Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/c5b5d9-0ae7-4629-a01b-fbad637c4142/1/9ArDJmOHTGy2Uvx62RIG28a5LGI.roa
File:                     9ArDJmOHTGy2Uvx62RIG28a5LGI.roa (raw, json)
Hash identifier:          Et89QDvNcCQ2m2b4aktJLI1CigeR9TGu2ft9T2DrbR0=
Subject key identifier:   F4:0A:C3:26:63:87:4C:6C:B6:52:FC:7A:D9:12:06:DB:C6:B9:2C:62
Certificate issuer:       /CN=2578e66d757f95ea6d693aa7f84fcb274975c8bb
Certificate serial:       01942747A2EC937AD5B9DBC633FA7AA06B25
Authority key identifier: 25:78:E6:6D:75:7F:95:EA:6D:69:3A:A7:F8:4F:CB:27:49:75:C8:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JXjmbXV_leptaTqn-E_LJ0l1yLs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/c5b5d9-0ae7-4629-a01b-fbad637c4142/1/9ArDJmOHTGy2Uvx62RIG28a5LGI.roa
Signing time:             Thu 02 Jan 2025 13:49:53 +0000
ROA not before:           Thu 02 Jan 2025 13:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203918
IP address blocks:        2001:67c:2e90::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/c5b5d9-0ae7-4629-a01b-fbad637c4142/1/JXjmbXV_leptaTqn-E_LJ0l1yLs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/c5b5d9-0ae7-4629-a01b-fbad637c4142/1/JXjmbXV_leptaTqn-E_LJ0l1yLs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JXjmbXV_leptaTqn-E_LJ0l1yLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:a2:ec:93:7a:d5:b9:db:c6:33:fa:7a:a0:6b:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2578e66d757f95ea6d693aa7f84fcb274975c8bb
        Validity
            Not Before: Jan  2 13:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f40ac32663874c6cb652fc7ad91206dbc6b92c62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:24:66:76:02:0a:c8:56:df:dc:ad:06:cf:71:
                    5c:e9:38:ea:6c:b9:ef:8a:40:06:09:4c:57:6f:79:
                    86:4a:52:f0:73:f1:22:47:80:d4:53:35:48:b0:52:
                    07:4f:0c:f1:f7:df:2c:50:bd:bb:f0:3c:42:35:47:
                    77:a3:b2:44:7f:2d:80:33:38:e0:e8:6c:fe:9b:5a:
                    0a:57:c7:56:86:7e:eb:a1:26:5a:27:ea:ce:1a:ee:
                    1f:14:d5:13:4f:90:94:aa:c6:94:f3:a3:d8:e3:ea:
                    35:df:d1:b5:53:52:91:51:f3:ec:60:58:cf:35:b4:
                    ad:8f:77:20:09:9d:65:c4:ac:c1:0c:ae:c5:96:a6:
                    5b:b3:09:68:c0:f8:68:5c:b0:a1:b6:45:10:a2:c5:
                    99:11:49:89:3c:75:e5:31:5e:59:bb:3d:28:f2:6f:
                    7b:e6:ff:ea:db:9a:77:66:08:af:19:c8:87:c7:bd:
                    0f:48:6d:18:ee:a1:fc:27:2c:a2:c1:2f:68:bf:0d:
                    bf:ab:5d:f8:c1:49:ba:7a:d3:67:42:57:c8:46:9c:
                    a9:37:c6:bb:12:2d:b2:0c:6b:01:81:e7:5f:1d:f4:
                    de:ce:49:ef:30:23:95:09:85:35:17:3d:d5:5b:04:
                    ab:52:56:cb:f0:8e:73:c9:41:7e:9d:0e:8e:85:12:
                    28:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:0A:C3:26:63:87:4C:6C:B6:52:FC:7A:D9:12:06:DB:C6:B9:2C:62
            X509v3 Authority Key Identifier:
