Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/1cdace-4e00-469a-8c50-58cb830875f5/1/vOtFwLdGF7PMmv2kt6Y0Mhv9xgc.roa
File:                     vOtFwLdGF7PMmv2kt6Y0Mhv9xgc.roa (raw, json)
Hash identifier:          37qkO8fAeK5+9nWdH5nkM409M5On3UG7sBmDzTvbUVc=
Subject key identifier:   BC:EB:45:C0:B7:46:17:B3:CC:9A:FD:A4:B7:A6:34:32:1B:FD:C6:07
Certificate issuer:       /CN=9e0a11a6b1d189657c7fb96ec1458bafca1864f4
Certificate serial:       019427B5AA13AAE43FD82ED892F8ACA66CE5
Authority key identifier: 9E:0A:11:A6:B1:D1:89:65:7C:7F:B9:6E:C1:45:8B:AF:CA:18:64:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ngoRprHRiWV8f7luwUWLr8oYZPQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/1cdace-4e00-469a-8c50-58cb830875f5/1/vOtFwLdGF7PMmv2kt6Y0Mhv9xgc.roa
Signing time:             Thu 02 Jan 2025 15:50:04 +0000
ROA not before:           Thu 02 Jan 2025 15:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211992
IP address blocks:        2001:67c:aec::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/1cdace-4e00-469a-8c50-58cb830875f5/1/ngoRprHRiWV8f7luwUWLr8oYZPQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/1cdace-4e00-469a-8c50-58cb830875f5/1/ngoRprHRiWV8f7luwUWLr8oYZPQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ngoRprHRiWV8f7luwUWLr8oYZPQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:aa:13:aa:e4:3f:d8:2e:d8:92:f8:ac:a6:6c:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e0a11a6b1d189657c7fb96ec1458bafca1864f4
        Validity
            Not Before: Jan  2 15:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bceb45c0b74617b3cc9afda4b7a634321bfdc607
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b6:cc:c7:ed:69:1c:ec:eb:5c:8e:6f:35:61:
                    92:ad:a0:ec:65:cd:43:0b:ab:33:19:23:c5:e7:5c:
                    a1:95:3c:2c:07:f7:b4:45:bc:68:d4:70:4a:b1:4c:
                    c7:c2:cc:8f:82:3d:c4:d8:bb:e5:ad:1d:2a:ec:82:
                    ca:64:24:51:c9:eb:cb:1c:dc:56:8f:be:14:bb:0f:
                    ba:a0:2f:b4:a5:dc:1f:7f:25:48:f8:a2:e4:c0:4b:
                    3b:ea:66:a0:7b:da:0b:52:84:af:e0:6e:7b:c1:23:
                    a1:10:b3:a4:8d:6c:86:5a:22:45:e1:03:92:51:38:
                    89:1c:92:21:7b:b1:17:fd:da:b1:2e:46:6f:b3:44:
                    f2:1f:bf:9b:b0:ce:cb:09:53:06:60:85:c0:cc:ca:
                    bf:dc:d6:c5:fa:9a:10:39:ac:00:ff:b8:a6:90:ee:
                    d5:e5:57:32:26:45:c6:cb:cd:d2:4f:fe:70:bd:23:
                    66:04:78:a7:4a:c1:22:a6:d5:ac:9d:89:46:bd:41:
                    83:c1:4e:ac:88:14:85:d1:ed:50:6e:71:d2:43:b3:
                    dc:d8:bd:9a:1f:8d:06:f5:0e:9d:16:a9:17:24:4c:
                    29:0f:3a:6d:07:9a:d4:f3:5c:af:da:04:c4:43:6b:
                    80:4f:2b:a5:cc:7e:ef:e0:59:03:9d:e9:13:95:e6:
                    54:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:EB:45:C0:B7:46:17:B3:CC:9A:FD:A4:B7:A6:34:32:1B:FD:C6:07
            X509v3 Authority Key Identifier:
