Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/7bJ_SXsvQs5jd90zxR_xlvABeGo.roa
File:                     7bJ_SXsvQs5jd90zxR_xlvABeGo.roa (raw, json)
Hash identifier:          m0ZQ2Y2DbXV8jV6KvTNs6fUZ/bk3yiFcpgd8GYS9O7Q=
Subject key identifier:   ED:B2:7F:49:7B:2F:42:CE:63:77:DD:33:C5:1F:F1:96:F0:01:78:6A
Certificate issuer:       /CN=0bac82804700ad36538bf86f34c073e971430da5
Certificate serial:       019421B1C59C0CD63FD1F61E7032F5F60D5F
Authority key identifier: 0B:AC:82:80:47:00:AD:36:53:8B:F8:6F:34:C0:73:E9:71:43:0D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C6yCgEcArTZTi_hvNMBz6XFDDaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/7bJ_SXsvQs5jd90zxR_xlvABeGo.roa
Signing time:             Wed 01 Jan 2025 11:48:06 +0000
ROA not before:           Wed 01 Jan 2025 11:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39871
IP address blocks:        2001:67c:254c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/C6yCgEcArTZTi_hvNMBz6XFDDaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/C6yCgEcArTZTi_hvNMBz6XFDDaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C6yCgEcArTZTi_hvNMBz6XFDDaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:c5:9c:0c:d6:3f:d1:f6:1e:70:32:f5:f6:0d:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bac82804700ad36538bf86f34c073e971430da5
        Validity
            Not Before: Jan  1 11:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=edb27f497b2f42ce6377dd33c51ff196f001786a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:38:27:2c:65:69:e6:91:8d:e6:0b:31:5a:0c:
                    19:0f:5f:db:78:b7:a5:e2:ef:13:7b:51:6d:b3:a0:
                    6a:04:80:2d:7e:2a:29:6c:2f:c6:7e:9c:10:19:85:
                    71:82:2d:70:98:ac:5a:cf:54:58:22:c6:6e:fd:1c:
                    22:3e:cd:ed:4b:c4:b6:c7:74:5b:4c:84:36:3d:d9:
                    9e:49:c5:f2:db:e6:19:8a:d1:be:ed:44:75:d6:7f:
                    85:46:e0:51:02:ec:ca:fa:07:95:cb:53:ac:4f:e0:
                    65:a9:c7:d6:2f:c3:4e:75:87:2a:32:24:1e:64:cf:
                    ab:30:85:e2:54:0a:cd:45:9f:37:18:70:7e:ad:a9:
                    f2:30:f0:e5:e8:29:61:f4:fa:92:11:ae:56:69:7f:
                    75:11:05:20:d5:62:5b:df:46:e1:00:2d:b0:ad:83:
                    16:1b:09:eb:d9:66:ac:0a:fd:38:6a:74:58:b5:f9:
                    5b:12:89:1c:c7:2d:77:b8:36:52:ea:4a:cd:81:66:
                    82:e4:b9:1b:10:40:02:db:ab:18:13:35:37:f7:17:
                    51:c4:85:14:43:cf:39:26:6a:d7:da:dc:77:e1:a2:
                    28:00:ac:9f:34:fc:63:f8:dc:e2:6a:f4:b9:45:d9:
                    de:59:b0:2f:b3:9c:f8:2a:b9:d0:d2:ff:6e:bd:40:
                    4c:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:B2:7F:49:7B:2F:42:CE:63:77:DD:33:C5:1F:F1:96:F0:01:78:6A
            X509v3 Authority Key Identifier:
