Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c2fcfa-7dc1-4200-899e-bc493d5cbb5c/1/dQrN5l4ER8ioZrR3Ol61rF1mTIM.roa
File:                     dQrN5l4ER8ioZrR3Ol61rF1mTIM.roa (raw, json)
Hash identifier:          i6nZan7ltRkXD1mx1+9g2E7sNbpHefpKiqIOGyeWWGs=
Subject key identifier:   75:0A:CD:E6:5E:04:47:C8:A8:66:B4:77:3A:5E:B5:AC:5D:66:4C:83
Certificate issuer:       /CN=3708e04fd7bf81b675dcbe7b29aa263c912078b6
Certificate serial:       019423D6E79F25E8F6F35DE72338367A8D12
Authority key identifier: 37:08:E0:4F:D7:BF:81:B6:75:DC:BE:7B:29:AA:26:3C:91:20:78:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NwjgT9e_gbZ13L57KaomPJEgeLY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c2fcfa-7dc1-4200-899e-bc493d5cbb5c/1/dQrN5l4ER8ioZrR3Ol61rF1mTIM.roa
Signing time:             Wed 01 Jan 2025 21:47:54 +0000
ROA not before:           Wed 01 Jan 2025 21:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203269
IP address blocks:        2001:67c:428::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c2fcfa-7dc1-4200-899e-bc493d5cbb5c/1/NwjgT9e_gbZ13L57KaomPJEgeLY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c2fcfa-7dc1-4200-899e-bc493d5cbb5c/1/NwjgT9e_gbZ13L57KaomPJEgeLY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NwjgT9e_gbZ13L57KaomPJEgeLY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:e7:9f:25:e8:f6:f3:5d:e7:23:38:36:7a:8d:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3708e04fd7bf81b675dcbe7b29aa263c912078b6
        Validity
            Not Before: Jan  1 21:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=750acde65e0447c8a866b4773a5eb5ac5d664c83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:4f:1c:a6:42:44:f7:be:e1:da:ed:d0:65:c2:
                    a3:18:87:c8:13:a3:7c:87:d6:f3:d7:e7:3e:b8:5b:
                    ce:b4:6c:94:f2:29:75:c0:b3:be:45:e4:da:3c:f5:
                    d4:fe:d0:c9:20:ac:71:e8:3b:2a:04:e1:88:a7:0b:
                    ac:ba:67:fe:f1:2a:f2:a3:7f:56:dd:41:07:37:1d:
                    c2:72:b3:51:dc:98:ad:4a:3c:a2:a5:11:7e:53:23:
                    5d:5f:f3:99:2d:e5:21:9b:cc:cb:8a:d2:fd:40:d9:
                    bd:61:5c:ec:93:6a:c3:ad:ed:b5:c8:8d:26:61:29:
                    92:78:70:d2:a5:aa:7f:1d:04:f9:60:0a:68:71:c2:
                    17:35:d8:ca:34:cb:a3:1c:56:13:f9:61:a6:75:41:
                    ab:04:55:c6:4d:24:11:e2:70:ee:92:a8:91:f2:01:
                    2b:df:4b:77:2c:29:76:ee:4e:37:92:12:69:85:13:
                    91:f8:ef:97:ce:d4:32:4f:2b:53:4b:71:b8:0e:69:
                    30:ca:da:35:14:72:63:f8:3d:8f:74:25:f5:cb:71:
                    95:fc:af:0b:13:31:97:d2:f7:a0:97:2c:50:11:01:
                    de:e6:61:47:45:48:34:ee:54:23:dd:d0:6a:b1:98:
                    c3:f8:13:5a:2a:1c:74:e9:11:a5:34:89:47:5d:d5:
                    18:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:0A:CD:E6:5E:04:47:C8:A8:66:B4:77:3A:5E:B5:AC:5D:66:4C:83
            X509v3 Authority Key Identifier:
