Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/a018a7-6b5c-4239-89b7-2a0247fbb6d5/1/BsLLTJoL5Z4HGp4lHrRp2sggxy8.roa
File:                     BsLLTJoL5Z4HGp4lHrRp2sggxy8.roa (raw, json)
Hash identifier:          KOPhzfVSci9RxNPGk2QlpxdIKfmzye/4QJQFoBktHeg=
Subject key identifier:   06:C2:CB:4C:9A:0B:E5:9E:07:1A:9E:25:1E:B4:69:DA:C8:20:C7:2F
Certificate issuer:       /CN=3964cdeee346116cb9641ba4800f55b9906dc3a5
Certificate serial:       01941F8C66E61E4E34C06AD5A4DE26BF5BD5
Authority key identifier: 39:64:CD:EE:E3:46:11:6C:B9:64:1B:A4:80:0F:55:B9:90:6D:C3:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OWTN7uNGEWy5ZBukgA9VuZBtw6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/a018a7-6b5c-4239-89b7-2a0247fbb6d5/1/BsLLTJoL5Z4HGp4lHrRp2sggxy8.roa
Signing time:             Wed 01 Jan 2025 01:48:02 +0000
ROA not before:           Wed 01 Jan 2025 01:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215574
IP address blocks:        2001:67c:ddc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/a018a7-6b5c-4239-89b7-2a0247fbb6d5/1/OWTN7uNGEWy5ZBukgA9VuZBtw6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/a018a7-6b5c-4239-89b7-2a0247fbb6d5/1/OWTN7uNGEWy5ZBukgA9VuZBtw6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OWTN7uNGEWy5ZBukgA9VuZBtw6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:66:e6:1e:4e:34:c0:6a:d5:a4:de:26:bf:5b:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3964cdeee346116cb9641ba4800f55b9906dc3a5
        Validity
            Not Before: Jan  1 01:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06c2cb4c9a0be59e071a9e251eb469dac820c72f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:49:f7:0f:f5:ae:c0:68:b0:e2:61:b2:22:87:
                    00:11:bb:b3:59:a2:5f:d5:f2:63:27:4f:ed:ea:1f:
                    14:58:b9:52:75:18:bc:49:fe:a8:e5:03:1c:5e:cd:
                    1f:59:f0:be:0e:0d:28:d2:95:2b:f6:99:1f:b4:78:
                    b2:40:0c:ac:ae:f8:f8:89:df:58:95:d2:ab:15:47:
                    29:4b:f6:e9:bc:42:19:3f:94:ac:19:40:ac:5a:4d:
                    39:13:45:0b:2a:8b:39:1c:ac:a4:25:08:1e:ae:a5:
                    5f:c0:7e:93:32:67:18:40:4d:f9:7b:0a:a1:8b:78:
                    04:6e:4c:d5:2d:ef:78:a5:24:65:e5:dd:32:39:57:
                    fe:9e:6c:0d:2e:d5:f3:ed:16:75:c4:7f:aa:a3:e4:
                    19:80:bd:4b:07:a1:10:ab:35:fe:19:41:92:80:89:
                    1e:1b:2b:cf:98:5e:e6:dd:8a:0c:cc:4c:32:f7:e6:
                    44:c2:1f:15:62:44:2b:16:f5:15:7c:24:25:95:30:
                    e3:21:d9:d1:53:c6:f8:88:01:c8:04:9d:14:bf:47:
                    79:76:9f:cf:11:4b:81:38:06:cc:d9:b6:e7:f4:29:
                    79:dd:97:b9:cf:f5:bd:ea:46:b5:88:64:bd:4c:ff:
                    c7:e6:d1:2d:b7:e5:d9:c4:0b:90:43:b4:84:0d:27:
                    7e:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:C2:CB:4C:9A:0B:E5:9E:07:1A:9E:25:1E:B4:69:DA:C8:20:C7:2F
            X509v3 Authority Key Identifier:
                keyid:39:64:CD:EE:E3:46:11:6C:B9:64:1B:A4:80:0F:55:B9:90:6D:C3:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OWTN7uNGEWy5ZBukgA9VuZBtw6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/a018a7-6b5c-4239-89b7-2a0247fbb6d5/1/BsLLTJoL5Z4HGp4lHrRp2sggxy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/a018a7-6b5c-4239-89b7-2a0247fbb6d5/1/OWTN7uNGEWy5ZBukgA9VuZBtw6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ddc::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:96:3b:7e:8e:b3:70:6f:97:ce:2b:39:b9:76:50:11:db:67:
         9a:19:eb:46:b4:7b:f4:46:30:65:d3:95:f9:53:86:46:25:8d:
         8c:36:8b:bb:56:16:ce:c9:29:2c:06:ae:49:e7:37:c6:0c:03:
         96:20:80:c3:c1:39:55:75:0c:3d:d6:3c:f0:54:49:bc:00:9c:
         0b:5c:8e:60:f2:81:2d:1b:5f:87:7e:c7:1b:96:87:43:25:34:
         56:fd:fa:56:a3:4b:7d:43:31:e8:0c:08:b4:f7:e0:ed:90:55:
         b8:70:52:c6:02:cf:07:82:d6:2d:ea:49:41:31:9e:34:d1:a2:
         42:b0:eb:f2:b4:78:13:ba:2c:43:1c:73:29:e9:67:5e:25:fc:
         91:7d:f5:38:0e:9b:df:0d:75:fe:83:0a:26:d0:14:8f:8c:bc:
         31:85:6e:25:e0:d9:9a:20:7d:cd:2e:cd:18:82:cb:23:4b:de:
         c5:81:8e:58:02:a9:91:92:2f:30:d4:81:34:f8:5a:93:41:f0:
         f2:f8:99:33:8d:a5:8b:9e:b1:58:79:a8:b2:5d:04:16:ed:8c:
         a8:31:67:7c:71:b4:f3:48:08:7f:ac:2c:da:1b:84:fb:0d:7a:
         bb:2e:59:3c:e7:60:58:0c:22:6b:44:34:c5:d3:b8:e7:a2:f8:
         7e:c2:4b:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjGbmHk40wGrVpN4mv1vVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5NjRjZGVlZTM0NjExNmNiOTY0MWJhNDgwMGY1NWI5OTA2
ZGMzYTUwHhcNMjUwMTAxMDE0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmMyY2I0YzlhMGJlNTllMDcxYTllMjUxZWI0NjlkYWM4MjBjNzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3En3D/WuwGiw4mGyIocAEbuzWaJf
1fJjJ0/t6h8UWLlSdRi8Sf6o5QMcXs0fWfC+Dg0o0pUr9pkftHiyQAysrvj4id9Y
ldKrFUcpS/bpvEIZP5SsGUCsWk05E0ULKos5HKykJQgerqVfwH6TMmcYQE35ewqh
i3gEbkzVLe94pSRl5d0yOVf+nmwNLtXz7RZ1xH+qo+QZgL1LB6EQqzX+GUGSgIke
GyvPmF7m3YoMzEwy9+ZEwh8VYkQrFvUVfCQllTDjIdnRU8b4iAHIBJ0Uv0d5dp/P
EUuBOAbM2bbn9Cl53Ze5z/W96ka1iGS9TP/H5tEtt+XZxAuQQ7SEDSd+CwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAbCy0yaC+WeBxqeJR60adrIIMcvMB8GA1UdIwQY
MBaAFDlkze7jRhFsuWQbpIAPVbmQbcOlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1dUTjd1TkdFV3k1WkJ1a2dBOVZ1WkJ0dzZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9hMDE4YTctNmI1Yy00MjM5LTg5Yjct
MmEwMjQ3ZmJiNmQ1LzEvQnNMTFRKb0w1WjRIR3A0bEhyUnAyc2dneHk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9hMDE4YTctNmI1Yy00MjM5LTg5YjctMmEwMjQ3ZmJiNmQ1
LzEvT1dUTjd1TkdFV3k1WkJ1a2dBOVZ1WkJ0dzZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA3c
MA0GCSqGSIb3DQEBCwUAA4IBAQBjljt+jrNwb5fOKzm5dlAR22eaGetGtHv0RjBl
05X5U4ZGJY2MNou7VhbOySksBq5J5zfGDAOWIIDDwTlVdQw91jzwVEm8AJwLXI5g
8oEtG1+HfscblodDJTRW/fpWo0t9QzHoDAi09+DtkFW4cFLGAs8HgtYt6klBMZ40
0aJCsOvytHgTuixDHHMp6WdeJfyRffU4DpvfDXX+gwom0BSPjLwxhW4l4NmaIH3N
Ls0YgssjS97FgY5YAqmRki8w1IE0+FqTQfDy+JkzjaWLnrFYeaiyXQQW7YyoMWd8
cbTzSAh/rCzaG4T7DXq7Llk852BYDCJrRDTF07jnovh+wktM
-----END CERTIFICATE-----