Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/be9311-66d8-4c19-8267-3c529bf62e54/1/T_9TOa_stF5E9eIWRjxCGlAnn6k.roa
File:                     T_9TOa_stF5E9eIWRjxCGlAnn6k.roa (raw, json)
Hash identifier:          4V/y6Lec10YacV5wmtQBGvh+cufcrshrFw6PyKn/laI=
Subject key identifier:   4F:FF:53:39:AF:EC:B4:5E:44:F5:E2:16:46:3C:42:1A:50:27:9F:A9
Certificate issuer:       /CN=c07750b83111d4171bbf55ca02322c1a0dc0ac32
Certificate serial:       01942067D1EC8D9373A653E847E5B320142D
Authority key identifier: C0:77:50:B8:31:11:D4:17:1B:BF:55:CA:02:32:2C:1A:0D:C0:AC:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wHdQuDER1Bcbv1XKAjIsGg3ArDI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/be9311-66d8-4c19-8267-3c529bf62e54/1/T_9TOa_stF5E9eIWRjxCGlAnn6k.roa
Signing time:             Wed 01 Jan 2025 05:47:42 +0000
ROA not before:           Wed 01 Jan 2025 05:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207575
IP address blocks:        2001:67c:2d30::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/be9311-66d8-4c19-8267-3c529bf62e54/1/wHdQuDER1Bcbv1XKAjIsGg3ArDI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/be9311-66d8-4c19-8267-3c529bf62e54/1/wHdQuDER1Bcbv1XKAjIsGg3ArDI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wHdQuDER1Bcbv1XKAjIsGg3ArDI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:d1:ec:8d:93:73:a6:53:e8:47:e5:b3:20:14:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c07750b83111d4171bbf55ca02322c1a0dc0ac32
        Validity
            Not Before: Jan  1 05:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4fff5339afecb45e44f5e216463c421a50279fa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:cd:1c:8a:f3:fc:03:e2:ca:be:bf:df:fd:12:
                    b9:3d:31:38:4c:23:e2:cf:86:33:5a:63:35:53:73:
                    cc:53:7f:e8:7d:cd:fc:4e:eb:41:95:97:51:7c:28:
                    57:33:77:94:12:d7:f2:e7:48:ad:84:24:00:d7:10:
                    0d:7b:ce:fb:b0:7b:84:de:6f:e8:73:6d:30:61:03:
                    1b:ed:4b:29:03:5d:73:98:18:f9:26:e7:77:90:54:
                    c0:17:51:99:36:3b:88:a2:65:cc:c9:41:4e:ef:1f:
                    89:27:84:26:15:2e:7a:b2:7b:d4:bf:6d:65:1f:c5:
                    20:d4:d5:32:f2:ab:74:bd:93:89:67:71:87:ed:b3:
                    45:17:c7:1e:9b:7b:80:73:ef:0d:e0:eb:7e:68:95:
                    8d:f2:27:6f:5d:90:a7:cf:d0:33:c5:6e:45:d4:ff:
                    0a:3c:8e:f2:ba:39:31:58:ef:38:dc:61:b2:c5:81:
                    c4:25:e3:0e:ad:b8:41:73:1f:62:0d:3e:3e:74:96:
                    0f:63:cc:fd:36:94:2e:1d:50:eb:79:6b:70:c4:f8:
                    9d:dc:96:e2:8f:93:2e:57:a3:2c:1c:94:96:73:b9:
                    c5:f0:be:1a:bf:2e:56:ee:be:47:76:05:31:52:61:
                    63:2a:a6:2a:f1:15:d2:5c:fc:5d:e0:9d:c3:71:55:
                    b0:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:FF:53:39:AF:EC:B4:5E:44:F5:E2:16:46:3C:42:1A:50:27:9F:A9
            X509v3 Authority Key Identifier:
                keyid:C0:77:50:B8:31:11:D4:17:1B:BF:55:CA:02:32:2C:1A:0D:C0:AC:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wHdQuDER1Bcbv1XKAjIsGg3ArDI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/be9311-66d8-4c19-8267-3c529bf62e54/1/T_9TOa_stF5E9eIWRjxCGlAnn6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/be9311-66d8-4c19-8267-3c529bf62e54/1/wHdQuDER1Bcbv1XKAjIsGg3ArDI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2d30::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:6c:03:bb:74:10:e0:d1:39:9e:df:ec:3c:92:5e:77:2c:8a:
         6b:ec:07:b1:fb:08:5e:32:c9:80:1d:cb:e5:19:8f:6d:83:e2:
         f5:c2:96:f7:3c:ad:9b:7b:e8:99:24:35:33:6f:b6:10:df:21:
         2f:15:45:60:d9:79:79:54:72:62:e7:56:92:64:9d:8e:8a:07:
         85:5e:58:c4:24:38:3e:48:44:ed:cd:94:5c:9c:da:55:82:46:
         9b:64:60:cb:5c:d1:bb:42:15:35:25:52:89:55:7f:0d:2f:c3:
         04:02:3b:41:26:67:9a:c3:d0:af:8d:75:e0:bc:71:61:be:1f:
         8a:d4:34:18:20:ff:73:6b:ea:a0:85:ad:51:06:f0:9f:7c:77:
         e9:d8:78:e6:ef:04:fd:a6:5e:c3:38:6c:3c:e4:e6:8c:c6:e4:
         ef:f0:64:aa:3a:e8:2a:a0:73:69:71:b6:83:ff:bb:ff:c8:12:
         ba:31:15:c4:1b:51:c0:dd:65:27:5a:de:aa:ec:ce:2d:29:f1:
         f7:b7:56:3b:42:32:55:dc:eb:eb:6a:80:db:ae:61:5a:e8:3f:
         aa:c0:e8:fc:6c:60:0c:69:78:2e:b0:c8:01:40:d6:dc:d5:6f:
         a6:71:0e:96:74:cf:0b:92:3c:75:a0:50:f6:19:4f:db:6f:83:
         1a:b1:9a:9e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQgZ9HsjZNzplPoR+WzIBQtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNzc1MGI4MzExMWQ0MTcxYmJmNTVjYTAyMzIyYzFhMGRj
MGFjMzIwHhcNMjUwMTAxMDU0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmZmNTMzOWFmZWNiNDVlNDRmNWUyMTY0NjNjNDIxYTUwMjc5ZmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6c0civP8A+LKvr/f/RK5PTE4TCPi
z4YzWmM1U3PMU3/ofc38TutBlZdRfChXM3eUEtfy50ithCQA1xANe877sHuE3m/o
c20wYQMb7UspA11zmBj5Jud3kFTAF1GZNjuIomXMyUFO7x+JJ4QmFS56snvUv21l
H8Ug1NUy8qt0vZOJZ3GH7bNFF8cem3uAc+8N4Ot+aJWN8idvXZCnz9AzxW5F1P8K
PI7yujkxWO843GGyxYHEJeMOrbhBcx9iDT4+dJYPY8z9NpQuHVDreWtwxPid3Jbi
j5MuV6MsHJSWc7nF8L4avy5W7r5HdgUxUmFjKqYq8RXSXPxd4J3DcVWwVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE//Uzmv7LReRPXiFkY8QhpQJ5+pMB8GA1UdIwQY
MBaAFMB3ULgxEdQXG79VygIyLBoNwKwyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0hkUXVERVIxQmNidjFYS0FqSXNHZzNBckRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9iZTkzMTEtNjZkOC00YzE5LTgyNjct
M2M1MjliZjYyZTU0LzEvVF85VE9hX3N0RjVFOWVJV1JqeENHbEFubjZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9iZTkzMTEtNjZkOC00YzE5LTgyNjctM2M1MjliZjYyZTU0
LzEvd0hkUXVERVIxQmNidjFYS0FqSXNHZzNBckRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC0w
MA0GCSqGSIb3DQEBCwUAA4IBAQB7bAO7dBDg0Tme3+w8kl53LIpr7Aex+wheMsmA
HcvlGY9tg+L1wpb3PK2be+iZJDUzb7YQ3yEvFUVg2Xl5VHJi51aSZJ2OigeFXljE
JDg+SETtzZRcnNpVgkabZGDLXNG7QhU1JVKJVX8NL8MEAjtBJmeaw9CvjXXgvHFh
vh+K1DQYIP9za+qgha1RBvCffHfp2Hjm7wT9pl7DOGw85OaMxuTv8GSqOugqoHNp
cbaD/7v/yBK6MRXEG1HA3WUnWt6q7M4tKfH3t1Y7QjJV3OvraoDbrmFa6D+qwOj8
bGAMaXgusMgBQNbc1W+mcQ6WdM8Lkjx1oFD2GU/bb4MasZqe
-----END CERTIFICATE-----