:2c:82:43:1c:ea:fe:45:0b:15:81:ac:
                    aa:aa:03:d6:7f:73:f6:96:59:b8:a8:a2:45:42:94:
                    87:a5:e0:8b:44:64:b8:60:19:0d:54:9e:38:bd:a3:
                    b5:f0:8a:de:65:36:a8:ae:ce:84:1f:1f:4c:76:32:
                    09:cd:01:7f:cb:dc:f4:db:51:b1:51:55:91:37:b1:
                    be:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:1B:52:BD:8B:C9:FA:CD:BA:CF:88:C9:9A:28:41:A5:CF:4F:3D:38
            X509v3 Authority Key Identifier:
                keyid:2B:3F:6F:A9:F0:37:76:5E:74:BD:F2:AC:82:CC:BA:BC:7E:4F:C8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kz9vqfA3dl50vfKsgsy6vH5PyO0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c54f42-912f-4b81-8b00-5c00fcd73619/1/7RtSvYvJ-s26z4jJmihBpc9PPTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c54f42-912f-4b81-8b00-5c00fcd73619/1/Kz9vqfA3dl50vfKsgsy6vH5PyO0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ffc::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:3f:97:ed:38:75:e7:d0:05:b3:50:8f:6d:86:72:9a:a8:63:
         03:a6:7b:6b:65:e1:33:98:56:17:76:97:e7:06:0e:c8:e1:39:
         96:31:6f:ff:d8:60:c0:95:e6:65:93:c3:b9:8a:50:82:23:55:
         fe:24:bf:41:58:ec:64:ca:c8:10:76:d9:c7:7a:37:5c:bd:b3:
         ca:68:94:a1:7e:35:14:fe:7c:97:a6:a7:68:92:64:e5:c3:7b:
         2f:65:ff:d0:6f:4d:2f:a0:27:a6:fa:3e:79:ac:4f:3f:89:6d:
         bc:5e:31:e3:06:5d:90:38:b8:c9:2a:15:70:54:e4:05:90:2f:
         79:f5:5c:0c:4a:a7:b7:24:0d:5d:cd:88:64:a4:73:45:0b:4a:
         c6:f9:27:5d:da:e8:ab:7f:6a:65:a6:1e:31:ce:03:6e:e0:45:
         fa:6e:59:c0:43:db:14:c5:1e:11:c5:43:e7:7c:b5:17:e6:fb:
         df:e6:3e:14:d9:96:dc:54:c5:7c:37:a7:f5:a5:50:f3:c7:53:
         48:f0:73:b1:cc:81:bd:f6:33:1c:34:42:e2:8f:e9:b6:12:26:
         39:6d:c3:62:c6:38:82:b3:2c:22:da:0f:6d:13:c5:78:c2:c9:
         53:b4:75:14:64:5e:4a:d6:d7:3d:1e:00:50:01:52:4b:87:0a:
         69:71:01:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZSHXjgLWn8Xl1u9IAvwCvQNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiM2Y2ZmE5ZjAzNzc2NWU3NGJkZjJhYzgyY2NiYWJjN2U0
ZmM4ZWQwHhcNMjUwMTIxMDUzODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDFiNTJiZDhiYzlmYWNkYmFjZjg4Yzk5YTI4NDFhNWNmNGYzZDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNiktJit1u0aHBFWYOl8EawUn0ro
Fn2aVXDsba+Bj3JELADSHVe82cYf/QLPsuCVwKGsWB8gMt6ikqUBk9cwJo5oVMHT
f94MSFqwVhkEuZ5vA6CiIY5bBBjYm21dsLhRRRASseHOBu9tVuryWvGDE3VpEaLu
m7eV6S/cl/RXPWPynbXHA6hX45XoFo+Tm13SRHoQXQQNBWoxpqvy2hDMVqGD3uZ1
qA0z6sZysFY2j5u4Qf7lECwzLIJDHOr+RQsVgayqqgPWf3P2llm4qKJFQpSHpeCL
RGS4YBkNVJ44vaO18IreZTaors6EHx9MdjIJzQF/y9z021GxUVWRN7G+mQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO0bUr2LyfrNus+IyZooQaXPTz04MB8GA1UdIwQY
MBaAFCs/b6nwN3ZedL3yrILMurx+T8jtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3o5dnFmQTNkbDUwdmZLc2dzeTZ2SDVQeU8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jNTRmNDItOTEyZi00YjgxLThiMDAt
NWMwMGZjZDczNjE5LzEvN1J0U3ZZdkotczI2ejRqSm1paEJwYzlQUFRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jNTRmNDItOTEyZi00YjgxLThiMDAtNWMwMGZjZDczNjE5
LzEvS3o5dnFmQTNkbDUwdmZLc2dzeTZ2SDVQeU8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA/8
MA0GCSqGSIb3DQEBCwUAA4IBAQBmP5ftOHXn0AWzUI9thnKaqGMDpntrZeEzmFYX
dpfnBg7I4TmWMW//2GDAleZlk8O5ilCCI1X+JL9BWOxkysgQdtnHejdcvbPKaJSh
fjUU/nyXpqdokmTlw3svZf/Qb00voCem+j55rE8/iW28XjHjBl2QOLjJKhVwVOQF
kC959VwMSqe3JA1dzYhkpHNFC0rG+Sdd2uirf2plph4xzgNu4EX6blnAQ9sUxR4R
xUPnfLUX5vvf5j4U2ZbcVMV8N6f1pVDzx1NI8HOxzIG99jMcNELij+m2EiY5bcNi
xjiCsywi2g9tE8V4wslTtHUUZF5K1tc9HgBQAVJLhwppcQF7
-----END CERTIFICATE-----