Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/ba66f2-de3e-4de8-bd65-22f23fe29287/1/oU4Cohsb9kWDicLsugicyZN6s7k.roa
File:                     oU4Cohsb9kWDicLsugicyZN6s7k.roa (raw, json)
Hash identifier:          YXEAgbcCjB/PmDtI8uql79S0hq5pcPIEdu0GZCtli20=
Subject key identifier:   A1:4E:02:A2:1B:1B:F6:45:83:89:C2:EC:BA:08:9C:C9:93:7A:B3:B9
Certificate issuer:       /CN=480e3cf0d122574c7e7b3bf034d0d3d013eebc15
Certificate serial:       019424B378AD6D511DD7D5C66FC49E608899
Authority key identifier: 48:0E:3C:F0:D1:22:57:4C:7E:7B:3B:F0:34:D0:D3:D0:13:EE:BC:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SA488NEiV0x-ezvwNNDT0BPuvBU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/ba66f2-de3e-4de8-bd65-22f23fe29287/1/oU4Cohsb9kWDicLsugicyZN6s7k.roa
Signing time:             Thu 02 Jan 2025 01:48:49 +0000
ROA not before:           Thu 02 Jan 2025 01:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        2001:67c:ac0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/ba66f2-de3e-4de8-bd65-22f23fe29287/1/SA488NEiV0x-ezvwNNDT0BPuvBU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/ba66f2-de3e-4de8-bd65-22f23fe29287/1/SA488NEiV0x-ezvwNNDT0BPuvBU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SA488NEiV0x-ezvwNNDT0BPuvBU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:78:ad:6d:51:1d:d7:d5:c6:6f:c4:9e:60:88:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=480e3cf0d122574c7e7b3bf034d0d3d013eebc15
        Validity
            Not Before: Jan  2 01:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a14e02a21b1bf6458389c2ecba089cc9937ab3b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:82:94:1f:05:46:3f:10:10:dd:e8:6f:9b:18:
                    71:14:bf:30:83:17:18:aa:6d:27:ad:d4:fe:14:9e:
                    53:ad:e3:06:f4:87:40:c2:cf:bc:69:5e:ec:30:89:
                    2f:23:08:93:fa:e3:11:01:6a:32:fa:22:c2:85:c9:
                    1c:f6:ea:42:d0:cd:2c:0b:c8:2d:6f:73:6a:0c:12:
                    6f:d1:25:41:8f:cf:da:f4:13:a7:3e:2d:bc:8e:e5:
                    8a:84:de:84:86:51:22:ee:00:96:93:cc:5c:4c:ff:
                    ca:73:b7:c3:d4:df:79:d5:02:54:1a:31:ea:0d:c9:
                    a9:4f:df:2e:d4:7c:a2:84:0b:91:ff:d9:24:1b:54:
                    f3:79:10:2c:19:a5:12:bc:14:c6:ee:aa:aa:8d:7e:
                    fb:ee:f1:8c:ca:90:cb:da:fd:24:e6:e8:ab:e1:d1:
                    b1:79:be:7f:50:f9:b6:2e:ab:df:a5:5e:de:dd:a8:
                    af:a7:85:4b:76:9f:af:0c:39:4e:25:68:f1:6c:b5:
                    16:aa:ad:e5:9d:55:f8:9f:f0:9c:75:5a:09:bf:1e:
                    68:d1:10:08:61:a4:a6:b6:5b:4f:6f:72:27:b6:85:
                    c4:59:d8:94:e0:5e:7b:3e:42:16:3c:63:f7:11:b5:
                    42:f0:6b:9c:01:7d:9d:87:9d:0a:54:9c:57:41:0d:
                    0f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:4E:02:A2:1B:1B:F6:45:83:89:C2:EC:BA:08:9C:C9:93:7A:B3:B9
            X509v3 Authority Key Identifier:
