Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/518e42-ebae-4547-8b22-9b1e6a8e40f3/1/H2UoMEQTfVfxYbD6DFEWnWSxzqY.roa
File:                     H2UoMEQTfVfxYbD6DFEWnWSxzqY.roa (raw, json)
Hash identifier:          oJCJ/WCUnFQh0GodJuWi0NgjkG4tPt6myP/qxDdyB6E=
Subject key identifier:   1F:65:28:30:44:13:7D:57:F1:61:B0:FA:0C:51:16:9D:64:B1:CE:A6
Certificate issuer:       /CN=33a51d7ff02d21fac193ae4aed1f0c3956ce4515
Certificate serial:       019425FD2C5C9AFA112C335085D013C1BCCF
Authority key identifier: 33:A5:1D:7F:F0:2D:21:FA:C1:93:AE:4A:ED:1F:0C:39:56:CE:45:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M6Udf_AtIfrBk65K7R8MOVbORRU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/518e42-ebae-4547-8b22-9b1e6a8e40f3/1/H2UoMEQTfVfxYbD6DFEWnWSxzqY.roa
Signing time:             Thu 02 Jan 2025 07:48:56 +0000
ROA not before:           Thu 02 Jan 2025 07:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1132
IP address blocks:        2001:67c:2c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/518e42-ebae-4547-8b22-9b1e6a8e40f3/1/M6Udf_AtIfrBk65K7R8MOVbORRU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/518e42-ebae-4547-8b22-9b1e6a8e40f3/1/M6Udf_AtIfrBk65K7R8MOVbORRU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M6Udf_AtIfrBk65K7R8MOVbORRU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 13:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:2c:5c:9a:fa:11:2c:33:50:85:d0:13:c1:bc:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33a51d7ff02d21fac193ae4aed1f0c3956ce4515
        Validity
            Not Before: Jan  2 07:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f65283044137d57f161b0fa0c51169d64b1cea6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:24:10:e6:1b:ee:9e:ba:03:5d:67:d0:45:04:
                    30:af:cf:2c:bd:5b:9b:24:aa:8b:5b:1d:93:50:28:
                    2e:bc:f1:23:4e:87:a5:00:8e:9a:8a:72:16:36:f0:
                    2d:36:ec:16:da:b9:05:03:3b:b3:17:9f:8e:c5:2a:
                    9c:43:e6:33:a7:55:71:bc:cb:b2:fa:c2:ab:1b:5b:
                    42:c4:3a:f7:e8:69:33:6f:3b:3e:b8:d9:0b:30:00:
                    19:0b:e7:70:29:f2:f3:b9:31:24:6c:6b:86:d7:6c:
                    e6:4e:39:2a:a2:2d:34:ae:83:65:bd:4d:6d:3e:10:
                    49:4f:c0:af:bc:51:31:16:8b:37:40:3d:52:01:13:
                    27:7f:09:b5:4a:c0:02:a3:63:8d:c7:a2:b9:f3:ab:
                    21:1e:49:00:f5:bb:d6:48:8b:05:43:fa:44:4b:9c:
                    62:c4:c2:73:72:53:cc:a6:e8:fe:a6:af:a0:49:4f:
                    9b:89:5f:90:db:5e:ca:ed:6a:74:d3:48:bb:c7:e7:
                    49:7d:09:99:81:e7:c7:c8:ba:8d:d0:8f:3e:9f:2f:
                    cb:f8:08:7f:fb:5f:00:6c:76:07:e3:0a:14:63:79:
                    d4:bc:05:4c:3a:9f:d7:29:b0:4a:8f:a7:25:33:72:
                    77:c0:84:66:ce:26:d2:ca:2c:b3:8c:43:aa:26:3d:
                    cd:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:65:28:30:44:13:7D:57:F1:61:B0:FA:0C:51:16:9D:64:B1:CE:A6
            X509v3 Authority Key Identifier:
                keyid:33:A5:1D:7F:F0:2D:21:FA:C1:93:AE:4A:ED:1F:0C:39:56:CE:45:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M6Udf_AtIfrBk65K7R8MOVbORRU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/518e42-ebae-4547-8b22-9b1e6a8e40f3/1/H2UoMEQTfVfxYbD6DFEWnWSxzqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/518e42-ebae-4547-8b22-9b1e6a8e40f3/1/M6Udf_AtIfrBk65K7R8MOVbORRU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2c::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:b3:3c:47:9a:e5:04:39:62:07:8d:8f:cb:37:04:f4:1a:da:
         84:33:48:bf:1a:3b:38:a0:60:e5:c6:1a:7e:95:57:77:ca:6f:
         fa:ef:28:e7:bd:53:fb:59:50:2b:65:b7:31:f1:aa:d8:13:7e:
         bc:4c:ad:8c:7b:70:7b:99:c0:80:9b:51:8e:73:0b:eb:35:8b:
         94:50:83:33:2f:61:6b:54:b8:c7:88:d0:71:d8:e2:b9:7a:6f:
         3d:8c:02:87:aa:b8:db:c2:6a:06:c6:cd:9d:6f:99:63:b9:a1:
         b5:43:dd:ee:0b:1f:d4:5e:ef:4d:e3:4a:27:00:24:f2:49:f1:
         1f:73:1b:e5:73:3b:3c:49:f9:e7:ad:a5:89:fb:5e:45:a1:c9:
         ea:4c:ba:ff:b4:12:83:8e:5b:17:58:07:2a:49:df:76:d0:8c:
         19:3e:c6:a1:f7:7a:8a:2b:70:17:6c:a8:b3:d5:e0:fb:ab:2b:
         60:f9:90:84:8c:db:bc:59:66:2b:dd:71:8b:50:e0:f2:06:aa:
         76:20:af:64:6d:f3:87:7a:8a:93:a9:1e:2c:13:84:66:2b:02:
         dc:3e:2a:6b:ac:b6:3b:29:f3:3f:78:ad:59:35:29:be:25:9e:
         39:1d:d6:d6:a9:3d:b3:15:a9:8f:92:d6:69:7b:2a:89:e5:14:
         10:c3:7d:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/SxcmvoRLDNQhdATwbzPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYTUxZDdmZjAyZDIxZmFjMTkzYWU0YWVkMWYwYzM5NTZj
ZTQ1MTUwHhcNMjUwMTAyMDc0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjY1MjgzMDQ0MTM3ZDU3ZjE2MWIwZmEwYzUxMTY5ZDY0YjFjZWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1SQQ5hvunroDXWfQRQQwr88svVub
JKqLWx2TUCguvPEjToelAI6ainIWNvAtNuwW2rkFAzuzF5+OxSqcQ+Yzp1VxvMuy
+sKrG1tCxDr36Gkzbzs+uNkLMAAZC+dwKfLzuTEkbGuG12zmTjkqoi00roNlvU1t
PhBJT8CvvFExFos3QD1SARMnfwm1SsACo2ONx6K586shHkkA9bvWSIsFQ/pES5xi
xMJzclPMpuj+pq+gSU+biV+Q217K7Wp000i7x+dJfQmZgefHyLqN0I8+ny/L+Ah/
+18AbHYH4woUY3nUvAVMOp/XKbBKj6clM3J3wIRmzibSyiyzjEOqJj3N+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB9lKDBEE31X8WGw+gxRFp1ksc6mMB8GA1UdIwQY
MBaAFDOlHX/wLSH6wZOuSu0fDDlWzkUVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTZVZGZfQXRJZnJCazY1SzdSOE1PVmJPUlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC81MThlNDItZWJhZS00NTQ3LThiMjIt
OWIxZTZhOGU0MGYzLzEvSDJVb01FUVRmVmZ4WWJENkRGRVduV1N4enFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC81MThlNDItZWJhZS00NTQ3LThiMjItOWIxZTZhOGU0MGYz
LzEvTTZVZGZfQXRJZnJCazY1SzdSOE1PVmJPUlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAAs
MA0GCSqGSIb3DQEBCwUAA4IBAQCOszxHmuUEOWIHjY/LNwT0GtqEM0i/Gjs4oGDl
xhp+lVd3ym/67yjnvVP7WVArZbcx8arYE368TK2Me3B7mcCAm1GOcwvrNYuUUIMz
L2FrVLjHiNBx2OK5em89jAKHqrjbwmoGxs2db5ljuaG1Q93uCx/UXu9N40onACTy
SfEfcxvlczs8SfnnraWJ+15FocnqTLr/tBKDjlsXWAcqSd920IwZPsah93qKK3AX
bKiz1eD7qytg+ZCEjNu8WWYr3XGLUODyBqp2IK9kbfOHeoqTqR4sE4RmKwLcPipr
rLY7KfM/eK1ZNSm+JZ45HdbWqT2zFamPktZpeyqJ5RQQw317
-----END CERTIFICATE-----