Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/060cea-e920-40de-90da-8d49ebcae9b3/1/cu8xrGCLqiGHp1db_MgiG0UxHW8.roa
File:                     cu8xrGCLqiGHp1db_MgiG0UxHW8.roa (raw, json)
Hash identifier:          giP9e0QpRuK7Urrt2Hhvj2cOHwVCXlF67CRutRL96MA=
Subject key identifier:   72:EF:31:AC:60:8B:AA:21:87:A7:57:5B:FC:C8:22:1B:45:31:1D:6F
Certificate issuer:       /CN=e6049cf87dd8f1fd4c8024b5a6c9ea94f17b6fbd
Certificate serial:       01941F8C3323DF8D088FA42C70918EE057A3
Authority key identifier: E6:04:9C:F8:7D:D8:F1:FD:4C:80:24:B5:A6:C9:EA:94:F1:7B:6F:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5gSc-H3Y8f1MgCS1psnqlPF7b70.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/060cea-e920-40de-90da-8d49ebcae9b3/1/cu8xrGCLqiGHp1db_MgiG0UxHW8.roa
Signing time:             Wed 01 Jan 2025 01:47:49 +0000
ROA not before:           Wed 01 Jan 2025 01:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12502
IP address blocks:        2001:67c:684::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/060cea-e920-40de-90da-8d49ebcae9b3/1/5gSc-H3Y8f1MgCS1psnqlPF7b70.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/060cea-e920-40de-90da-8d49ebcae9b3/1/5gSc-H3Y8f1MgCS1psnqlPF7b70.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5gSc-H3Y8f1MgCS1psnqlPF7b70.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:33:23:df:8d:08:8f:a4:2c:70:91:8e:e0:57:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6049cf87dd8f1fd4c8024b5a6c9ea94f17b6fbd
        Validity
            Not Before: Jan  1 01:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72ef31ac608baa2187a7575bfcc8221b45311d6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:5e:86:8e:3f:06:42:3b:03:42:e4:62:36:40:
                    aa:21:de:87:52:1f:0f:05:2c:23:78:d6:70:0b:2d:
                    77:2e:76:fa:09:26:82:81:27:d3:2d:89:3a:96:73:
                    07:9c:18:97:ec:d5:bc:e7:44:25:e6:03:da:b7:a5:
                    17:8a:4e:82:f9:35:2c:ff:65:49:79:e2:d0:f4:a3:
                    02:d8:69:fe:db:c4:29:b5:6b:ba:a4:eb:51:b8:8e:
                    ae:af:39:2e:95:36:df:72:f7:ef:21:5f:19:f4:0d:
                    ae:85:c9:7c:38:de:1d:a8:8c:07:81:dd:19:98:72:
                    a2:af:12:8a:2b:64:20:60:17:85:5b:94:10:15:0e:
                    1d:11:94:cd:d9:d7:64:e9:de:e1:a4:51:5d:d2:55:
                    57:16:2e:d4:64:74:7e:51:86:6a:01:08:11:5d:ce:
                    96:b5:5d:a2:52:be:8d:6c:4f:ff:83:80:3c:49:3e:
                    59:30:d8:98:53:74:73:cd:8d:1a:d7:fc:73:53:d4:
                    bf:8a:64:8d:26:58:a1:4f:c8:17:fb:0b:95:53:82:
                    9c:dd:09:2e:22:40:f8:ac:eb:df:09:cd:e9:97:ad:
                    2e:f8:17:05:fc:03:e3:5e:3c:be:b8:72:13:8c:4f:
                    9e:1b:5c:4d:0b:d0:ee:db:ba:7f:4b:54:23:ae:12:
                    f0:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:EF:31:AC:60:8B:AA:21:87:A7:57:5B:FC:C8:22:1B:45:31:1D:6F
            X509v3 Authority Key Identifier:
                keyid:E6:04:9C:F8:7D:D8:F1:FD:4C:80:24:B5:A6:C9:EA:94:F1:7B:6F:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5gSc-H3Y8f1MgCS1psnqlPF7b70.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/060cea-e920-40de-90da-8d49ebcae9b3/1/cu8xrGCLqiGHp1db_MgiG0UxHW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/060cea-e920-40de-90da-8d49ebcae9b3/1/5gSc-H3Y8f1MgCS1psnqlPF7b70.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:684::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:85:b7:51:09:a5:53:51:40:1a:9d:52:5f:b3:a7:38:df:39:
         4f:b0:ea:6e:77:a9:ba:43:de:09:ba:4c:cb:60:d7:45:36:f0:
         6c:57:43:44:3f:04:9a:f4:18:cb:81:5a:76:81:99:bd:c8:4c:
         2b:4e:3f:4e:c2:05:e9:a7:e0:3a:99:ce:26:b5:40:36:a8:cd:
         11:ea:5c:8c:c5:37:3e:8e:f6:d4:a0:9d:80:fb:0b:e6:91:22:
         7e:18:b2:67:3b:05:82:a5:cd:30:df:a3:78:a6:ef:30:92:16:
         bd:b7:50:2b:e1:9b:af:2b:8a:60:5e:8e:b8:5d:7e:20:be:aa:
         58:65:60:a8:cf:36:4c:81:b2:0e:bb:7d:e3:82:46:24:c7:60:
         11:1f:5a:7b:7b:be:9c:5e:d8:23:47:7b:d8:1b:e8:fc:bb:5c:
         0e:e1:7e:45:99:b4:b3:e6:71:93:0c:74:1e:3a:b5:60:42:61:
         8b:54:85:da:e0:76:bc:14:02:a1:5d:17:c8:75:d5:c1:58:6a:
         41:19:59:a6:da:29:a1:8f:08:5b:6b:b4:c9:94:7a:9f:a9:67:
         b7:38:3c:5e:7c:f5:09:e8:ec:2f:08:90:fd:60:eb:ab:13:b8:
         59:05:ad:db:0e:93:f4:70:33:7a:98:c2:cf:d7:2f:bd:7d:cb:
         db:05:2d:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjDMj340Ij6QscJGO4FejMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MDQ5Y2Y4N2RkOGYxZmQ0YzgwMjRiNWE2YzllYTk0ZjE3
YjZmYmQwHhcNMjUwMTAxMDE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmVmMzFhYzYwOGJhYTIxODdhNzU3NWJmY2M4MjIxYjQ1MzExZDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy16Gjj8GQjsDQuRiNkCqId6HUh8P
BSwjeNZwCy13Lnb6CSaCgSfTLYk6lnMHnBiX7NW850Ql5gPat6UXik6C+TUs/2VJ
eeLQ9KMC2Gn+28QptWu6pOtRuI6urzkulTbfcvfvIV8Z9A2uhcl8ON4dqIwHgd0Z
mHKirxKKK2QgYBeFW5QQFQ4dEZTN2ddk6d7hpFFd0lVXFi7UZHR+UYZqAQgRXc6W
tV2iUr6NbE//g4A8ST5ZMNiYU3RzzY0a1/xzU9S/imSNJlihT8gX+wuVU4Kc3Qku
IkD4rOvfCc3pl60u+BcF/APjXjy+uHITjE+eG1xNC9Du27p/S1QjrhLw6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHLvMaxgi6ohh6dXW/zIIhtFMR1vMB8GA1UdIwQY
MBaAFOYEnPh92PH9TIAktabJ6pTxe2+9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWdTYy1IM1k4ZjFNZ0NTMXBzbnFsUEY3YjcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8wNjBjZWEtZTkyMC00MGRlLTkwZGEt
OGQ0OWViY2FlOWIzLzEvY3U4eHJHQ0xxaUdIcDFkYl9NZ2lHMFV4SFc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8wNjBjZWEtZTkyMC00MGRlLTkwZGEtOGQ0OWViY2FlOWIz
LzEvNWdTYy1IM1k4ZjFNZ0NTMXBzbnFsUEY3YjcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAaE
MA0GCSqGSIb3DQEBCwUAA4IBAQAyhbdRCaVTUUAanVJfs6c43zlPsOpud6m6Q94J
ukzLYNdFNvBsV0NEPwSa9BjLgVp2gZm9yEwrTj9OwgXpp+A6mc4mtUA2qM0R6lyM
xTc+jvbUoJ2A+wvmkSJ+GLJnOwWCpc0w36N4pu8wkha9t1Ar4ZuvK4pgXo64XX4g
vqpYZWCozzZMgbIOu33jgkYkx2ARH1p7e76cXtgjR3vYG+j8u1wO4X5FmbSz5nGT
DHQeOrVgQmGLVIXa4Ha8FAKhXRfIddXBWGpBGVmm2imhjwhba7TJlHqfqWe3ODxe
fPUJ6OwvCJD9YOurE7hZBa3bDpP0cDN6mMLP1y+9fcvbBS0e
-----END CERTIFICATE-----