Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/d080c7-cee6-4b41-8c1c-0ef8c036b616/1/KMKlBIWdbSLJxhG6mlrGw76dE8w.roa
File:                     KMKlBIWdbSLJxhG6mlrGw76dE8w.roa (raw, json)
Hash identifier:          wMSY3OLmFX6U/ZLAS1pVuwf7520K0rZUrgx8A8ShiM0=
Subject key identifier:   28:C2:A5:04:85:9D:6D:22:C9:C6:11:BA:9A:5A:C6:C3:BE:9D:13:CC
Certificate issuer:       /CN=03dc8c62391efdd4dd18e46819e1778002a9a187
Certificate serial:       0194228DE25F0AD08DE87E6FBB5CA7E636F4
Authority key identifier: 03:DC:8C:62:39:1E:FD:D4:DD:18:E4:68:19:E1:77:80:02:A9:A1:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A9yMYjke_dTdGORoGeF3gAKpoYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/d080c7-cee6-4b41-8c1c-0ef8c036b616/1/KMKlBIWdbSLJxhG6mlrGw76dE8w.roa
Signing time:             Wed 01 Jan 2025 15:48:31 +0000
ROA not before:           Wed 01 Jan 2025 15:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214564
IP address blocks:        2001:67c:ef8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/d080c7-cee6-4b41-8c1c-0ef8c036b616/1/A9yMYjke_dTdGORoGeF3gAKpoYc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/d080c7-cee6-4b41-8c1c-0ef8c036b616/1/A9yMYjke_dTdGORoGeF3gAKpoYc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A9yMYjke_dTdGORoGeF3gAKpoYc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:e2:5f:0a:d0:8d:e8:7e:6f:bb:5c:a7:e6:36:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03dc8c62391efdd4dd18e46819e1778002a9a187
        Validity
            Not Before: Jan  1 15:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28c2a504859d6d22c9c611ba9a5ac6c3be9d13cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f0:fc:11:6c:4d:b6:c0:67:cd:ac:52:ce:33:
                    bc:40:d4:97:7c:48:56:69:36:87:ab:d5:fd:56:2b:
                    06:cd:22:d7:f9:c4:e8:b4:18:64:6c:03:62:4c:85:
                    4d:36:00:70:5a:30:ce:90:e4:48:c3:fc:e1:d9:fb:
                    2b:68:aa:60:39:ef:60:4c:46:a1:2c:3d:27:ea:4b:
                    f1:84:fd:fc:70:25:6d:dd:43:c3:52:3f:d6:e6:65:
                    1b:11:91:e9:15:78:3d:eb:86:d7:47:05:74:33:6f:
                    89:ba:ed:64:b3:df:1f:46:68:ce:6c:3d:74:b0:5b:
                    3c:04:51:a2:38:99:c0:81:32:fb:f3:c3:71:58:dc:
                    16:b1:49:ea:d8:38:ca:ad:47:a1:2f:0a:ec:11:e8:
                    e4:e7:24:18:b3:ad:74:c7:6e:0d:b0:0c:99:b5:de:
                    7e:da:b0:29:34:06:28:2e:14:3b:57:6a:8c:3e:d9:
                    90:c5:bb:34:63:c4:fd:3c:31:19:84:3a:d3:ba:57:
                    3c:d3:2c:12:e9:72:17:97:69:2f:5b:6c:2d:0f:2c:
                    04:e2:60:c4:4e:30:7a:8b:d6:6b:a8:a5:e4:75:45:
                    d5:e0:58:92:8d:eb:a0:04:03:f7:17:4c:56:18:ac:
                    42:11:57:8a:e3:66:1a:7f:63:a0:ee:04:c1:25:3b:
                    1a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:C2:A5:04:85:9D:6D:22:C9:C6:11:BA:9A:5A:C6:C3:BE:9D:13:CC
            X509v3 Authority Key Identifier:
                keyid:03:DC:8C:62:39:1E:FD:D4:DD:18:E4:68:19:E1:77:80:02:A9:A1:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A9yMYjke_dTdGORoGeF3gAKpoYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/d080c7-cee6-4b41-8c1c-0ef8c036b616/1/KMKlBIWdbSLJxhG6mlrGw76dE8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/d080c7-cee6-4b41-8c1c-0ef8c036b616/1/A9yMYjke_dTdGORoGeF3gAKpoYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ef8::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:b6:f6:4d:2f:a1:2e:fb:c4:e2:72:19:07:ee:c2:74:39:47:
         85:c4:3b:03:38:4b:18:56:5c:ac:51:d6:12:c6:50:7d:4d:82:
         36:93:99:a3:0c:8f:d5:39:2e:54:01:41:fe:12:8f:f0:a5:8a:
         15:f7:d5:44:93:8a:55:3a:cd:54:71:8b:7c:7d:2d:13:e4:49:
         53:34:41:1f:55:a3:98:ef:1e:9e:9f:67:fc:5e:17:01:11:a8:
         a5:69:34:72:db:2d:4a:16:03:02:76:4b:86:f3:cc:dc:51:5b:
         d4:ea:b5:58:29:7d:5f:69:e1:4d:4b:b8:ea:10:54:36:43:6f:
         de:ab:51:71:3c:de:41:5e:42:26:06:5a:12:dc:22:7d:23:ef:
         9c:dd:e0:8d:c9:c6:36:56:d0:06:77:71:fe:bf:4a:0a:bb:2a:
         68:57:d8:93:cc:cf:f7:46:6b:da:a6:c3:ef:cf:4f:77:0a:d7:
         43:e7:50:7d:e9:24:81:a0:ac:6d:40:88:81:93:2d:6c:5a:94:
         b0:25:3a:ac:13:bf:c6:7a:dc:0f:81:d3:2a:8c:a0:5c:ce:f0:
         13:12:87:e2:dc:c7:ef:29:8a:0b:21:bb:94:5d:a9:85:95:b3:
         15:85:47:3e:ea:76:11:32:2f:db:3f:24:13:2d:df:6a:79:7c:
         bd:90:21:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijeJfCtCN6H5vu1yn5jb0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzZGM4YzYyMzkxZWZkZDRkZDE4ZTQ2ODE5ZTE3NzgwMDJh
OWExODcwHhcNMjUwMTAxMTU0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGMyYTUwNDg1OWQ2ZDIyYzljNjExYmE5YTVhYzZjM2JlOWQxM2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPD8EWxNtsBnzaxSzjO8QNSXfEhW
aTaHq9X9VisGzSLX+cTotBhkbANiTIVNNgBwWjDOkORIw/zh2fsraKpgOe9gTEah
LD0n6kvxhP38cCVt3UPDUj/W5mUbEZHpFXg964bXRwV0M2+Juu1ks98fRmjObD10
sFs8BFGiOJnAgTL788NxWNwWsUnq2DjKrUehLwrsEejk5yQYs610x24NsAyZtd5+
2rApNAYoLhQ7V2qMPtmQxbs0Y8T9PDEZhDrTulc80ywS6XIXl2kvW2wtDywE4mDE
TjB6i9ZrqKXkdUXV4FiSjeugBAP3F0xWGKxCEVeK42Yaf2Og7gTBJTsazwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCjCpQSFnW0iycYRuppaxsO+nRPMMB8GA1UdIwQY
MBaAFAPcjGI5Hv3U3RjkaBnhd4ACqaGHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTl5TVlqa2VfZFRkR09Sb0dlRjNnQUtwb1ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9kMDgwYzctY2VlNi00YjQxLThjMWMt
MGVmOGMwMzZiNjE2LzEvS01LbEJJV2RiU0xKeGhHNm1sckd3NzZkRTh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9kMDgwYzctY2VlNi00YjQxLThjMWMtMGVmOGMwMzZiNjE2
LzEvQTl5TVlqa2VfZFRkR09Sb0dlRjNnQUtwb1ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA74
MA0GCSqGSIb3DQEBCwUAA4IBAQCjtvZNL6Eu+8TichkH7sJ0OUeFxDsDOEsYVlys
UdYSxlB9TYI2k5mjDI/VOS5UAUH+Eo/wpYoV99VEk4pVOs1UcYt8fS0T5ElTNEEf
VaOY7x6en2f8XhcBEailaTRy2y1KFgMCdkuG88zcUVvU6rVYKX1faeFNS7jqEFQ2
Q2/eq1FxPN5BXkImBloS3CJ9I++c3eCNycY2VtAGd3H+v0oKuypoV9iTzM/3Rmva
psPvz093CtdD51B96SSBoKxtQIiBky1sWpSwJTqsE7/GetwPgdMqjKBczvATEofi
3MfvKYoLIbuUXamFlbMVhUc+6nYRMi/bPyQTLd9qeXy9kCEJ
-----END CERTIFICATE-----