Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/7290d5-1ed5-4ca1-96fd-bfc73dd0bbb6/1/tI9ka3nY65XI0hS6cPovdv7yr60.roa
File:                     tI9ka3nY65XI0hS6cPovdv7yr60.roa (raw, json)
Hash identifier:          +06LGDfkS/BJNhqCcOcJbY1vvOjfeeWWAoEc0fhS6DY=
Subject key identifier:   B4:8F:64:6B:79:D8:EB:95:C8:D2:14:BA:70:FA:2F:76:FE:F2:AF:AD
Certificate issuer:       /CN=9b86bd882e476e4698318f370712f71c2bf50dfc
Certificate serial:       01941F8CA345BA2E0F81B6647A6C3EE0DEC4
Authority key identifier: 9B:86:BD:88:2E:47:6E:46:98:31:8F:37:07:12:F7:1C:2B:F5:0D:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m4a9iC5HbkaYMY83BxL3HCv1Dfw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/7290d5-1ed5-4ca1-96fd-bfc73dd0bbb6/1/tI9ka3nY65XI0hS6cPovdv7yr60.roa
Signing time:             Wed 01 Jan 2025 01:48:18 +0000
ROA not before:           Wed 01 Jan 2025 01:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1921
IP address blocks:        2001:67c:10e0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/7290d5-1ed5-4ca1-96fd-bfc73dd0bbb6/1/m4a9iC5HbkaYMY83BxL3HCv1Dfw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/7290d5-1ed5-4ca1-96fd-bfc73dd0bbb6/1/m4a9iC5HbkaYMY83BxL3HCv1Dfw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m4a9iC5HbkaYMY83BxL3HCv1Dfw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:a3:45:ba:2e:0f:81:b6:64:7a:6c:3e:e0:de:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b86bd882e476e4698318f370712f71c2bf50dfc
        Validity
            Not Before: Jan  1 01:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b48f646b79d8eb95c8d214ba70fa2f76fef2afad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:bc:51:aa:ec:bc:f2:5b:1e:d3:75:b2:b3:98:
                    d7:cf:07:9c:0c:0d:18:8e:2b:00:d0:e0:7b:06:52:
                    94:45:5a:6d:cb:3e:69:0d:88:47:e5:6e:63:27:f7:
                    58:5d:cf:e5:de:09:ae:bf:16:6c:2d:fa:03:a5:b1:
                    40:81:93:2e:e6:16:ef:40:76:e6:1d:28:b6:de:cd:
                    2a:03:f7:a4:92:20:d4:59:bb:27:db:1e:08:e8:ce:
                    ce:3c:9f:be:f9:22:5b:55:5d:66:db:bf:fd:78:25:
                    81:db:c0:87:47:47:4f:c6:6c:42:bb:8a:8c:a7:c1:
                    e4:96:e5:90:b8:15:5a:65:16:c3:05:fc:f1:49:0d:
                    ef:46:25:fb:52:02:50:99:2b:ea:82:5f:05:59:3f:
                    86:c1:fb:ba:71:9c:3f:10:a1:42:1c:eb:2a:b2:10:
                    dd:57:c2:5a:c1:83:9c:73:dd:9f:b1:8a:94:6f:64:
                    5d:8d:2c:df:7d:19:3f:b0:c5:8e:e7:ed:68:6e:76:
                    ad:93:81:c9:b2:9c:d1:68:cc:c9:98:49:53:c1:e2:
                    df:bc:97:0d:36:95:5f:dd:4c:d0:f0:85:4a:99:43:
                    c3:49:00:cc:c4:53:f0:a8:fc:a5:74:6b:64:bf:5d:
                    9b:9b:8a:2f:3c:31:2e:50:a0:3a:00:59:f2:a2:28:
                    56:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:8F:64:6B:79:D8:EB:95:C8:D2:14:BA:70:FA:2F:76:FE:F2:AF:AD
            X509v3 Authority Key Identifier:
                keyid:9B:86:BD:88:2E:47:6E:46:98:31:8F:37:07:12:F7:1C:2B:F5:0D:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m4a9iC5HbkaYMY83BxL3HCv1Dfw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/7290d5-1ed5-4ca1-96fd-bfc73dd0bbb6/1/tI9ka3nY65XI0hS6cPovdv7yr60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/7290d5-1ed5-4ca1-96fd-bfc73dd0bbb6/1/m4a9iC5HbkaYMY83BxL3HCv1Dfw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:10e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:fa:56:86:7e:bd:38:ae:e0:f2:0f:e2:e0:06:9e:27:c5:e7:
         5c:23:b8:db:38:52:34:e5:d9:87:64:c2:0a:7a:4d:6c:c6:2d:
         bd:68:92:7c:fd:5d:bd:b3:86:32:30:63:09:3b:0b:d1:a1:97:
         27:b9:61:2d:51:ad:40:34:36:29:c1:41:a2:41:97:fc:91:a7:
         59:8c:68:c0:c3:61:21:e3:a7:09:f7:40:37:1e:a8:53:cd:8a:
         64:03:ad:c2:17:9d:a6:9e:2e:34:06:ff:f2:a4:c7:8f:1e:24:
         66:e5:aa:2f:02:d9:c0:ba:e5:64:05:ad:7b:61:9c:51:88:9f:
         45:e6:31:fa:94:02:4f:47:ac:a7:90:2b:2e:63:93:e2:18:df:
         5b:11:49:9d:60:e9:37:eb:70:47:02:94:3d:1b:6f:14:80:1d:
         88:23:2b:20:66:de:d3:e4:45:c7:8c:39:4e:31:75:1e:65:9d:
         dc:14:d0:ec:5f:48:c6:2b:8c:f2:15:0c:52:ec:63:60:f7:d1:
         ee:88:d2:68:c4:d8:4b:20:8d:8a:4e:58:b0:4b:97:2a:c5:e5:
         22:9b:f9:8d:4a:72:78:37:24:bd:17:28:d9:b1:af:0b:86:ba:
         1f:c0:40:fb:bc:78:8d:22:24:d3:b5:f7:78:0d:0d:86:f3:a6:
         ff:b4:5c:9f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjKNFui4PgbZkemw+4N7EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliODZiZDg4MmU0NzZlNDY5ODMxOGYzNzA3MTJmNzFjMmJm
NTBkZmMwHhcNMjUwMTAxMDE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDhmNjQ2Yjc5ZDhlYjk1YzhkMjE0YmE3MGZhMmY3NmZlZjJhZmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1bxRquy88lse03Wys5jXzwecDA0Y
jisA0OB7BlKURVptyz5pDYhH5W5jJ/dYXc/l3gmuvxZsLfoDpbFAgZMu5hbvQHbm
HSi23s0qA/ekkiDUWbsn2x4I6M7OPJ+++SJbVV1m27/9eCWB28CHR0dPxmxCu4qM
p8HkluWQuBVaZRbDBfzxSQ3vRiX7UgJQmSvqgl8FWT+Gwfu6cZw/EKFCHOsqshDd
V8JawYOcc92fsYqUb2RdjSzffRk/sMWO5+1obnatk4HJspzRaMzJmElTweLfvJcN
NpVf3UzQ8IVKmUPDSQDMxFPwqPyldGtkv12bm4ovPDEuUKA6AFnyoihWOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLSPZGt52OuVyNIUunD6L3b+8q+tMB8GA1UdIwQY
MBaAFJuGvYguR25GmDGPNwcS9xwr9Q38MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTRhOWlDNUhia2FZTVk4M0J4TDNIQ3YxRGZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni83MjkwZDUtMWVkNS00Y2ExLTk2ZmQt
YmZjNzNkZDBiYmI2LzEvdEk5a2Ezblk2NVhJMGhTNmNQb3Zkdjd5cjYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni83MjkwZDUtMWVkNS00Y2ExLTk2ZmQtYmZjNzNkZDBiYmI2
LzEvbTRhOWlDNUhia2FZTVk4M0J4TDNIQ3YxRGZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBDg
MA0GCSqGSIb3DQEBCwUAA4IBAQBZ+laGfr04ruDyD+LgBp4nxedcI7jbOFI05dmH
ZMIKek1sxi29aJJ8/V29s4YyMGMJOwvRoZcnuWEtUa1ANDYpwUGiQZf8kadZjGjA
w2Eh46cJ90A3HqhTzYpkA63CF52mni40Bv/ypMePHiRm5aovAtnAuuVkBa17YZxR
iJ9F5jH6lAJPR6ynkCsuY5PiGN9bEUmdYOk363BHApQ9G28UgB2IIysgZt7T5EXH
jDlOMXUeZZ3cFNDsX0jGK4zyFQxS7GNg99HuiNJoxNhLII2KTliwS5cqxeUim/mN
SnJ4NyS9FyjZsa8LhrofwED7vHiNIiTTtfd4DQ2G86b/tFyf
-----END CERTIFICATE-----