                keyid:9E:0A:11:A6:B1:D1:89:65:7C:7F:B9:6E:C1:45:8B:AF:CA:18:64:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ngoRprHRiWV8f7luwUWLr8oYZPQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/1cdace-4e00-469a-8c50-58cb830875f5/1/vOtFwLdGF7PMmv2kt6Y0Mhv9xgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/1cdace-4e00-469a-8c50-58cb830875f5/1/ngoRprHRiWV8f7luwUWLr8oYZPQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:aec::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:ee:0d:0f:91:d1:d3:a6:56:c7:f7:92:53:b1:92:b6:3f:fa:
         65:96:52:9c:e6:03:0e:e1:82:8b:03:f7:17:ba:c8:c4:d0:2b:
         f0:09:ad:03:60:02:93:da:aa:e8:8c:55:30:16:d6:31:94:42:
         33:d1:0d:6b:70:d2:e9:88:fa:d0:4d:f5:14:61:ba:d4:5a:aa:
         04:46:f7:78:01:69:82:bf:03:01:8d:0b:43:f2:94:ef:ac:a0:
         8c:af:4b:1c:bd:be:19:38:13:bc:d9:33:c7:1c:62:7e:7f:94:
         d4:b2:bd:a4:34:20:2d:f6:e0:6c:b5:75:44:ea:33:58:6c:c5:
         95:aa:20:03:a1:48:e9:be:62:ec:c0:66:68:3b:e7:14:60:53:
         74:91:a6:cd:23:a1:2e:1a:d8:18:4b:d8:64:41:91:4e:6a:fa:
         5f:8a:c1:8e:69:fe:5e:a5:43:09:a1:46:67:88:4c:40:de:63:
         c5:b2:83:c6:84:36:02:9f:9d:c9:3b:54:3b:bb:c7:b2:ad:ca:
         8c:14:7d:5a:1f:1b:fb:37:94:26:00:eb:7b:4d:99:e7:0d:17:
         13:e0:77:6d:50:42:8f:ac:78:c5:f3:af:d3:5f:2b:02:bb:94:
         20:df:6b:d1:31:a9:7d:41:f0:26:8e:b8:bc:0c:03:b0:07:31:
         de:c1:17:b1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntaoTquQ/2C7YkvispmzlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMGExMWE2YjFkMTg5NjU3YzdmYjk2ZWMxNDU4YmFmY2Ex
ODY0ZjQwHhcNMjUwMTAyMTU1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2ViNDVjMGI3NDYxN2IzY2M5YWZkYTRiN2E2MzQzMjFiZmRjNjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrbMx+1pHOzrXI5vNWGSraDsZc1D
C6szGSPF51yhlTwsB/e0Rbxo1HBKsUzHwsyPgj3E2LvlrR0q7ILKZCRRyevLHNxW
j74Uuw+6oC+0pdwffyVI+KLkwEs76mage9oLUoSv4G57wSOhELOkjWyGWiJF4QOS
UTiJHJIhe7EX/dqxLkZvs0TyH7+bsM7LCVMGYIXAzMq/3NbF+poQOawA/7imkO7V
5VcyJkXGy83ST/5wvSNmBHinSsEiptWsnYlGvUGDwU6siBSF0e1QbnHSQ7Pc2L2a
H40G9Q6dFqkXJEwpDzptB5rU81yv2gTEQ2uATyulzH7v4FkDnekTleZUlwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLzrRcC3RhezzJr9pLemNDIb/cYHMB8GA1UdIwQY
MBaAFJ4KEaax0YllfH+5bsFFi6/KGGT0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmdvUnBySFJpV1Y4ZjdsdXdVV0xyOG9ZWlBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8xY2RhY2UtNGUwMC00NjlhLThjNTAt
NThjYjgzMDg3NWY1LzEvdk90RndMZEdGN1BNbXYya3Q2WTBNaHY5eGdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8xY2RhY2UtNGUwMC00NjlhLThjNTAtNThjYjgzMDg3NWY1
LzEvbmdvUnBySFJpV1Y4ZjdsdXdVV0xyOG9ZWlBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfArs
MA0GCSqGSIb3DQEBCwUAA4IBAQAM7g0PkdHTplbH95JTsZK2P/plllKc5gMO4YKL
A/cXusjE0CvwCa0DYAKT2qrojFUwFtYxlEIz0Q1rcNLpiPrQTfUUYbrUWqoERvd4
AWmCvwMBjQtD8pTvrKCMr0scvb4ZOBO82TPHHGJ+f5TUsr2kNCAt9uBstXVE6jNY
bMWVqiADoUjpvmLswGZoO+cUYFN0kabNI6EuGtgYS9hkQZFOavpfisGOaf5epUMJ
oUZniExA3mPFsoPGhDYCn53JO1Q7u8eyrcqMFH1aHxv7N5QmAOt7TZnnDRcT4Hdt
UEKPrHjF86/TXysCu5Qg32vRMal9QfAmjri8DAOwBzHewRex
-----END CERTIFICATE-----