Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/1601e6-c5b9-4322-89f9-4bd14e7a85cf/1/tTUbMusnQYjR8dloqUBDH5RJbJY.roa
File:                     tTUbMusnQYjR8dloqUBDH5RJbJY.roa (raw, json)
Hash identifier:          x4a6yPSN4IfbK/Lgl6LTelrziLDZIshNFyvd6MyXqsI=
Subject key identifier:   B5:35:1B:32:EB:27:41:88:D1:F1:D9:68:A9:40:43:1F:94:49:6C:96
Certificate issuer:       /CN=7668fe49ae9747257150015be43e29628c6316c4
Certificate serial:       019424B3D6A9413C0841D114F50DF7C5545D
Authority key identifier: 76:68:FE:49:AE:97:47:25:71:50:01:5B:E4:3E:29:62:8C:63:16:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dmj-Sa6XRyVxUAFb5D4pYoxjFsQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/1601e6-c5b9-4322-89f9-4bd14e7a85cf/1/tTUbMusnQYjR8dloqUBDH5RJbJY.roa
Signing time:             Thu 02 Jan 2025 01:49:13 +0000
ROA not before:           Thu 02 Jan 2025 01:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203692
IP address blocks:        2001:67c:2f0c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/1601e6-c5b9-4322-89f9-4bd14e7a85cf/1/dmj-Sa6XRyVxUAFb5D4pYoxjFsQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/1601e6-c5b9-4322-89f9-4bd14e7a85cf/1/dmj-Sa6XRyVxUAFb5D4pYoxjFsQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dmj-Sa6XRyVxUAFb5D4pYoxjFsQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:d6:a9:41:3c:08:41:d1:14:f5:0d:f7:c5:54:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7668fe49ae9747257150015be43e29628c6316c4
        Validity
            Not Before: Jan  2 01:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5351b32eb274188d1f1d968a940431f94496c96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d3:68:03:fc:d1:00:02:6a:62:3a:96:23:e7:
                    5a:08:4a:88:8a:4d:6a:1f:7d:a7:86:65:c2:0b:e0:
                    0d:ee:45:6b:5b:7b:02:7d:f5:fe:a2:f5:ba:46:f0:
                    89:0e:dd:fd:e6:c2:2f:2e:b8:69:58:17:87:43:77:
                    45:34:c5:bd:bd:6f:02:a9:4b:05:5b:8a:84:a7:c9:
                    31:e4:74:b0:71:0b:db:9f:b5:5a:5c:dd:28:84:b3:
                    71:f6:82:ea:4a:c9:4e:a8:3e:da:cd:e1:55:fb:2c:
                    94:de:b7:f1:88:4b:21:06:3d:bd:17:7b:bf:fe:06:
                    e8:22:fb:a5:d4:ff:ea:c6:21:11:44:2e:f7:00:12:
                    4b:f3:44:fb:41:e0:9b:36:1f:d6:0d:e2:ef:70:b8:
                    29:0d:e5:e7:4f:5a:18:3d:fb:b0:d4:5c:5d:44:38:
                    32:0f:dc:40:f9:f6:b0:fe:b5:fb:5e:04:8f:21:63:
                    bc:4f:80:7b:f6:a5:63:74:af:1d:32:d1:d2:85:9d:
                    c1:48:37:59:74:76:de:6b:fc:91:a5:50:ca:e2:f3:
                    de:7a:03:be:f3:7d:2e:9b:8a:8f:1b:e7:5d:d8:bf:
                    b0:3a:8a:64:74:94:08:5c:85:e7:e3:db:52:ff:df:
                    9a:bc:d3:84:3d:c1:42:6c:a1:97:ad:18:07:e8:12:
                    99:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:35:1B:32:EB:27:41:88:D1:F1:D9:68:A9:40:43:1F:94:49:6C:96
            X509v3 Authority Key Identifier:
                keyid:76:68:FE:49:AE:97:47:25:71:50:01:5B:E4:3E:29:62:8C:63:16:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dmj-Sa6XRyVxUAFb5D4pYoxjFsQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/1601e6-c5b9-4322-89f9-4bd14e7a85cf/1/tTUbMusnQYjR8dloqUBDH5RJbJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/1601e6-c5b9-4322-89f9-4bd14e7a85cf/1/dmj-Sa6XRyVxUAFb5D4pYoxjFsQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2f0c::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:08:46:4e:c9:1e:4a:68:05:33:eb:79:d0:9e:46:11:e5:c8:
         a2:b2:7f:d4:b6:42:69:70:2f:89:ec:c5:32:5d:c9:4f:2e:a4:
         58:28:5d:c0:b8:cb:20:2b:f0:00:5e:b1:a5:38:2a:66:94:84:
         df:ca:02:9d:5a:34:76:c6:3a:9d:e8:92:68:be:46:36:e2:86:
         30:79:b6:45:e1:23:75:a4:3c:87:60:ff:ee:c3:af:e2:07:d2:
         a9:a4:b5:25:69:79:ac:a3:97:8a:b8:56:e8:f5:f2:7d:90:74:
         65:a4:e2:9a:54:3c:42:b9:29:e0:49:b3:07:eb:ed:db:58:d4:
         d2:b9:e2:8a:d6:7f:5f:b9:f3:da:09:df:c0:74:80:5a:79:d5:
         cf:95:da:cc:2f:41:34:0d:cb:15:cf:6c:fd:6c:1a:72:96:2d:
         29:d8:75:df:91:d2:3a:9f:b1:3a:e9:0b:44:38:6d:08:cc:eb:
         24:59:be:f6:7d:95:c8:bd:c0:10:fa:9f:02:6e:6c:fc:92:b6:
         4e:dd:9d:f6:30:58:cc:d3:e0:42:da:f2:ff:76:3a:73:96:3a:
         3a:13:4a:b0:94:a9:8f:67:21:54:5c:10:66:b3:c9:a3:42:93:
         0e:17:85:b2:87:82:4d:89:46:b9:bf:5d:cd:0b:1c:7f:61:7c:
         e6:8a:63:42
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQks9apQTwIQdEU9Q33xVRdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NjhmZTQ5YWU5NzQ3MjU3MTUwMDE1YmU0M2UyOTYyOGM2
MzE2YzQwHhcNMjUwMTAyMDE0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTM1MWIzMmViMjc0MTg4ZDFmMWQ5NjhhOTQwNDMxZjk0NDk2Yzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNNoA/zRAAJqYjqWI+daCEqIik1q
H32nhmXCC+AN7kVrW3sCffX+ovW6RvCJDt395sIvLrhpWBeHQ3dFNMW9vW8CqUsF
W4qEp8kx5HSwcQvbn7VaXN0ohLNx9oLqSslOqD7azeFV+yyU3rfxiEshBj29F3u/
/gboIvul1P/qxiERRC73ABJL80T7QeCbNh/WDeLvcLgpDeXnT1oYPfuw1FxdRDgy
D9xA+faw/rX7XgSPIWO8T4B79qVjdK8dMtHShZ3BSDdZdHbea/yRpVDK4vPeegO+
830um4qPG+dd2L+wOopkdJQIXIXn49tS/9+avNOEPcFCbKGXrRgH6BKZvwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLU1GzLrJ0GI0fHZaKlAQx+USWyWMB8GA1UdIwQY
MBaAFHZo/kmul0clcVABW+Q+KWKMYxbEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG1qLVNhNlhSeVZ4VUFGYjVENHBZb3hqRnNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS8xNjAxZTYtYzViOS00MzIyLTg5Zjkt
NGJkMTRlN2E4NWNmLzEvdFRVYk11c25RWWpSOGRsb3FVQkRINVJKYkpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS8xNjAxZTYtYzViOS00MzIyLTg5ZjktNGJkMTRlN2E4NWNm
LzEvZG1qLVNhNlhSeVZ4VUFGYjVENHBZb3hqRnNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC8M
MA0GCSqGSIb3DQEBCwUAA4IBAQArCEZOyR5KaAUz63nQnkYR5ciisn/UtkJpcC+J
7MUyXclPLqRYKF3AuMsgK/AAXrGlOCpmlITfygKdWjR2xjqd6JJovkY24oYwebZF
4SN1pDyHYP/uw6/iB9KppLUlaXmso5eKuFbo9fJ9kHRlpOKaVDxCuSngSbMH6+3b
WNTSueKK1n9fufPaCd/AdIBaedXPldrML0E0DcsVz2z9bBpyli0p2HXfkdI6n7E6
6QtEOG0IzOskWb72fZXIvcAQ+p8Cbmz8krZO3Z32MFjM0+BC2vL/djpzljo6E0qw
lKmPZyFUXBBms8mjQpMOF4Wyh4JNiUa5v13NCxx/YXzmimNC
-----END CERTIFICATE-----