                keyid:0B:AC:82:80:47:00:AD:36:53:8B:F8:6F:34:C0:73:E9:71:43:0D:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C6yCgEcArTZTi_hvNMBz6XFDDaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/7bJ_SXsvQs5jd90zxR_xlvABeGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/C6yCgEcArTZTi_hvNMBz6XFDDaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:254c::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:02:75:36:ae:00:65:b4:72:2a:20:84:f6:3f:52:13:d4:65:
         db:66:3c:d7:cc:34:5c:7c:45:15:79:30:77:05:d4:91:4d:ff:
         9e:94:89:0d:ea:25:6b:ec:7c:7f:35:c5:49:ef:b7:23:8a:c7:
         05:df:6a:fc:d3:0a:94:35:9f:be:3b:1c:fb:b4:12:15:c2:e7:
         2a:56:8d:0a:9c:c6:02:ff:ea:fc:7f:61:fa:11:c1:e1:66:b4:
         e8:6c:0f:cb:e5:48:cd:f0:6b:03:ac:00:17:e2:ae:51:12:c7:
         28:bc:cf:c4:74:c9:1c:80:95:4d:23:ce:1d:1d:1f:26:bc:22:
         73:86:bd:55:28:e0:9c:5b:b6:ec:7d:7a:f2:24:54:93:ef:b9:
         86:eb:13:c0:e5:32:52:d9:98:c6:09:04:97:e0:a8:74:7c:2b:
         f6:e5:06:ad:d0:91:ad:94:22:16:b4:3f:cd:3a:be:91:c0:2f:
         90:d3:89:38:9a:10:dc:6d:34:f9:bf:bb:3b:58:09:e2:4e:20:
         e9:61:c1:6b:e2:32:87:0e:38:2f:aa:43:cb:a0:d5:34:25:69:
         f6:e4:72:6c:5f:ce:dc:3c:63:ba:84:af:ad:25:5e:e6:cb:90:
         1e:a9:ed:cd:39:a7:35:7e:ea:85:2a:ed:11:b2:ab:8d:8d:89:
         60:de:9e:03
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhscWcDNY/0fYecDL19g1fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYWM4MjgwNDcwMGFkMzY1MzhiZjg2ZjM0YzA3M2U5NzE0
MzBkYTUwHhcNMjUwMTAxMTE0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGIyN2Y0OTdiMmY0MmNlNjM3N2RkMzNjNTFmZjE5NmYwMDE3ODZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzgnLGVp5pGN5gsxWgwZD1/beLel
4u8Te1Fts6BqBIAtfiopbC/GfpwQGYVxgi1wmKxaz1RYIsZu/RwiPs3tS8S2x3Rb
TIQ2PdmeScXy2+YZitG+7UR11n+FRuBRAuzK+geVy1OsT+BlqcfWL8NOdYcqMiQe
ZM+rMIXiVArNRZ83GHB+ranyMPDl6Clh9PqSEa5WaX91EQUg1WJb30bhAC2wrYMW
Gwnr2WasCv04anRYtflbEokcxy13uDZS6krNgWaC5LkbEEAC26sYEzU39xdRxIUU
Q885JmrX2tx34aIoAKyfNPxj+NziavS5RdneWbAvs5z4KrnQ0v9uvUBMXwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO2yf0l7L0LOY3fdM8Uf8ZbwAXhqMB8GA1UdIwQY
MBaAFAusgoBHAK02U4v4bzTAc+lxQw2lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzZ5Q2dFY0FyVFpUaV9odk5NQno2WEZERGFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9hNzI4OTEtZGUyZi00MTU2LWEwMTEt
NDNmNjRiY2VhOTlkLzEvN2JKX1NYc3ZRczVqZDkwenhSX3hsdkFCZUdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9hNzI4OTEtZGUyZi00MTU2LWEwMTEtNDNmNjRiY2VhOTlk
LzEvQzZ5Q2dFY0FyVFpUaV9odk5NQno2WEZERGFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCVM
MA0GCSqGSIb3DQEBCwUAA4IBAQCLAnU2rgBltHIqIIT2P1IT1GXbZjzXzDRcfEUV
eTB3BdSRTf+elIkN6iVr7Hx/NcVJ77cjiscF32r80wqUNZ++Oxz7tBIVwucqVo0K
nMYC/+r8f2H6EcHhZrTobA/L5UjN8GsDrAAX4q5REscovM/EdMkcgJVNI84dHR8m
vCJzhr1VKOCcW7bsfXryJFST77mG6xPA5TJS2ZjGCQSX4Kh0fCv25Qat0JGtlCIW
tD/NOr6RwC+Q04k4mhDcbTT5v7s7WAniTiDpYcFr4jKHDjgvqkPLoNU0JWn25HJs
X87cPGO6hK+tJV7my5Aeqe3NOac1fuqFKu0RsquNjYlg3p4D
-----END CERTIFICATE-----