                keyid:48:0E:3C:F0:D1:22:57:4C:7E:7B:3B:F0:34:D0:D3:D0:13:EE:BC:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SA488NEiV0x-ezvwNNDT0BPuvBU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ba66f2-de3e-4de8-bd65-22f23fe29287/1/oU4Cohsb9kWDicLsugicyZN6s7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ba66f2-de3e-4de8-bd65-22f23fe29287/1/SA488NEiV0x-ezvwNNDT0BPuvBU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ac0::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:db:5c:ed:31:f4:07:e2:e6:c4:03:b5:07:af:da:28:03:fe:
         6f:f0:15:a1:96:62:fb:fd:c0:3b:77:49:8b:f4:a9:e1:65:b3:
         c6:85:44:0d:c4:5d:91:5f:e2:14:45:4e:ff:d9:7f:8c:76:7b:
         4f:ab:62:80:e5:db:ed:8f:2d:d6:42:75:b1:16:49:58:9e:52:
         fa:3e:42:79:c7:a0:84:cf:f9:13:f5:c1:b0:58:44:32:2f:f5:
         71:82:9e:c6:24:10:bc:a3:ab:81:73:86:08:ee:99:82:56:aa:
         d3:c3:39:00:e2:c8:01:44:a0:31:bf:9a:09:3f:ea:14:bd:fc:
         d4:ee:02:35:8e:ba:9d:8d:09:18:58:fe:b9:3e:16:b6:87:24:
         9f:5b:1b:ff:96:23:fa:ac:2a:f1:d6:ba:3a:63:aa:0b:72:f8:
         f2:3c:e1:de:7e:2c:1d:79:c4:3d:72:ad:9b:d3:50:bb:57:b2:
         a9:6b:68:af:60:df:ad:18:45:67:77:5b:e1:73:a2:35:e2:c6:
         b1:4d:d3:30:90:0c:0a:25:c7:75:eb:09:7b:01:7a:24:d2:0e:
         c8:c5:26:c5:1b:bf:5b:65:bf:2f:f3:85:3e:c7:69:3d:33:13:
         31:4f:db:15:a5:da:fc:83:87:fb:bf:98:e1:bc:36:a9:95:95:
         91:c2:58:37
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQks3itbVEd19XGb8SeYIiZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MGUzY2YwZDEyMjU3NGM3ZTdiM2JmMDM0ZDBkM2QwMTNl
ZWJjMTUwHhcNMjUwMTAyMDE0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTRlMDJhMjFiMWJmNjQ1ODM4OWMyZWNiYTA4OWNjOTkzN2FiM2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIKUHwVGPxAQ3ehvmxhxFL8wgxcY
qm0nrdT+FJ5TreMG9IdAws+8aV7sMIkvIwiT+uMRAWoy+iLChckc9upC0M0sC8gt
b3NqDBJv0SVBj8/a9BOnPi28juWKhN6EhlEi7gCWk8xcTP/Kc7fD1N951QJUGjHq
DcmpT98u1HyihAuR/9kkG1TzeRAsGaUSvBTG7qqqjX777vGMypDL2v0k5uir4dGx
eb5/UPm2LqvfpV7e3aivp4VLdp+vDDlOJWjxbLUWqq3lnVX4n/CcdVoJvx5o0RAI
YaSmtltPb3IntoXEWdiU4F57PkIWPGP3EbVC8GucAX2dh50KVJxXQQ0P9QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKFOAqIbG/ZFg4nC7LoInMmTerO5MB8GA1UdIwQY
MBaAFEgOPPDRIldMfns78DTQ09AT7rwVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0E0ODhORWlWMHgtZXp2d05ORFQwQlB1dkJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9iYTY2ZjItZGUzZS00ZGU4LWJkNjUt
MjJmMjNmZTI5Mjg3LzEvb1U0Q29oc2I5a1dEaWNMc3VnaWN5Wk42czdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9iYTY2ZjItZGUzZS00ZGU4LWJkNjUtMjJmMjNmZTI5Mjg3
LzEvU0E0ODhORWlWMHgtZXp2d05ORFQwQlB1dkJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfArA
MA0GCSqGSIb3DQEBCwUAA4IBAQAq21ztMfQH4ubEA7UHr9ooA/5v8BWhlmL7/cA7
d0mL9KnhZbPGhUQNxF2RX+IURU7/2X+MdntPq2KA5dvtjy3WQnWxFklYnlL6PkJ5
x6CEz/kT9cGwWEQyL/Vxgp7GJBC8o6uBc4YI7pmCVqrTwzkA4sgBRKAxv5oJP+oU
vfzU7gI1jrqdjQkYWP65Pha2hySfWxv/liP6rCrx1ro6Y6oLcvjyPOHefiwdecQ9
cq2b01C7V7Kpa2ivYN+tGEVnd1vhc6I14saxTdMwkAwKJcd16wl7AXok0g7IxSbF
G79bZb8v84U+x2k9MxMxT9sVpdr8g4f7v5jhvDaplZWRwlg3
-----END CERTIFICATE-----