Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/4de9ba-0a6b-47f8-9770-f92019375bc8/1/1-p_3utwZJLFIY_hjsgzsQwTLbiI.roa
File:                     1-p_3utwZJLFIY_hjsgzsQwTLbiI.roa (raw, json)
Hash identifier:          zpk9gNBEbgG53UDNDLXhMv6FzOCjxm3OmxU6M/IVco8=
Subject key identifier:   FA:9F:F7:BA:DC:19:24:B1:48:63:F8:63:B2:0C:EC:43:04:CB:6E:22
Certificate issuer:       /CN=7587902ce7a6a334a4e0db73e721989015d6489b
Certificate serial:       01942522107F4E12D7DC5621D36C2193A062
Authority key identifier: 75:87:90:2C:E7:A6:A3:34:A4:E0:DB:73:E7:21:98:90:15:D6:48:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dYeQLOemozSk4Ntz5yGYkBXWSJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/4de9ba-0a6b-47f8-9770-f92019375bc8/1/1-p_3utwZJLFIY_hjsgzsQwTLbiI.roa
Signing time:             Thu 02 Jan 2025 03:49:36 +0000
ROA not before:           Thu 02 Jan 2025 03:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207111
IP address blocks:        2001:67c:770::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/4de9ba-0a6b-47f8-9770-f92019375bc8/1/dYeQLOemozSk4Ntz5yGYkBXWSJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/4de9ba-0a6b-47f8-9770-f92019375bc8/1/dYeQLOemozSk4Ntz5yGYkBXWSJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dYeQLOemozSk4Ntz5yGYkBXWSJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:10:7f:4e:12:d7:dc:56:21:d3:6c:21:93:a0:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7587902ce7a6a334a4e0db73e721989015d6489b
        Validity
            Not Before: Jan  2 03:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa9ff7badc1924b14863f863b20cec4304cb6e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:e5:81:42:d2:62:6c:d6:ac:7a:86:96:14:95:
                    34:6c:17:01:1f:5c:e0:1c:6a:e5:a5:34:f4:47:80:
                    c8:ce:c5:aa:e4:c1:4e:3f:78:9b:b1:d5:f7:18:cf:
                    61:36:8f:b0:3c:9f:3b:0f:5b:f7:54:4b:38:07:f9:
                    ca:68:66:34:91:f1:27:c3:27:8e:a3:f8:4d:53:70:
                    3d:2a:6e:e8:03:e8:ad:8d:43:05:b9:f4:ef:f3:ba:
                    cb:55:4f:f9:3d:6f:7e:7a:13:62:c2:67:9d:23:38:
                    95:3b:7b:53:11:3e:a7:be:fb:57:7e:5e:22:92:84:
                    c6:af:8b:98:fd:4a:f5:ed:e2:10:e9:62:55:c5:74:
                    70:5c:60:57:11:d8:57:50:78:f1:b7:d1:70:33:a9:
                    6b:43:ed:7e:3d:17:da:ee:5b:b2:09:83:8c:83:d1:
                    72:c9:39:c0:35:c8:53:41:44:b0:4f:eb:2f:16:aa:
                    24:bd:b7:9e:04:99:56:50:46:a1:a2:62:07:b6:6e:
                    74:81:81:d6:82:fb:e9:32:48:de:99:16:80:79:b3:
                    d0:8e:c9:82:14:c5:e9:a4:d0:20:61:b0:1e:9e:4d:
                    7b:5e:0b:cc:15:22:39:6f:0d:23:70:1b:e3:f9:34:
                    5f:ab:24:cb:04:46:2a:85:51:9d:77:c6:6a:f8:c8:
                    a5:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:9F:F7:BA:DC:19:24:B1:48:63:F8:63:B2:0C:EC:43:04:CB:6E:22
            X509v3 Authority Key Identifier:
                keyid:75:87:90:2C:E7:A6:A3:34:A4:E0:DB:73:E7:21:98:90:15:D6:48:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dYeQLOemozSk4Ntz5yGYkBXWSJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/4de9ba-0a6b-47f8-9770-f92019375bc8/1/1-p_3utwZJLFIY_hjsgzsQwTLbiI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/4de9ba-0a6b-47f8-9770-f92019375bc8/1/dYeQLOemozSk4Ntz5yGYkBXWSJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:770::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:84:26:fe:e8:42:1f:74:f1:35:db:c8:f7:5b:54:f7:fe:6a:
         e6:f4:a6:b2:19:d3:cb:76:c6:20:5a:e0:d7:a2:d7:bd:d7:e7:
         e6:4f:d8:ff:44:7f:77:ad:8b:e2:7e:ae:e4:93:a2:ca:1a:5e:
         d6:e1:6e:e2:18:28:cf:ef:31:4d:cd:75:b9:f8:1c:21:72:22:
         5b:01:04:d2:6a:40:ef:f9:25:66:de:c2:8f:e1:a7:1c:9d:2d:
         e8:88:57:13:64:9c:f1:93:49:9b:43:4e:75:aa:87:e6:62:75:
         16:a2:61:b0:15:78:28:8a:ce:ae:c7:6c:e5:45:eb:bc:58:07:
         d9:8e:d4:6d:cc:8b:f6:60:3b:5d:b4:ec:44:d9:4a:9f:31:8a:
         0f:c8:1b:a5:71:4d:4e:94:e3:2e:a4:0d:6a:92:46:ce:bb:48:
         bf:f7:79:a1:56:43:48:ca:03:92:72:26:ab:09:45:b4:e3:1f:
         41:d7:ad:b3:53:5f:9c:b0:65:d5:47:fc:53:9f:95:e1:ed:03:
         2c:21:5e:cc:25:4c:86:a7:a5:c5:84:98:4e:d8:de:59:6a:1d:
         18:b8:68:c5:4a:0d:82:a7:fd:30:10:1d:aa:9c:0c:7a:e2:12:
         c3:7b:db:d2:6f:ac:5b:11:bb:74:21:e3:17:ca:17:b6:ab:6b:
         0c:0d:eb:42
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAZQlIhB/ThLX3FYh02whk6BiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ODc5MDJjZTdhNmEzMzRhNGUwZGI3M2U3MjE5ODkwMTVk
NjQ4OWIwHhcNMjUwMTAyMDM0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTlmZjdiYWRjMTkyNGIxNDg2M2Y4NjNiMjBjZWM0MzA0Y2I2ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4uWBQtJibNaseoaWFJU0bBcBH1zg
HGrlpTT0R4DIzsWq5MFOP3ibsdX3GM9hNo+wPJ87D1v3VEs4B/nKaGY0kfEnwyeO
o/hNU3A9Km7oA+itjUMFufTv87rLVU/5PW9+ehNiwmedIziVO3tTET6nvvtXfl4i
koTGr4uY/Ur17eIQ6WJVxXRwXGBXEdhXUHjxt9FwM6lrQ+1+PRfa7luyCYOMg9Fy
yTnANchTQUSwT+svFqokvbeeBJlWUEahomIHtm50gYHWgvvpMkjemRaAebPQjsmC
FMXppNAgYbAenk17XgvMFSI5bw0jcBvj+TRfqyTLBEYqhVGdd8Zq+MilnQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPqf97rcGSSxSGP4Y7IM7EMEy24iMB8GA1UdIwQY
MBaAFHWHkCznpqM0pODbc+chmJAV1kibMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFllUUxPZW1velNrNE50ejV5R1lrQlhXU0pzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy80ZGU5YmEtMGE2Yi00N2Y4LTk3NzAt
ZjkyMDE5Mzc1YmM4LzEvMS1wXzN1dHdaSkxGSVlfaGpzZ3pzUXdUTGJpSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOWMvNGRlOWJhLTBhNmItNDdmOC05NzcwLWY5MjAxOTM3NWJj
OC8xL2RZZVFMT2Vtb3pTazROdHo1eUdZa0JYV1NKcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBnwH
cDANBgkqhkiG9w0BAQsFAAOCAQEACIQm/uhCH3TxNdvI91tU9/5q5vSmshnTy3bG
IFrg16LXvdfn5k/Y/0R/d62L4n6u5JOiyhpe1uFu4hgoz+8xTc11ufgcIXIiWwEE
0mpA7/klZt7Cj+GnHJ0t6IhXE2Sc8ZNJm0NOdaqH5mJ1FqJhsBV4KIrOrsds5UXr
vFgH2Y7UbcyL9mA7XbTsRNlKnzGKD8gbpXFNTpTjLqQNapJGzrtIv/d5oVZDSMoD
knImqwlFtOMfQdets1NfnLBl1Uf8U5+V4e0DLCFezCVMhqelxYSYTtjeWWodGLho
xUoNgqf9MBAdqpwMeuISw3vb0m+sWxG7dCHjF8oXtqtrDA3rQg==
-----END CERTIFICATE-----