Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/12fe03-a2d4-4ab4-94ba-8cb6d0e5cce2/1/9DaFft1ZRBebRPooZGGkOPjqAbQ.roa
File:                     9DaFft1ZRBebRPooZGGkOPjqAbQ.roa (raw, json)
Hash identifier:          lYC82jjgh3RxcDkcuO3IXX6eKV+DE4TIh12Xui9zOW4=
Subject key identifier:   F4:36:85:7E:DD:59:44:17:9B:44:FA:28:64:61:A4:38:F8:EA:01:B4
Certificate issuer:       /CN=41fe6d0102998c386f8d856fa5f91d7ad3ab4d77
Certificate serial:       01941FFA5ECDEF9B8A20E789A238E076F1FA
Authority key identifier: 41:FE:6D:01:02:99:8C:38:6F:8D:85:6F:A5:F9:1D:7A:D3:AB:4D:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qf5tAQKZjDhvjYVvpfkdetOrTXc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/12fe03-a2d4-4ab4-94ba-8cb6d0e5cce2/1/9DaFft1ZRBebRPooZGGkOPjqAbQ.roa
Signing time:             Wed 01 Jan 2025 03:48:09 +0000
ROA not before:           Wed 01 Jan 2025 03:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200060
IP address blocks:        161.54.0.0/16 maxlen: 16
                          2001:67c:2780::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/12fe03-a2d4-4ab4-94ba-8cb6d0e5cce2/1/Qf5tAQKZjDhvjYVvpfkdetOrTXc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/12fe03-a2d4-4ab4-94ba-8cb6d0e5cce2/1/Qf5tAQKZjDhvjYVvpfkdetOrTXc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qf5tAQKZjDhvjYVvpfkdetOrTXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:5e:cd:ef:9b:8a:20:e7:89:a2:38:e0:76:f1:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41fe6d0102998c386f8d856fa5f91d7ad3ab4d77
        Validity
            Not Before: Jan  1 03:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f436857edd5944179b44fa286461a438f8ea01b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:2b:09:17:e3:54:da:c1:78:cc:22:f9:0e:c0:
                    6a:dc:cd:9f:26:8e:b2:55:a4:8f:62:75:f4:bf:fd:
                    27:8b:07:31:ea:f9:60:cd:e5:2a:31:50:33:bc:b3:
                    db:0a:42:12:9e:fe:3b:0d:91:ec:dd:a0:f6:a7:4e:
                    c7:18:42:1a:1a:b4:4f:05:c6:f6:b9:2f:77:ff:ff:
                    a6:f1:72:f7:62:4e:b7:8e:81:c4:8c:08:c9:1e:7e:
                    0f:c6:84:09:a9:38:de:08:0d:fb:47:9c:d6:e4:c9:
                    71:4c:e9:10:ba:3d:e9:3e:81:d1:c0:e2:1c:53:41:
                    23:24:54:77:fd:03:8e:d1:ae:25:2f:7f:c0:2b:be:
                    59:8d:2c:87:47:be:6e:d6:20:c1:a9:16:09:67:c5:
                    70:94:b5:cd:8f:56:c3:40:7c:fd:86:5c:42:33:ab:
                    45:6d:1f:2d:d3:77:72:fa:83:3d:9a:3f:34:89:e4:
                    6c:e3:4c:cf:56:45:f3:00:1e:ec:91:31:a1:77:8e:
                    73:2e:08:39:ed:fd:22:2d:64:8a:72:8b:25:cf:06:
                    6c:15:24:68:e3:b8:44:e5:d9:5d:b8:e7:4d:67:20:
                    60:5d:6c:8d:ab:ef:f7:b2:e8:f1:f3:bd:ec:79:69:
                    80:5b:7a:2e:56:ba:cd:c9:9b:40:41:0c:41:9b:9a:
                    5e:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:36:85:7E:DD:59:44:17:9B:44:FA:28:64:61:A4:38:F8:EA:01:B4
            X509v3 Authority Key Identifier:
                keyid:41:FE:6D:01:02:99:8C:38:6F:8D:85:6F:A5:F9:1D:7A:D3:AB:4D:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qf5tAQKZjDhvjYVvpfkdetOrTXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/12fe03-a2d4-4ab4-94ba-8cb6d0e5cce2/1/9DaFft1ZRBebRPooZGGkOPjqAbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/12fe03-a2d4-4ab4-94ba-8cb6d0e5cce2/1/Qf5tAQKZjDhvjYVvpfkdetOrTXc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.54.0.0/16
                IPv6:
                  2001:67c:2780::/48

    Signature Algorithm: sha256WithRSAEncryption
         ad:d9:eb:26:28:aa:a7:b9:9e:f9:fa:c9:5a:31:8b:55:8f:71:
         a0:33:64:c6:bb:2f:16:84:88:a0:cb:91:fb:4b:7a:d8:a9:0f:
         6a:4a:e7:85:a6:60:a4:64:80:c0:32:d4:3c:60:9d:36:6e:ee:
         69:64:a5:e8:2c:3b:8b:9c:91:59:78:75:f9:14:d5:a3:2e:70:
         f1:d5:a3:61:fc:a7:5c:8d:1f:f6:19:6f:42:bc:1b:2e:30:7b:
         73:ba:68:6b:5d:c2:9a:13:99:29:d4:4d:36:e3:be:f0:66:05:
         09:1e:8f:04:93:c3:2b:1d:7e:67:2f:db:33:60:bd:3a:1b:2a:
         73:fe:42:30:6c:a6:34:89:c3:07:09:58:20:42:6e:ff:8d:42:
         42:cc:77:6d:f5:c4:66:ab:4d:ae:41:bf:14:b8:2a:13:3b:6f:
         5f:1b:c0:b2:31:52:72:f8:a5:e7:f9:78:18:91:7b:37:6f:f7:
         bf:39:a7:d8:01:77:28:9d:b1:bc:59:6d:57:cc:0e:41:f4:bb:
         a8:ba:e4:27:b5:bd:39:16:52:2d:78:07:1d:75:34:22:89:f9:
         90:7a:4e:ac:7f:79:0b:5c:c3:fa:7d:32:9a:84:9a:ec:7c:be:
         e2:e7:9d:56:95:b1:ac:79:fa:f8:d6:3c:be:e1:45:a2:35:1d:
         7d:0e:10:07
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQf+l7N75uKIOeJojjgdvH6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZmU2ZDAxMDI5OThjMzg2ZjhkODU2ZmE1ZjkxZDdhZDNh
YjRkNzcwHhcNMjUwMTAxMDM0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDM2ODU3ZWRkNTk0NDE3OWI0NGZhMjg2NDYxYTQzOGY4ZWEwMWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCsJF+NU2sF4zCL5DsBq3M2fJo6y
VaSPYnX0v/0niwcx6vlgzeUqMVAzvLPbCkISnv47DZHs3aD2p07HGEIaGrRPBcb2
uS93//+m8XL3Yk63joHEjAjJHn4PxoQJqTjeCA37R5zW5MlxTOkQuj3pPoHRwOIc
U0EjJFR3/QOO0a4lL3/AK75ZjSyHR75u1iDBqRYJZ8VwlLXNj1bDQHz9hlxCM6tF
bR8t03dy+oM9mj80ieRs40zPVkXzAB7skTGhd45zLgg57f0iLWSKcoslzwZsFSRo
47hE5dlduOdNZyBgXWyNq+/3sujx873seWmAW3ouVrrNyZtAQQxBm5peswIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPQ2hX7dWUQXm0T6KGRhpDj46gG0MB8GA1UdIwQY
MBaAFEH+bQECmYw4b42Fb6X5HXrTq013MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWY1dEFRS1pqRGh2allWdnBma2RldE9yVFhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xMmZlMDMtYTJkNC00YWI0LTk0YmEt
OGNiNmQwZTVjY2UyLzEvOURhRmZ0MVpSQmViUlBvb1pHR2tPUGpxQWJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xMmZlMDMtYTJkNC00YWI0LTk0YmEtOGNiNmQwZTVjY2Uy
LzEvUWY1dEFRS1pqRGh2allWdnBma2RldE9yVFhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjALBAIAATAFAwMAoTYwDwQC
AAIwCQMHACABBnwngDANBgkqhkiG9w0BAQsFAAOCAQEArdnrJiiqp7me+frJWjGL
VY9xoDNkxrsvFoSIoMuR+0t62KkPakrnhaZgpGSAwDLUPGCdNm7uaWSl6Cw7i5yR
WXh1+RTVoy5w8dWjYfynXI0f9hlvQrwbLjB7c7poa13CmhOZKdRNNuO+8GYFCR6P
BJPDKx1+Zy/bM2C9Ohsqc/5CMGymNInDBwlYIEJu/41CQsx3bfXEZqtNrkG/FLgq
EztvXxvAsjFScvil5/l4GJF7N2/3vzmn2AF3KJ2xvFltV8wOQfS7qLrkJ7W9ORZS
LXgHHXU0Ion5kHpOrH95C1zD+n0ymoSa7Hy+4uedVpWxrHn6+NY8vuFFojUdfQ4Q
Bw==
-----END CERTIFICATE-----