Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/05UqSuwLBRqPCroKa-NSlHo3suk.roa
File:                     05UqSuwLBRqPCroKa-NSlHo3suk.roa (raw, json)
Hash identifier:          rVUvpxf5/0qhzBCE7eXYV4m07Wn+wX0M/lyBozQz/Xs=
Subject key identifier:   D3:95:2A:4A:EC:0B:05:1A:8F:0A:BA:0A:6B:E3:52:94:7A:37:B2:E9
Certificate issuer:       /CN=5f0fd90d987297cb5dd4e07be840d280d1e2cc4a
Certificate serial:       01942747A13B3EA71E1312439A146B06A42B
Authority key identifier: 5F:0F:D9:0D:98:72:97:CB:5D:D4:E0:7B:E8:40:D2:80:D1:E2:CC:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xw_ZDZhyl8td1OB76EDSgNHizEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/05UqSuwLBRqPCroKa-NSlHo3suk.roa
Signing time:             Thu 02 Jan 2025 13:49:53 +0000
ROA not before:           Thu 02 Jan 2025 13:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61218
IP address blocks:        2001:67c:bd4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/Xw_ZDZhyl8td1OB76EDSgNHizEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/Xw_ZDZhyl8td1OB76EDSgNHizEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xw_ZDZhyl8td1OB76EDSgNHizEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:a1:3b:3e:a7:1e:13:12:43:9a:14:6b:06:a4:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f0fd90d987297cb5dd4e07be840d280d1e2cc4a
        Validity
            Not Before: Jan  2 13:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3952a4aec0b051a8f0aba0a6be352947a37b2e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b5:e0:c8:dd:c2:e3:a3:1c:e4:27:65:a4:1e:
                    1f:f1:8a:4c:d9:07:43:87:e8:17:cc:82:9d:dc:e1:
                    b8:d0:5f:ab:2a:33:d7:01:a2:62:f2:16:c4:e1:62:
                    db:7d:81:31:19:ce:ec:4c:72:2f:c2:36:59:38:16:
                    0d:f7:ae:46:70:d9:4f:ec:fb:ac:7b:0d:39:f4:be:
                    cf:6e:f5:a4:f8:4c:66:e0:26:3e:07:ec:c7:e2:ae:
                    1d:2d:a0:2c:7e:2a:01:14:86:70:bd:4c:dd:9b:97:
                    9b:f6:45:1b:12:81:fc:0a:94:42:db:69:05:f3:ab:
                    d3:cf:34:24:f5:66:5f:e2:fa:cc:fe:55:96:44:73:
                    5d:3b:43:3a:d7:78:6b:a0:14:a4:88:6e:77:dd:77:
                    a4:a3:ce:07:16:1d:f7:d7:cd:e1:d3:d2:e4:2c:f6:
                    d1:5b:03:6c:d2:e6:7b:f3:02:42:fd:61:19:57:59:
                    13:43:8d:e3:36:bc:81:cb:17:b7:11:69:e3:ee:5a:
                    35:f3:fa:f2:0e:d6:10:2c:46:f7:ee:08:ae:4d:56:
                    1f:b8:5c:17:a0:94:b8:e7:a1:d6:8c:9d:f9:c9:bb:
                    25:68:ab:6d:e9:a3:ae:a9:3c:b2:11:6d:38:57:a7:
                    0d:cc:e2:5e:51:67:3c:4d:30:c8:89:dd:95:61:02:
                    1d:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:95:2A:4A:EC:0B:05:1A:8F:0A:BA:0A:6B:E3:52:94:7A:37:B2:E9
            X509v3 Authority Key Identifier:
                keyid:5F:0F:D9:0D:98:72:97:CB:5D:D4:E0:7B:E8:40:D2:80:D1:E2:CC:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xw_ZDZhyl8td1OB76EDSgNHizEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/05UqSuwLBRqPCroKa-NSlHo3suk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/Xw_ZDZhyl8td1OB76EDSgNHizEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:bd4::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:14:e8:b1:a8:f0:f5:75:f4:93:18:b9:29:5f:62:fc:8d:3f:
         32:13:59:81:80:99:61:ae:ca:5a:ed:a1:2d:5a:cc:8a:0d:ea:
         38:55:69:77:e0:a3:8b:e3:27:68:45:36:09:82:9c:d4:c3:84:
         ac:29:b0:d3:cc:a3:66:11:86:fc:12:08:77:3c:93:f1:1e:2d:
         3c:6d:a5:97:96:11:af:35:f4:df:9c:90:13:b8:67:3e:88:49:
         17:dc:70:5d:12:23:ef:13:f7:e2:2f:57:b5:4c:23:e5:1f:a4:
         1a:41:9d:64:06:e9:8e:33:d9:03:14:c5:8b:4a:fe:4d:12:2e:
         7f:57:6a:d3:45:f8:39:cd:7c:fc:1c:6e:65:73:fb:b4:fd:61:
         a0:35:d5:97:78:16:b7:93:ea:89:5e:12:ee:7e:46:d6:90:f4:
         02:87:4e:dc:5e:48:5d:83:4a:b4:ce:34:50:d5:6d:8f:a6:a3:
         93:d0:ad:b0:31:69:3b:65:cd:bb:1d:f3:38:4e:7b:03:74:8d:
         31:ed:9a:a7:32:0b:7c:c4:84:82:8f:1a:50:ba:85:d4:41:4f:
         93:a0:06:6d:42:03:cc:f5:e4:7e:25:9e:a5:10:8d:d2:88:8c:
         28:35:ee:9e:6f:bc:0d:0b:6d:ca:7b:b2:35:a8:09:46:11:e1:
         58:14:de:92
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnR6E7PqceExJDmhRrBqQrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMGZkOTBkOTg3Mjk3Y2I1ZGQ0ZTA3YmU4NDBkMjgwZDFl
MmNjNGEwHhcNMjUwMTAyMTM0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzk1MmE0YWVjMGIwNTFhOGYwYWJhMGE2YmUzNTI5NDdhMzdiMmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLXgyN3C46Mc5CdlpB4f8YpM2QdD
h+gXzIKd3OG40F+rKjPXAaJi8hbE4WLbfYExGc7sTHIvwjZZOBYN965GcNlP7Pus
ew059L7PbvWk+Exm4CY+B+zH4q4dLaAsfioBFIZwvUzdm5eb9kUbEoH8CpRC22kF
86vTzzQk9WZf4vrM/lWWRHNdO0M613hroBSkiG533Xeko84HFh33183h09LkLPbR
WwNs0uZ78wJC/WEZV1kTQ43jNryByxe3EWnj7lo18/ryDtYQLEb37giuTVYfuFwX
oJS456HWjJ35ybslaKtt6aOuqTyyEW04V6cNzOJeUWc8TTDIid2VYQIdSwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNOVKkrsCwUajwq6CmvjUpR6N7LpMB8GA1UdIwQY
MBaAFF8P2Q2YcpfLXdTge+hA0oDR4sxKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHdfWkRaaHlsOHRkMU9CNzZFRFNnTkhpekVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9mNjZjYTktM2JkYy00Mjk0LWFkNjIt
N2JjZWZhOWY1OWU4LzEvMDVVcVN1d0xCUnFQQ3JvS2EtTlNsSG8zc3VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9mNjZjYTktM2JkYy00Mjk0LWFkNjItN2JjZWZhOWY1OWU4
LzEvWHdfWkRaaHlsOHRkMU9CNzZFRFNnTkhpekVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAvU
MA0GCSqGSIb3DQEBCwUAA4IBAQCRFOixqPD1dfSTGLkpX2L8jT8yE1mBgJlhrspa
7aEtWsyKDeo4VWl34KOL4ydoRTYJgpzUw4SsKbDTzKNmEYb8Egh3PJPxHi08baWX
lhGvNfTfnJATuGc+iEkX3HBdEiPvE/fiL1e1TCPlH6QaQZ1kBumOM9kDFMWLSv5N
Ei5/V2rTRfg5zXz8HG5lc/u0/WGgNdWXeBa3k+qJXhLufkbWkPQCh07cXkhdg0q0
zjRQ1W2PpqOT0K2wMWk7Zc27HfM4TnsDdI0x7ZqnMgt8xISCjxpQuoXUQU+ToAZt
QgPM9eR+JZ6lEI3SiIwoNe6eb7wNC23Ke7I1qAlGEeFYFN6S
-----END CERTIFICATE-----