Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/e909f8-70c4-465d-bc6c-a34a4c8b0c8a/1/7oPgYuLkR8YeCeBAjdj-EV5NcO8.roa
File:                     7oPgYuLkR8YeCeBAjdj-EV5NcO8.roa (raw, json)
Hash identifier:          cfjdHkH+PZdGo+DIF9TmRoRCIzPJW7XiEbCIBO7MIlM=
Subject key identifier:   EE:83:E0:62:E2:E4:47:C6:1E:09:E0:40:8D:D8:FE:11:5E:4D:70:EF
Certificate issuer:       /CN=6f7fa37185a22944a607d9a94f9885997d851b1e
Certificate serial:       01942444D29E5C06126977E2A38F31066EE9
Authority key identifier: 6F:7F:A3:71:85:A2:29:44:A6:07:D9:A9:4F:98:85:99:7D:85:1B:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3-jcYWiKUSmB9mpT5iFmX2FGx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/e909f8-70c4-465d-bc6c-a34a4c8b0c8a/1/7oPgYuLkR8YeCeBAjdj-EV5NcO8.roa
Signing time:             Wed 01 Jan 2025 23:47:57 +0000
ROA not before:           Wed 01 Jan 2025 23:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198660
IP address blocks:        2001:67c:25b4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/e909f8-70c4-465d-bc6c-a34a4c8b0c8a/1/b3-jcYWiKUSmB9mpT5iFmX2FGx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/e909f8-70c4-465d-bc6c-a34a4c8b0c8a/1/b3-jcYWiKUSmB9mpT5iFmX2FGx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3-jcYWiKUSmB9mpT5iFmX2FGx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:d2:9e:5c:06:12:69:77:e2:a3:8f:31:06:6e:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f7fa37185a22944a607d9a94f9885997d851b1e
        Validity
            Not Before: Jan  1 23:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee83e062e2e447c61e09e0408dd8fe115e4d70ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:73:d4:f2:ed:d4:25:68:79:42:0c:f0:5b:d1:
                    15:e7:d0:28:aa:76:c3:05:1c:13:68:5e:2c:ef:23:
                    8b:67:f6:fd:90:92:3d:f2:51:82:ae:70:ee:66:cc:
                    3e:35:ed:fa:33:f9:0d:06:46:da:61:98:ca:75:63:
                    d3:6c:cc:c6:22:50:06:e4:92:c7:a8:91:ad:df:99:
                    ef:80:86:81:16:54:df:1e:c3:71:4b:33:55:aa:66:
                    34:95:c4:73:a8:0d:e1:2e:b3:ae:ec:01:8e:af:b7:
                    4a:2f:2a:29:ae:20:59:bb:22:34:dc:09:cc:13:12:
                    01:6e:21:0d:8f:24:a5:f6:0d:b4:d2:e7:e2:52:e7:
                    1e:2c:c5:e5:2d:0c:d6:5c:a9:85:fb:e1:0a:78:b8:
                    eb:01:d7:4b:a8:5e:d4:c5:5b:aa:2a:a8:5a:cc:0c:
                    e1:8a:3e:cf:13:40:15:84:78:cd:1b:6d:0a:5d:83:
                    09:ab:1b:bd:db:66:92:f8:b3:6d:c9:97:c6:da:26:
                    43:6c:34:8e:0b:78:ef:73:7d:c4:d7:6b:de:45:f3:
                    47:4c:11:57:53:bc:4d:55:b5:67:e1:e0:04:6e:a8:
                    1b:9a:72:db:c1:50:dd:87:e3:88:d3:b3:02:e8:56:
                    5c:40:a5:3d:57:ec:0d:7d:c9:e9:13:32:76:0b:af:
                    8f:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:83:E0:62:E2:E4:47:C6:1E:09:E0:40:8D:D8:FE:11:5E:4D:70:EF
            X509v3 Authority Key Identifier:
