Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/a4f4c2-ee35-43e0-8bad-44d0d0891989/1/D83JF5HJmZ_nDCEolR80xNvS-M8.roa
File:                     D83JF5HJmZ_nDCEolR80xNvS-M8.roa (raw, json)
Hash identifier:          2gVW9uQvzf9z69pIhSOEl0MnJWNxJhApE/Mz251JqN8=
Subject key identifier:   0F:CD:C9:17:91:C9:99:9F:E7:0C:21:28:95:1F:34:C4:DB:D2:F8:CF
Certificate issuer:       /CN=c03c694b069da132cf4c4bd7c1d22296863b176d
Certificate serial:       0194228DFA1924FE9D8F6BD08AEC003D43AD
Authority key identifier: C0:3C:69:4B:06:9D:A1:32:CF:4C:4B:D7:C1:D2:22:96:86:3B:17:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wDxpSwadoTLPTEvXwdIiloY7F20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/a4f4c2-ee35-43e0-8bad-44d0d0891989/1/D83JF5HJmZ_nDCEolR80xNvS-M8.roa
Signing time:             Wed 01 Jan 2025 15:48:37 +0000
ROA not before:           Wed 01 Jan 2025 15:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207778
IP address blocks:        2001:67c:3a0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/a4f4c2-ee35-43e0-8bad-44d0d0891989/1/wDxpSwadoTLPTEvXwdIiloY7F20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/a4f4c2-ee35-43e0-8bad-44d0d0891989/1/wDxpSwadoTLPTEvXwdIiloY7F20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wDxpSwadoTLPTEvXwdIiloY7F20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:fa:19:24:fe:9d:8f:6b:d0:8a:ec:00:3d:43:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c03c694b069da132cf4c4bd7c1d22296863b176d
        Validity
            Not Before: Jan  1 15:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0fcdc91791c9999fe70c2128951f34c4dbd2f8cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:8c:79:b4:6f:1a:37:8c:90:6b:b4:a8:2e:04:
                    46:0c:a5:71:02:c6:85:43:45:c6:97:ee:ef:a8:d8:
                    8b:5d:9f:32:d1:30:d3:79:ea:78:8b:1f:29:eb:b1:
                    21:d0:df:7a:1f:84:d4:a4:21:ec:27:58:d9:85:86:
                    57:be:64:e2:33:bf:12:34:fc:27:e8:c3:8a:86:f1:
                    67:8d:97:42:2d:ff:37:34:51:8f:19:ca:04:0e:80:
                    83:0c:93:18:66:5c:43:6b:58:69:12:ff:33:46:02:
                    a1:b9:77:78:4c:e5:1b:7b:2c:63:ed:2a:f9:98:c1:
                    f1:a1:ec:08:b5:4c:22:23:96:4e:12:1e:c1:95:a8:
                    54:0e:81:0c:66:0b:7a:62:e0:79:0c:d0:fc:a9:dc:
                    e5:f2:25:c5:0b:37:e2:61:d2:58:bf:b1:66:1d:68:
                    7b:83:4a:88:79:7d:93:41:d7:bc:70:53:e1:83:09:
                    ec:b5:34:7e:ff:55:e1:db:d6:a5:90:8b:0f:db:e4:
                    ce:04:dd:4d:ea:dc:eb:b7:4d:b7:43:3d:7e:97:ba:
                    9e:98:b6:3a:0f:6a:ff:02:e9:17:a5:68:6c:37:83:
                    a4:74:f6:a4:bf:08:30:25:6b:6e:b1:50:66:d9:27:
                    1f:7a:94:11:ac:89:9f:ad:ad:86:e5:fa:6b:52:5f:
                    cd:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:CD:C9:17:91:C9:99:9F:E7:0C:21:28:95:1F:34:C4:DB:D2:F8:CF
            X509v3 Authority Key Identifier:
                keyid:C0:3C:69:4B:06:9D:A1:32:CF:4C:4B:D7:C1:D2:22:96:86:3B:17:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wDxpSwadoTLPTEvXwdIiloY7F20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/a4f4c2-ee35-43e0-8bad-44d0d0891989/1/D83JF5HJmZ_nDCEolR80xNvS-M8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/a4f4c2-ee35-43e0-8bad-44d0d0891989/1/wDxpSwadoTLPTEvXwdIiloY7F20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:3a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:3a:4a:d1:02:59:ca:50:5f:6f:c8:74:4e:2b:96:b5:92:f3:
         8d:dc:5a:9c:3c:41:b4:e7:cb:15:3c:18:19:c2:84:b0:b7:26:
         5e:22:a7:55:23:1f:c1:8e:0b:a0:48:13:4b:5e:a3:cb:b8:d8:
         80:e2:09:6c:16:55:43:bb:16:66:f1:ad:97:02:b6:95:14:d0:
         a5:2e:9e:d2:28:61:fc:74:37:90:5e:9a:66:31:22:ab:37:7e:
         3d:91:1a:27:37:39:44:b4:b8:80:b5:51:76:4f:dc:26:20:bf:
         b8:5d:a3:0c:79:8b:a8:c9:ec:30:84:41:a7:03:df:5a:88:f0:
         23:f0:5c:19:6a:ba:3d:84:71:a4:51:e8:c4:cb:4d:eb:c8:df:
         57:fe:a0:d2:e2:dc:ff:f2:e5:80:0e:32:53:45:0b:b9:d6:b7:
         e6:75:3e:55:cd:cd:aa:56:9c:a6:68:21:24:a3:58:af:ed:5f:
         37:a4:33:70:66:39:5e:80:49:2d:30:08:c4:d3:08:d0:39:11:
         d7:42:ba:65:f5:1f:27:b0:90:69:fe:da:e8:b7:e5:f9:9c:cc:
         0a:6b:a9:be:e5:5c:d9:b2:57:b3:8f:88:b8:ef:6c:cc:34:07:
         ad:be:83:6f:e5:98:be:a2:a2:33:9b:01:0f:84:97:dc:01:f1:
         0a:69:44:57
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijfoZJP6dj2vQiuwAPUOtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwM2M2OTRiMDY5ZGExMzJjZjRjNGJkN2MxZDIyMjk2ODYz
YjE3NmQwHhcNMjUwMTAxMTU0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmNkYzkxNzkxYzk5OTlmZTcwYzIxMjg5NTFmMzRjNGRiZDJmOGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzIx5tG8aN4yQa7SoLgRGDKVxAsaF
Q0XGl+7vqNiLXZ8y0TDTeep4ix8p67Eh0N96H4TUpCHsJ1jZhYZXvmTiM78SNPwn
6MOKhvFnjZdCLf83NFGPGcoEDoCDDJMYZlxDa1hpEv8zRgKhuXd4TOUbeyxj7Sr5
mMHxoewItUwiI5ZOEh7BlahUDoEMZgt6YuB5DND8qdzl8iXFCzfiYdJYv7FmHWh7
g0qIeX2TQde8cFPhgwnstTR+/1Xh29alkIsP2+TOBN1N6tzrt023Qz1+l7qemLY6
D2r/AukXpWhsN4OkdPakvwgwJWtusVBm2ScfepQRrImfra2G5fprUl/NKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA/NyReRyZmf5wwhKJUfNMTb0vjPMB8GA1UdIwQY
MBaAFMA8aUsGnaEyz0xL18HSIpaGOxdtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0R4cFN3YWRvVExQVEV2WHdkSWlsb1k3RjIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9hNGY0YzItZWUzNS00M2UwLThiYWQt
NDRkMGQwODkxOTg5LzEvRDgzSkY1SEptWl9uRENFb2xSODB4TnZTLU04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9hNGY0YzItZWUzNS00M2UwLThiYWQtNDRkMGQwODkxOTg5
LzEvd0R4cFN3YWRvVExQVEV2WHdkSWlsb1k3RjIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAOg
MA0GCSqGSIb3DQEBCwUAA4IBAQBhOkrRAlnKUF9vyHROK5a1kvON3FqcPEG058sV
PBgZwoSwtyZeIqdVIx/BjgugSBNLXqPLuNiA4glsFlVDuxZm8a2XAraVFNClLp7S
KGH8dDeQXppmMSKrN349kRonNzlEtLiAtVF2T9wmIL+4XaMMeYuoyewwhEGnA99a
iPAj8FwZaro9hHGkUejEy03ryN9X/qDS4tz/8uWADjJTRQu51rfmdT5Vzc2qVpym
aCEko1iv7V83pDNwZjlegEktMAjE0wjQORHXQrpl9R8nsJBp/trot+X5nMwKa6m+
5VzZslezj4i472zMNAetvoNv5Zi+oqIzmwEPhJfcAfEKaURX
-----END CERTIFICATE-----