Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e663dd-3f8f-4ead-b4c9-9c1b2ad559ab/1/0pKhUeDAG_MOdW5Y02JeMiWhQ-c.roa
File:                     0pKhUeDAG_MOdW5Y02JeMiWhQ-c.roa (raw, json)
Hash identifier:          vlnGP89vn7MHQd69bqsZgk5M40XUxWUgsHsylZhCKms=
Subject key identifier:   D2:92:A1:51:E0:C0:1B:F3:0E:75:6E:58:D3:62:5E:32:25:A1:43:E7
Certificate issuer:       /CN=3ada5baa058c409565ff2ac876a22ee6377b503b
Certificate serial:       01968C44F0E98C8E76FC43E2063B1EC1C896
Authority key identifier: 3A:DA:5B:AA:05:8C:40:95:65:FF:2A:C8:76:A2:2E:E6:37:7B:50:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OtpbqgWMQJVl_yrIdqIu5jd7UDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e663dd-3f8f-4ead-b4c9-9c1b2ad559ab/1/0pKhUeDAG_MOdW5Y02JeMiWhQ-c.roa
Signing time:             Thu 01 May 2025 14:34:10 +0000
ROA not before:           Thu 01 May 2025 14:34:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50683
IP address blocks:        2001:67c:25a4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e663dd-3f8f-4ead-b4c9-9c1b2ad559ab/1/OtpbqgWMQJVl_yrIdqIu5jd7UDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e663dd-3f8f-4ead-b4c9-9c1b2ad559ab/1/OtpbqgWMQJVl_yrIdqIu5jd7UDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OtpbqgWMQJVl_yrIdqIu5jd7UDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 11:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:8c:44:f0:e9:8c:8e:76:fc:43:e2:06:3b:1e:c1:c8:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ada5baa058c409565ff2ac876a22ee6377b503b
        Validity
            Not Before: May  1 14:34:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d292a151e0c01bf30e756e58d3625e3225a143e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:1a:39:60:94:8b:10:e7:e5:c2:fc:cd:ad:97:
                    ee:f5:84:a6:20:6c:db:f2:cd:23:ec:d0:70:46:53:
                    5c:9e:a5:f1:28:9f:6d:b8:65:97:ab:24:09:17:43:
                    c0:48:ec:d9:2f:54:a6:5b:30:c2:ce:c2:35:c3:37:
                    57:9f:6c:53:87:91:6c:66:8e:47:55:b1:9c:41:ee:
                    8b:69:f9:73:2c:d0:3c:02:84:72:73:bc:43:3c:ba:
                    87:34:c0:7a:31:c7:9f:7f:3f:fc:ec:7c:55:13:92:
                    50:11:4d:18:7b:ce:49:08:eb:95:ac:24:19:d2:43:
                    0a:ab:5a:cc:ec:bb:bd:f4:36:3e:50:60:56:df:50:
                    cf:d6:e7:01:e6:57:d1:cc:50:af:a0:c6:63:6a:46:
                    0c:97:44:4b:37:42:bc:be:88:9d:db:08:f1:bf:6d:
                    ae:fb:6c:4d:2b:b7:ad:73:4c:b9:a0:88:36:ce:74:
                    05:ec:c0:37:da:78:c4:49:0d:25:01:0c:37:36:e1:
                    09:c4:25:2d:5e:53:d1:18:8f:12:29:8d:2e:d5:1d:
                    d3:3b:ae:b2:10:69:a2:fe:88:ac:12:fc:ae:2a:b4:
                    6b:b5:ba:5b:fa:25:21:c3:d8:09:90:47:c3:5f:c3:
                    20:f1:07:a6:d4:43:7c:cb:a5:a4:40:23:9d:03:e4:
                    6b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:92:A1:51:E0:C0:1B:F3:0E:75:6E:58:D3:62:5E:32:25:A1:43:E7
            X509v3 Authority Key Identifier:
                keyid:3A:DA:5B:AA:05:8C:40:95:65:FF:2A:C8:76:A2:2E:E6:37:7B:50:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OtpbqgWMQJVl_yrIdqIu5jd7UDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e663dd-3f8f-4ead-b4c9-9c1b2ad559ab/1/0pKhUeDAG_MOdW5Y02JeMiWhQ-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e663dd-3f8f-4ead-b4c9-9c1b2ad559ab/1/OtpbqgWMQJVl_yrIdqIu5jd7UDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:25a4::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:66:28:08:79:9c:90:3a:f9:c7:99:c8:38:48:66:08:c7:0e:
         e8:37:31:2c:b8:ee:02:9c:2e:82:8f:a6:90:ae:f1:5b:89:7a:
         67:31:c3:69:29:be:b8:a3:aa:8a:47:03:b3:3e:b4:29:13:53:
         f3:34:eb:dd:d5:f0:d5:a7:f5:70:80:f9:2d:cb:cb:0e:f7:d1:
         31:e9:02:3a:bc:2a:d2:4a:e6:f3:87:1d:c9:75:62:b6:2f:a3:
         45:92:9a:ea:d7:ea:d1:b6:95:62:e7:c1:f1:a3:e4:e3:9a:57:
         10:61:d4:33:6a:5c:d8:8d:7e:63:90:9f:b2:56:0e:88:64:55:
         bb:c8:e6:ec:00:7a:94:ec:17:17:e8:8d:5d:f6:f9:87:14:82:
         10:65:33:23:6f:45:42:5d:6e:50:a5:cd:29:2b:e7:5c:dc:3b:
         c2:f8:df:38:66:d7:d6:7e:33:16:c0:cb:05:6c:70:4b:b5:c9:
         54:ae:05:51:ed:af:99:27:b4:89:10:50:41:60:d8:54:b2:f0:
         71:46:f4:30:0b:af:15:d3:95:d5:1d:b2:00:65:f2:cd:72:6c:
         ed:f4:aa:c1:9e:9c:ff:ba:52:d1:2c:ca:a8:6f:54:a1:5f:5f:
         6c:ff:68:85:01:84:60:7c:3f:2a:6e:5d:18:f8:0e:b9:ad:4e:
         19:f2:88:ae
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZaMRPDpjI52/EPiBjsewciWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZGE1YmFhMDU4YzQwOTU2NWZmMmFjODc2YTIyZWU2Mzc3
YjUwM2IwHhcNMjUwNTAxMTQzNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjkyYTE1MWUwYzAxYmYzMGU3NTZlNThkMzYyNWUzMjI1YTE0M2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRo5YJSLEOflwvzNrZfu9YSmIGzb
8s0j7NBwRlNcnqXxKJ9tuGWXqyQJF0PASOzZL1SmWzDCzsI1wzdXn2xTh5FsZo5H
VbGcQe6LaflzLNA8AoRyc7xDPLqHNMB6Mceffz/87HxVE5JQEU0Ye85JCOuVrCQZ
0kMKq1rM7Lu99DY+UGBW31DP1ucB5lfRzFCvoMZjakYMl0RLN0K8void2wjxv22u
+2xNK7etc0y5oIg2znQF7MA32njESQ0lAQw3NuEJxCUtXlPRGI8SKY0u1R3TO66y
EGmi/oisEvyuKrRrtbpb+iUhw9gJkEfDX8Mg8Qem1EN8y6WkQCOdA+RrKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNKSoVHgwBvzDnVuWNNiXjIloUPnMB8GA1UdIwQY
MBaAFDraW6oFjECVZf8qyHaiLuY3e1A7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RwYnFnV01RSlZsX3lySWRxSXU1amQ3VURzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lNjYzZGQtM2Y4Zi00ZWFkLWI0Yzkt
OWMxYjJhZDU1OWFiLzEvMHBLaFVlREFHX01PZFc1WTAySmVNaVdoUS1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lNjYzZGQtM2Y4Zi00ZWFkLWI0YzktOWMxYjJhZDU1OWFi
LzEvT3RwYnFnV01RSlZsX3lySWRxSXU1amQ3VURzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCWk
MA0GCSqGSIb3DQEBCwUAA4IBAQB8ZigIeZyQOvnHmcg4SGYIxw7oNzEsuO4CnC6C
j6aQrvFbiXpnMcNpKb64o6qKRwOzPrQpE1PzNOvd1fDVp/VwgPkty8sO99Ex6QI6
vCrSSubzhx3JdWK2L6NFkprq1+rRtpVi58Hxo+TjmlcQYdQzalzYjX5jkJ+yVg6I
ZFW7yObsAHqU7BcX6I1d9vmHFIIQZTMjb0VCXW5Qpc0pK+dc3DvC+N84ZtfWfjMW
wMsFbHBLtclUrgVR7a+ZJ7SJEFBBYNhUsvBxRvQwC68V05XVHbIAZfLNcmzt9KrB
npz/ulLRLMqob1ShX19s/2iFAYRgfD8qbl0Y+A65rU4Z8oiu
-----END CERTIFICATE-----