Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/a3311a-aa9a-4904-88e5-1ba65174bd1d/1/t9VupHYPOlXRe5J5x5F4CIePTBk.roa
File:                     t9VupHYPOlXRe5J5x5F4CIePTBk.roa (raw, json)
Hash identifier:          Fm6IUpzI362dwSd1jnTljFQdqkkno6k0hmV6iA3oMoI=
Subject key identifier:   B7:D5:6E:A4:76:0F:3A:55:D1:7B:92:79:C7:91:78:08:87:8F:4C:19
Certificate issuer:       /CN=42f51aeaf774b633a47f960a7089b15b35b1a4cb
Certificate serial:       019427B668C957606D18F1A125E874835BB0
Authority key identifier: 42:F5:1A:EA:F7:74:B6:33:A4:7F:96:0A:70:89:B1:5B:35:B1:A4:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvUa6vd0tjOkf5YKcImxWzWxpMs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/a3311a-aa9a-4904-88e5-1ba65174bd1d/1/t9VupHYPOlXRe5J5x5F4CIePTBk.roa
Signing time:             Thu 02 Jan 2025 15:50:53 +0000
ROA not before:           Thu 02 Jan 2025 15:50:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216145
IP address blocks:        2001:67c:15cc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/a3311a-aa9a-4904-88e5-1ba65174bd1d/1/QvUa6vd0tjOkf5YKcImxWzWxpMs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/a3311a-aa9a-4904-88e5-1ba65174bd1d/1/QvUa6vd0tjOkf5YKcImxWzWxpMs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvUa6vd0tjOkf5YKcImxWzWxpMs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:68:c9:57:60:6d:18:f1:a1:25:e8:74:83:5b:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f51aeaf774b633a47f960a7089b15b35b1a4cb
        Validity
            Not Before: Jan  2 15:50:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7d56ea4760f3a55d17b9279c7917808878f4c19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ca:67:c9:8c:c1:dd:3c:bd:63:41:95:16:02:
                    bf:51:10:16:04:a2:18:d2:bb:41:64:57:41:e7:36:
                    78:07:5c:bc:64:8d:81:46:90:9c:b6:90:fe:d9:d1:
                    86:49:43:e2:1b:0c:a2:6e:6b:d7:38:a4:57:64:93:
                    d4:35:9a:28:ba:81:42:f2:eb:23:3d:a7:c5:e9:b9:
                    5e:9a:bc:7a:46:4b:a9:58:82:9d:5a:aa:cf:d2:bb:
                    6b:c2:90:22:6e:43:dc:b4:ad:b9:4a:84:44:b7:f9:
                    53:dc:7e:e3:22:8c:61:78:62:55:29:65:6a:12:f9:
                    d9:a4:82:62:ae:b5:ef:34:23:12:64:a7:f1:8f:99:
                    91:e5:5b:34:70:b9:d4:7f:9e:b9:15:86:dc:5a:75:
                    bf:c3:41:92:13:e2:8d:52:27:75:b0:af:89:47:5e:
                    46:67:9e:77:95:b6:de:4f:5c:ee:09:32:7d:ca:08:
                    a4:b4:52:7e:d9:56:62:f7:6b:41:9f:31:96:ae:11:
                    e5:ba:96:ea:09:42:54:de:13:78:3c:47:b5:8b:e3:
                    6d:75:53:1e:85:64:09:9c:05:f1:b6:58:21:62:8a:
                    33:3a:05:25:68:5e:64:d4:30:f5:a8:49:b2:60:1e:
                    8c:9d:fc:87:19:92:7e:bf:83:16:dc:0a:76:b3:70:
                    07:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:D5:6E:A4:76:0F:3A:55:D1:7B:92:79:C7:91:78:08:87:8F:4C:19
            X509v3 Authority Key Identifier:
                keyid:42:F5:1A:EA:F7:74:B6:33:A4:7F:96:0A:70:89:B1:5B:35:B1:A4:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvUa6vd0tjOkf5YKcImxWzWxpMs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/a3311a-aa9a-4904-88e5-1ba65174bd1d/1/t9VupHYPOlXRe5J5x5F4CIePTBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/a3311a-aa9a-4904-88e5-1ba65174bd1d/1/QvUa6vd0tjOkf5YKcImxWzWxpMs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:15cc::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:47:39:3a:d3:8f:8b:e4:45:e6:b3:36:df:b7:34:05:4a:7b:
         40:1c:f4:4f:26:eb:25:80:c8:ca:4f:dd:ec:cd:9b:ee:c5:d8:
         16:9d:c8:da:89:72:56:92:49:cf:f3:33:e7:c5:d5:c0:c1:10:
         b6:ff:11:19:01:19:73:22:fe:84:e2:e7:c4:31:cd:74:eb:4b:
         25:95:bf:3c:07:4c:c8:87:7a:ff:12:35:64:a2:f3:cd:15:4b:
         66:d4:0b:10:b4:28:bb:ea:d4:93:cc:63:5e:6b:ca:c0:37:9b:
         ca:31:7c:ae:17:de:6c:35:13:7b:1a:3e:14:ea:50:99:42:2e:
         1a:65:c5:66:92:fc:cc:d7:d5:9e:8d:6b:79:5a:80:dd:e7:db:
         ec:41:d5:36:08:1d:77:7b:38:9e:25:b8:6f:0c:ab:ad:ec:01:
         d9:9f:73:d9:a8:4c:37:a9:44:e1:98:f9:44:2c:68:a5:93:d5:
         49:1c:2f:79:3a:8e:24:40:32:95:2e:8e:00:10:c4:89:57:fe:
         19:85:13:9d:41:bd:50:a2:3e:84:3e:ab:fa:3b:50:4e:97:3f:
         4a:1c:e1:ba:d2:21:33:5c:36:74:68:53:87:0d:a2:7e:5b:e2:
         b3:3f:fe:7d:ec:3d:f1:37:a2:3d:3c:82:a2:4d:9e:8b:d1:49:
         ce:86:1d:54
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntmjJV2BtGPGhJeh0g1uwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjUxYWVhZjc3NGI2MzNhNDdmOTYwYTcwODliMTViMzVi
MWE0Y2IwHhcNMjUwMTAyMTU1MDUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2Q1NmVhNDc2MGYzYTU1ZDE3YjkyNzljNzkxNzgwODg3OGY0YzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxspnyYzB3Ty9Y0GVFgK/URAWBKIY
0rtBZFdB5zZ4B1y8ZI2BRpCctpD+2dGGSUPiGwyibmvXOKRXZJPUNZoouoFC8usj
PafF6blemrx6RkupWIKdWqrP0rtrwpAibkPctK25SoREt/lT3H7jIoxheGJVKWVq
EvnZpIJirrXvNCMSZKfxj5mR5Vs0cLnUf565FYbcWnW/w0GSE+KNUid1sK+JR15G
Z553lbbeT1zuCTJ9ygiktFJ+2VZi92tBnzGWrhHlupbqCUJU3hN4PEe1i+NtdVMe
hWQJnAXxtlghYoozOgUlaF5k1DD1qEmyYB6MnfyHGZJ+v4MW3Ap2s3AHhQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLfVbqR2DzpV0XuSeceReAiHj0wZMB8GA1UdIwQY
MBaAFEL1Gur3dLYzpH+WCnCJsVs1saTLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZVYTZ2ZDB0ak9rZjVZS2NJbXhXeld4cE1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9hMzMxMWEtYWE5YS00OTA0LTg4ZTUt
MWJhNjUxNzRiZDFkLzEvdDlWdXBIWVBPbFhSZTVKNXg1RjRDSWVQVEJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9hMzMxMWEtYWE5YS00OTA0LTg4ZTUtMWJhNjUxNzRiZDFk
LzEvUXZVYTZ2ZDB0ak9rZjVZS2NJbXhXeld4cE1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBXM
MA0GCSqGSIb3DQEBCwUAA4IBAQAfRzk604+L5EXmszbftzQFSntAHPRPJuslgMjK
T93szZvuxdgWncjaiXJWkknP8zPnxdXAwRC2/xEZARlzIv6E4ufEMc1060sllb88
B0zIh3r/EjVkovPNFUtm1AsQtCi76tSTzGNea8rAN5vKMXyuF95sNRN7Gj4U6lCZ
Qi4aZcVmkvzM19WejWt5WoDd59vsQdU2CB13ezieJbhvDKut7AHZn3PZqEw3qUTh
mPlELGilk9VJHC95Oo4kQDKVLo4AEMSJV/4ZhROdQb1Qoj6EPqv6O1BOlz9KHOG6
0iEzXDZ0aFOHDaJ+W+KzP/597D3xN6I9PIKiTZ6L0UnOhh1U
-----END CERTIFICATE-----