                keyid:37:08:E0:4F:D7:BF:81:B6:75:DC:BE:7B:29:AA:26:3C:91:20:78:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NwjgT9e_gbZ13L57KaomPJEgeLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c2fcfa-7dc1-4200-899e-bc493d5cbb5c/1/dQrN5l4ER8ioZrR3Ol61rF1mTIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c2fcfa-7dc1-4200-899e-bc493d5cbb5c/1/NwjgT9e_gbZ13L57KaomPJEgeLY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:428::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:68:e2:ba:eb:be:10:fb:38:52:cf:6d:34:64:ed:8e:d9:e9:
         4d:ba:d5:db:fe:50:27:23:6f:85:40:11:64:55:a7:8d:d8:f8:
         b6:d9:79:b4:7d:d6:97:95:73:37:5c:4c:86:5e:d3:a2:1a:8f:
         42:3c:f9:1c:dd:eb:e7:43:c7:8e:cf:86:5f:6e:5c:bd:55:2f:
         e0:61:7f:b1:3f:1a:1b:d2:48:a1:09:8e:4b:22:81:2f:9e:22:
         4f:d4:29:83:4f:64:68:e9:ea:89:fb:f1:14:7a:a5:60:e1:ea:
         b8:c5:3e:9a:96:06:6e:1b:2a:b0:16:cf:8b:c1:31:2a:d8:12:
         fc:cf:7c:a4:f4:be:52:eb:49:88:f4:5e:7d:de:ef:35:05:49:
         dd:16:f0:58:26:04:6e:d2:e7:51:65:62:c3:de:7c:52:cd:79:
         b9:90:d8:19:42:a2:4a:23:fd:ac:61:25:6b:97:f4:1c:53:fa:
         df:1d:61:2c:00:78:ed:6a:6c:c3:07:11:6a:45:8d:e8:2e:ab:
         e2:79:19:08:f8:c8:63:6c:a9:34:65:50:81:12:0a:a1:6e:d1:
         98:35:10:c1:92:bf:67:8b:08:84:d8:73:ae:31:87:d6:e3:20:
         22:ab:ae:9d:d1:b5:c8:2b:5d:50:1c:86:c6:44:37:3b:0b:2c:
         47:9a:a3:e8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQj1uefJej2813nIzg2eo0SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MDhlMDRmZDdiZjgxYjY3NWRjYmU3YjI5YWEyNjNjOTEy
MDc4YjYwHhcNMjUwMTAxMjE0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTBhY2RlNjVlMDQ0N2M4YTg2NmI0NzczYTVlYjVhYzVkNjY0YzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8U8cpkJE977h2u3QZcKjGIfIE6N8
h9bz1+c+uFvOtGyU8il1wLO+ReTaPPXU/tDJIKxx6DsqBOGIpwusumf+8Sryo39W
3UEHNx3CcrNR3JitSjyipRF+UyNdX/OZLeUhm8zLitL9QNm9YVzsk2rDre21yI0m
YSmSeHDSpap/HQT5YApoccIXNdjKNMujHFYT+WGmdUGrBFXGTSQR4nDukqiR8gEr
30t3LCl27k43khJphROR+O+XztQyTytTS3G4Dmkwyto1FHJj+D2PdCX1y3GV/K8L
EzGX0veglyxQEQHe5mFHRUg07lQj3dBqsZjD+BNaKhx06RGlNIlHXdUY9QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHUKzeZeBEfIqGa0dzpetaxdZkyDMB8GA1UdIwQY
MBaAFDcI4E/Xv4G2ddy+eymqJjyRIHi2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTndqZ1Q5ZV9nYloxM0w1N0thb21QSkVnZUxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMmZjZmEtN2RjMS00MjAwLTg5OWUt
YmM0OTNkNWNiYjVjLzEvZFFyTjVsNEVSOGlvWnJSM09sNjFyRjFtVElNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMmZjZmEtN2RjMS00MjAwLTg5OWUtYmM0OTNkNWNiYjVj
LzEvTndqZ1Q5ZV9nYloxM0w1N0thb21QSkVnZUxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAQo
MA0GCSqGSIb3DQEBCwUAA4IBAQAsaOK6674Q+zhSz200ZO2O2elNutXb/lAnI2+F
QBFkVaeN2Pi22Xm0fdaXlXM3XEyGXtOiGo9CPPkc3evnQ8eOz4Zfbly9VS/gYX+x
Pxob0kihCY5LIoEvniJP1CmDT2Ro6eqJ+/EUeqVg4eq4xT6algZuGyqwFs+LwTEq
2BL8z3yk9L5S60mI9F593u81BUndFvBYJgRu0udRZWLD3nxSzXm5kNgZQqJKI/2s
YSVrl/QcU/rfHWEsAHjtamzDBxFqRY3oLqvieRkI+MhjbKk0ZVCBEgqhbtGYNRDB
kr9niwiE2HOuMYfW4yAiq66d0bXIK11QHIbGRDc7CyxHmqPo
-----END CERTIFICATE-----