Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/_qWutZUYh7GtHc5BuqYExYnhc5E.roa
File:                     _qWutZUYh7GtHc5BuqYExYnhc5E.roa (raw, json)
Hash identifier:          coowkP6g5fodWA3YuMC9BEcTrYORzxDu9UeePR3fEmU=
Subject key identifier:   FE:A5:AE:B5:95:18:87:B1:AD:1D:CE:41:BA:A6:04:C5:89:E1:73:91
Certificate issuer:       /CN=c65613d5999f3632985ed89a02efaabd1890ba09
Certificate serial:       0194BA5F78735DE1D4D1A2A7A834E7D5A187
Authority key identifier: C6:56:13:D5:99:9F:36:32:98:5E:D8:9A:02:EF:AA:BD:18:90:BA:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xlYT1ZmfNjKYXtiaAu-qvRiQugk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/_qWutZUYh7GtHc5BuqYExYnhc5E.roa
Signing time:             Fri 31 Jan 2025 03:20:06 +0000
ROA not before:           Fri 31 Jan 2025 03:20:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215492
IP address blocks:        2001:67c:df8::/48 maxlen: 48
                          2a14:8100:10::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/xlYT1ZmfNjKYXtiaAu-qvRiQugk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/xlYT1ZmfNjKYXtiaAu-qvRiQugk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xlYT1ZmfNjKYXtiaAu-qvRiQugk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ba:5f:78:73:5d:e1:d4:d1:a2:a7:a8:34:e7:d5:a1:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c65613d5999f3632985ed89a02efaabd1890ba09
        Validity
            Not Before: Jan 31 03:20:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fea5aeb5951887b1ad1dce41baa604c589e17391
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:15:e2:1b:00:48:47:d4:b0:d4:5d:d4:eb:a9:
                    19:e3:20:69:43:ce:5b:b6:1a:56:5c:e7:ff:56:b8:
                    5c:d8:fb:d8:15:6d:88:ae:02:7e:e9:66:66:db:a0:
                    6b:17:6d:82:e7:c8:52:a0:36:ec:cd:c8:60:0f:35:
                    bb:f9:9c:f3:b1:a6:c7:24:4f:9e:0e:db:71:5d:83:
                    94:72:80:47:2a:66:f7:bb:0b:ca:ea:44:3b:d7:18:
                    53:d5:14:b1:30:81:c2:08:76:73:97:94:8a:fe:19:
                    08:94:91:ef:b6:39:81:f9:7c:c4:86:25:c3:ab:7c:
                    82:01:5a:41:e7:bb:dc:8d:4d:8e:d2:6d:24:f3:7f:
                    36:97:94:b6:f4:3e:b5:a7:4e:fd:83:e6:d5:ac:18:
                    5b:8c:a2:4a:49:1e:d1:7a:fd:14:b1:67:94:65:d6:
                    07:c9:a0:61:ce:06:51:c2:53:c0:b4:f3:3a:a8:86:
                    a7:44:4c:4d:29:2d:95:d6:b8:4c:e8:5d:32:20:c0:
                    4a:19:62:61:ea:e9:09:91:93:64:00:ee:da:cf:af:
                    42:65:46:0f:0f:01:23:b3:56:a1:34:31:28:01:00:
                    77:c9:b3:4e:81:c7:d8:0f:05:64:a8:1f:f9:c8:b6:
                    8c:30:80:4b:f8:bf:23:36:84:e8:ee:57:2a:56:1f:
                    13:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:A5:AE:B5:95:18:87:B1:AD:1D:CE:41:BA:A6:04:C5:89:E1:73:91
            X509v3 Authority Key Identifier:
                keyid:C6:56:13:D5:99:9F:36:32:98:5E:D8:9A:02:EF:AA:BD:18:90:BA:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xlYT1ZmfNjKYXtiaAu-qvRiQugk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/_qWutZUYh7GtHc5BuqYExYnhc5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/xlYT1ZmfNjKYXtiaAu-qvRiQugk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:df8::/48
                  2a14:8100:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         45:a2:71:8b:c1:f4:15:88:68:0f:22:1d:be:95:32:e7:4d:4c:
         57:cd:61:c1:e1:f2:0e:b8:6b:7c:a0:b6:f7:b0:a8:f0:df:a7:
         ec:b3:cf:24:35:c1:a0:60:4f:1c:75:6e:b5:3f:ad:6b:25:2e:
         bb:d6:2a:d0:1d:b8:09:07:c6:97:ba:9e:26:89:8f:64:75:22:
         48:b5:6d:1e:0d:91:a6:9f:e8:6b:b6:a5:4d:92:2c:e4:ef:eb:
         88:a7:88:fc:69:59:b7:d5:36:c3:db:c8:02:93:53:e7:9a:2f:
         fa:65:1e:78:b1:f2:89:c0:a6:d5:fd:d9:ab:32:3d:5e:a5:1f:
         b4:1d:4a:64:b5:c6:8d:da:04:a9:f2:6f:16:d9:6a:e6:51:f9:
         98:f7:5e:a8:23:ae:0c:f7:40:97:3d:42:5f:15:78:e0:ed:76:
         97:bf:f5:8f:34:06:4d:7e:99:28:89:02:62:d4:87:69:3d:a0:
         03:d6:9d:39:90:79:dc:0e:e3:b0:cc:25:6c:c5:00:48:d3:63:
         f9:7f:2d:c4:5c:86:a0:ac:62:ce:55:40:9f:bb:db:b7:20:63:
         4f:f0:6b:0f:a2:88:1d:1f:7a:bc:3e:3b:d9:a9:25:4e:77:cf:
         5d:88:f6:a5:be:62:7c:a6:60:f1:a8:a4:ea:7e:0a:eb:2c:e4:
         1f:56:4f:62
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZS6X3hzXeHU0aKnqDTn1aGHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NTYxM2Q1OTk5ZjM2MzI5ODVlZDg5YTAyZWZhYWJkMTg5
MGJhMDkwHhcNMjUwMTMxMDMyMDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWE1YWViNTk1MTg4N2IxYWQxZGNlNDFiYWE2MDRjNTg5ZTE3MzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRXiGwBIR9Sw1F3U66kZ4yBpQ85b
thpWXOf/Vrhc2PvYFW2IrgJ+6WZm26BrF22C58hSoDbszchgDzW7+ZzzsabHJE+e
DttxXYOUcoBHKmb3uwvK6kQ71xhT1RSxMIHCCHZzl5SK/hkIlJHvtjmB+XzEhiXD
q3yCAVpB57vcjU2O0m0k8382l5S29D61p079g+bVrBhbjKJKSR7Rev0UsWeUZdYH
yaBhzgZRwlPAtPM6qIanRExNKS2V1rhM6F0yIMBKGWJh6ukJkZNkAO7az69CZUYP
DwEjs1ahNDEoAQB3ybNOgcfYDwVkqB/5yLaMMIBL+L8jNoTo7lcqVh8TwwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP6lrrWVGIexrR3OQbqmBMWJ4XORMB8GA1UdIwQY
MBaAFMZWE9WZnzYymF7YmgLvqr0YkLoJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGxZVDFabWZOaktZWHRpYUF1LXF2UmlRdWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8zZDhhYWMtZDM5OC00M2FiLTljM2Ut
NjUwOTkyZjJhMTc0LzEvX3FXdXRaVVloN0d0SGM1QnVxWUV4WW5oYzVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8zZDhhYWMtZDM5OC00M2FiLTljM2UtNjUwOTkyZjJhMTc0
LzEveGxZVDFabWZOaktZWHRpYUF1LXF2UmlRdWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGfA34
AwcEKhSBAAAQMA0GCSqGSIb3DQEBCwUAA4IBAQBFonGLwfQViGgPIh2+lTLnTUxX
zWHB4fIOuGt8oLb3sKjw36fss88kNcGgYE8cdW61P61rJS671irQHbgJB8aXup4m
iY9kdSJItW0eDZGmn+hrtqVNkizk7+uIp4j8aVm31TbD28gCk1Pnmi/6ZR54sfKJ
wKbV/dmrMj1epR+0HUpktcaN2gSp8m8W2WrmUfmY916oI64M90CXPUJfFXjg7XaX
v/WPNAZNfpkoiQJi1IdpPaAD1p05kHncDuOwzCVsxQBI02P5fy3EXIagrGLOVUCf
u9u3IGNP8GsPoogdH3q8PjvZqSVOd89diPalvmJ8pmDxqKTqfgrrLOQfVk9i
-----END CERTIFICATE-----