Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/DYV8rTZS8uCurZHOoqW-jfWMmWg.roa
File:                     DYV8rTZS8uCurZHOoqW-jfWMmWg.roa (raw, json)
Hash identifier:          oTQ/SBogFSvxJCfk7V0vkU2XYqnVHjZNfcn9byEW2aE=
Subject key identifier:   0D:85:7C:AD:36:52:F2:E0:AE:AD:91:CE:A2:A5:BE:8D:F5:8C:99:68
Certificate issuer:       /CN=a7ddfaf13b7dbe05daa32b5878b8b68024045971
Certificate serial:       0194206875850A73CB73C5E51DA9981304A6
Authority key identifier: A7:DD:FA:F1:3B:7D:BE:05:DA:A3:2B:58:78:B8:B6:80:24:04:59:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p9368Tt9vgXaoytYeLi2gCQEWXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/DYV8rTZS8uCurZHOoqW-jfWMmWg.roa
Signing time:             Wed 01 Jan 2025 05:48:24 +0000
ROA not before:           Wed 01 Jan 2025 05:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35684
IP address blocks:        2001:67c:74::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/p9368Tt9vgXaoytYeLi2gCQEWXE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/p9368Tt9vgXaoytYeLi2gCQEWXE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p9368Tt9vgXaoytYeLi2gCQEWXE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:75:85:0a:73:cb:73:c5:e5:1d:a9:98:13:04:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7ddfaf13b7dbe05daa32b5878b8b68024045971
        Validity
            Not Before: Jan  1 05:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d857cad3652f2e0aead91cea2a5be8df58c9968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:77:72:43:64:87:dc:97:d6:89:9c:a1:10:14:
                    d8:f6:e0:fd:ac:92:ad:24:6f:a0:d7:90:4f:d1:17:
                    15:ec:92:aa:c2:e4:01:a7:cd:28:8b:41:2c:d1:69:
                    9c:7b:53:76:ae:79:99:5d:66:cd:07:9b:82:49:1c:
                    9b:55:d4:c6:11:3a:6b:df:39:e2:4b:e4:07:a6:17:
                    ac:3c:0b:e4:0a:11:ac:da:5f:fc:06:04:23:58:87:
                    44:71:cf:84:fe:cf:0d:54:64:41:99:2a:5b:16:f2:
                    c8:a5:1d:54:91:40:61:ac:71:e4:f3:47:2b:60:7a:
                    74:88:81:94:da:be:fe:c6:6b:11:b2:6b:d0:81:22:
                    97:58:4f:32:3c:bd:d3:a7:e9:84:d1:8b:63:74:9b:
                    7c:ba:e0:be:d9:4b:7e:3f:ca:15:06:55:7e:55:88:
                    0c:cd:bf:70:25:b1:d9:60:4d:64:49:e6:88:e8:1c:
                    a9:a4:75:de:73:f1:3d:06:f8:21:a6:10:16:67:a3:
                    e6:7d:17:a9:6d:58:a8:9f:c0:35:da:52:0a:72:fc:
                    58:a7:a2:74:e4:73:3d:9e:4b:31:97:ab:3a:e9:bc:
                    c5:6f:ca:fe:b0:9f:2f:40:aa:dc:53:17:2a:51:6d:
                    c9:68:31:2d:09:ce:d5:0d:21:c8:22:79:df:92:89:
                    18:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:85:7C:AD:36:52:F2:E0:AE:AD:91:CE:A2:A5:BE:8D:F5:8C:99:68
            X509v3 Authority Key Identifier:
                keyid:A7:DD:FA:F1:3B:7D:BE:05:DA:A3:2B:58:78:B8:B6:80:24:04:59:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p9368Tt9vgXaoytYeLi2gCQEWXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/DYV8rTZS8uCurZHOoqW-jfWMmWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/p9368Tt9vgXaoytYeLi2gCQEWXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:74::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:fd:c8:17:ff:b7:7d:a9:36:0c:03:e9:7a:c5:64:a9:82:48:
         36:ba:72:b4:b1:47:66:87:5e:4d:94:e0:cb:bd:6f:a6:c9:96:
         1f:69:f0:e2:b8:62:3b:4f:89:6c:b4:32:f9:ce:b1:ca:d1:0a:
         eb:ed:94:62:94:53:3c:a2:8a:32:b0:bd:e8:c5:22:f8:e0:3f:
         f4:84:c3:f5:3b:a1:b3:7d:f8:72:21:be:d3:82:45:b5:f8:55:
         2a:91:6e:dc:01:0a:96:97:f2:11:56:23:46:f1:70:a6:8f:56:
         24:e5:ef:75:72:71:7a:d3:3e:9e:b5:d4:fe:b6:72:9b:45:cd:
         2f:9d:ae:87:7a:a8:6b:f2:a2:a2:5d:35:3e:9e:f5:d7:4f:1e:
         b3:eb:9e:fa:c7:cf:1c:73:7c:35:34:19:ef:4b:de:af:0d:55:
         6c:82:0e:cf:37:d2:c4:ed:b4:73:5e:84:5f:60:39:1b:36:1e:
         2a:04:b2:b5:ad:68:cc:73:76:82:b5:2c:3a:53:31:b3:79:a7:
         77:cf:86:ff:95:2e:d7:74:27:a2:49:81:aa:e5:52:62:51:d1:
         1a:18:4d:e5:79:f6:0e:40:b1:2b:91:b3:99:9b:0e:31:fc:9f:
         71:50:96:a1:a6:27:b1:a4:cf:d2:ee:f6:4a:28:5e:fb:a0:1f:
         c3:b3:a7:6c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQgaHWFCnPLc8XlHamYEwSmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZGRmYWYxM2I3ZGJlMDVkYWEzMmI1ODc4YjhiNjgwMjQw
NDU5NzEwHhcNMjUwMTAxMDU0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDg1N2NhZDM2NTJmMmUwYWVhZDkxY2VhMmE1YmU4ZGY1OGM5OTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXdyQ2SH3JfWiZyhEBTY9uD9rJKt
JG+g15BP0RcV7JKqwuQBp80oi0Es0Wmce1N2rnmZXWbNB5uCSRybVdTGETpr3zni
S+QHphesPAvkChGs2l/8BgQjWIdEcc+E/s8NVGRBmSpbFvLIpR1UkUBhrHHk80cr
YHp0iIGU2r7+xmsRsmvQgSKXWE8yPL3Tp+mE0YtjdJt8uuC+2Ut+P8oVBlV+VYgM
zb9wJbHZYE1kSeaI6ByppHXec/E9BvghphAWZ6PmfRepbVion8A12lIKcvxYp6J0
5HM9nksxl6s66bzFb8r+sJ8vQKrcUxcqUW3JaDEtCc7VDSHIInnfkokYDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA2FfK02UvLgrq2RzqKlvo31jJloMB8GA1UdIwQY
MBaAFKfd+vE7fb4F2qMrWHi4toAkBFlxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDkzNjhUdDl2Z1hhb3l0WWVMaTJnQ1FFV1hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mMmIwODMtYjNiOS00YWE2LWExNDkt
ZmJiNTUzYjg0NjQxLzEvRFlWOHJUWlM4dUN1clpIT29xVy1qZldNbVdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mMmIwODMtYjNiOS00YWE2LWExNDktZmJiNTUzYjg0NjQx
LzEvcDkzNjhUdDl2Z1hhb3l0WWVMaTJnQ1FFV1hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAB0
MA0GCSqGSIb3DQEBCwUAA4IBAQBg/cgX/7d9qTYMA+l6xWSpgkg2unK0sUdmh15N
lODLvW+myZYfafDiuGI7T4lstDL5zrHK0Qrr7ZRilFM8oooysL3oxSL44D/0hMP1
O6GzffhyIb7TgkW1+FUqkW7cAQqWl/IRViNG8XCmj1Yk5e91cnF60z6etdT+tnKb
Rc0vna6Heqhr8qKiXTU+nvXXTx6z6576x88cc3w1NBnvS96vDVVsgg7PN9LE7bRz
XoRfYDkbNh4qBLK1rWjMc3aCtSw6UzGzead3z4b/lS7XdCeiSYGq5VJiUdEaGE3l
efYOQLErkbOZmw4x/J9xUJahpiexpM/S7vZKKF77oB/Ds6ds
-----END CERTIFICATE-----