Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/5950c9-97ec-40dc-9b11-0295a1c11feb/1/xaq4DEF6a2KbAw0s5ehiRgdBeuQ.roa
File:                     xaq4DEF6a2KbAw0s5ehiRgdBeuQ.roa (raw, json)
Hash identifier:          NrVb13nbYMUhAilB4rQP3yYP82eHLTMIedBxEXPs6iM=
Subject key identifier:   C5:AA:B8:0C:41:7A:6B:62:9B:03:0D:2C:E5:E8:62:46:07:41:7A:E4
Certificate issuer:       /CN=930e0a3bb08e4ac67363e30ba83b071632d0aa43
Certificate serial:       019421B23729DAEBE9C742784A7661A3402E
Authority key identifier: 93:0E:0A:3B:B0:8E:4A:C6:73:63:E3:0B:A8:3B:07:16:32:D0:AA:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kw4KO7COSsZzY-MLqDsHFjLQqkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/5950c9-97ec-40dc-9b11-0295a1c11feb/1/xaq4DEF6a2KbAw0s5ehiRgdBeuQ.roa
Signing time:             Wed 01 Jan 2025 11:48:35 +0000
ROA not before:           Wed 01 Jan 2025 11:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214064
IP address blocks:        2001:67c:f30::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/5950c9-97ec-40dc-9b11-0295a1c11feb/1/kw4KO7COSsZzY-MLqDsHFjLQqkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/5950c9-97ec-40dc-9b11-0295a1c11feb/1/kw4KO7COSsZzY-MLqDsHFjLQqkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kw4KO7COSsZzY-MLqDsHFjLQqkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:37:29:da:eb:e9:c7:42:78:4a:76:61:a3:40:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=930e0a3bb08e4ac67363e30ba83b071632d0aa43
        Validity
            Not Before: Jan  1 11:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5aab80c417a6b629b030d2ce5e8624607417ae4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:03:cc:61:2a:bb:33:d9:e1:d0:7b:67:08:2e:
                    e9:da:18:22:a6:46:bb:ba:f6:97:31:5f:9a:99:ba:
                    d8:6d:23:8c:5a:07:30:69:45:47:1f:61:65:67:7f:
                    e5:0b:47:3f:d9:54:90:ef:28:c1:04:67:18:b6:eb:
                    35:bd:a6:5c:23:63:7a:b2:2d:90:19:48:03:9e:ba:
                    f3:07:cd:59:6b:97:ad:82:95:d7:bb:9d:d2:9f:58:
                    4f:79:b0:fb:ce:97:fe:b1:0f:67:99:7e:ed:d4:19:
                    a8:06:11:fa:b6:8d:24:3d:3f:f9:56:f9:98:2b:dc:
                    f6:37:6d:80:d9:d2:1f:8f:1a:6e:32:77:9c:06:1f:
                    80:d5:a2:ee:47:d5:25:46:33:bc:9b:01:57:d8:b3:
                    44:4c:a5:63:e2:05:69:dd:24:38:45:52:fb:90:f0:
                    24:b6:18:79:ce:15:74:6a:11:d8:97:1d:23:bd:f7:
                    e6:a2:9b:c8:6b:8b:64:e8:8f:ec:36:f2:8c:ad:65:
                    04:44:fc:1b:5b:c8:7b:17:0d:d3:35:7c:49:82:6a:
                    78:71:cb:92:36:a9:ac:cb:a4:92:83:1e:67:61:2f:
                    47:e5:6c:0c:17:9d:47:29:c0:2c:a2:01:74:c3:01:
                    a3:28:92:2f:12:ab:25:68:a4:5c:d7:95:3a:5b:5a:
                    77:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:AA:B8:0C:41:7A:6B:62:9B:03:0D:2C:E5:E8:62:46:07:41:7A:E4
            X509v3 Authority Key Identifier:
                keyid:93:0E:0A:3B:B0:8E:4A:C6:73:63:E3:0B:A8:3B:07:16:32:D0:AA:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kw4KO7COSsZzY-MLqDsHFjLQqkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/5950c9-97ec-40dc-9b11-0295a1c11feb/1/xaq4DEF6a2KbAw0s5ehiRgdBeuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/5950c9-97ec-40dc-9b11-0295a1c11feb/1/kw4KO7COSsZzY-MLqDsHFjLQqkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:f30::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:14:91:bf:c0:3e:7f:eb:07:0c:2a:f6:a8:91:8d:a3:84:53:
         49:b1:ec:e6:df:e7:65:b4:4c:85:b0:42:7a:18:e6:63:86:50:
         ff:0e:31:d6:3f:ec:27:28:b3:31:4c:74:fb:f2:2a:19:c0:ff:
         ba:41:4a:b4:36:9b:29:9a:fa:b6:40:1a:bf:24:7a:8e:f4:3b:
         42:33:26:a0:f8:91:ed:a4:17:fd:15:53:a8:87:af:c2:98:e2:
         00:c5:44:82:77:44:90:bf:f4:c5:06:06:20:de:c1:65:cf:c6:
         d4:40:50:49:be:17:56:38:40:79:7a:98:51:17:bb:ca:d7:dd:
         83:e7:79:f1:f6:94:13:07:65:f3:66:70:da:8c:7e:41:9e:3b:
         58:48:c8:9c:92:e3:00:5c:bd:a4:e4:0e:3a:cc:74:9e:37:74:
         c1:0b:82:3d:85:3d:f4:2f:4f:1b:6a:e6:4e:48:51:21:ee:23:
         fb:ed:48:44:61:35:4f:18:05:86:05:65:06:e8:60:4f:82:56:
         5f:2c:33:df:ad:b2:80:2f:c9:a1:65:d5:bb:33:a1:0e:65:0a:
         de:1e:ee:08:65:16:c6:f5:6d:05:f8:68:d0:e9:8a:98:32:ae:
         b1:76:7d:56:84:af:62:6a:2c:13:4d:00:b7:eb:90:34:cf:44:
         46:f7:e5:16
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhsjcp2uvpx0J4SnZho0AuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMGUwYTNiYjA4ZTRhYzY3MzYzZTMwYmE4M2IwNzE2MzJk
MGFhNDMwHhcNMjUwMTAxMTE0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWFhYjgwYzQxN2E2YjYyOWIwMzBkMmNlNWU4NjI0NjA3NDE3YWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4wPMYSq7M9nh0HtnCC7p2hgipka7
uvaXMV+ambrYbSOMWgcwaUVHH2FlZ3/lC0c/2VSQ7yjBBGcYtus1vaZcI2N6si2Q
GUgDnrrzB81Za5etgpXXu53Sn1hPebD7zpf+sQ9nmX7t1BmoBhH6to0kPT/5VvmY
K9z2N22A2dIfjxpuMnecBh+A1aLuR9UlRjO8mwFX2LNETKVj4gVp3SQ4RVL7kPAk
thh5zhV0ahHYlx0jvffmopvIa4tk6I/sNvKMrWUERPwbW8h7Fw3TNXxJgmp4ccuS
Nqmsy6SSgx5nYS9H5WwMF51HKcAsogF0wwGjKJIvEqslaKRc15U6W1p3NwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMWquAxBemtimwMNLOXoYkYHQXrkMB8GA1UdIwQY
MBaAFJMOCjuwjkrGc2PjC6g7BxYy0KpDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3c0S083Q09Tc1p6WS1NTHFEc0hGakxRcWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy81OTUwYzktOTdlYy00MGRjLTliMTEt
MDI5NWExYzExZmViLzEveGFxNERFRjZhMktiQXcwczVlaGlSZ2RCZXVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy81OTUwYzktOTdlYy00MGRjLTliMTEtMDI5NWExYzExZmVi
LzEva3c0S083Q09Tc1p6WS1NTHFEc0hGakxRcWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA8w
MA0GCSqGSIb3DQEBCwUAA4IBAQACFJG/wD5/6wcMKvaokY2jhFNJsezm3+dltEyF
sEJ6GOZjhlD/DjHWP+wnKLMxTHT78ioZwP+6QUq0Npspmvq2QBq/JHqO9DtCMyag
+JHtpBf9FVOoh6/CmOIAxUSCd0SQv/TFBgYg3sFlz8bUQFBJvhdWOEB5ephRF7vK
192D53nx9pQTB2XzZnDajH5BnjtYSMickuMAXL2k5A46zHSeN3TBC4I9hT30L08b
auZOSFEh7iP77UhEYTVPGAWGBWUG6GBPglZfLDPfrbKAL8mhZdW7M6EOZQreHu4I
ZRbG9W0F+GjQ6YqYMq6xdn1WhK9iaiwTTQC365A0z0RG9+UW
-----END CERTIFICATE-----