Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f0cfa7-6254-4a81-996c-3b7ef25cfe83/1/4jSg2ODlu3CFd6jIl7kHiP-BX_4.roa
File:                     4jSg2ODlu3CFd6jIl7kHiP-BX_4.roa (raw, json)
Hash identifier:          xgMqCXuymiqYkTjb0uA/T+UuFonELwxqYTVdoLkLInU=
Subject key identifier:   E2:34:A0:D8:E0:E5:BB:70:85:77:A8:C8:97:B9:07:88:FF:81:5F:FE
Certificate issuer:       /CN=a60e46d63a7183f70da492f02b8098c2bffc28be
Certificate serial:       01942747D6B2427C1C403698495C025658E0
Authority key identifier: A6:0E:46:D6:3A:71:83:F7:0D:A4:92:F0:2B:80:98:C2:BF:FC:28:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pg5G1jpxg_cNpJLwK4CYwr_8KL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f0cfa7-6254-4a81-996c-3b7ef25cfe83/1/4jSg2ODlu3CFd6jIl7kHiP-BX_4.roa
Signing time:             Thu 02 Jan 2025 13:50:06 +0000
ROA not before:           Thu 02 Jan 2025 13:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204660
IP address blocks:        2001:67c:a18::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f0cfa7-6254-4a81-996c-3b7ef25cfe83/1/pg5G1jpxg_cNpJLwK4CYwr_8KL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f0cfa7-6254-4a81-996c-3b7ef25cfe83/1/pg5G1jpxg_cNpJLwK4CYwr_8KL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pg5G1jpxg_cNpJLwK4CYwr_8KL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:d6:b2:42:7c:1c:40:36:98:49:5c:02:56:58:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a60e46d63a7183f70da492f02b8098c2bffc28be
        Validity
            Not Before: Jan  2 13:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e234a0d8e0e5bb708577a8c897b90788ff815ffe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e9:ee:bc:d8:14:0a:6e:c9:f6:44:6e:d7:4f:
                    93:0d:80:86:ce:a7:68:96:66:37:c0:1f:37:63:93:
                    8b:51:85:19:8b:79:00:bb:1f:38:82:9f:0f:45:8b:
                    74:cb:92:ec:c7:44:ff:bf:35:76:4f:1d:99:19:37:
                    bc:37:f0:f7:a6:d4:18:50:0f:da:e9:05:47:94:7b:
                    78:7d:8b:29:d6:05:f6:b8:14:2a:11:45:c1:a1:05:
                    9b:7c:ef:f8:91:81:35:92:6a:ed:0d:ec:26:af:af:
                    0f:3a:a5:8d:3b:4b:15:f1:8a:ac:c8:fd:60:80:f8:
                    dd:eb:ac:e6:db:fb:5c:79:69:7c:79:63:6c:79:8c:
                    9a:72:f7:f7:87:ab:b7:ab:31:29:76:5f:b0:7b:96:
                    7d:04:83:33:65:27:bd:83:99:48:5d:87:09:67:35:
                    ac:f8:89:ac:fc:b0:b4:ac:9a:9e:a9:52:93:ba:36:
                    45:b2:1a:9c:6e:d6:56:43:f9:d5:13:71:e4:03:e0:
                    45:3e:f2:6f:f7:b9:74:c7:07:b5:ae:f9:7b:6e:e8:
                    b4:c2:19:20:1e:e7:26:d2:00:b0:73:ee:c5:72:bc:
                    57:1a:8d:9f:46:05:03:04:bc:99:76:35:c1:b3:5a:
                    5b:c5:a3:f4:77:4e:f4:6d:d9:0a:bc:a0:5f:a5:67:
                    14:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:34:A0:D8:E0:E5:BB:70:85:77:A8:C8:97:B9:07:88:FF:81:5F:FE
            X509v3 Authority Key Identifier:
                keyid:A6:0E:46:D6:3A:71:83:F7:0D:A4:92:F0:2B:80:98:C2:BF:FC:28:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pg5G1jpxg_cNpJLwK4CYwr_8KL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f0cfa7-6254-4a81-996c-3b7ef25cfe83/1/4jSg2ODlu3CFd6jIl7kHiP-BX_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f0cfa7-6254-4a81-996c-3b7ef25cfe83/1/pg5G1jpxg_cNpJLwK4CYwr_8KL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:a18::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:f9:8b:6d:19:8f:10:7e:56:48:af:23:30:bf:69:41:37:8d:
         d7:c8:43:e1:8b:dd:ec:ce:82:e8:13:17:f4:ec:5f:c9:01:01:
         d6:f5:99:a4:26:b8:71:1a:b0:6b:ca:27:1f:11:a4:15:4a:c7:
         18:86:50:54:57:13:65:dd:5d:fc:18:ba:c8:da:36:e9:20:ba:
         81:92:b5:d1:82:fb:d2:c9:b2:43:dc:3a:be:47:dc:da:bd:23:
         aa:8a:e3:a6:c1:2c:74:62:ba:b7:cc:22:96:81:b5:7e:eb:5e:
         29:58:75:95:89:41:b5:d4:45:c7:97:03:9e:6d:bf:21:3e:de:
         36:ab:92:05:da:4a:29:62:1a:6a:6c:bc:dd:e5:68:74:80:b6:
         44:cf:da:a5:60:94:1e:be:ec:de:2f:4f:e1:78:89:ff:65:64:
         d5:28:7e:7f:b3:34:c1:b9:ea:12:3c:ac:38:78:f0:91:70:86:
         99:bf:03:8e:24:94:92:ac:73:2a:13:e4:f1:39:b1:28:d2:77:
         ce:a3:22:22:7e:82:8e:fd:24:a9:a2:69:c1:e5:1a:4e:74:ac:
         c6:dd:81:84:b3:3b:b7:68:42:b1:9b:56:6c:b8:af:05:07:2c:
         83:b5:1d:bb:de:67:5f:7c:5f:36:45:61:e0:75:ab:b9:fa:16:
         2c:9d:30:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnR9ayQnwcQDaYSVwCVljgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MGU0NmQ2M2E3MTgzZjcwZGE0OTJmMDJiODA5OGMyYmZm
YzI4YmUwHhcNMjUwMTAyMTM1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjM0YTBkOGUwZTViYjcwODU3N2E4Yzg5N2I5MDc4OGZmODE1ZmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+nuvNgUCm7J9kRu10+TDYCGzqdo
lmY3wB83Y5OLUYUZi3kAux84gp8PRYt0y5Lsx0T/vzV2Tx2ZGTe8N/D3ptQYUA/a
6QVHlHt4fYsp1gX2uBQqEUXBoQWbfO/4kYE1kmrtDewmr68POqWNO0sV8YqsyP1g
gPjd66zm2/tceWl8eWNseYyacvf3h6u3qzEpdl+we5Z9BIMzZSe9g5lIXYcJZzWs
+Ims/LC0rJqeqVKTujZFshqcbtZWQ/nVE3HkA+BFPvJv97l0xwe1rvl7bui0whkg
Hucm0gCwc+7FcrxXGo2fRgUDBLyZdjXBs1pbxaP0d070bdkKvKBfpWcURQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOI0oNjg5btwhXeoyJe5B4j/gV/+MB8GA1UdIwQY
MBaAFKYORtY6cYP3DaSS8CuAmMK//Ci+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGc1RzFqcHhnX2NOcEpMd0s0Q1l3cl84S0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mMGNmYTctNjI1NC00YTgxLTk5NmMt
M2I3ZWYyNWNmZTgzLzEvNGpTZzJPRGx1M0NGZDZqSWw3a0hpUC1CWF80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mMGNmYTctNjI1NC00YTgxLTk5NmMtM2I3ZWYyNWNmZTgz
LzEvcGc1RzFqcHhnX2NOcEpMd0s0Q1l3cl84S0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAoY
MA0GCSqGSIb3DQEBCwUAA4IBAQAH+YttGY8QflZIryMwv2lBN43XyEPhi93szoLo
Exf07F/JAQHW9ZmkJrhxGrBryicfEaQVSscYhlBUVxNl3V38GLrI2jbpILqBkrXR
gvvSybJD3Dq+R9zavSOqiuOmwSx0Yrq3zCKWgbV+614pWHWViUG11EXHlwOebb8h
Pt42q5IF2kopYhpqbLzd5Wh0gLZEz9qlYJQevuzeL0/heIn/ZWTVKH5/szTBueoS
PKw4ePCRcIaZvwOOJJSSrHMqE+TxObEo0nfOoyIifoKO/SSpomnB5RpOdKzG3YGE
szu3aEKxm1ZsuK8FByyDtR273mdffF82RWHgdau5+hYsnTCW
-----END CERTIFICATE-----