Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7f2c07-cef5-42f4-8f32-8631fbf5c620/1/shQWrGUmL_hnxXrykLqgxjUrJSo.roa
File:                     shQWrGUmL_hnxXrykLqgxjUrJSo.roa (raw, json)
Hash identifier:          WyhgYBiNi+KPH14FenrkvjOQfAHnL6lB02jl9DUrbbs=
Subject key identifier:   B2:14:16:AC:65:26:2F:F8:67:C5:7A:F2:90:BA:A0:C6:35:2B:25:2A
Certificate issuer:       /CN=61b05789a4e824be8103de770dc25c593ef3fdca
Certificate serial:       019422FC4E2F4ACCCCD76214D94358B2F40D
Authority key identifier: 61:B0:57:89:A4:E8:24:BE:81:03:DE:77:0D:C2:5C:59:3E:F3:FD:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbBXiaToJL6BA953DcJcWT7z_co.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7f2c07-cef5-42f4-8f32-8631fbf5c620/1/shQWrGUmL_hnxXrykLqgxjUrJSo.roa
Signing time:             Wed 01 Jan 2025 17:49:07 +0000
ROA not before:           Wed 01 Jan 2025 17:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211671
IP address blocks:        2001:67c:2978::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/7f2c07-cef5-42f4-8f32-8631fbf5c620/1/YbBXiaToJL6BA953DcJcWT7z_co.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/7f2c07-cef5-42f4-8f32-8631fbf5c620/1/YbBXiaToJL6BA953DcJcWT7z_co.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbBXiaToJL6BA953DcJcWT7z_co.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 14:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:4e:2f:4a:cc:cc:d7:62:14:d9:43:58:b2:f4:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b05789a4e824be8103de770dc25c593ef3fdca
        Validity
            Not Before: Jan  1 17:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b21416ac65262ff867c57af290baa0c6352b252a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:5b:c7:8a:1a:f8:d0:57:3f:6c:d3:18:a3:91:
                    4c:51:42:f9:30:89:fd:0e:85:94:c9:01:00:2b:e4:
                    38:69:63:56:91:f2:69:29:b3:02:01:30:89:11:ba:
                    70:bb:43:6e:26:60:52:9a:79:3e:31:17:25:e5:73:
                    37:7f:41:bd:27:4b:50:0c:13:7f:a9:94:11:f1:76:
                    56:b9:42:d3:0e:a6:70:c9:71:dc:4e:79:8f:0c:b5:
                    8c:a0:ac:3c:60:9e:87:5f:e7:98:af:87:6e:54:7c:
                    d1:ef:2c:62:68:b1:83:f4:1a:9d:37:ab:44:37:11:
                    18:2e:a4:a1:51:05:c0:fd:1e:fe:25:96:81:90:3e:
                    3f:0e:9a:13:99:30:1e:02:60:83:b9:80:98:8f:d8:
                    04:f6:9b:11:90:15:fb:98:d8:7a:fc:2e:1f:07:2f:
                    c7:7a:01:f0:ff:cf:45:19:88:b8:2f:dc:ef:d4:73:
                    aa:8b:4a:6a:9c:da:6f:bc:93:74:ab:5b:4e:c6:c3:
                    4c:1e:48:2c:62:64:f4:3e:93:2c:f0:a8:58:36:52:
                    5a:5a:a0:af:5e:41:57:51:25:b9:b4:3a:ae:e1:52:
                    24:0c:67:0f:f8:7a:cd:08:20:c7:66:f5:9b:ee:2f:
                    a5:0f:aa:23:e7:d7:d1:e6:70:2a:e9:64:bb:13:f0:
                    f2:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:14:16:AC:65:26:2F:F8:67:C5:7A:F2:90:BA:A0:C6:35:2B:25:2A
            X509v3 Authority Key Identifier:
