Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/39a022-faed-4376-8be6-2a5e98abd1f3/1/h0nRURZObDQGUY3lgCCRW5dgsdU.roa
File:                     h0nRURZObDQGUY3lgCCRW5dgsdU.roa (raw, json)
Hash identifier:          tHlLzC2mNo3zNr8LZV0r1UgQyBm2/nkWYYJopdfozpA=
Subject key identifier:   87:49:D1:51:16:4E:6C:34:06:51:8D:E5:80:20:91:5B:97:60:B1:D5
Certificate issuer:       /CN=c6ff541cf364193a2a00ada14244acd34c14038a
Certificate serial:       019426D9BE9B9EB38C563166CDD4B259F8D8
Authority key identifier: C6:FF:54:1C:F3:64:19:3A:2A:00:AD:A1:42:44:AC:D3:4C:14:03:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xv9UHPNkGToqAK2hQkSs00wUA4o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/39a022-faed-4376-8be6-2a5e98abd1f3/1/h0nRURZObDQGUY3lgCCRW5dgsdU.roa
Signing time:             Thu 02 Jan 2025 11:49:51 +0000
ROA not before:           Thu 02 Jan 2025 11:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29632
IP address blocks:        2001:67c:1874::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/39a022-faed-4376-8be6-2a5e98abd1f3/1/xv9UHPNkGToqAK2hQkSs00wUA4o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/39a022-faed-4376-8be6-2a5e98abd1f3/1/xv9UHPNkGToqAK2hQkSs00wUA4o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xv9UHPNkGToqAK2hQkSs00wUA4o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 11:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:be:9b:9e:b3:8c:56:31:66:cd:d4:b2:59:f8:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6ff541cf364193a2a00ada14244acd34c14038a
        Validity
            Not Before: Jan  2 11:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8749d151164e6c3406518de58020915b9760b1d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:3a:82:4c:bc:3e:d5:05:4a:c5:6a:79:a7:e3:
                    09:62:eb:c1:8e:b0:75:ec:c0:3d:68:3a:2e:98:74:
                    98:0c:99:f3:82:ab:75:8e:a4:08:bb:ac:f8:d6:1e:
                    87:24:76:e0:23:fa:16:53:f7:a6:48:30:dc:9c:2f:
                    4e:52:b1:43:bc:c5:f0:31:b5:13:73:e6:c2:ed:60:
                    89:d5:36:da:4b:32:2c:8d:17:70:58:92:56:5a:77:
                    40:f9:14:a5:39:10:e7:0a:e7:c1:ca:dc:66:b8:db:
                    db:07:6a:98:f8:a5:bc:fd:1a:a0:c5:ab:47:77:70:
                    dd:76:36:8a:b7:3f:96:bf:de:ba:f1:59:9b:ae:0f:
                    a1:85:03:4c:f9:bf:b9:81:83:49:a1:fb:2d:aa:3d:
                    2a:ec:f6:49:99:14:4d:68:50:9a:79:71:d1:50:ab:
                    30:08:2a:08:7b:07:59:02:cc:03:b2:72:fb:48:96:
                    31:ef:bd:aa:44:1f:7b:ac:9f:84:cb:27:8d:fa:1f:
                    01:2a:e4:55:65:3a:28:90:1c:d1:60:70:96:ed:ac:
                    ba:3b:c2:02:4f:d8:d2:b6:7d:4a:fa:d0:15:16:bc:
                    fc:b4:d1:7d:ae:65:bf:04:f0:ec:52:0d:d5:17:13:
                    ce:ff:3e:c3:b9:4d:ee:1c:ed:cf:c4:66:9f:2e:02:
                    7b:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:49:D1:51:16:4E:6C:34:06:51:8D:E5:80:20:91:5B:97:60:B1:D5
            X509v3 Authority Key Identifier:
                keyid:C6:FF:54:1C:F3:64:19:3A:2A:00:AD:A1:42:44:AC:D3:4C:14:03:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xv9UHPNkGToqAK2hQkSs00wUA4o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/39a022-faed-4376-8be6-2a5e98abd1f3/1/h0nRURZObDQGUY3lgCCRW5dgsdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/39a022-faed-4376-8be6-2a5e98abd1f3/1/xv9UHPNkGToqAK2hQkSs00wUA4o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1874::/48

    Signature Algorithm: sha256WithRSAEncryption
         cc:e9:7c:ea:f0:57:6a:4c:2f:e1:69:53:33:ce:91:d2:b8:82:
         77:cd:88:a9:be:f9:b4:19:ab:db:cc:5e:b0:66:7b:f2:dd:a3:
         a4:f8:b6:94:5b:d3:f8:fe:74:83:65:05:b1:dc:99:b6:33:ed:
         8f:bd:a6:93:8b:e6:78:24:73:6c:7d:54:e4:e5:86:f7:e7:df:
         37:38:92:a7:26:00:9d:e0:2d:e2:3c:49:80:4a:f7:39:bd:47:
         eb:c7:32:11:48:d2:cc:7c:6e:49:e7:16:93:e4:31:ac:19:e2:
         39:4c:b8:da:86:d2:84:78:95:f3:f5:a1:41:2c:1b:c9:73:7c:
         ec:da:af:ee:86:cb:a8:33:5b:0f:a1:5a:78:b0:bc:1a:17:b5:
         b9:cb:bc:2d:17:41:b6:f9:e7:ea:ee:7b:a0:e8:ec:08:fb:97:
         cd:77:c6:d8:8a:c2:c7:39:4d:bd:c6:df:ff:b9:ee:da:a7:e1:
         43:58:a3:a1:18:6b:a6:d6:9f:54:4c:89:c9:86:ff:45:4b:9d:
         16:f4:06:51:6a:b3:d1:9f:e1:00:7b:da:06:53:fb:cd:dc:2c:
         69:1d:09:ce:3d:c6:cc:37:21:af:ff:85:f1:4b:b1:0e:ce:cd:
         9c:d1:e3:4a:47:64:3f:b2:ee:a4:20:62:7a:c4:e9:a5:94:d8:
         f0:43:6b:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQm2b6bnrOMVjFmzdSyWfjYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2ZmY1NDFjZjM2NDE5M2EyYTAwYWRhMTQyNDRhY2QzNGMx
NDAzOGEwHhcNMjUwMTAyMTE0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzQ5ZDE1MTE2NGU2YzM0MDY1MThkZTU4MDIwOTE1Yjk3NjBiMWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTqCTLw+1QVKxWp5p+MJYuvBjrB1
7MA9aDoumHSYDJnzgqt1jqQIu6z41h6HJHbgI/oWU/emSDDcnC9OUrFDvMXwMbUT
c+bC7WCJ1TbaSzIsjRdwWJJWWndA+RSlORDnCufBytxmuNvbB2qY+KW8/RqgxatH
d3DddjaKtz+Wv9668Vmbrg+hhQNM+b+5gYNJofstqj0q7PZJmRRNaFCaeXHRUKsw
CCoIewdZAswDsnL7SJYx772qRB97rJ+EyyeN+h8BKuRVZTookBzRYHCW7ay6O8IC
T9jStn1K+tAVFrz8tNF9rmW/BPDsUg3VFxPO/z7DuU3uHO3PxGafLgJ7zwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIdJ0VEWTmw0BlGN5YAgkVuXYLHVMB8GA1UdIwQY
MBaAFMb/VBzzZBk6KgCtoUJErNNMFAOKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHY5VUhQTmtHVG9xQUsyaFFrU3MwMHdVQTRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8zOWEwMjItZmFlZC00Mzc2LThiZTYt
MmE1ZTk4YWJkMWYzLzEvaDBuUlVSWk9iRFFHVVkzbGdDQ1JXNWRnc2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8zOWEwMjItZmFlZC00Mzc2LThiZTYtMmE1ZTk4YWJkMWYz
LzEveHY5VUhQTmtHVG9xQUsyaFFrU3MwMHdVQTRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBh0
MA0GCSqGSIb3DQEBCwUAA4IBAQDM6Xzq8FdqTC/haVMzzpHSuIJ3zYipvvm0Gavb
zF6wZnvy3aOk+LaUW9P4/nSDZQWx3Jm2M+2PvaaTi+Z4JHNsfVTk5Yb35983OJKn
JgCd4C3iPEmASvc5vUfrxzIRSNLMfG5J5xaT5DGsGeI5TLjahtKEeJXz9aFBLBvJ
c3zs2q/uhsuoM1sPoVp4sLwaF7W5y7wtF0G2+efq7nug6OwI+5fNd8bYisLHOU29
xt//ue7ap+FDWKOhGGum1p9UTInJhv9FS50W9AZRarPRn+EAe9oGU/vN3CxpHQnO
PcbMNyGv/4XxS7EOzs2c0eNKR2Q/su6kIGJ6xOmllNjwQ2sF
-----END CERTIFICATE-----