Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/e992c4-fea6-4e9e-a29b-9095ecc87878/1/nD9K7BuoobBm0UoH5h6nnInzZ5M.roa
File:                     nD9K7BuoobBm0UoH5h6nnInzZ5M.roa (raw, json)
Hash identifier:          n+EpS4FTLeyovvcIgss8uVwl4+ZqeSqmuV4HpNA3yWw=
Subject key identifier:   9C:3F:4A:EC:1B:A8:A1:B0:66:D1:4A:07:E6:1E:A7:9C:89:F3:67:93
Certificate issuer:       /CN=17972d43835cd6a66e54e5a5856ce57de282d43a
Certificate serial:       0194221FE5F1C8B40AB1F8E630DEB56B4F63
Authority key identifier: 17:97:2D:43:83:5C:D6:A6:6E:54:E5:A5:85:6C:E5:7D:E2:82:D4:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5ctQ4Nc1qZuVOWlhWzlfeKC1Do.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/e992c4-fea6-4e9e-a29b-9095ecc87878/1/nD9K7BuoobBm0UoH5h6nnInzZ5M.roa
Signing time:             Wed 01 Jan 2025 13:48:23 +0000
ROA not before:           Wed 01 Jan 2025 13:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205614
IP address blocks:        2001:67c:814::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/e992c4-fea6-4e9e-a29b-9095ecc87878/1/F5ctQ4Nc1qZuVOWlhWzlfeKC1Do.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/e992c4-fea6-4e9e-a29b-9095ecc87878/1/F5ctQ4Nc1qZuVOWlhWzlfeKC1Do.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5ctQ4Nc1qZuVOWlhWzlfeKC1Do.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:e5:f1:c8:b4:0a:b1:f8:e6:30:de:b5:6b:4f:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17972d43835cd6a66e54e5a5856ce57de282d43a
        Validity
            Not Before: Jan  1 13:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c3f4aec1ba8a1b066d14a07e61ea79c89f36793
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:6c:c2:e2:71:52:68:c3:c5:ee:82:3f:2e:6b:
                    0d:f2:1d:4e:bf:74:d5:e8:72:74:40:74:9a:dd:ee:
                    af:6c:c7:a5:37:d4:17:5f:dd:9a:1b:95:42:4f:cb:
                    9d:71:64:18:4b:9c:f7:13:f4:d6:04:75:17:65:61:
                    7a:ef:29:c4:0d:ee:e9:cb:01:5f:03:98:c8:7e:71:
                    59:f9:dd:9c:51:92:fb:0f:37:b2:7d:13:d6:31:39:
                    63:a6:3d:d2:2e:e6:8e:be:45:93:01:eb:b3:92:13:
                    58:f4:02:1d:3f:83:cf:e3:71:bf:08:9f:e3:6a:df:
                    17:82:1b:90:cd:39:69:a6:e1:fc:fd:6f:bc:a5:b7:
                    c8:b9:b4:0b:6c:a4:dc:0f:8c:02:67:b3:da:22:64:
                    88:22:f3:19:fe:fd:ee:c7:f6:17:70:01:79:a9:ac:
                    b6:cb:b1:24:9f:89:3b:2e:c3:de:fb:b3:af:e9:79:
                    b1:7c:d7:04:a8:17:f0:4f:67:03:d3:dc:d4:f8:31:
                    5e:ad:f7:cb:4a:4b:5f:19:51:5e:f8:5b:80:0b:41:
                    31:2b:a3:a2:7a:38:2a:6e:a6:5d:cd:16:2c:22:99:
                    e4:98:51:d3:a7:0a:02:96:a7:7e:b4:3e:7f:c2:01:
                    37:7e:c8:cb:9d:0c:f9:e7:ca:9c:46:76:44:36:85:
                    9f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:3F:4A:EC:1B:A8:A1:B0:66:D1:4A:07:E6:1E:A7:9C:89:F3:67:93
            X509v3 Authority Key Identifier:
                keyid:17:97:2D:43:83:5C:D6:A6:6E:54:E5:A5:85:6C:E5:7D:E2:82:D4:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5ctQ4Nc1qZuVOWlhWzlfeKC1Do.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/e992c4-fea6-4e9e-a29b-9095ecc87878/1/nD9K7BuoobBm0UoH5h6nnInzZ5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/e992c4-fea6-4e9e-a29b-9095ecc87878/1/F5ctQ4Nc1qZuVOWlhWzlfeKC1Do.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:814::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:76:15:91:dc:90:79:6a:16:20:65:99:2a:61:d3:4d:2e:b6:
         9e:0c:56:24:f8:fb:89:03:e2:23:7c:09:87:58:26:a9:99:0f:
         8a:f7:1d:42:6f:0e:e8:5c:58:62:40:6a:c0:ac:3f:fc:ef:69:
         47:a8:29:d7:cd:f2:cc:8d:d2:8b:92:de:95:e3:0b:e6:f3:e3:
         1b:e6:12:c7:75:e1:71:be:26:72:c4:25:d9:4e:29:0f:e7:b4:
         e4:ce:31:b4:47:0a:11:a6:dd:ad:b0:8c:02:41:b8:1c:75:15:
         55:f2:b0:73:20:a9:a1:39:52:1a:dd:3e:e8:45:4b:73:da:c0:
         a1:cf:32:ff:c6:77:d5:67:71:15:66:54:85:d2:44:ba:08:b0:
         78:36:d9:ba:3f:84:d6:35:ce:75:53:ea:cb:29:fd:58:32:a9:
         e6:13:16:2f:24:bb:8c:83:21:7c:b0:ac:d9:e5:2b:f8:9b:d1:
         4b:67:9b:82:2c:b1:d6:51:e4:8f:09:91:45:b7:44:5f:92:22:
         31:88:19:69:65:73:b1:f7:6a:d6:16:21:3b:d6:9a:29:44:d2:
         62:e6:b4:fe:58:5c:13:61:bd:2b:3d:3f:f1:6d:d6:68:9c:76:
         6e:9b:d8:83:bd:19:5c:9d:0c:4a:49:7e:03:4a:91:c1:ba:dc:
         cc:6a:05:59
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH+XxyLQKsfjmMN61a09jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTcyZDQzODM1Y2Q2YTY2ZTU0ZTVhNTg1NmNlNTdkZTI4
MmQ0M2EwHhcNMjUwMTAxMTM0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzNmNGFlYzFiYThhMWIwNjZkMTRhMDdlNjFlYTc5Yzg5ZjM2NzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2zC4nFSaMPF7oI/LmsN8h1Ov3TV
6HJ0QHSa3e6vbMelN9QXX92aG5VCT8udcWQYS5z3E/TWBHUXZWF67ynEDe7pywFf
A5jIfnFZ+d2cUZL7DzeyfRPWMTljpj3SLuaOvkWTAeuzkhNY9AIdP4PP43G/CJ/j
at8XghuQzTlppuH8/W+8pbfIubQLbKTcD4wCZ7PaImSIIvMZ/v3ux/YXcAF5qay2
y7Ekn4k7LsPe+7Ov6XmxfNcEqBfwT2cD09zU+DFerffLSktfGVFe+FuAC0ExK6Oi
ejgqbqZdzRYsIpnkmFHTpwoClqd+tD5/wgE3fsjLnQz558qcRnZENoWf7QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJw/SuwbqKGwZtFKB+Yep5yJ82eTMB8GA1UdIwQY
MBaAFBeXLUODXNamblTlpYVs5X3igtQ6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVjdFE0TmMxcVp1Vk9XbGhXemxmZUtDMURvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9lOTkyYzQtZmVhNi00ZTllLWEyOWIt
OTA5NWVjYzg3ODc4LzEvbkQ5SzdCdW9vYkJtMFVvSDVoNm5uSW56WjVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9lOTkyYzQtZmVhNi00ZTllLWEyOWItOTA5NWVjYzg3ODc4
LzEvRjVjdFE0TmMxcVp1Vk9XbGhXemxmZUtDMURvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAgU
MA0GCSqGSIb3DQEBCwUAA4IBAQBgdhWR3JB5ahYgZZkqYdNNLraeDFYk+PuJA+Ij
fAmHWCapmQ+K9x1Cbw7oXFhiQGrArD/872lHqCnXzfLMjdKLkt6V4wvm8+Mb5hLH
deFxviZyxCXZTikP57TkzjG0RwoRpt2tsIwCQbgcdRVV8rBzIKmhOVIa3T7oRUtz
2sChzzL/xnfVZ3EVZlSF0kS6CLB4Ntm6P4TWNc51U+rLKf1YMqnmExYvJLuMgyF8
sKzZ5Sv4m9FLZ5uCLLHWUeSPCZFFt0RfkiIxiBlpZXOx92rWFiE71popRNJi5rT+
WFwTYb0rPT/xbdZonHZum9iDvRlcnQxKSX4DSpHButzMagVZ
-----END CERTIFICATE-----