Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/a0b395-61ff-457d-8ff8-ec084137e242/1/dqNNte5TVfV2tDh9E3yBjcN5L9k.roa
File:                     dqNNte5TVfV2tDh9E3yBjcN5L9k.roa (raw, json)
Hash identifier:          ZCWWVAbkz+YG+QqwhLTaaD7cWJwvtiRAyhgAtKdQ9Ro=
Subject key identifier:   76:A3:4D:B5:EE:53:55:F5:76:B4:38:7D:13:7C:81:8D:C3:79:2F:D9
Certificate issuer:       /CN=74bf07f04cc76a90ad97f9f1749fabcf05c35d62
Certificate serial:       019427B52F31890298C30B18F8A463C8000D
Authority key identifier: 74:BF:07:F0:4C:C7:6A:90:AD:97:F9:F1:74:9F:AB:CF:05:C3:5D:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dL8H8EzHapCtl_nxdJ-rzwXDXWI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/a0b395-61ff-457d-8ff8-ec084137e242/1/dqNNte5TVfV2tDh9E3yBjcN5L9k.roa
Signing time:             Thu 02 Jan 2025 15:49:33 +0000
ROA not before:           Thu 02 Jan 2025 15:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205384
IP address blocks:        2001:67c:11e8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/a0b395-61ff-457d-8ff8-ec084137e242/1/dL8H8EzHapCtl_nxdJ-rzwXDXWI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/a0b395-61ff-457d-8ff8-ec084137e242/1/dL8H8EzHapCtl_nxdJ-rzwXDXWI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dL8H8EzHapCtl_nxdJ-rzwXDXWI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 18:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:2f:31:89:02:98:c3:0b:18:f8:a4:63:c8:00:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74bf07f04cc76a90ad97f9f1749fabcf05c35d62
        Validity
            Not Before: Jan  2 15:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76a34db5ee5355f576b4387d137c818dc3792fd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b3:4a:d8:4e:8d:c3:24:63:08:c8:38:18:d5:
                    e2:ec:4b:70:e7:11:99:51:f5:8a:cd:96:9a:c7:c2:
                    65:49:7c:41:6e:76:5c:af:be:e7:65:5e:66:61:d9:
                    7e:04:f9:33:55:61:78:3c:cd:65:f2:9a:27:df:67:
                    97:e2:02:c5:4e:8a:a3:f8:82:49:c1:be:08:c3:db:
                    e4:43:50:0b:8c:df:ff:c0:ba:e2:a0:97:76:11:62:
                    5f:98:fd:df:50:c3:ef:e8:fd:19:d0:79:e4:a4:03:
                    3a:86:11:9c:c9:5e:1b:cb:28:45:db:1a:2e:86:f7:
                    d2:7f:6f:ff:53:2d:94:07:73:3b:b2:d7:b1:ea:94:
                    28:7c:32:f2:44:00:88:ac:a2:68:4e:81:4a:c7:a3:
                    53:6b:09:43:2b:4d:a2:85:26:fc:62:45:38:89:43:
                    19:f1:75:6e:73:c2:e5:81:fd:f1:ce:31:06:87:24:
                    5f:ee:e3:18:68:da:c8:f8:06:4c:2a:b9:38:a7:b4:
                    33:fc:6f:d6:5c:d8:23:2e:5e:2d:14:b9:37:89:ed:
                    c5:7a:74:ec:99:d7:14:24:ac:bc:0f:be:fb:00:e4:
                    cb:ba:ef:03:f4:f4:49:e2:fc:25:8e:81:a5:42:be:
                    5b:cb:8c:45:b5:56:24:51:48:da:62:06:0c:c8:8c:
                    19:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:A3:4D:B5:EE:53:55:F5:76:B4:38:7D:13:7C:81:8D:C3:79:2F:D9
            X509v3 Authority Key Identifier:
                keyid:74:BF:07:F0:4C:C7:6A:90:AD:97:F9:F1:74:9F:AB:CF:05:C3:5D:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dL8H8EzHapCtl_nxdJ-rzwXDXWI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/a0b395-61ff-457d-8ff8-ec084137e242/1/dqNNte5TVfV2tDh9E3yBjcN5L9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/a0b395-61ff-457d-8ff8-ec084137e242/1/dL8H8EzHapCtl_nxdJ-rzwXDXWI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:11e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:52:69:92:a9:e0:0e:ea:a7:a0:40:c9:37:34:39:e6:6d:ef:
         48:bd:82:16:af:06:1f:56:f5:8f:24:fc:67:89:09:6c:80:ae:
         f2:01:c3:1a:21:da:c2:97:a8:bd:87:d9:d1:94:f2:a1:3e:10:
         24:64:78:9d:69:67:70:90:14:51:96:40:fa:df:cd:dd:cc:e6:
         e5:1e:68:41:76:49:f4:f7:a5:7a:69:12:da:1d:66:1b:4d:60:
         13:10:21:2b:d5:eb:68:2b:df:84:fc:4a:16:ef:8b:f0:1d:9b:
         73:6f:b5:c5:42:75:67:0a:c3:43:af:71:54:b3:14:16:f9:6f:
         96:b6:b9:51:fa:df:da:8c:6c:4a:2f:30:b5:4c:f5:ea:db:d2:
         0f:2c:56:eb:e6:ad:68:1e:fb:40:ea:86:cf:56:cd:56:3f:5a:
         64:47:e9:4b:82:97:11:1c:cd:09:fe:fa:ef:91:d0:f3:4c:25:
         97:da:4f:a7:cb:58:e7:ef:95:72:20:ec:48:95:8e:02:ec:e1:
         ee:4d:9c:13:58:b8:73:65:80:68:d9:47:9b:a1:1e:bd:ed:81:
         b2:e0:f6:50:54:e6:90:ab:98:c9:60:a6:2e:c7:c8:b7:cc:ba:
         64:03:dd:2f:bf:4b:74:f5:ab:7c:09:f9:f1:18:95:0c:fd:17:
         74:96:05:c8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntS8xiQKYwwsY+KRjyAANMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YmYwN2YwNGNjNzZhOTBhZDk3ZjlmMTc0OWZhYmNmMDVj
MzVkNjIwHhcNMjUwMTAyMTU0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmEzNGRiNWVlNTM1NWY1NzZiNDM4N2QxMzdjODE4ZGMzNzkyZmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7NK2E6NwyRjCMg4GNXi7Etw5xGZ
UfWKzZaax8JlSXxBbnZcr77nZV5mYdl+BPkzVWF4PM1l8pon32eX4gLFToqj+IJJ
wb4Iw9vkQ1ALjN//wLrioJd2EWJfmP3fUMPv6P0Z0HnkpAM6hhGcyV4byyhF2xou
hvfSf2//Uy2UB3M7stex6pQofDLyRACIrKJoToFKx6NTawlDK02ihSb8YkU4iUMZ
8XVuc8Llgf3xzjEGhyRf7uMYaNrI+AZMKrk4p7Qz/G/WXNgjLl4tFLk3ie3FenTs
mdcUJKy8D777AOTLuu8D9PRJ4vwljoGlQr5by4xFtVYkUUjaYgYMyIwZMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHajTbXuU1X1drQ4fRN8gY3DeS/ZMB8GA1UdIwQY
MBaAFHS/B/BMx2qQrZf58XSfq88Fw11iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEw4SDhFekhhcEN0bF9ueGRKLXJ6d1hEWFdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hMGIzOTUtNjFmZi00NTdkLThmZjgt
ZWMwODQxMzdlMjQyLzEvZHFOTnRlNVRWZlYydERoOUUzeUJqY041TDlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hMGIzOTUtNjFmZi00NTdkLThmZjgtZWMwODQxMzdlMjQy
LzEvZEw4SDhFekhhcEN0bF9ueGRKLXJ6d1hEWFdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBHo
MA0GCSqGSIb3DQEBCwUAA4IBAQCMUmmSqeAO6qegQMk3NDnmbe9IvYIWrwYfVvWP
JPxniQlsgK7yAcMaIdrCl6i9h9nRlPKhPhAkZHidaWdwkBRRlkD6383dzOblHmhB
dkn096V6aRLaHWYbTWATECEr1etoK9+E/EoW74vwHZtzb7XFQnVnCsNDr3FUsxQW
+W+WtrlR+t/ajGxKLzC1TPXq29IPLFbr5q1oHvtA6obPVs1WP1pkR+lLgpcRHM0J
/vrvkdDzTCWX2k+ny1jn75VyIOxIlY4C7OHuTZwTWLhzZYBo2UeboR697YGy4PZQ
VOaQq5jJYKYux8i3zLpkA90vv0t09at8CfnxGJUM/Rd0lgXI
-----END CERTIFICATE-----