Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f0cfa7-6254-4a81-996c-3b7ef25cfe83/1/9NbAaWTN6CWxeEqYQjGZLmOhbQQ.roa
File:                     9NbAaWTN6CWxeEqYQjGZLmOhbQQ.roa (raw, json)
Hash identifier:          h5XO3HcLJOMuvQP0KQj1fHH4O24IzSVqKiTXw+BaXeo=
Subject key identifier:   F4:D6:C0:69:64:CD:E8:25:B1:78:4A:98:42:31:99:2E:63:A1:6D:04
Certificate issuer:       /CN=a60e46d63a7183f70da492f02b8098c2bffc28be
Certificate serial:       01942747D5F4B5038457C867407620B80EE0
Authority key identifier: A6:0E:46:D6:3A:71:83:F7:0D:A4:92:F0:2B:80:98:C2:BF:FC:28:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pg5G1jpxg_cNpJLwK4CYwr_8KL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f0cfa7-6254-4a81-996c-3b7ef25cfe83/1/9NbAaWTN6CWxeEqYQjGZLmOhbQQ.roa
Signing time:             Thu 02 Jan 2025 13:50:06 +0000
ROA not before:           Thu 02 Jan 2025 13:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20712
IP address blocks:        2001:67c:a18::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f0cfa7-6254-4a81-996c-3b7ef25cfe83/1/pg5G1jpxg_cNpJLwK4CYwr_8KL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f0cfa7-6254-4a81-996c-3b7ef25cfe83/1/pg5G1jpxg_cNpJLwK4CYwr_8KL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pg5G1jpxg_cNpJLwK4CYwr_8KL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:d5:f4:b5:03:84:57:c8:67:40:76:20:b8:0e:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a60e46d63a7183f70da492f02b8098c2bffc28be
        Validity
            Not Before: Jan  2 13:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4d6c06964cde825b1784a984231992e63a16d04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:80:69:8e:cc:d5:69:dd:cb:e0:66:1e:7e:17:
                    70:48:80:bd:00:6b:52:70:48:a4:e9:37:22:7e:e1:
                    16:a2:f9:26:79:50:ca:15:dd:fa:ab:b0:da:a8:6e:
                    d8:2a:b3:33:b7:be:4a:65:c5:96:70:72:0a:3f:32:
                    cd:88:4f:a2:73:12:04:96:e8:62:dc:23:74:dd:13:
                    48:27:24:fb:2d:1d:df:ef:e9:3e:e1:27:18:80:ee:
                    29:d9:0c:34:53:18:7f:99:46:c0:0e:0e:4f:12:6d:
                    7c:dd:d0:8a:0d:9f:da:54:42:5d:0a:f7:c6:15:aa:
                    64:38:0d:f8:12:8f:af:22:51:9a:38:80:aa:38:34:
                    43:bc:e6:ee:56:18:9f:35:90:b4:1b:1c:e4:80:2a:
                    06:21:7f:a4:94:0a:7e:43:8c:02:b1:77:63:11:7f:
                    09:9b:0d:65:b7:89:d5:69:94:7c:67:d4:84:e5:43:
                    02:0e:bf:8d:61:0c:86:05:f8:e1:b5:fc:dc:f3:32:
                    82:34:41:bb:91:71:08:c2:5b:77:d5:3b:b3:78:17:
                    a9:33:08:5e:e2:00:0d:ef:72:f5:36:73:9b:6e:96:
                    6c:1b:3e:63:39:12:90:65:cc:c7:4f:d0:c8:89:c6:
                    2b:fa:e2:62:fa:24:c1:7a:1e:93:2f:ba:cf:89:b3:
                    85:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:D6:C0:69:64:CD:E8:25:B1:78:4A:98:42:31:99:2E:63:A1:6D:04
            X509v3 Authority Key Identifier:
                keyid:A6:0E:46:D6:3A:71:83:F7:0D:A4:92:F0:2B:80:98:C2:BF:FC:28:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pg5G1jpxg_cNpJLwK4CYwr_8KL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f0cfa7-6254-4a81-996c-3b7ef25cfe83/1/9NbAaWTN6CWxeEqYQjGZLmOhbQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f0cfa7-6254-4a81-996c-3b7ef25cfe83/1/pg5G1jpxg_cNpJLwK4CYwr_8KL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:a18::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:b6:f7:db:ee:b5:0f:b1:8f:fd:f5:21:bd:42:cd:7a:2c:97:
         ce:ac:65:f7:4f:2d:4d:05:45:04:b9:0c:ba:f2:52:a9:d5:61:
         53:4c:4d:2b:69:c4:49:d4:74:82:7a:63:da:15:83:26:4d:c2:
         d9:13:93:64:41:f5:5d:5d:80:d4:e2:37:85:50:f8:22:a4:eb:
         ee:20:3e:de:4e:d7:b2:f8:1d:1c:08:84:eb:4e:44:ed:27:7b:
         35:b5:77:34:16:52:15:69:b2:0f:8d:4e:76:7b:c8:a4:b9:8f:
         36:2c:70:64:9a:9f:8d:0b:bf:9e:50:a8:23:16:a2:61:cb:58:
         b4:84:74:51:70:8d:43:72:a1:03:cf:1d:6c:c5:e8:67:6b:24:
         a4:96:3d:97:3e:6f:a7:cf:b3:bd:5b:64:89:9a:4a:8c:13:b1:
         b9:3f:5c:aa:65:34:18:a9:26:0a:13:f4:cb:32:ba:f9:c8:10:
         e7:d9:de:a9:a6:c3:30:d1:6e:16:fe:3c:61:15:66:4b:5e:a4:
         fb:60:85:84:15:64:eb:33:07:48:e1:a1:0f:34:6c:cc:f2:be:
         a6:48:91:63:52:20:b9:48:8d:21:8c:31:fd:f1:d6:d0:28:66:
         76:cc:e4:94:ef:e2:70:c4:14:de:83:13:51:33:1b:cd:78:0b:
         a7:ba:a4:36
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnR9X0tQOEV8hnQHYguA7gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MGU0NmQ2M2E3MTgzZjcwZGE0OTJmMDJiODA5OGMyYmZm
YzI4YmUwHhcNMjUwMTAyMTM1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGQ2YzA2OTY0Y2RlODI1YjE3ODRhOTg0MjMxOTkyZTYzYTE2ZDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIBpjszVad3L4GYefhdwSIC9AGtS
cEik6TcifuEWovkmeVDKFd36q7DaqG7YKrMzt75KZcWWcHIKPzLNiE+icxIEluhi
3CN03RNIJyT7LR3f7+k+4ScYgO4p2Qw0Uxh/mUbADg5PEm183dCKDZ/aVEJdCvfG
FapkOA34Eo+vIlGaOICqODRDvObuVhifNZC0GxzkgCoGIX+klAp+Q4wCsXdjEX8J
mw1lt4nVaZR8Z9SE5UMCDr+NYQyGBfjhtfzc8zKCNEG7kXEIwlt31TuzeBepMwhe
4gAN73L1NnObbpZsGz5jORKQZczHT9DIicYr+uJi+iTBeh6TL7rPibOFpQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPTWwGlkzeglsXhKmEIxmS5joW0EMB8GA1UdIwQY
MBaAFKYORtY6cYP3DaSS8CuAmMK//Ci+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGc1RzFqcHhnX2NOcEpMd0s0Q1l3cl84S0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mMGNmYTctNjI1NC00YTgxLTk5NmMt
M2I3ZWYyNWNmZTgzLzEvOU5iQWFXVE42Q1d4ZUVxWVFqR1pMbU9oYlFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mMGNmYTctNjI1NC00YTgxLTk5NmMtM2I3ZWYyNWNmZTgz
LzEvcGc1RzFqcHhnX2NOcEpMd0s0Q1l3cl84S0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAoY
MA0GCSqGSIb3DQEBCwUAA4IBAQBMtvfb7rUPsY/99SG9Qs16LJfOrGX3Ty1NBUUE
uQy68lKp1WFTTE0racRJ1HSCemPaFYMmTcLZE5NkQfVdXYDU4jeFUPgipOvuID7e
Ttey+B0cCITrTkTtJ3s1tXc0FlIVabIPjU52e8ikuY82LHBkmp+NC7+eUKgjFqJh
y1i0hHRRcI1DcqEDzx1sxehnaySklj2XPm+nz7O9W2SJmkqME7G5P1yqZTQYqSYK
E/TLMrr5yBDn2d6ppsMw0W4W/jxhFWZLXqT7YIWEFWTrMwdI4aEPNGzM8r6mSJFj
UiC5SI0hjDH98dbQKGZ2zOSU7+JwxBTegxNRMxvNeAunuqQ2
-----END CERTIFICATE-----