Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/9a8786-09f4-4b60-867a-c8b2df23d519/1/ZkPBKtmtCeMiCdYBf2wfRvrO9YI.roa
File:                     ZkPBKtmtCeMiCdYBf2wfRvrO9YI.roa (raw, json)
Hash identifier:          LuN9s57PZoZuxYZxd6mXt4JH7Ba+GwQQeoNwNSpbFME=
Subject key identifier:   66:43:C1:2A:D9:AD:09:E3:22:09:D6:01:7F:6C:1F:46:FA:CE:F5:82
Certificate issuer:       /CN=6ed4aa38c0b591d4a6b3e585685c6d43880dac78
Certificate serial:       019422FB251C78C5EDCD93BCE293F0F1EC0E
Authority key identifier: 6E:D4:AA:38:C0:B5:91:D4:A6:B3:E5:85:68:5C:6D:43:88:0D:AC:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/btSqOMC1kdSms-WFaFxtQ4gNrHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/9a8786-09f4-4b60-867a-c8b2df23d519/1/ZkPBKtmtCeMiCdYBf2wfRvrO9YI.roa
Signing time:             Wed 01 Jan 2025 17:47:51 +0000
ROA not before:           Wed 01 Jan 2025 17:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213959
IP address blocks:        2001:67c:f54::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/9a8786-09f4-4b60-867a-c8b2df23d519/1/btSqOMC1kdSms-WFaFxtQ4gNrHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/9a8786-09f4-4b60-867a-c8b2df23d519/1/btSqOMC1kdSms-WFaFxtQ4gNrHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/btSqOMC1kdSms-WFaFxtQ4gNrHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:25:1c:78:c5:ed:cd:93:bc:e2:93:f0:f1:ec:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed4aa38c0b591d4a6b3e585685c6d43880dac78
        Validity
            Not Before: Jan  1 17:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6643c12ad9ad09e32209d6017f6c1f46facef582
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:46:98:bb:ef:b2:5e:bd:3e:c8:62:6d:5e:1a:
                    38:38:0f:d9:7c:79:c0:5d:09:49:05:2f:0d:32:8b:
                    11:87:7b:07:02:b3:f3:9b:3a:4b:cf:3b:93:2d:8c:
                    b7:ce:71:2f:57:5a:8f:23:8a:7e:98:66:ca:72:26:
                    18:6c:b1:5b:66:1f:21:c5:36:71:e7:02:3a:63:1d:
                    4f:83:e6:97:a2:4e:ce:6d:9f:28:27:64:01:25:83:
                    ad:e6:b3:e6:69:9b:b5:0a:3a:70:0f:45:28:d2:ed:
                    db:d3:63:4f:03:26:1b:7a:2a:27:e4:18:de:50:f6:
                    c4:a4:6d:55:0a:0d:24:d4:08:e1:50:b9:87:31:c3:
                    a1:f5:53:03:3d:f8:ea:e4:b8:a1:b9:18:c7:91:fb:
                    39:58:43:1c:9f:be:83:b2:80:d8:d1:6c:b6:a8:93:
                    e9:a9:75:6a:15:a6:e8:9a:f8:63:23:db:45:84:18:
                    68:80:57:2d:8d:82:53:7a:bf:f6:bf:e5:e1:42:05:
                    fb:62:7e:81:45:7e:7a:e8:f5:9b:06:f9:f6:83:4e:
                    c3:99:1d:dc:70:95:2a:26:48:b4:f4:52:9c:e8:49:
                    79:86:0a:12:98:1d:68:ed:b5:6d:e4:4b:6f:65:93:
                    83:37:f2:ad:bd:d8:37:a3:d6:4d:b1:64:f1:c8:e1:
                    70:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:43:C1:2A:D9:AD:09:E3:22:09:D6:01:7F:6C:1F:46:FA:CE:F5:82
            X509v3 Authority Key Identifier:
                keyid:6E:D4:AA:38:C0:B5:91:D4:A6:B3:E5:85:68:5C:6D:43:88:0D:AC:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/btSqOMC1kdSms-WFaFxtQ4gNrHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/9a8786-09f4-4b60-867a-c8b2df23d519/1/ZkPBKtmtCeMiCdYBf2wfRvrO9YI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/9a8786-09f4-4b60-867a-c8b2df23d519/1/btSqOMC1kdSms-WFaFxtQ4gNrHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:f54::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:30:8c:21:a7:53:49:78:4b:9a:fe:72:2c:75:05:d0:aa:d9:
         bc:7a:ea:25:d5:bd:33:ca:e3:fe:5f:95:e4:06:97:9d:32:13:
         34:f8:40:21:8d:60:6f:80:72:24:ea:24:4a:eb:a7:a5:88:b8:
         b7:e3:68:81:29:65:50:7c:2b:62:80:7f:ea:79:43:ff:62:8d:
         a1:b7:d9:2d:9f:13:66:12:0e:1b:66:27:42:ae:b0:d3:b4:64:
         05:89:bf:ae:4d:f8:72:26:8b:d3:85:15:87:b0:8c:bd:31:97:
         4f:0c:77:de:67:41:a4:3b:3e:20:de:cd:63:a8:b3:1f:3e:38:
         f9:09:62:ae:68:1a:c9:51:a9:36:68:ee:82:b5:46:a2:46:09:
         06:b4:bd:8d:ce:5a:5d:20:f2:3f:d5:99:cb:37:45:2c:8e:b8:
         3b:7f:54:89:2e:e6:72:59:3a:ab:b7:74:de:4b:08:4f:b3:67:
         3d:18:6c:e1:e6:c2:2d:e8:0f:10:00:f9:6a:c1:ef:3b:35:be:
         48:66:ae:95:ec:d3:17:04:7a:dd:ab:04:34:1f:01:e5:6b:b0:
         9d:a4:be:15:dc:11:f3:3c:c5:13:69:95:2d:5c:24:f0:8e:ee:
         f7:9b:46:2f:51:65:e4:b6:40:fa:a9:f6:e9:ef:9f:58:6e:10:
         b1:12:46:44
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi+yUceMXtzZO84pPw8ewOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlZDRhYTM4YzBiNTkxZDRhNmIzZTU4NTY4NWM2ZDQzODgw
ZGFjNzgwHhcNMjUwMTAxMTc0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjQzYzEyYWQ5YWQwOWUzMjIwOWQ2MDE3ZjZjMWY0NmZhY2VmNTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9EaYu++yXr0+yGJtXho4OA/ZfHnA
XQlJBS8NMosRh3sHArPzmzpLzzuTLYy3znEvV1qPI4p+mGbKciYYbLFbZh8hxTZx
5wI6Yx1Pg+aXok7ObZ8oJ2QBJYOt5rPmaZu1CjpwD0Uo0u3b02NPAyYbeion5Bje
UPbEpG1VCg0k1AjhULmHMcOh9VMDPfjq5LihuRjHkfs5WEMcn76DsoDY0Wy2qJPp
qXVqFabomvhjI9tFhBhogFctjYJTer/2v+XhQgX7Yn6BRX566PWbBvn2g07DmR3c
cJUqJki09FKc6El5hgoSmB1o7bVt5EtvZZODN/Ktvdg3o9ZNsWTxyOFw9QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGZDwSrZrQnjIgnWAX9sH0b6zvWCMB8GA1UdIwQY
MBaAFG7UqjjAtZHUprPlhWhcbUOIDax4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnRTcU9NQzFrZFNtcy1XRmFGeHRRNGdOckhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85YTg3ODYtMDlmNC00YjYwLTg2N2Et
YzhiMmRmMjNkNTE5LzEvWmtQQkt0bXRDZU1pQ2RZQmYyd2ZSdnJPOVlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85YTg3ODYtMDlmNC00YjYwLTg2N2EtYzhiMmRmMjNkNTE5
LzEvYnRTcU9NQzFrZFNtcy1XRmFGeHRRNGdOckhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA9U
MA0GCSqGSIb3DQEBCwUAA4IBAQATMIwhp1NJeEua/nIsdQXQqtm8euol1b0zyuP+
X5XkBpedMhM0+EAhjWBvgHIk6iRK66eliLi342iBKWVQfCtigH/qeUP/Yo2ht9kt
nxNmEg4bZidCrrDTtGQFib+uTfhyJovThRWHsIy9MZdPDHfeZ0GkOz4g3s1jqLMf
Pjj5CWKuaBrJUak2aO6CtUaiRgkGtL2NzlpdIPI/1ZnLN0Usjrg7f1SJLuZyWTqr
t3TeSwhPs2c9GGzh5sIt6A8QAPlqwe87Nb5IZq6V7NMXBHrdqwQ0HwHla7CdpL4V
3BHzPMUTaZUtXCTwju73m0YvUWXktkD6qfbp759YbhCxEkZE
-----END CERTIFICATE-----