Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/051420-dcb7-4b21-b13e-d2db73ff31bc/1/tPR9H_DIj2ZRBOQ92V0Cq0cgME0.roa
File:                     tPR9H_DIj2ZRBOQ92V0Cq0cgME0.roa (raw, json)
Hash identifier:          04OzE6roqkiLsdkvUp90YsNXVC5oCpySc5tEOrXmoM8=
Subject key identifier:   B4:F4:7D:1F:F0:C8:8F:66:51:04:E4:3D:D9:5D:02:AB:47:20:30:4D
Certificate issuer:       /CN=cf6a7a426dc519963d33d2dc6cef782fd5f2dc77
Certificate serial:       019424B32AF2C22CBCB5FA7B6B161C53E583
Authority key identifier: CF:6A:7A:42:6D:C5:19:96:3D:33:D2:DC:6C:EF:78:2F:D5:F2:DC:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z2p6Qm3FGZY9M9LcbO94L9Xy3Hc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/051420-dcb7-4b21-b13e-d2db73ff31bc/1/tPR9H_DIj2ZRBOQ92V0Cq0cgME0.roa
Signing time:             Thu 02 Jan 2025 01:48:29 +0000
ROA not before:           Thu 02 Jan 2025 01:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215236
IP address blocks:        2001:67c:21a8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/051420-dcb7-4b21-b13e-d2db73ff31bc/1/z2p6Qm3FGZY9M9LcbO94L9Xy3Hc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/051420-dcb7-4b21-b13e-d2db73ff31bc/1/z2p6Qm3FGZY9M9LcbO94L9Xy3Hc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z2p6Qm3FGZY9M9LcbO94L9Xy3Hc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 07:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:2a:f2:c2:2c:bc:b5:fa:7b:6b:16:1c:53:e5:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf6a7a426dc519963d33d2dc6cef782fd5f2dc77
        Validity
            Not Before: Jan  2 01:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4f47d1ff0c88f665104e43dd95d02ab4720304d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e2:95:7c:51:48:e5:88:bc:0f:55:5f:e4:9f:
                    9a:df:ed:60:9c:13:93:86:a0:64:7f:b8:1e:63:ec:
                    4d:24:e3:2b:60:62:03:9a:d1:9e:11:e3:5b:01:bd:
                    12:03:9d:e8:25:b6:62:bb:bb:46:39:4a:5a:94:26:
                    f1:e7:db:a9:71:38:61:d3:b2:32:28:04:de:5b:30:
                    20:08:4b:49:08:6e:00:32:55:9b:a1:32:00:7d:24:
                    4a:7b:2f:e5:cb:b1:61:fb:3e:00:1b:5d:e0:fb:bb:
                    11:28:59:78:d1:50:53:65:5d:38:05:47:cb:14:ad:
                    c7:a3:21:c7:46:1c:33:e6:b3:b9:2f:3f:c6:30:cf:
                    0a:2e:a8:cf:35:c9:e0:b2:c2:36:16:05:4b:92:28:
                    4d:45:8b:bf:ae:68:df:3e:b2:50:b0:e2:b4:c3:37:
                    4b:57:f0:40:3e:98:4b:96:82:5c:51:ed:dd:f6:83:
                    17:5b:2f:0c:b7:89:37:53:79:8c:23:9f:d6:f7:1a:
                    9b:2c:b0:1c:f3:32:a4:dc:ee:12:d5:79:2b:76:32:
                    3d:b0:8f:8e:a8:28:05:32:75:84:2b:86:67:6d:a5:
                    33:63:28:13:c9:ed:3d:f2:7b:28:b2:97:5d:05:04:
                    cb:d6:ad:7e:72:a2:26:aa:6e:24:7a:8a:8a:ee:db:
                    a5:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:F4:7D:1F:F0:C8:8F:66:51:04:E4:3D:D9:5D:02:AB:47:20:30:4D
            X509v3 Authority Key Identifier:
                keyid:CF:6A:7A:42:6D:C5:19:96:3D:33:D2:DC:6C:EF:78:2F:D5:F2:DC:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z2p6Qm3FGZY9M9LcbO94L9Xy3Hc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/051420-dcb7-4b21-b13e-d2db73ff31bc/1/tPR9H_DIj2ZRBOQ92V0Cq0cgME0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/051420-dcb7-4b21-b13e-d2db73ff31bc/1/z2p6Qm3FGZY9M9LcbO94L9Xy3Hc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:21a8::/48

    Signature Algorithm: sha256WithRSAEncryption
         dc:77:ba:bf:8e:0d:8c:f0:5d:a5:ea:a0:bb:3b:31:f8:39:b3:
         0e:ad:99:ee:0a:13:1c:e6:d1:4a:67:81:c0:97:46:9f:ed:8f:
         f9:b4:ee:f9:ad:1a:0a:13:91:54:bf:f4:76:de:a8:30:3c:32:
         db:30:7a:e9:2e:cb:ab:86:29:72:42:10:ab:26:12:72:d2:5b:
         dc:89:01:a7:a4:b1:07:12:0a:7f:98:f4:ee:0e:ba:1e:f1:cd:
         68:d7:f0:f6:23:19:58:cf:9b:ff:91:6b:c3:75:5e:df:e3:59:
         65:6e:e6:37:8a:c7:3d:ca:81:c8:1c:c9:3a:1a:47:9e:30:2c:
         da:24:19:08:b9:51:5a:ea:24:e9:5e:07:b8:23:82:a1:40:bf:
         ba:35:74:7c:e8:8f:34:89:10:54:b4:75:3e:04:58:91:2a:03:
         a7:1f:3b:98:63:03:ee:35:c1:62:83:3b:21:0e:24:75:c3:b6:
         79:0a:b6:1d:06:b6:8e:17:e0:ac:68:6a:65:72:b6:ed:8d:99:
         bd:a1:c3:ca:e9:9e:dc:a3:d1:4b:5a:34:29:bb:98:ae:7f:50:
         a9:78:89:95:2e:86:a3:7f:b5:b8:b0:19:f5:30:94:38:a6:c4:
         9e:c7:7d:08:24:0e:d3:56:e0:ec:cb:fe:71:ab:a4:9f:68:b7:
         80:1e:6f:f8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQksyrywiy8tfp7axYcU+WDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNmE3YTQyNmRjNTE5OTYzZDMzZDJkYzZjZWY3ODJmZDVm
MmRjNzcwHhcNMjUwMTAyMDE0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGY0N2QxZmYwYzg4ZjY2NTEwNGU0M2RkOTVkMDJhYjQ3MjAzMDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseKVfFFI5Yi8D1Vf5J+a3+1gnBOT
hqBkf7geY+xNJOMrYGIDmtGeEeNbAb0SA53oJbZiu7tGOUpalCbx59upcThh07Iy
KATeWzAgCEtJCG4AMlWboTIAfSRKey/ly7Fh+z4AG13g+7sRKFl40VBTZV04BUfL
FK3HoyHHRhwz5rO5Lz/GMM8KLqjPNcngssI2FgVLkihNRYu/rmjfPrJQsOK0wzdL
V/BAPphLloJcUe3d9oMXWy8Mt4k3U3mMI5/W9xqbLLAc8zKk3O4S1XkrdjI9sI+O
qCgFMnWEK4ZnbaUzYygTye098nsospddBQTL1q1+cqImqm4keoqK7tul7wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLT0fR/wyI9mUQTkPdldAqtHIDBNMB8GA1UdIwQY
MBaAFM9qekJtxRmWPTPS3GzveC/V8tx3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejJwNlFtM0ZHWlk5TTlMY2JPOTRMOVh5M0hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny8wNTE0MjAtZGNiNy00YjIxLWIxM2Ut
ZDJkYjczZmYzMWJjLzEvdFBSOUhfRElqMlpSQk9ROTJWMENxMGNnTUUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny8wNTE0MjAtZGNiNy00YjIxLWIxM2UtZDJkYjczZmYzMWJj
LzEvejJwNlFtM0ZHWlk5TTlMY2JPOTRMOVh5M0hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCGo
MA0GCSqGSIb3DQEBCwUAA4IBAQDcd7q/jg2M8F2l6qC7OzH4ObMOrZnuChMc5tFK
Z4HAl0af7Y/5tO75rRoKE5FUv/R23qgwPDLbMHrpLsurhilyQhCrJhJy0lvciQGn
pLEHEgp/mPTuDroe8c1o1/D2IxlYz5v/kWvDdV7f41llbuY3isc9yoHIHMk6Gkee
MCzaJBkIuVFa6iTpXge4I4KhQL+6NXR86I80iRBUtHU+BFiRKgOnHzuYYwPuNcFi
gzshDiR1w7Z5CrYdBraOF+CsaGplcrbtjZm9ocPK6Z7co9FLWjQpu5iuf1CpeImV
Loajf7W4sBn1MJQ4psSex30IJA7TVuDsy/5xq6SfaLeAHm/4
-----END CERTIFICATE-----