                keyid:6F:7F:A3:71:85:A2:29:44:A6:07:D9:A9:4F:98:85:99:7D:85:1B:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3-jcYWiKUSmB9mpT5iFmX2FGx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/e909f8-70c4-465d-bc6c-a34a4c8b0c8a/1/7oPgYuLkR8YeCeBAjdj-EV5NcO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/e909f8-70c4-465d-bc6c-a34a4c8b0c8a/1/b3-jcYWiKUSmB9mpT5iFmX2FGx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:25b4::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:ed:75:35:02:e9:a0:79:96:2b:a6:39:25:d4:f4:d7:61:f8:
         66:f7:c9:fd:07:8b:31:3c:5a:53:df:67:bd:a6:78:54:c3:f1:
         4a:cd:bf:3d:6b:fa:a2:d4:b3:91:f9:d8:18:74:3d:9f:28:7e:
         0e:3b:ec:23:09:20:4c:03:14:91:84:08:c7:d0:b0:d4:29:44:
         bf:6f:36:56:d8:a1:69:74:41:87:9b:e3:49:76:f2:11:58:07:
         41:12:ff:b9:b7:70:3d:a4:6a:ed:1a:b4:56:ef:aa:26:1c:74:
         21:6d:30:7f:54:fc:26:03:32:43:aa:84:cf:1e:fc:10:3c:e0:
         31:72:86:72:6f:33:ad:3f:9a:98:dd:e7:fc:e5:7b:2b:83:0b:
         8e:e0:15:64:f7:b2:35:7d:d6:72:03:1e:78:31:91:39:67:57:
         f3:32:dd:17:d0:9f:ea:39:ef:0e:d0:b3:41:25:21:e3:2b:f9:
         c8:32:b2:6e:ec:86:f3:f7:c7:4f:2c:a1:c5:f9:b5:6f:08:58:
         15:9f:66:91:c1:d6:4c:88:bb:8a:d8:bf:e1:ce:54:84:bf:18:
         29:fc:2c:63:ed:fd:e5:28:50:0d:aa:9f:da:b8:86:64:35:29:
         f8:38:29:95:c2:4a:86:5f:e4:cf:f8:10:80:c8:cc:b2:fa:f1:
         b8:43:aa:60
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQkRNKeXAYSaXfio48xBm7pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmN2ZhMzcxODVhMjI5NDRhNjA3ZDlhOTRmOTg4NTk5N2Q4
NTFiMWUwHhcNMjUwMTAxMjM0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTgzZTA2MmUyZTQ0N2M2MWUwOWUwNDA4ZGQ4ZmUxMTVlNGQ3MGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnPU8u3UJWh5QgzwW9EV59AoqnbD
BRwTaF4s7yOLZ/b9kJI98lGCrnDuZsw+Ne36M/kNBkbaYZjKdWPTbMzGIlAG5JLH
qJGt35nvgIaBFlTfHsNxSzNVqmY0lcRzqA3hLrOu7AGOr7dKLyopriBZuyI03AnM
ExIBbiENjySl9g200ufiUuceLMXlLQzWXKmF++EKeLjrAddLqF7UxVuqKqhazAzh
ij7PE0AVhHjNG20KXYMJqxu922aS+LNtyZfG2iZDbDSOC3jvc33E12veRfNHTBFX
U7xNVbVn4eAEbqgbmnLbwVDdh+OI07MC6FZcQKU9V+wNfcnpEzJ2C6+PWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO6D4GLi5EfGHgngQI3Y/hFeTXDvMB8GA1UdIwQY
MBaAFG9/o3GFoilEpgfZqU+YhZl9hRseMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjMtamNZV2lLVVNtQjltcFQ1aUZtWDJGR3g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9lOTA5ZjgtNzBjNC00NjVkLWJjNmMt
YTM0YTRjOGIwYzhhLzEvN29QZ1l1TGtSOFllQ2VCQWpkai1FVjVOY084LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9lOTA5ZjgtNzBjNC00NjVkLWJjNmMtYTM0YTRjOGIwYzhh
LzEvYjMtamNZV2lLVVNtQjltcFQ1aUZtWDJGR3g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCW0
MA0GCSqGSIb3DQEBCwUAA4IBAQCb7XU1AumgeZYrpjkl1PTXYfhm98n9B4sxPFpT
32e9pnhUw/FKzb89a/qi1LOR+dgYdD2fKH4OO+wjCSBMAxSRhAjH0LDUKUS/bzZW
2KFpdEGHm+NJdvIRWAdBEv+5t3A9pGrtGrRW76omHHQhbTB/VPwmAzJDqoTPHvwQ
POAxcoZybzOtP5qY3ef85XsrgwuO4BVk97I1fdZyAx54MZE5Z1fzMt0X0J/qOe8O
0LNBJSHjK/nIMrJu7Ibz98dPLKHF+bVvCFgVn2aRwdZMiLuK2L/hzlSEvxgp/Cxj
7f3lKFANqp/auIZkNSn4OCmVwkqGX+TP+BCAyMyy+vG4Q6pg
-----END CERTIFICATE-----