Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/404feb-a8bc-4c54-90ac-0660c16efcce/1/zHPhmmLDGByafp8E3VT46VQbn28.roa
File:                     zHPhmmLDGByafp8E3VT46VQbn28.roa (raw, json)
Hash identifier:          +VxtcUh5QNApX1IKUuR65fYbpYpFCHnfMHhjgpFPsbQ=
Subject key identifier:   CC:73:E1:9A:62:C3:18:1C:9A:7E:9F:04:DD:54:F8:E9:54:1B:9F:6F
Certificate issuer:       /CN=efdc48d9ab10f0e42a3dc67fbd0f4cb8e44cab69
Certificate serial:       019422FBD1A7095A3FC7F0500BC1D1C4B2FF
Authority key identifier: EF:DC:48:D9:AB:10:F0:E4:2A:3D:C6:7F:BD:0F:4C:B8:E4:4C:AB:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/79xI2asQ8OQqPcZ_vQ9MuORMq2k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/404feb-a8bc-4c54-90ac-0660c16efcce/1/zHPhmmLDGByafp8E3VT46VQbn28.roa
Signing time:             Wed 01 Jan 2025 17:48:36 +0000
ROA not before:           Wed 01 Jan 2025 17:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50629
IP address blocks:        2001:67c:708::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/404feb-a8bc-4c54-90ac-0660c16efcce/1/79xI2asQ8OQqPcZ_vQ9MuORMq2k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/404feb-a8bc-4c54-90ac-0660c16efcce/1/79xI2asQ8OQqPcZ_vQ9MuORMq2k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/79xI2asQ8OQqPcZ_vQ9MuORMq2k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:d1:a7:09:5a:3f:c7:f0:50:0b:c1:d1:c4:b2:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efdc48d9ab10f0e42a3dc67fbd0f4cb8e44cab69
        Validity
            Not Before: Jan  1 17:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc73e19a62c3181c9a7e9f04dd54f8e9541b9f6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b2:2b:90:39:86:ea:c2:d9:de:d5:33:97:34:
                    cc:a5:28:fa:c5:f1:e1:a7:fe:98:7b:df:41:dc:63:
                    e9:af:7f:25:fc:7f:57:fe:5f:04:6d:b8:1d:d6:5f:
                    23:a7:fa:61:b5:21:c9:36:15:a6:4b:67:0f:58:46:
                    82:5c:b6:2a:43:f7:21:2f:f9:3f:2f:21:b6:1f:dd:
                    68:51:75:8f:3f:56:bd:95:1a:cf:71:a6:1c:0a:88:
                    80:60:d3:cd:d0:c2:6a:f7:d5:18:e9:04:62:f8:58:
                    34:3e:3f:c2:fb:39:8d:b7:46:f5:d1:53:85:9f:49:
                    d9:eb:24:3b:69:98:16:5b:0e:c1:ca:9d:fe:3c:65:
                    ec:e8:bf:96:ae:0b:45:f7:8b:08:33:13:1b:98:14:
                    dc:b1:cd:41:f4:d2:46:59:e1:8b:15:ea:b0:09:bf:
                    31:cc:d2:39:29:7b:e6:e3:91:78:4a:ed:b7:bd:e0:
                    38:70:5f:e7:82:4a:09:ed:4f:40:2d:80:e6:07:78:
                    f1:7b:45:35:46:d2:ae:4d:f1:31:72:85:8a:81:42:
                    ec:e0:6d:a2:78:b5:65:1d:35:63:c4:ef:be:46:a5:
                    5a:0b:45:fa:0f:49:cb:08:a7:d9:96:33:7d:01:4e:
                    22:09:f5:36:54:96:7c:a3:b1:c7:cc:14:f6:47:5b:
                    7f:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:73:E1:9A:62:C3:18:1C:9A:7E:9F:04:DD:54:F8:E9:54:1B:9F:6F
            X509v3 Authority Key Identifier:
                keyid:EF:DC:48:D9:AB:10:F0:E4:2A:3D:C6:7F:BD:0F:4C:B8:E4:4C:AB:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/79xI2asQ8OQqPcZ_vQ9MuORMq2k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/404feb-a8bc-4c54-90ac-0660c16efcce/1/zHPhmmLDGByafp8E3VT46VQbn28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/404feb-a8bc-4c54-90ac-0660c16efcce/1/79xI2asQ8OQqPcZ_vQ9MuORMq2k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:708::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:56:44:8c:bc:90:43:81:f9:39:12:2d:9d:da:5a:68:43:be:
         95:f1:96:8e:2a:1b:4e:04:7e:2f:b4:ac:89:da:59:8e:3a:c2:
         d5:20:63:7a:3d:ac:ee:db:c7:5c:31:28:e8:46:28:9d:74:20:
         06:8e:48:30:e8:fb:52:70:cb:75:b6:bf:4b:48:8c:1e:b8:1c:
         6c:0a:30:70:6c:f0:27:d1:7c:86:50:42:bc:43:b0:e9:86:7e:
         9f:a0:82:f6:cb:89:24:24:25:72:fe:1c:f5:42:bc:c5:68:9c:
         71:32:60:ef:30:00:19:a7:44:6d:45:24:c3:5f:57:b5:e6:cd:
         ae:f5:9d:8b:e1:ef:b4:63:d1:e1:dd:2b:cb:c1:db:1e:60:c1:
         56:a9:c6:60:39:6a:db:18:f7:85:1f:21:f5:da:4f:09:78:e4:
         f7:01:77:a7:c5:22:49:10:24:ad:5c:af:e8:ce:53:bd:66:1e:
         93:63:5e:6e:a5:cf:ba:de:e7:93:09:6f:b3:3f:06:c8:0f:df:
         0e:12:21:53:16:eb:95:90:64:1a:43:05:44:08:a8:25:95:42:
         ae:8d:8a:36:34:e9:b9:ac:0f:65:90:97:14:f1:16:c7:a7:07:
         e2:05:fc:4b:27:f7:08:e6:ef:a1:27:60:03:c5:fe:4a:7d:fa:
         0e:33:e5:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi+9GnCVo/x/BQC8HRxLL/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmZGM0OGQ5YWIxMGYwZTQyYTNkYzY3ZmJkMGY0Y2I4ZTQ0
Y2FiNjkwHhcNMjUwMTAxMTc0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzczZTE5YTYyYzMxODFjOWE3ZTlmMDRkZDU0ZjhlOTU0MWI5ZjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLIrkDmG6sLZ3tUzlzTMpSj6xfHh
p/6Ye99B3GPpr38l/H9X/l8Ebbgd1l8jp/phtSHJNhWmS2cPWEaCXLYqQ/chL/k/
LyG2H91oUXWPP1a9lRrPcaYcCoiAYNPN0MJq99UY6QRi+Fg0Pj/C+zmNt0b10VOF
n0nZ6yQ7aZgWWw7Byp3+PGXs6L+WrgtF94sIMxMbmBTcsc1B9NJGWeGLFeqwCb8x
zNI5KXvm45F4Su23veA4cF/ngkoJ7U9ALYDmB3jxe0U1RtKuTfExcoWKgULs4G2i
eLVlHTVjxO++RqVaC0X6D0nLCKfZljN9AU4iCfU2VJZ8o7HHzBT2R1t/JQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMxz4Zpiwxgcmn6fBN1U+OlUG59vMB8GA1UdIwQY
MBaAFO/cSNmrEPDkKj3Gf70PTLjkTKtpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzl4STJhc1E4T1FxUGNaX3ZROU11T1JNcTJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS80MDRmZWItYThiYy00YzU0LTkwYWMt
MDY2MGMxNmVmY2NlLzEvekhQaG1tTERHQnlhZnA4RTNWVDQ2VlFibjI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS80MDRmZWItYThiYy00YzU0LTkwYWMtMDY2MGMxNmVmY2Nl
LzEvNzl4STJhc1E4T1FxUGNaX3ZROU11T1JNcTJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAcI
MA0GCSqGSIb3DQEBCwUAA4IBAQBYVkSMvJBDgfk5Ei2d2lpoQ76V8ZaOKhtOBH4v
tKyJ2lmOOsLVIGN6Pazu28dcMSjoRiiddCAGjkgw6PtScMt1tr9LSIweuBxsCjBw
bPAn0XyGUEK8Q7Dphn6foIL2y4kkJCVy/hz1QrzFaJxxMmDvMAAZp0RtRSTDX1e1
5s2u9Z2L4e+0Y9Hh3SvLwdseYMFWqcZgOWrbGPeFHyH12k8JeOT3AXenxSJJECSt
XK/ozlO9Zh6TY15upc+63ueTCW+zPwbID98OEiFTFuuVkGQaQwVECKgllUKujYo2
NOm5rA9lkJcU8RbHpwfiBfxLJ/cI5u+hJ2ADxf5KffoOM+XC
-----END CERTIFICATE-----