Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/7653e0-8a72-4351-bfce-3711fae8ca77/1/Tz1CIM1JoghruWTN6nGpazj8zTs.roa
File:                     Tz1CIM1JoghruWTN6nGpazj8zTs.roa (raw, json)
Hash identifier:          VV/wpFoAA0PEYjeaECSEYgoe19Q1uDYWZTbwDnhLY+0=
Subject key identifier:   4F:3D:42:20:CD:49:A2:08:6B:B9:64:CD:EA:71:A9:6B:38:FC:CD:3B
Certificate issuer:       /CN=68e8baea95d4040348f0a89ec4e4bd15275f6c39
Certificate serial:       019420D5FF209DE3E2401DC093F36BDB567D
Authority key identifier: 68:E8:BA:EA:95:D4:04:03:48:F0:A8:9E:C4:E4:BD:15:27:5F:6C:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aOi66pXUBANI8KiexOS9FSdfbDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/7653e0-8a72-4351-bfce-3711fae8ca77/1/Tz1CIM1JoghruWTN6nGpazj8zTs.roa
Signing time:             Wed 01 Jan 2025 07:48:02 +0000
ROA not before:           Wed 01 Jan 2025 07:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209553
IP address blocks:        2a09:1c40::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/7653e0-8a72-4351-bfce-3711fae8ca77/1/aOi66pXUBANI8KiexOS9FSdfbDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/7653e0-8a72-4351-bfce-3711fae8ca77/1/aOi66pXUBANI8KiexOS9FSdfbDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aOi66pXUBANI8KiexOS9FSdfbDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 10:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ff:20:9d:e3:e2:40:1d:c0:93:f3:6b:db:56:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68e8baea95d4040348f0a89ec4e4bd15275f6c39
        Validity
            Not Before: Jan  1 07:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f3d4220cd49a2086bb964cdea71a96b38fccd3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:80:73:23:30:20:14:a4:e4:3e:15:c0:81:47:
                    b2:d9:12:3a:fc:64:ed:04:b4:a0:85:1c:7e:d3:c0:
                    c3:94:1c:8f:bd:1c:8c:19:77:04:f1:8e:02:93:85:
                    00:42:5a:b9:46:f9:f9:9f:c2:5d:57:0f:8b:ee:b8:
                    02:c7:18:2e:90:25:f8:48:5e:c9:b4:e8:bc:e9:4f:
                    a8:02:7a:6d:d0:84:2a:3d:ae:77:a3:71:bf:7a:bf:
                    64:9b:8a:83:76:49:be:ba:3b:5d:90:8f:1f:4e:b2:
                    79:4c:e9:64:ed:fe:0c:af:19:d6:5b:97:67:d0:fe:
                    45:98:03:3a:59:ec:1c:18:da:ae:3b:0f:10:01:3c:
                    2c:de:bf:5f:c8:b4:49:22:51:ca:93:b5:f9:8c:88:
                    90:91:94:47:f6:ba:36:14:e9:eb:8e:ef:c0:00:b5:
                    87:18:6b:4c:b2:3d:28:38:83:8a:0a:10:48:ce:c5:
                    52:3a:38:44:b5:86:fa:67:d8:cd:e2:a2:f1:9f:e3:
                    fa:fe:04:ce:4e:9f:98:e8:48:80:28:76:91:ed:14:
                    f7:1b:2a:c0:90:66:cf:93:e9:75:59:d5:2b:63:e1:
                    ab:af:0e:83:25:c2:c4:be:e6:e4:b1:36:a0:82:9f:
                    f7:a5:e9:7a:29:ba:05:8d:82:97:36:08:39:f5:ad:
                    76:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:3D:42:20:CD:49:A2:08:6B:B9:64:CD:EA:71:A9:6B:38:FC:CD:3B
            X509v3 Authority Key Identifier:
                keyid:68:E8:BA:EA:95:D4:04:03:48:F0:A8:9E:C4:E4:BD:15:27:5F:6C:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aOi66pXUBANI8KiexOS9FSdfbDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/7653e0-8a72-4351-bfce-3711fae8ca77/1/Tz1CIM1JoghruWTN6nGpazj8zTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/7653e0-8a72-4351-bfce-3711fae8ca77/1/aOi66pXUBANI8KiexOS9FSdfbDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:1c40::/32

    Signature Algorithm: sha256WithRSAEncryption
         80:5a:79:95:71:79:5a:82:ff:82:6d:ec:33:66:bb:ae:e9:51:
         a3:2e:55:75:0c:1c:a4:4d:68:24:fd:07:94:8a:53:98:8e:6a:
         4b:c2:d3:2d:79:37:4e:66:b6:27:d8:36:08:87:ea:14:c2:5c:
         01:bb:08:79:1e:60:26:df:0e:06:a9:ec:14:97:30:32:7f:64:
         bb:78:67:1d:09:a9:5c:c9:a2:98:f6:19:5b:1d:09:e0:3f:1d:
         a7:04:0f:e5:ab:31:be:fc:db:79:a2:9f:b9:55:11:13:7e:63:
         be:d6:70:af:10:74:c9:88:71:1b:91:da:89:d4:1d:b8:c9:cd:
         0b:12:ef:1b:05:e7:b9:3d:2c:55:b3:8e:52:03:6c:d5:81:cd:
         b2:25:cd:03:b6:e0:90:f0:f7:b5:63:69:01:29:c5:6f:9b:c5:
         24:61:51:07:b4:b0:50:b3:c5:82:0c:8b:bf:85:50:d2:18:a6:
         45:f5:e0:c2:b7:d8:08:92:5a:24:29:2f:74:06:3b:d4:9d:d4:
         57:19:38:de:5d:ac:7c:28:e9:c9:6c:cb:d4:c4:7f:85:d5:ca:
         25:19:19:63:34:3b:d4:fe:1d:b3:f2:64:35:63:45:7b:3c:c0:
         b7:0d:91:a5:15:2f:28:fc:50:d1:6f:67:26:dd:42:28:47:0f:
         49:d3:ee:5e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQg1f8gnePiQB3Ak/Nr21Z9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZThiYWVhOTVkNDA0MDM0OGYwYTg5ZWM0ZTRiZDE1Mjc1
ZjZjMzkwHhcNMjUwMTAxMDc0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjNkNDIyMGNkNDlhMjA4NmJiOTY0Y2RlYTcxYTk2YjM4ZmNjZDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYBzIzAgFKTkPhXAgUey2RI6/GTt
BLSghRx+08DDlByPvRyMGXcE8Y4Ck4UAQlq5Rvn5n8JdVw+L7rgCxxgukCX4SF7J
tOi86U+oAnpt0IQqPa53o3G/er9km4qDdkm+ujtdkI8fTrJ5TOlk7f4MrxnWW5dn
0P5FmAM6WewcGNquOw8QATws3r9fyLRJIlHKk7X5jIiQkZRH9ro2FOnrju/AALWH
GGtMsj0oOIOKChBIzsVSOjhEtYb6Z9jN4qLxn+P6/gTOTp+Y6EiAKHaR7RT3GyrA
kGbPk+l1WdUrY+Grrw6DJcLEvubksTaggp/3pel6KboFjYKXNgg59a12IQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFE89QiDNSaIIa7lkzepxqWs4/M07MB8GA1UdIwQY
MBaAFGjouuqV1AQDSPConsTkvRUnX2w5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU9pNjZwWFVCQU5JOEtpZXhPUzlGU2RmYkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83NjUzZTAtOGE3Mi00MzUxLWJmY2Ut
MzcxMWZhZThjYTc3LzEvVHoxQ0lNMUpvZ2hydVdUTjZuR3Bhemo4elRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83NjUzZTAtOGE3Mi00MzUxLWJmY2UtMzcxMWZhZThjYTc3
LzEvYU9pNjZwWFVCQU5JOEtpZXhPUzlGU2RmYkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgkcQDAN
BgkqhkiG9w0BAQsFAAOCAQEAgFp5lXF5WoL/gm3sM2a7rulRoy5VdQwcpE1oJP0H
lIpTmI5qS8LTLXk3Tma2J9g2CIfqFMJcAbsIeR5gJt8OBqnsFJcwMn9ku3hnHQmp
XMmimPYZWx0J4D8dpwQP5asxvvzbeaKfuVURE35jvtZwrxB0yYhxG5HaidQduMnN
CxLvGwXnuT0sVbOOUgNs1YHNsiXNA7bgkPD3tWNpASnFb5vFJGFRB7SwULPFggyL
v4VQ0himRfXgwrfYCJJaJCkvdAY71J3UVxk43l2sfCjpyWzL1MR/hdXKJRkZYzQ7
1P4ds/JkNWNFezzAtw2RpRUvKPxQ0W9nJt1CKEcPSdPuXg==
-----END CERTIFICATE-----