Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6ce922-cdce-4c7a-b346-a437ce892841/1/wtKFjn0luOKNhpCBH0YWKLpKHKU.roa
File:                     wtKFjn0luOKNhpCBH0YWKLpKHKU.roa (raw, json)
Hash identifier:          Z6YfBfkr08FSM8yJ/BnA5aNSDpKZqhovD8OdV3xTXpI=
Subject key identifier:   C2:D2:85:8E:7D:25:B8:E2:8D:86:90:81:1F:46:16:28:BA:4A:1C:A5
Certificate issuer:       /CN=3d43340fad246465de8e614d039563a699657d8d
Certificate serial:       0197355D04636C1F13A478B2EEED9328DA6E
Authority key identifier: 3D:43:34:0F:AD:24:64:65:DE:8E:61:4D:03:95:63:A6:99:65:7D:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PUM0D60kZGXejmFNA5VjppllfY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6ce922-cdce-4c7a-b346-a437ce892841/1/wtKFjn0luOKNhpCBH0YWKLpKHKU.roa
Signing time:             Tue 03 Jun 2025 10:36:17 +0000
ROA not before:           Tue 03 Jun 2025 10:36:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205614
IP address blocks:        2001:67c:e9c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6ce922-cdce-4c7a-b346-a437ce892841/1/PUM0D60kZGXejmFNA5VjppllfY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6ce922-cdce-4c7a-b346-a437ce892841/1/PUM0D60kZGXejmFNA5VjppllfY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PUM0D60kZGXejmFNA5VjppllfY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 07:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:35:5d:04:63:6c:1f:13:a4:78:b2:ee:ed:93:28:da:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d43340fad246465de8e614d039563a699657d8d
        Validity
            Not Before: Jun  3 10:36:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2d2858e7d25b8e28d8690811f461628ba4a1ca5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:f5:86:80:f8:58:54:8f:2b:46:ff:e8:52:d2:
                    42:12:ea:86:7a:86:d9:cc:79:2f:dc:bb:5b:a4:8d:
                    a7:6c:c8:af:e3:8a:18:fa:6e:fb:e7:95:95:62:97:
                    2c:50:3d:06:70:ec:ed:90:7e:6c:58:2e:db:b8:7b:
                    aa:3f:e5:5a:86:1c:15:22:ab:10:39:f3:f1:14:46:
                    8c:4b:a2:23:63:92:19:ff:69:2c:bf:75:c9:ba:a4:
                    18:d1:39:12:28:5b:b6:54:4e:b7:f4:0b:fa:bf:12:
                    48:b7:d8:a9:1e:95:49:de:12:cc:a0:c6:83:d9:70:
                    b8:0f:67:60:be:33:18:f3:e4:52:47:86:84:bb:c4:
                    8f:84:7a:04:92:eb:dd:b8:c1:22:c2:8d:68:2c:bd:
                    ff:20:3c:b4:4b:50:a2:2c:91:40:68:92:b7:bd:a4:
                    b0:1a:70:98:09:13:b2:cd:52:9a:73:25:21:64:f9:
                    67:f1:8e:eb:2f:ce:91:da:61:87:04:53:b2:99:aa:
                    7b:91:6b:78:3b:55:6e:bd:a2:32:2b:67:cc:4b:f8:
                    ad:0f:0e:b6:eb:2b:a7:71:89:84:46:c7:60:c5:c8:
                    c0:3d:cd:e6:3f:2d:84:2d:aa:a6:4c:be:7a:f0:78:
                    45:d5:72:31:af:b7:af:5f:63:a4:a5:36:e7:b9:f3:
                    33:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:D2:85:8E:7D:25:B8:E2:8D:86:90:81:1F:46:16:28:BA:4A:1C:A5
            X509v3 Authority Key Identifier:
                keyid:3D:43:34:0F:AD:24:64:65:DE:8E:61:4D:03:95:63:A6:99:65:7D:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PUM0D60kZGXejmFNA5VjppllfY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6ce922-cdce-4c7a-b346-a437ce892841/1/wtKFjn0luOKNhpCBH0YWKLpKHKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6ce922-cdce-4c7a-b346-a437ce892841/1/PUM0D60kZGXejmFNA5VjppllfY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e9c::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:06:15:5f:2e:04:c2:b8:1c:a4:04:94:ee:ef:e1:b0:a0:95:
         b6:67:36:40:61:2d:a2:bf:83:70:fe:f6:33:30:5f:38:86:d0:
         83:d9:89:b1:9e:eb:f5:16:ef:b4:02:a1:a9:94:fe:e6:48:bc:
         ce:77:a4:e0:44:c9:2d:cd:24:0a:ce:94:a3:05:34:41:71:93:
         64:51:69:e5:55:18:06:79:d9:f8:18:68:be:5d:f9:bf:fc:54:
         e6:aa:06:1e:b5:6d:03:02:c9:cd:c4:1b:8d:87:9f:e1:8e:de:
         40:cc:fc:e3:0a:f2:34:86:6e:f8:96:f3:c1:6c:24:81:07:8c:
         78:6e:dc:64:da:c9:95:51:61:c7:85:b3:31:83:e4:c8:03:be:
         31:dc:b7:6c:17:b5:48:89:59:4a:f3:d6:57:2e:18:cc:e4:c4:
         59:27:cb:d0:d9:35:8a:ff:98:84:26:5b:78:e7:e8:90:15:eb:
         55:fe:81:59:d3:48:b6:4b:ca:25:96:4d:2b:f2:a2:45:61:f6:
         46:a3:5d:f0:10:00:e0:aa:3d:55:92:5a:44:a7:87:76:43:37:
         a2:c3:8b:b6:7e:53:57:cd:32:eb:a4:8b:e2:f0:dd:15:ff:4c:
         79:a3:9c:61:bd:85:f8:fa:6d:99:b2:d6:26:36:2f:c7:16:1a:
         c5:0e:69:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZc1XQRjbB8TpHiy7u2TKNpuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkNDMzNDBmYWQyNDY0NjVkZThlNjE0ZDAzOTU2M2E2OTk2
NTdkOGQwHhcNMjUwNjAzMTAzNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmQyODU4ZTdkMjViOGUyOGQ4NjkwODExZjQ2MTYyOGJhNGExY2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6fWGgPhYVI8rRv/oUtJCEuqGeobZ
zHkv3LtbpI2nbMiv44oY+m7755WVYpcsUD0GcOztkH5sWC7buHuqP+VahhwVIqsQ
OfPxFEaMS6IjY5IZ/2ksv3XJuqQY0TkSKFu2VE639Av6vxJIt9ipHpVJ3hLMoMaD
2XC4D2dgvjMY8+RSR4aEu8SPhHoEkuvduMEiwo1oLL3/IDy0S1CiLJFAaJK3vaSw
GnCYCROyzVKacyUhZPln8Y7rL86R2mGHBFOymap7kWt4O1VuvaIyK2fMS/itDw62
6yuncYmERsdgxcjAPc3mPy2ELaqmTL568HhF1XIxr7evX2OkpTbnufMzVwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMLShY59JbjijYaQgR9GFii6ShylMB8GA1UdIwQY
MBaAFD1DNA+tJGRl3o5hTQOVY6aZZX2NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFVNMEQ2MGtaR1hlam1GTkE1VmpwcGxsZlkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82Y2U5MjItY2RjZS00YzdhLWIzNDYt
YTQzN2NlODkyODQxLzEvd3RLRmpuMGx1T0tOaHBDQkgwWVdLTHBLSEtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82Y2U5MjItY2RjZS00YzdhLWIzNDYtYTQzN2NlODkyODQx
LzEvUFVNMEQ2MGtaR1hlam1GTkE1VmpwcGxsZlkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA6c
MA0GCSqGSIb3DQEBCwUAA4IBAQALBhVfLgTCuBykBJTu7+GwoJW2ZzZAYS2iv4Nw
/vYzMF84htCD2Ymxnuv1Fu+0AqGplP7mSLzOd6TgRMktzSQKzpSjBTRBcZNkUWnl
VRgGedn4GGi+Xfm//FTmqgYetW0DAsnNxBuNh5/hjt5AzPzjCvI0hm74lvPBbCSB
B4x4btxk2smVUWHHhbMxg+TIA74x3LdsF7VIiVlK89ZXLhjM5MRZJ8vQ2TWK/5iE
Jlt45+iQFetV/oFZ00i2S8ollk0r8qJFYfZGo13wEADgqj1VklpEp4d2Qzeiw4u2
flNXzTLrpIvi8N0V/0x5o5xhvYX4+m2ZstYmNi/HFhrFDmm6
-----END CERTIFICATE-----