                keyid:25:78:E6:6D:75:7F:95:EA:6D:69:3A:A7:F8:4F:CB:27:49:75:C8:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JXjmbXV_leptaTqn-E_LJ0l1yLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c5b5d9-0ae7-4629-a01b-fbad637c4142/1/9ArDJmOHTGy2Uvx62RIG28a5LGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c5b5d9-0ae7-4629-a01b-fbad637c4142/1/JXjmbXV_leptaTqn-E_LJ0l1yLs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2e90::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:6a:73:be:15:fd:13:19:94:b6:38:0a:98:63:2d:89:bc:57:
         3b:f3:89:1d:29:62:22:75:d3:2e:99:52:ae:f0:cc:c0:e7:f2:
         40:01:ad:40:d2:87:8a:53:25:1d:3a:ad:36:3b:be:a0:53:a1:
         bd:b7:c9:de:5c:6d:74:9f:c5:4d:e3:ce:78:84:ae:67:9e:6a:
         f2:f8:b1:b7:66:39:86:fe:46:28:53:c6:1c:6f:79:30:cb:53:
         6e:19:38:62:11:96:65:04:0d:99:e5:17:3d:f1:76:c1:93:b5:
         cb:60:8b:ed:81:a8:bd:1e:18:66:da:8a:ae:01:60:f0:f6:b2:
         5f:49:3b:91:38:57:80:a9:d2:8e:7a:13:a0:1e:5e:3e:17:22:
         62:5e:8d:83:5c:21:d3:92:97:b7:c1:4d:61:e9:6e:b9:86:a9:
         da:a2:db:7d:1a:34:23:5a:54:4b:95:c1:49:80:ef:3c:e6:35:
         27:60:97:a1:bb:7b:16:6a:a1:df:79:a4:7f:c0:7d:60:2b:de:
         b9:4b:a9:1a:42:74:2b:a1:50:17:bb:1b:90:81:c1:6a:e7:c9:
         05:1c:80:d3:87:c0:a5:e8:3d:e3:97:ef:f7:d7:fb:88:84:ac:
         8d:da:72:53:be:d1:b5:f4:86:94:2a:48:b1:02:5b:e4:3c:f7:
         f6:13:43:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnR6Lsk3rVudvGM/p6oGslMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NzhlNjZkNzU3Zjk1ZWE2ZDY5M2FhN2Y4NGZjYjI3NDk3
NWM4YmIwHhcNMjUwMTAyMTM0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDBhYzMyNjYzODc0YzZjYjY1MmZjN2FkOTEyMDZkYmM2YjkyYzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6SRmdgIKyFbf3K0Gz3Fc6TjqbLnv
ikAGCUxXb3mGSlLwc/EiR4DUUzVIsFIHTwzx998sUL278DxCNUd3o7JEfy2AMzjg
6Gz+m1oKV8dWhn7roSZaJ+rOGu4fFNUTT5CUqsaU86PY4+o139G1U1KRUfPsYFjP
NbStj3cgCZ1lxKzBDK7FlqZbswlowPhoXLChtkUQosWZEUmJPHXlMV5Zuz0o8m97
5v/q25p3ZgivGciHx70PSG0Y7qH8JyyiwS9ovw2/q134wUm6etNnQlfIRpypN8a7
Ei2yDGsBgedfHfTezknvMCOVCYU1Fz3VWwSrUlbL8I5zyUF+nQ6OhRIopwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPQKwyZjh0xstlL8etkSBtvGuSxiMB8GA1UdIwQY
MBaAFCV45m11f5XqbWk6p/hPyydJdci7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlhqbWJYVl9sZXB0YVRxbi1FX0xKMGwxeUxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jNWI1ZDktMGFlNy00NjI5LWEwMWIt
ZmJhZDYzN2M0MTQyLzEvOUFyREptT0hUR3kyVXZ4NjJSSUcyOGE1TEdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jNWI1ZDktMGFlNy00NjI5LWEwMWItZmJhZDYzN2M0MTQy
LzEvSlhqbWJYVl9sZXB0YVRxbi1FX0xKMGwxeUxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC6Q
MA0GCSqGSIb3DQEBCwUAA4IBAQBdanO+Ff0TGZS2OAqYYy2JvFc784kdKWIiddMu
mVKu8MzA5/JAAa1A0oeKUyUdOq02O76gU6G9t8neXG10n8VN4854hK5nnmry+LG3
ZjmG/kYoU8Ycb3kwy1NuGThiEZZlBA2Z5Rc98XbBk7XLYIvtgai9Hhhm2oquAWDw
9rJfSTuROFeAqdKOehOgHl4+FyJiXo2DXCHTkpe3wU1h6W65hqnaott9GjQjWlRL
lcFJgO885jUnYJehu3sWaqHfeaR/wH1gK965S6kaQnQroVAXuxuQgcFq58kFHIDT
h8Cl6D3jl+/31/uIhKyN2nJTvtG19IaUKkixAlvkPPf2E0OP
-----END CERTIFICATE-----