Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/c_JE84x-V2cV3KZFySyzgUu68wY.roa
File:                     c_JE84x-V2cV3KZFySyzgUu68wY.roa (raw, json)
Hash identifier:          mJ5axd73qhrQA8e697fkmyMkcOmN3YmgqnGx7qbzQIQ=
Subject key identifier:   73:F2:44:F3:8C:7E:57:67:15:DC:A6:45:C9:2C:B3:81:4B:BA:F3:06
Certificate issuer:       /CN=5c40454a1b176795f021575347794bd9f04427ac
Certificate serial:       0194228E445ADC46DF24D9EA9BAE055BA030
Authority key identifier: 5C:40:45:4A:1B:17:67:95:F0:21:57:53:47:79:4B:D9:F0:44:27:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/c_JE84x-V2cV3KZFySyzgUu68wY.roa
Signing time:             Wed 01 Jan 2025 15:48:56 +0000
ROA not before:           Wed 01 Jan 2025 15:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214740
IP address blocks:        2001:67c:ebc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 06:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:44:5a:dc:46:df:24:d9:ea:9b:ae:05:5b:a0:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c40454a1b176795f021575347794bd9f04427ac
        Validity
            Not Before: Jan  1 15:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=73f244f38c7e576715dca645c92cb3814bbaf306
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:96:3c:dd:5b:b3:3c:7c:02:d0:06:73:da:25:
                    e9:9b:ee:3b:94:b5:29:e9:2c:ab:7f:50:2a:21:84:
                    dc:d5:92:b7:08:47:e4:72:a1:11:b0:3d:b2:8b:cd:
                    b4:8d:ce:6b:86:2c:71:eb:04:55:f3:eb:69:5f:60:
                    ca:f5:ab:2a:30:c1:b5:d8:80:7a:ba:da:89:b3:2f:
                    48:6d:de:61:4c:30:6c:44:47:d4:ef:68:a6:a5:5a:
                    24:a5:d0:cc:d6:3b:ed:43:21:14:48:8f:75:a0:7a:
                    4d:13:14:93:ca:a3:d7:ff:da:32:51:02:16:da:ef:
                    f6:a2:28:c6:da:96:86:92:66:c5:8e:dc:02:85:93:
                    cd:85:00:bb:04:90:72:65:0b:e0:39:cc:f0:c4:ba:
                    04:aa:17:17:0b:85:70:75:4c:0c:22:a1:46:8f:0f:
                    28:24:e7:f0:62:80:6a:47:99:80:39:08:07:11:e8:
                    4c:03:66:0f:6d:f0:77:72:2e:fc:e5:8a:2b:d0:44:
                    37:98:8a:79:c3:0b:ac:50:15:e8:f0:92:13:3d:74:
                    58:66:71:ce:99:2c:1a:28:c3:3f:e8:84:19:8b:67:
                    0b:91:f0:84:3d:10:6f:58:f8:06:74:fc:55:50:30:
                    a9:e2:e4:77:b4:29:47:4a:98:a9:e2:67:73:e9:e3:
                    74:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:F2:44:F3:8C:7E:57:67:15:DC:A6:45:C9:2C:B3:81:4B:BA:F3:06
            X509v3 Authority Key Identifier:
