Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/INSqWlHflpOidRP2Z0zkE0RFoZM.roa
File:                     INSqWlHflpOidRP2Z0zkE0RFoZM.roa (raw, json)
Hash identifier:          UYyBIx3hFm38d0qCAb7SJuuzgZHuKn0sxA5Yj+GvQrY=
Subject key identifier:   20:D4:AA:5A:51:DF:96:93:A2:75:13:F6:67:4C:E4:13:44:45:A1:93
Certificate issuer:       /CN=330fe971b3e36b16a92be85f59985be45968b864
Certificate serial:       0194221F603A4E62C3816307DD5CBDD77E5E
Authority key identifier: 33:0F:E9:71:B3:E3:6B:16:A9:2B:E8:5F:59:98:5B:E4:59:68:B8:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mw_pcbPjaxapK-hfWZhb5FlouGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/INSqWlHflpOidRP2Z0zkE0RFoZM.roa
Signing time:             Wed 01 Jan 2025 13:47:49 +0000
ROA not before:           Wed 01 Jan 2025 13:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62245
IP address blocks:        2001:67c:1918::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/Mw_pcbPjaxapK-hfWZhb5FlouGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/Mw_pcbPjaxapK-hfWZhb5FlouGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mw_pcbPjaxapK-hfWZhb5FlouGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 22:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:60:3a:4e:62:c3:81:63:07:dd:5c:bd:d7:7e:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=330fe971b3e36b16a92be85f59985be45968b864
        Validity
            Not Before: Jan  1 13:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20d4aa5a51df9693a27513f6674ce4134445a193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:73:e1:4d:ae:da:fe:21:d4:c5:42:5d:69:48:
                    42:f5:26:fa:71:b2:4c:49:09:42:54:35:1f:3f:93:
                    66:0a:fa:e6:3d:ec:64:bf:0a:eb:a4:fb:f3:60:d9:
                    db:03:ba:6d:41:0b:89:61:22:08:54:80:57:b9:26:
                    12:3a:98:45:72:56:19:db:44:a8:39:ca:f2:96:af:
                    f4:f2:5a:b9:24:93:41:a6:c8:78:20:30:09:22:98:
                    93:7f:d3:74:be:b0:c9:e8:83:1a:b9:c4:17:ea:ee:
                    46:d4:99:f3:1a:c4:f6:96:e1:8f:09:33:95:49:36:
                    6d:95:d6:02:ba:b7:e9:be:0e:5e:94:18:93:d9:f9:
                    9d:cb:c5:fb:95:05:36:7f:1d:9f:43:54:5a:c3:dc:
                    5a:95:4a:22:a3:40:ae:46:24:09:9a:2d:5b:13:4e:
                    1c:85:fd:43:a9:00:26:5a:d4:1a:43:17:36:21:6a:
                    40:bf:33:7a:fb:5c:0f:1e:53:c7:3f:09:dd:c1:33:
                    66:9b:3e:e0:3e:e4:62:70:ba:55:1f:48:9b:0c:d4:
                    1e:6a:83:a9:a0:73:55:c9:80:1d:dd:08:17:80:96:
                    2a:1e:67:88:0b:bd:20:96:de:3c:0a:b7:2f:18:19:
                    06:75:e0:93:cf:99:48:0a:36:67:b2:fe:cf:67:6c:
                    e4:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:D4:AA:5A:51:DF:96:93:A2:75:13:F6:67:4C:E4:13:44:45:A1:93
            X509v3 Authority Key Identifier:
                keyid:33:0F:E9:71:B3:E3:6B:16:A9:2B:E8:5F:59:98:5B:E4:59:68:B8:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mw_pcbPjaxapK-hfWZhb5FlouGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/INSqWlHflpOidRP2Z0zkE0RFoZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/Mw_pcbPjaxapK-hfWZhb5FlouGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1918::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:ab:76:e8:0a:1c:f0:ec:18:87:31:c7:11:c9:db:f5:54:8d:
         06:be:da:29:5f:9a:c8:c5:4b:e4:54:7e:74:a1:11:04:dd:2b:
         a3:91:95:7a:e2:b9:1b:85:43:37:80:4a:49:3c:a9:57:ee:03:
         b4:55:76:d3:67:e2:59:a0:9d:f1:d2:47:aa:75:1c:ba:04:2c:
         57:07:d9:27:23:a1:8f:88:42:e9:7b:af:91:cf:67:b3:7a:7a:
         5a:20:da:1d:fb:2a:c6:4b:6a:1d:53:34:d0:c9:d1:8a:25:4f:
         e9:44:b1:1b:29:00:ed:9d:7f:a4:b1:97:57:53:91:33:aa:8a:
         87:2f:42:a5:7e:47:3a:ce:6c:d3:41:b3:c2:23:f9:ee:09:14:
         36:56:7c:0d:90:7b:83:2e:69:1e:b7:8a:e9:b2:cc:f5:02:0e:
         37:60:8f:40:d5:c1:c1:f6:7b:cf:21:3c:51:8d:f5:2d:10:24:
         b4:cd:ba:e8:8b:97:1a:02:63:b3:5e:58:63:57:89:eb:3c:fd:
         36:86:03:e9:41:50:8b:ae:ed:da:65:63:b0:01:df:33:95:f1:
         ee:19:75:1d:12:12:6d:c2:a0:98:87:05:fc:09:90:da:01:aa:
         68:24:f0:8f:17:c7:e6:ec:93:17:2b:52:9c:77:4d:83:d9:6a:
         d5:b4:9f:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH2A6TmLDgWMH3Vy9135eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMGZlOTcxYjNlMzZiMTZhOTJiZTg1ZjU5OTg1YmU0NTk2
OGI4NjQwHhcNMjUwMTAxMTM0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGQ0YWE1YTUxZGY5NjkzYTI3NTEzZjY2NzRjZTQxMzQ0NDVhMTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXPhTa7a/iHUxUJdaUhC9Sb6cbJM
SQlCVDUfP5NmCvrmPexkvwrrpPvzYNnbA7ptQQuJYSIIVIBXuSYSOphFclYZ20So
Ocrylq/08lq5JJNBpsh4IDAJIpiTf9N0vrDJ6IMaucQX6u5G1JnzGsT2luGPCTOV
STZtldYCurfpvg5elBiT2fmdy8X7lQU2fx2fQ1Raw9xalUoio0CuRiQJmi1bE04c
hf1DqQAmWtQaQxc2IWpAvzN6+1wPHlPHPwndwTNmmz7gPuRicLpVH0ibDNQeaoOp
oHNVyYAd3QgXgJYqHmeIC70glt48CrcvGBkGdeCTz5lICjZnsv7PZ2zknwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCDUqlpR35aTonUT9mdM5BNERaGTMB8GA1UdIwQY
MBaAFDMP6XGz42sWqSvoX1mYW+RZaLhkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXdfcGNiUGpheGFwSy1oZldaaGI1RmxvdUdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9hMzg2OTMtY2ZhMC00M2U4LWE1MWIt
MTFlOWU5ZjAxMzQzLzEvSU5TcVdsSGZscE9pZFJQMlowemtFMFJGb1pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9hMzg2OTMtY2ZhMC00M2U4LWE1MWItMTFlOWU5ZjAxMzQz
LzEvTXdfcGNiUGpheGFwSy1oZldaaGI1RmxvdUdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBkY
MA0GCSqGSIb3DQEBCwUAA4IBAQBgq3boChzw7BiHMccRydv1VI0GvtopX5rIxUvk
VH50oREE3SujkZV64rkbhUM3gEpJPKlX7gO0VXbTZ+JZoJ3x0keqdRy6BCxXB9kn
I6GPiELpe6+Rz2ezenpaINod+yrGS2odUzTQydGKJU/pRLEbKQDtnX+ksZdXU5Ez
qoqHL0Klfkc6zmzTQbPCI/nuCRQ2VnwNkHuDLmket4rpssz1Ag43YI9A1cHB9nvP
ITxRjfUtECS0zbroi5caAmOzXlhjV4nrPP02hgPpQVCLru3aZWOwAd8zlfHuGXUd
EhJtwqCYhwX8CZDaAapoJPCPF8fm7JMXK1Kcd02D2WrVtJ/J
-----END CERTIFICATE-----