Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/5hi4oRUV3-lKQNDaUn51nnT1qK0.roa
File:                     5hi4oRUV3-lKQNDaUn51nnT1qK0.roa (raw, json)
Hash identifier:          JinYSimT/Wg2ItaoADr26fHiavicFEOuho5581RUh7s=
Subject key identifier:   E6:18:B8:A1:15:15:DF:E9:4A:40:D0:DA:52:7E:75:9E:74:F5:A8:AD
Certificate issuer:       /CN=73975d5da9da8a074b33fbcb5c09d503a3b443a1
Certificate serial:       0194221F8C24F5C64106E9794F4239F66F52
Authority key identifier: 73:97:5D:5D:A9:DA:8A:07:4B:33:FB:CB:5C:09:D5:03:A3:B4:43:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/5hi4oRUV3-lKQNDaUn51nnT1qK0.roa
Signing time:             Wed 01 Jan 2025 13:48:00 +0000
ROA not before:           Wed 01 Jan 2025 13:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13030
IP address blocks:        2001:67c:2648::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:8c:24:f5:c6:41:06:e9:79:4f:42:39:f6:6f:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73975d5da9da8a074b33fbcb5c09d503a3b443a1
        Validity
            Not Before: Jan  1 13:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e618b8a11515dfe94a40d0da527e759e74f5a8ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:67:3d:6c:7a:e7:d1:d0:0e:0a:21:60:56:46:
                    5f:e5:93:3f:06:4e:ee:73:84:e3:ba:c8:f7:5e:62:
                    91:8b:50:59:b1:c9:14:05:29:b9:f2:e0:99:74:02:
                    fe:08:ec:58:15:d1:a5:3b:5a:d0:f0:71:e7:bb:79:
                    2b:20:e8:24:76:89:e2:5b:a0:2d:23:6c:87:82:01:
                    dd:da:ea:b7:97:be:dd:a6:8a:ea:5e:41:c4:a9:98:
                    42:81:9d:d2:92:ab:f1:ca:83:e9:21:cd:06:ef:d2:
                    c8:1b:a2:d0:e0:7d:34:a6:07:1b:96:cc:ff:62:a2:
                    87:de:14:79:03:53:e4:1f:e1:48:a2:36:52:2f:81:
                    8d:1d:b8:2d:5a:0a:62:8c:e6:e6:4c:ca:9a:54:8e:
                    1a:b3:a6:9e:b4:f3:48:5b:65:42:3c:65:93:de:ae:
                    61:a1:81:8a:bf:94:b3:a1:b6:59:cc:43:cd:fd:9a:
                    5f:45:9d:a0:9d:76:37:e8:7b:77:11:d8:24:31:1c:
                    21:ab:34:d2:38:b1:ef:6a:f9:ba:4a:53:34:41:45:
                    0e:c1:b3:f3:fc:3b:7c:7b:a6:ed:40:9f:65:25:18:
                    1f:4b:89:78:92:ed:78:f8:87:b7:29:a3:15:4d:f0:
                    12:b8:85:5d:f5:25:49:db:7a:81:5d:7a:c6:7d:dd:
                    fd:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:18:B8:A1:15:15:DF:E9:4A:40:D0:DA:52:7E:75:9E:74:F5:A8:AD
            X509v3 Authority Key Identifier:
                keyid:73:97:5D:5D:A9:DA:8A:07:4B:33:FB:CB:5C:09:D5:03:A3:B4:43:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/5hi4oRUV3-lKQNDaUn51nnT1qK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2648::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:a3:56:44:dc:6d:c6:4e:46:19:f0:4b:52:5b:da:ba:b5:6f:
         b2:23:49:2e:4c:3d:45:f7:c5:41:73:09:77:36:25:72:d8:63:
         e8:58:c1:d7:f7:5c:bc:7e:81:57:60:d1:ee:44:27:4e:f6:9f:
         0a:dd:cb:10:aa:6c:90:77:45:c3:6e:6e:da:90:b6:8a:8c:03:
         e9:3c:91:9d:f1:5c:72:a9:2d:a6:05:63:60:8c:d3:00:9d:f3:
         9b:f8:9a:ef:2c:38:5b:aa:ed:b9:b4:09:2a:88:e9:73:a8:d3:
         6b:8e:01:92:9d:8f:4a:ad:55:8a:70:bf:3b:21:f1:78:32:3f:
         6c:be:be:d2:25:57:8f:92:1a:2f:33:10:be:4b:17:dd:b1:70:
         b5:00:b3:f3:41:85:97:1d:b0:90:0a:0a:39:ae:81:bb:07:38:
         46:66:44:45:5e:a9:59:74:0f:dc:73:30:44:58:00:0a:4c:e2:
         de:75:e2:d1:a0:65:73:26:9d:70:b1:0a:3f:a3:10:88:34:d3:
         8e:db:b2:ba:23:11:3d:2a:ba:1c:34:a0:72:00:45:7c:83:9d:
         0e:4a:8d:46:d8:4c:4d:bd:f4:93:48:12:9a:27:b1:64:eb:4f:
         2e:8e:f9:f2:46:1d:68:22:77:a3:6b:b4:24:d5:3f:2e:ec:ca:
         f5:0f:80:60
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH4wk9cZBBul5T0I59m9SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczOTc1ZDVkYTlkYThhMDc0YjMzZmJjYjVjMDlkNTAzYTNi
NDQzYTEwHhcNMjUwMTAxMTM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjE4YjhhMTE1MTVkZmU5NGE0MGQwZGE1MjdlNzU5ZTc0ZjVhOGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGc9bHrn0dAOCiFgVkZf5ZM/Bk7u
c4Tjusj3XmKRi1BZsckUBSm58uCZdAL+COxYFdGlO1rQ8HHnu3krIOgkdoniW6At
I2yHggHd2uq3l77dporqXkHEqZhCgZ3SkqvxyoPpIc0G79LIG6LQ4H00pgcblsz/
YqKH3hR5A1PkH+FIojZSL4GNHbgtWgpijObmTMqaVI4as6aetPNIW2VCPGWT3q5h
oYGKv5SzobZZzEPN/ZpfRZ2gnXY36Ht3EdgkMRwhqzTSOLHvavm6SlM0QUUOwbPz
/Dt8e6btQJ9lJRgfS4l4ku14+Ie3KaMVTfASuIVd9SVJ23qBXXrGfd39twIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOYYuKEVFd/pSkDQ2lJ+dZ509aitMB8GA1UdIwQY
MBaAFHOXXV2p2ooHSzP7y1wJ1QOjtEOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzVkZFhhbmFpZ2RMTV92TFhBblZBNk8wUTZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9mMDE3MmUtNjljMi00MjJmLTgyOTYt
OWU4MGQwZDg3YzJkLzEvNWhpNG9SVVYzLWxLUU5EYVVuNTFublQxcUswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9mMDE3MmUtNjljMi00MjJmLTgyOTYtOWU4MGQwZDg3YzJk
LzEvYzVkZFhhbmFpZ2RMTV92TFhBblZBNk8wUTZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCZI
MA0GCSqGSIb3DQEBCwUAA4IBAQC/o1ZE3G3GTkYZ8EtSW9q6tW+yI0kuTD1F98VB
cwl3NiVy2GPoWMHX91y8foFXYNHuRCdO9p8K3csQqmyQd0XDbm7akLaKjAPpPJGd
8VxyqS2mBWNgjNMAnfOb+JrvLDhbqu25tAkqiOlzqNNrjgGSnY9KrVWKcL87IfF4
Mj9svr7SJVePkhovMxC+SxfdsXC1ALPzQYWXHbCQCgo5roG7BzhGZkRFXqlZdA/c
czBEWAAKTOLedeLRoGVzJp1wsQo/oxCINNOO27K6IxE9KrocNKByAEV8g50OSo1G
2ExNvfSTSBKaJ7Fk608ujvnyRh1oIneja7Qk1T8u7Mr1D4Bg
-----END CERTIFICATE-----