                keyid:5C:40:45:4A:1B:17:67:95:F0:21:57:53:47:79:4B:D9:F0:44:27:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/c_JE84x-V2cV3KZFySyzgUu68wY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ebc::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:ab:c2:62:8d:e0:2b:58:36:5a:17:5b:8c:b4:84:a6:c8:06:
         bf:7e:56:72:1d:54:c2:5f:b2:be:82:40:7f:3a:99:2c:f1:94:
         4f:0b:bd:19:39:97:3f:40:2f:e6:30:c8:35:13:01:65:dc:df:
         62:5e:99:93:40:b0:ce:fe:5d:39:ee:f8:33:5d:f3:2c:9f:dd:
         81:b2:20:29:55:3b:65:11:17:86:e6:1a:62:04:13:06:7b:1a:
         c2:fe:9b:fc:35:7a:3e:6e:17:56:69:52:c6:90:1b:5f:67:2d:
         84:95:93:df:27:dc:42:1c:c0:16:23:26:46:71:6a:fa:3d:d1:
         bf:83:be:33:40:8d:df:ab:f1:b3:79:39:f3:23:71:02:0b:37:
         c9:76:6e:8c:44:32:06:0d:fe:61:15:b2:02:b2:a2:a2:84:4b:
         fc:ab:2e:ab:e6:fe:22:2d:07:56:20:6b:c0:e9:0a:96:42:6d:
         3e:20:20:c3:bd:87:05:c2:a7:63:fd:6f:98:14:a7:29:8e:e6:
         fe:04:ec:2b:60:a2:a3:60:e2:8c:dd:a0:ca:9e:e5:72:68:de:
         67:cd:3d:a9:52:7d:b6:a9:7a:5b:da:f9:75:e0:26:2b:1b:67:
         58:22:fd:19:2a:3d:84:4b:5e:8b:98:8a:3d:30:c4:a7:74:b3:
         92:fe:47:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijkRa3EbfJNnqm64FW6AwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNDA0NTRhMWIxNzY3OTVmMDIxNTc1MzQ3Nzk0YmQ5ZjA0
NDI3YWMwHhcNMjUwMTAxMTU0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2YyNDRmMzhjN2U1NzY3MTVkY2E2NDVjOTJjYjM4MTRiYmFmMzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5Y83VuzPHwC0AZz2iXpm+47lLUp
6Syrf1AqIYTc1ZK3CEfkcqERsD2yi820jc5rhixx6wRV8+tpX2DK9asqMMG12IB6
utqJsy9Ibd5hTDBsREfU72impVokpdDM1jvtQyEUSI91oHpNExSTyqPX/9oyUQIW
2u/2oijG2paGkmbFjtwChZPNhQC7BJByZQvgOczwxLoEqhcXC4VwdUwMIqFGjw8o
JOfwYoBqR5mAOQgHEehMA2YPbfB3ci785Yor0EQ3mIp5wwusUBXo8JITPXRYZnHO
mSwaKMM/6IQZi2cLkfCEPRBvWPgGdPxVUDCp4uR3tClHSpip4mdz6eN0WQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHPyRPOMfldnFdymRckss4FLuvMGMB8GA1UdIwQY
MBaAFFxARUobF2eV8CFXU0d5S9nwRCesMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEVCRlNoc1haNVh3SVZkVFIzbEwyZkJFSjZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8zYzM2N2EtMWY5Yi00YzkyLTg5Nzgt
Y2EwNDQ4ZTdmM2EzLzEvY19KRTg0eC1WMmNWM0taRnlTeXpnVXU2OHdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8zYzM2N2EtMWY5Yi00YzkyLTg5NzgtY2EwNDQ4ZTdmM2Ez
LzEvWEVCRlNoc1haNVh3SVZkVFIzbEwyZkJFSjZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA68
MA0GCSqGSIb3DQEBCwUAA4IBAQB8q8JijeArWDZaF1uMtISmyAa/flZyHVTCX7K+
gkB/Opks8ZRPC70ZOZc/QC/mMMg1EwFl3N9iXpmTQLDO/l057vgzXfMsn92BsiAp
VTtlEReG5hpiBBMGexrC/pv8NXo+bhdWaVLGkBtfZy2ElZPfJ9xCHMAWIyZGcWr6
PdG/g74zQI3fq/GzeTnzI3ECCzfJdm6MRDIGDf5hFbICsqKihEv8qy6r5v4iLQdW
IGvA6QqWQm0+ICDDvYcFwqdj/W+YFKcpjub+BOwrYKKjYOKM3aDKnuVyaN5nzT2p
Un22qXpb2vl14CYrG2dYIv0ZKj2ES16LmIo9MMSndLOS/kce
-----END CERTIFICATE-----