Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/bff1c3-0084-42bb-bcf7-2cb8877fd970/1/Jiow1t-Pk1ZOtI6Aqeh1RaSW3p4.roa
File:                     Jiow1t-Pk1ZOtI6Aqeh1RaSW3p4.roa (raw, json)
Hash identifier:          DYR6jlP51Fl43ZL0B6qnJrGHJROyqbTA9KSRORts0Uo=
Subject key identifier:   26:2A:30:D6:DF:8F:93:56:4E:B4:8E:80:A9:E8:75:45:A4:96:DE:9E
Certificate issuer:       /CN=b7510b651bfbdf09c8486a8136200005befb497d
Certificate serial:       019420D5BABA86937FB94069F8BDCFB39D94
Authority key identifier: B7:51:0B:65:1B:FB:DF:09:C8:48:6A:81:36:20:00:05:BE:FB:49:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t1ELZRv73wnISGqBNiAABb77SX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/bff1c3-0084-42bb-bcf7-2cb8877fd970/1/Jiow1t-Pk1ZOtI6Aqeh1RaSW3p4.roa
Signing time:             Wed 01 Jan 2025 07:47:45 +0000
ROA not before:           Wed 01 Jan 2025 07:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56997
IP address blocks:        2001:67c:a00::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/bff1c3-0084-42bb-bcf7-2cb8877fd970/1/t1ELZRv73wnISGqBNiAABb77SX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/bff1c3-0084-42bb-bcf7-2cb8877fd970/1/t1ELZRv73wnISGqBNiAABb77SX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t1ELZRv73wnISGqBNiAABb77SX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 10:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ba:ba:86:93:7f:b9:40:69:f8:bd:cf:b3:9d:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7510b651bfbdf09c8486a8136200005befb497d
        Validity
            Not Before: Jan  1 07:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=262a30d6df8f93564eb48e80a9e87545a496de9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:a4:e1:06:12:75:b7:70:1f:22:42:a5:7c:9c:
                    97:83:f1:61:c9:18:d6:f3:8d:64:d0:bf:2b:8e:0f:
                    53:d2:7e:19:42:d2:83:ac:78:11:8e:ce:35:da:5f:
                    86:b2:91:77:3c:d7:3f:2a:8b:c2:72:65:91:dc:5f:
                    0f:a0:04:ad:17:81:42:10:e3:5f:ef:d4:d1:e2:b4:
                    26:bc:d2:69:ce:8a:0d:4b:86:0d:7d:23:52:56:3f:
                    4e:5c:be:e3:fa:08:f9:45:d0:d6:56:25:68:bc:5a:
                    62:8b:e1:49:b9:30:31:c1:37:02:a1:d0:fb:4f:83:
                    24:52:98:98:6b:e9:4d:fe:aa:0e:6f:3a:54:6b:ee:
                    ba:af:c2:4a:cd:60:be:07:f0:9a:fa:0c:3b:ef:b5:
                    62:64:c1:2a:98:de:a6:3f:f3:f7:48:94:50:ce:c4:
                    82:51:cd:51:83:cd:0f:3d:ca:33:fc:52:5f:b1:26:
                    1f:d6:63:88:8a:57:6b:06:fd:39:95:88:9e:d3:ff:
                    b3:05:66:0b:82:ee:22:f5:df:52:cd:3e:b4:5e:24:
                    fc:31:50:a5:06:64:d4:e1:f5:da:c5:d9:bf:5f:7e:
                    86:e7:14:ec:b0:e2:ca:be:80:60:e1:c1:22:de:a7:
                    5a:f8:b0:3f:ee:0a:e5:be:48:3b:35:ad:30:cc:9a:
                    e0:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:2A:30:D6:DF:8F:93:56:4E:B4:8E:80:A9:E8:75:45:A4:96:DE:9E
            X509v3 Authority Key Identifier:
                keyid:B7:51:0B:65:1B:FB:DF:09:C8:48:6A:81:36:20:00:05:BE:FB:49:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t1ELZRv73wnISGqBNiAABb77SX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/bff1c3-0084-42bb-bcf7-2cb8877fd970/1/Jiow1t-Pk1ZOtI6Aqeh1RaSW3p4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/bff1c3-0084-42bb-bcf7-2cb8877fd970/1/t1ELZRv73wnISGqBNiAABb77SX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:a00::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:89:91:c8:90:f1:a8:49:0e:94:fa:13:88:2e:2a:8e:6e:cd:
         ac:6c:92:5d:1c:71:93:b5:12:6e:69:de:af:85:ee:b5:1c:59:
         b4:55:9c:d7:17:2a:dc:ed:e3:c6:18:a8:01:38:a3:9b:38:8a:
         8e:fa:36:ba:b3:41:88:6d:1d:c6:b1:57:ca:3c:9c:81:67:ff:
         e0:f4:ae:7f:41:02:94:5e:b7:30:fe:0d:30:e4:66:82:ec:ca:
         74:be:60:1d:5c:e2:f3:17:df:78:c6:99:51:1f:f7:e0:7d:b2:
         19:af:d7:b1:a6:0d:d4:49:6b:6a:0b:48:ff:59:ca:20:a1:13:
         a2:49:6a:17:93:73:13:20:65:bc:3e:16:8a:b2:80:74:00:43:
         e8:a1:7d:f1:6f:d8:94:3a:26:fd:56:1b:d4:e2:8a:bc:05:df:
         bf:ac:6c:4b:c1:34:63:3e:2b:94:16:dd:64:2c:02:9e:28:7c:
         ab:d7:8b:d3:86:6c:02:1b:33:1d:06:72:b3:31:91:52:e4:77:
         b3:66:47:8f:a0:1c:be:9a:95:a0:af:40:23:43:da:26:e9:32:
         b4:e8:5c:76:80:36:79:9a:59:f1:36:bb:6b:0b:a7:95:64:ff:
         e9:d2:a1:53:c0:15:90:8f:eb:e5:3d:2a:14:47:d6:ab:61:87:
         6e:88:15:e3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1bq6hpN/uUBp+L3Ps52UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NTEwYjY1MWJmYmRmMDljODQ4NmE4MTM2MjAwMDA1YmVm
YjQ5N2QwHhcNMjUwMTAxMDc0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjJhMzBkNmRmOGY5MzU2NGViNDhlODBhOWU4NzU0NWE0OTZkZTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3KThBhJ1t3AfIkKlfJyXg/FhyRjW
841k0L8rjg9T0n4ZQtKDrHgRjs412l+GspF3PNc/KovCcmWR3F8PoAStF4FCEONf
79TR4rQmvNJpzooNS4YNfSNSVj9OXL7j+gj5RdDWViVovFpii+FJuTAxwTcCodD7
T4MkUpiYa+lN/qoObzpUa+66r8JKzWC+B/Ca+gw777ViZMEqmN6mP/P3SJRQzsSC
Uc1Rg80PPcoz/FJfsSYf1mOIildrBv05lYie0/+zBWYLgu4i9d9SzT60XiT8MVCl
BmTU4fXaxdm/X36G5xTssOLKvoBg4cEi3qda+LA/7grlvkg7Na0wzJrgaQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCYqMNbfj5NWTrSOgKnodUWklt6eMB8GA1UdIwQY
MBaAFLdRC2Ub+98JyEhqgTYgAAW++0l9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDFFTFpSdjczd25JU0dxQk5pQUFCYjc3U1gwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9iZmYxYzMtMDA4NC00MmJiLWJjZjct
MmNiODg3N2ZkOTcwLzEvSmlvdzF0LVBrMVpPdEk2QXFlaDFSYVNXM3A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9iZmYxYzMtMDA4NC00MmJiLWJjZjctMmNiODg3N2ZkOTcw
LzEvdDFFTFpSdjczd25JU0dxQk5pQUFCYjc3U1gwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAoA
MA0GCSqGSIb3DQEBCwUAA4IBAQBSiZHIkPGoSQ6U+hOILiqObs2sbJJdHHGTtRJu
ad6vhe61HFm0VZzXFyrc7ePGGKgBOKObOIqO+ja6s0GIbR3GsVfKPJyBZ//g9K5/
QQKUXrcw/g0w5GaC7Mp0vmAdXOLzF994xplRH/fgfbIZr9expg3USWtqC0j/Wcog
oROiSWoXk3MTIGW8PhaKsoB0AEPooX3xb9iUOib9VhvU4oq8Bd+/rGxLwTRjPiuU
Ft1kLAKeKHyr14vThmwCGzMdBnKzMZFS5HezZkePoBy+mpWgr0AjQ9om6TK06Fx2
gDZ5mlnxNrtrC6eVZP/p0qFTwBWQj+vlPSoUR9arYYduiBXj
-----END CERTIFICATE-----