                keyid:61:B0:57:89:A4:E8:24:BE:81:03:DE:77:0D:C2:5C:59:3E:F3:FD:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbBXiaToJL6BA953DcJcWT7z_co.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7f2c07-cef5-42f4-8f32-8631fbf5c620/1/shQWrGUmL_hnxXrykLqgxjUrJSo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7f2c07-cef5-42f4-8f32-8631fbf5c620/1/YbBXiaToJL6BA953DcJcWT7z_co.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2978::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:70:46:46:f9:2b:4b:13:02:a4:e5:3b:24:6d:fa:3e:d0:b0:
         fb:63:7e:50:8b:3a:30:b3:bf:73:5f:49:a8:9e:c1:c3:4e:bc:
         f4:be:8d:4e:38:0f:8d:de:32:0d:8d:1c:7c:b8:0b:b3:29:c4:
         2f:7d:b1:19:78:94:48:bf:4f:61:bc:df:9c:d2:96:93:08:3e:
         d7:01:1b:69:4a:d9:b0:80:f9:77:bd:69:dc:82:d6:cf:89:ea:
         da:53:82:ae:61:cb:25:15:8f:28:6a:f3:be:3d:9d:ad:ce:7c:
         57:13:ec:7f:cb:48:78:41:62:26:b8:5d:2f:a5:19:09:52:ec:
         a4:62:57:7e:39:9c:63:03:5f:2e:5f:2c:01:8e:3d:ff:a9:09:
         ff:7b:f5:c1:a5:e7:33:21:e4:81:11:b2:09:7f:97:72:f7:10:
         2e:58:ab:bd:30:ca:f5:80:c9:58:e4:b6:a3:4b:02:e5:7f:e7:
         cc:8a:ac:40:ed:1f:a1:20:de:94:3d:01:0c:35:3b:0f:c7:66:
         3e:1c:4c:74:67:3d:bd:44:d7:9d:6d:6c:da:0d:aa:08:0d:6d:
         f6:92:af:33:82:1c:9c:4d:54:ae:f8:af:c9:62:77:9b:9e:e2:
         4b:76:7f:5a:4e:26:1d:40:1f:ca:1a:4a:59:51:fc:dd:c3:1a:
         fe:ab:6e:ae
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi/E4vSszM12IU2UNYsvQNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjA1Nzg5YTRlODI0YmU4MTAzZGU3NzBkYzI1YzU5M2Vm
M2ZkY2EwHhcNMjUwMTAxMTc0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjE0MTZhYzY1MjYyZmY4NjdjNTdhZjI5MGJhYTBjNjM1MmIyNTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VvHihr40Fc/bNMYo5FMUUL5MIn9
DoWUyQEAK+Q4aWNWkfJpKbMCATCJEbpwu0NuJmBSmnk+MRcl5XM3f0G9J0tQDBN/
qZQR8XZWuULTDqZwyXHcTnmPDLWMoKw8YJ6HX+eYr4duVHzR7yxiaLGD9BqdN6tE
NxEYLqShUQXA/R7+JZaBkD4/DpoTmTAeAmCDuYCYj9gE9psRkBX7mNh6/C4fBy/H
egHw/89FGYi4L9zv1HOqi0pqnNpvvJN0q1tOxsNMHkgsYmT0PpMs8KhYNlJaWqCv
XkFXUSW5tDqu4VIkDGcP+HrNCCDHZvWb7i+lD6oj59fR5nAq6WS7E/DyOQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLIUFqxlJi/4Z8V68pC6oMY1KyUqMB8GA1UdIwQY
MBaAFGGwV4mk6CS+gQPedw3CXFk+8/3KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJCWGlhVG9KTDZCQTk1M0RjSmNXVDd6X2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83ZjJjMDctY2VmNS00MmY0LThmMzIt
ODYzMWZiZjVjNjIwLzEvc2hRV3JHVW1MX2hueFhyeWtMcWd4alVySlNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83ZjJjMDctY2VmNS00MmY0LThmMzItODYzMWZiZjVjNjIw
LzEvWWJCWGlhVG9KTDZCQTk1M0RjSmNXVDd6X2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCl4
MA0GCSqGSIb3DQEBCwUAA4IBAQBvcEZG+StLEwKk5Tskbfo+0LD7Y35Qizows79z
X0monsHDTrz0vo1OOA+N3jINjRx8uAuzKcQvfbEZeJRIv09hvN+c0paTCD7XARtp
StmwgPl3vWncgtbPieraU4KuYcslFY8oavO+PZ2tznxXE+x/y0h4QWImuF0vpRkJ
UuykYld+OZxjA18uXywBjj3/qQn/e/XBpeczIeSBEbIJf5dy9xAuWKu9MMr1gMlY
5LajSwLlf+fMiqxA7R+hIN6UPQEMNTsPx2Y+HEx0Zz29RNedbWzaDaoIDW32kq8z
ghycTVSu+K/JYnebnuJLdn9aTiYdQB/KGkpZUfzdwxr+q26u
-----END CERTIFICATE-----