Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/81de07-8481-4d83-82e9-a3471774157b/1/_xRBA0-FJYAq2bhvbQe3j68XREg.roa
File:                     _xRBA0-FJYAq2bhvbQe3j68XREg.roa (raw, json)
Hash identifier:          Gym+lS7Pb7qSAGCB20Y3Am819Ocp8b/loNBlr9diFjw=
Subject key identifier:   FF:14:41:03:4F:85:25:80:2A:D9:B8:6F:6D:07:B7:8F:AF:17:44:48
Certificate issuer:       /CN=12fadfe291defc56f9479e2e7d21b5397cfa2b64
Certificate serial:       0194402FC140664EE48D17D294E52C624916
Authority key identifier: 12:FA:DF:E2:91:DE:FC:56:F9:47:9E:2E:7D:21:B5:39:7C:FA:2B:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Evrf4pHe_Fb5R54ufSG1OXz6K2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/81de07-8481-4d83-82e9-a3471774157b/1/_xRBA0-FJYAq2bhvbQe3j68XREg.roa
Signing time:             Tue 07 Jan 2025 09:54:18 +0000
ROA not before:           Tue 07 Jan 2025 09:54:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31169
IP address blocks:        2001:67c:2d68::/48 maxlen: 48
                          2a06:11c0:1::/48 maxlen: 48
                          2a06:11c0:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/81de07-8481-4d83-82e9-a3471774157b/1/Evrf4pHe_Fb5R54ufSG1OXz6K2Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/81de07-8481-4d83-82e9-a3471774157b/1/Evrf4pHe_Fb5R54ufSG1OXz6K2Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Evrf4pHe_Fb5R54ufSG1OXz6K2Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 09:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:40:2f:c1:40:66:4e:e4:8d:17:d2:94:e5:2c:62:49:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12fadfe291defc56f9479e2e7d21b5397cfa2b64
        Validity
            Not Before: Jan  7 09:54:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff1441034f8525802ad9b86f6d07b78faf174448
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b6:ba:66:a8:a9:a9:48:94:1d:3a:3f:9a:6f:
                    ad:a8:fe:64:96:2a:c7:53:a1:11:a4:ae:5d:58:f0:
                    02:97:6c:da:59:b9:cc:0e:5d:b4:34:5e:3d:15:c5:
                    fb:50:ac:2e:2b:b0:78:a7:10:2f:f7:fe:a8:49:51:
                    08:2d:31:36:dc:b1:80:4d:3a:2a:41:3c:68:f7:9a:
                    b5:56:53:35:1f:18:7f:f8:d7:cc:f9:96:4d:a1:e8:
                    99:d3:e9:06:da:d0:a2:25:89:6f:62:10:ee:99:f1:
                    eb:9a:e2:d8:42:fd:3d:cf:33:f0:66:2a:80:ad:08:
                    80:4f:af:14:60:fe:c1:2e:93:c0:c5:87:75:a8:41:
                    b1:fc:74:fc:54:57:26:3b:68:9d:fb:af:ac:10:9e:
                    e6:37:25:1d:60:f3:87:ab:64:ac:d8:75:44:f7:63:
                    2d:cf:fe:43:0b:d4:f3:a9:d8:3f:f1:74:ae:96:2a:
                    da:f1:7c:ad:ef:fd:64:6b:cc:72:14:a3:16:69:70:
                    ee:43:33:ab:f3:e2:3d:55:cb:09:f3:69:4b:37:64:
                    d3:1f:65:6f:e8:df:a6:31:28:3d:68:03:be:cb:50:
                    8e:5a:b3:08:c6:4a:9c:2e:db:4b:12:4a:ce:8d:5c:
                    53:43:9c:e2:b5:0f:3c:c8:4c:87:89:3f:36:1d:68:
                    83:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:14:41:03:4F:85:25:80:2A:D9:B8:6F:6D:07:B7:8F:AF:17:44:48
            X509v3 Authority Key Identifier:
                keyid:12:FA:DF:E2:91:DE:FC:56:F9:47:9E:2E:7D:21:B5:39:7C:FA:2B:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Evrf4pHe_Fb5R54ufSG1OXz6K2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/81de07-8481-4d83-82e9-a3471774157b/1/_xRBA0-FJYAq2bhvbQe3j68XREg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/81de07-8481-4d83-82e9-a3471774157b/1/Evrf4pHe_Fb5R54ufSG1OXz6K2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2d68::/48
                  2a06:11c0:1::-2a06:11c0:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         7e:32:87:73:b5:02:e6:de:68:c0:b4:6d:25:67:fa:6b:70:ea:
         ea:19:b1:af:a8:76:d7:26:cb:e1:c2:af:df:86:59:0b:60:78:
         11:83:c9:a5:7f:65:db:da:6c:05:c8:df:61:ad:9f:c8:26:75:
         bc:a6:cf:c7:97:de:e6:72:09:6d:fd:53:d9:3e:55:92:38:34:
         3f:5a:72:92:10:95:ac:c9:0f:4c:7d:9a:1d:d8:76:cc:cf:77:
         ce:01:f0:1d:10:58:62:22:21:79:26:27:75:be:6f:2e:b3:da:
         aa:6a:5b:1a:23:89:cc:27:2f:87:52:71:4a:a9:cf:70:ff:2c:
         be:79:59:62:2f:97:bb:47:3c:c9:61:27:13:a2:a6:52:60:27:
         70:a3:ee:1e:59:2a:27:26:64:a0:06:fb:d5:a5:8f:26:f2:67:
         d0:fe:dc:cf:90:45:da:ed:e0:12:f3:3c:e2:c6:33:77:68:ce:
         94:8c:8c:b0:33:43:33:4e:3c:17:0a:2f:88:5a:e9:15:2b:2f:
         c4:4a:70:3d:40:63:48:22:55:74:7e:07:d1:cc:9d:fe:37:fc:
         35:56:8c:b9:60:4f:22:79:61:15:9a:27:d7:2d:94:38:b6:c2:
         b8:6f:84:27:de:ed:e4:12:6c:42:be:9e:00:b4:7a:8c:4b:65:
         0f:63:a0:91
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZRAL8FAZk7kjRfSlOUsYkkWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZmFkZmUyOTFkZWZjNTZmOTQ3OWUyZTdkMjFiNTM5N2Nm
YTJiNjQwHhcNMjUwMTA3MDk1NDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjE0NDEwMzRmODUyNTgwMmFkOWI4NmY2ZDA3Yjc4ZmFmMTc0NDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAora6ZqipqUiUHTo/mm+tqP5klirH
U6ERpK5dWPACl2zaWbnMDl20NF49FcX7UKwuK7B4pxAv9/6oSVEILTE23LGATToq
QTxo95q1VlM1Hxh/+NfM+ZZNoeiZ0+kG2tCiJYlvYhDumfHrmuLYQv09zzPwZiqA
rQiAT68UYP7BLpPAxYd1qEGx/HT8VFcmO2id+6+sEJ7mNyUdYPOHq2Ss2HVE92Mt
z/5DC9Tzqdg/8XSulira8Xyt7/1ka8xyFKMWaXDuQzOr8+I9VcsJ82lLN2TTH2Vv
6N+mMSg9aAO+y1COWrMIxkqcLttLEkrOjVxTQ5zitQ88yEyHiT82HWiD/QIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFP8UQQNPhSWAKtm4b20Ht4+vF0RIMB8GA1UdIwQY
MBaAFBL63+KR3vxW+UeeLn0htTl8+itkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXZyZjRwSGVfRmI1UjU0dWZTRzFPWHo2SzJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC84MWRlMDctODQ4MS00ZDgzLTgyZTkt
YTM0NzE3NzQxNTdiLzEvX3hSQkEwLUZKWUFxMmJodmJRZTNqNjhYUkVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC84MWRlMDctODQ4MS00ZDgzLTgyZTktYTM0NzE3NzQxNTdi
LzEvRXZyZjRwSGVfRmI1UjU0dWZTRzFPWHo2SzJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAjBAIAAjAdAwcAIAEGfC1o
MBIDBwAqBhHAAAEDBwAqBhHAAAIwDQYJKoZIhvcNAQELBQADggEBAH4yh3O1Aube
aMC0bSVn+mtw6uoZsa+odtcmy+HCr9+GWQtgeBGDyaV/ZdvabAXI32Gtn8gmdbym
z8eX3uZyCW39U9k+VZI4ND9acpIQlazJD0x9mh3YdszPd84B8B0QWGIiIXkmJ3W+
by6z2qpqWxojicwnL4dScUqpz3D/LL55WWIvl7tHPMlhJxOiplJgJ3Cj7h5ZKicm
ZKAG+9WljybyZ9D+3M+QRdrt4BLzPOLGM3dozpSMjLAzQzNOPBcKL4ha6RUrL8RK
cD1AY0giVXR+B9HMnf43/DVWjLlgTyJ5YRWaJ9ctlDi2wrhvhCfe7eQSbEK+ngC0
eoxLZQ9joJE=
-----END CERTIFICATE-----