Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/e85a41-b3ff-4fcd-80b2-4aabec0d30a3/1/2zu7oCjT-KVZRR2HzaLDOvNTLj0.roa
File:                     2zu7oCjT-KVZRR2HzaLDOvNTLj0.roa (raw, json)
Hash identifier:          D7mApAX4YmoA8emuHbADon4rwd+qyVDHh/ZdGBtTqIs=
Subject key identifier:   DB:3B:BB:A0:28:D3:F8:A5:59:45:1D:87:CD:A2:C3:3A:F3:53:2E:3D
Certificate issuer:       /CN=9fb79d298110b6fb319301ebc22bf180e7054796
Certificate serial:       0194258ECC84A6F62D521AFA97CF7A58B4AC
Authority key identifier: 9F:B7:9D:29:81:10:B6:FB:31:93:01:EB:C2:2B:F1:80:E7:05:47:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n7edKYEQtvsxkwHrwivxgOcFR5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/e85a41-b3ff-4fcd-80b2-4aabec0d30a3/1/2zu7oCjT-KVZRR2HzaLDOvNTLj0.roa
Signing time:             Thu 02 Jan 2025 05:48:22 +0000
ROA not before:           Thu 02 Jan 2025 05:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8949
IP address blocks:        2001:67c:560::/48 maxlen: 48
                          2001:67c:7bc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/e85a41-b3ff-4fcd-80b2-4aabec0d30a3/1/n7edKYEQtvsxkwHrwivxgOcFR5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/e85a41-b3ff-4fcd-80b2-4aabec0d30a3/1/n7edKYEQtvsxkwHrwivxgOcFR5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n7edKYEQtvsxkwHrwivxgOcFR5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:cc:84:a6:f6:2d:52:1a:fa:97:cf:7a:58:b4:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fb79d298110b6fb319301ebc22bf180e7054796
        Validity
            Not Before: Jan  2 05:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db3bbba028d3f8a559451d87cda2c33af3532e3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6d:f7:49:e0:23:f4:36:ad:bd:d2:2e:ec:12:
                    0b:32:52:6d:3b:88:dd:c6:b2:ed:1e:5a:18:76:d3:
                    cc:bb:46:1a:27:c3:eb:11:5e:2b:72:48:00:0a:18:
                    13:4b:ca:b1:e9:25:d6:03:30:b9:d3:30:fd:b4:67:
                    5d:b1:ed:c1:9c:e3:0b:69:7b:02:48:44:5a:34:28:
                    49:d3:ad:14:fa:41:a4:78:79:ef:c6:95:72:8e:38:
                    1c:fb:85:e8:9d:ea:c7:47:e6:f7:96:a8:4d:c0:c6:
                    2f:97:cf:30:db:9e:48:f5:02:13:a0:e1:e3:b7:a4:
                    f5:79:56:4a:ea:b2:c6:83:05:d0:4b:ba:aa:38:ba:
                    49:89:fb:c7:95:1e:66:02:f2:02:18:47:d1:8b:aa:
                    cc:f0:f2:18:c4:57:ae:35:99:90:ae:7c:b8:16:cd:
                    02:87:1a:60:cb:bd:d8:f7:37:6d:19:94:02:d3:a5:
                    bc:9e:6d:f2:8b:08:e9:f6:a0:0a:50:32:b9:3e:85:
                    b6:45:0d:23:3c:fe:ea:bb:cd:c5:9a:c0:c3:27:a6:
                    34:47:66:c7:52:ed:18:4a:7d:3f:20:a4:95:fa:04:
                    8f:e7:69:7c:bf:0f:ba:d2:8d:a2:97:ce:45:eb:67:
                    fc:a3:f9:6a:d6:49:51:7c:51:4a:76:1b:7a:3d:75:
                    7d:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:3B:BB:A0:28:D3:F8:A5:59:45:1D:87:CD:A2:C3:3A:F3:53:2E:3D
            X509v3 Authority Key Identifier:
                keyid:9F:B7:9D:29:81:10:B6:FB:31:93:01:EB:C2:2B:F1:80:E7:05:47:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n7edKYEQtvsxkwHrwivxgOcFR5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/e85a41-b3ff-4fcd-80b2-4aabec0d30a3/1/2zu7oCjT-KVZRR2HzaLDOvNTLj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/e85a41-b3ff-4fcd-80b2-4aabec0d30a3/1/n7edKYEQtvsxkwHrwivxgOcFR5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:560::/48
                  2001:67c:7bc::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:b9:ab:e6:ec:62:19:48:89:9e:7c:d2:1b:25:37:88:95:05:
         ea:ce:c3:da:dc:82:8e:9f:f9:78:bc:b3:5b:59:75:6c:94:97:
         eb:c3:e8:1e:0b:71:fc:39:85:c9:63:d6:28:9a:6e:5c:1c:bc:
         8f:83:b6:9c:af:5b:dd:f3:02:b0:0f:fe:ef:61:0c:f0:90:d1:
         4a:60:87:8c:07:e8:92:66:3b:09:37:a0:f0:ea:84:14:38:23:
         95:28:2c:eb:d7:c2:d9:68:29:a8:be:fb:fe:f3:1a:ce:4c:10:
         7f:36:c9:bb:bb:f3:6e:48:37:a7:3b:fe:ac:6c:0c:82:e4:38:
         10:d5:4f:c1:69:12:e6:07:22:f5:9d:fb:ed:ac:2f:2d:41:99:
         30:06:05:7d:58:ee:0f:1e:16:c9:0d:fe:89:02:1b:b8:17:c5:
         ec:df:b3:7f:a5:ac:61:a8:b4:dd:37:cf:67:63:16:94:1c:ab:
         de:15:3d:66:95:ef:b0:15:62:18:39:03:02:61:b2:39:9d:24:
         28:f6:98:9b:37:78:03:bf:b1:3b:5a:e7:27:91:7a:f6:9a:0e:
         d1:8c:f0:97:cc:a4:9c:5e:69:b2:1a:80:09:26:89:9a:68:b7:
         e5:78:cb:cd:b4:dc:ad:47:59:ed:2f:15:2e:39:a7:d2:ea:94:
         8b:d7:6c:58
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQljsyEpvYtUhr6l896WLSsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYjc5ZDI5ODExMGI2ZmIzMTkzMDFlYmMyMmJmMTgwZTcw
NTQ3OTYwHhcNMjUwMTAyMDU0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjNiYmJhMDI4ZDNmOGE1NTk0NTFkODdjZGEyYzMzYWYzNTMyZTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtm33SeAj9DatvdIu7BILMlJtO4jd
xrLtHloYdtPMu0YaJ8PrEV4rckgAChgTS8qx6SXWAzC50zD9tGddse3BnOMLaXsC
SERaNChJ060U+kGkeHnvxpVyjjgc+4XonerHR+b3lqhNwMYvl88w255I9QIToOHj
t6T1eVZK6rLGgwXQS7qqOLpJifvHlR5mAvICGEfRi6rM8PIYxFeuNZmQrny4Fs0C
hxpgy73Y9zdtGZQC06W8nm3yiwjp9qAKUDK5PoW2RQ0jPP7qu83FmsDDJ6Y0R2bH
Uu0YSn0/IKSV+gSP52l8vw+60o2il85F62f8o/lq1klRfFFKdht6PXV9fQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNs7u6Ao0/ilWUUdh82iwzrzUy49MB8GA1UdIwQY
MBaAFJ+3nSmBELb7MZMB68Ir8YDnBUeWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjdlZEtZRVF0dnN4a3dIcndpdnhnT2NGUjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lODVhNDEtYjNmZi00ZmNkLTgwYjIt
NGFhYmVjMGQzMGEzLzEvMnp1N29DalQtS1ZaUlIySHphTERPdk5UTGowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lODVhNDEtYjNmZi00ZmNkLTgwYjItNGFhYmVjMGQzMGEz
LzEvbjdlZEtZRVF0dnN4a3dIcndpdnhnT2NGUjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGfAVg
AwcAIAEGfAe8MA0GCSqGSIb3DQEBCwUAA4IBAQA7uavm7GIZSImefNIbJTeIlQXq
zsPa3IKOn/l4vLNbWXVslJfrw+geC3H8OYXJY9Yomm5cHLyPg7acr1vd8wKwD/7v
YQzwkNFKYIeMB+iSZjsJN6Dw6oQUOCOVKCzr18LZaCmovvv+8xrOTBB/Nsm7u/Nu
SDenO/6sbAyC5DgQ1U/BaRLmByL1nfvtrC8tQZkwBgV9WO4PHhbJDf6JAhu4F8Xs
37N/paxhqLTdN89nYxaUHKveFT1mle+wFWIYOQMCYbI5nSQo9pibN3gDv7E7Wucn
kXr2mg7RjPCXzKScXmmyGoAJJomaaLfleMvNtNytR1ntLxUuOafS6pSL12xY
-----END CERTIFICATE-----