Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/1e06be-4511-45fc-8949-7431d689a8e8/1/yLtjzto1Tw0b7DlDBQrKX87uiq0.roa
File:                     yLtjzto1Tw0b7DlDBQrKX87uiq0.roa (raw, json)
Hash identifier:          qEZ4slqleS/pMqHZqm26TIAeJ329Oueymvehs7DZe3Q=
Subject key identifier:   C8:BB:63:CE:DA:35:4F:0D:1B:EC:39:43:05:0A:CA:5F:CE:EE:8A:AD
Certificate issuer:       /CN=7657211f8a66561b5770ff19b471aef511e83778
Certificate serial:       01971247580FD7EC76FCE7EBA8BAE3830006
Authority key identifier: 76:57:21:1F:8A:66:56:1B:57:70:FF:19:B4:71:AE:F5:11:E8:37:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dlchH4pmVhtXcP8ZtHGu9RHoN3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/1e06be-4511-45fc-8949-7431d689a8e8/1/yLtjzto1Tw0b7DlDBQrKX87uiq0.roa
Signing time:             Tue 27 May 2025 15:05:54 +0000
ROA not before:           Tue 27 May 2025 15:05:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34872
IP address blocks:        2001:67c:e8c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/1e06be-4511-45fc-8949-7431d689a8e8/1/dlchH4pmVhtXcP8ZtHGu9RHoN3g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/1e06be-4511-45fc-8949-7431d689a8e8/1/dlchH4pmVhtXcP8ZtHGu9RHoN3g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dlchH4pmVhtXcP8ZtHGu9RHoN3g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:12:47:58:0f:d7:ec:76:fc:e7:eb:a8:ba:e3:83:00:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7657211f8a66561b5770ff19b471aef511e83778
        Validity
            Not Before: May 27 15:05:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8bb63ceda354f0d1bec3943050aca5fceee8aad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:cf:8a:45:9f:06:f1:48:47:5e:9c:8a:6b:7b:
                    79:35:db:08:b3:7a:87:93:9a:00:12:c4:30:95:17:
                    57:ae:fb:e4:82:83:3d:a1:80:2c:86:8f:c8:07:04:
                    18:9a:e2:8e:66:4c:19:a0:08:de:11:38:d3:3d:90:
                    fd:36:97:cc:5b:a3:41:2b:be:3f:21:fd:4b:7b:f8:
                    cc:5c:a2:21:89:e2:7f:f1:8b:02:88:4b:00:45:8f:
                    4a:70:87:bd:da:ec:aa:1f:76:ae:ed:d6:1f:83:0e:
                    6f:56:7b:1d:96:c3:75:ad:14:1b:a2:f2:e0:af:6e:
                    0f:cb:31:cc:05:2c:81:c3:d5:d0:29:85:ce:d6:d5:
                    e5:92:b4:8a:a0:94:25:15:1b:19:d8:49:2b:e3:16:
                    01:1a:cf:50:87:cf:ee:05:17:3d:c4:28:b0:f4:95:
                    66:c2:c4:50:c4:3a:36:e2:52:76:66:e5:53:ee:1c:
                    50:97:84:0b:56:73:f7:cb:08:cd:1e:fe:d8:98:22:
                    8b:74:1a:51:82:94:ee:f8:82:cf:30:f4:24:14:4f:
                    d0:87:38:78:5e:31:c9:64:da:be:5a:9f:9d:9f:e2:
                    c3:5d:0e:79:cb:e1:28:e6:2c:3a:88:61:a9:76:39:
                    4b:eb:7f:b9:14:b9:92:45:02:e5:d9:f6:73:e2:35:
                    c8:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:BB:63:CE:DA:35:4F:0D:1B:EC:39:43:05:0A:CA:5F:CE:EE:8A:AD
            X509v3 Authority Key Identifier:
                keyid:76:57:21:1F:8A:66:56:1B:57:70:FF:19:B4:71:AE:F5:11:E8:37:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dlchH4pmVhtXcP8ZtHGu9RHoN3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1e06be-4511-45fc-8949-7431d689a8e8/1/yLtjzto1Tw0b7DlDBQrKX87uiq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1e06be-4511-45fc-8949-7431d689a8e8/1/dlchH4pmVhtXcP8ZtHGu9RHoN3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e8c::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:ae:30:42:da:4f:cd:3b:87:15:96:31:7a:0c:34:3a:e9:67:
         da:27:77:a7:d2:d8:ae:6b:c4:c2:24:79:d0:d5:3d:36:06:50:
         1c:68:36:27:30:81:10:31:a1:07:f6:e3:d1:51:ac:a7:80:ed:
         7d:da:84:3b:6d:66:6b:7a:53:04:d7:02:39:39:9f:f7:f5:1c:
         0c:29:fb:81:ba:f1:eb:22:82:24:3f:42:0b:27:0a:d4:21:41:
         f9:0b:a3:18:49:73:a6:41:d0:0b:cc:7c:4e:8c:31:e2:c3:48:
         a5:85:a9:a8:39:8f:9b:b3:6c:c7:23:14:ff:22:c0:f5:db:42:
         31:f1:ba:8d:69:5a:be:58:e4:9b:81:77:e9:b6:4e:d5:31:d3:
         3d:b9:67:c9:30:92:33:e6:4f:69:ef:92:21:33:c6:c2:b6:87:
         80:6f:8a:df:3a:1f:54:a0:8b:83:60:73:62:3d:1d:91:0c:94:
         6f:16:ba:f9:10:d3:b2:20:85:52:71:57:de:e1:cc:72:d5:a5:
         f4:32:71:f9:47:b1:b4:0a:4a:a5:7d:a5:92:4c:04:42:14:df:
         f5:74:85:c5:a8:86:ce:52:61:b6:cb:17:76:61:b6:f3:29:e4:
         90:ff:95:a3:17:96:93:7a:a2:11:83:fa:c3:73:05:ff:34:01:
         bf:82:18:ab
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZcSR1gP1+x2/OfrqLrjgwAGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NTcyMTFmOGE2NjU2MWI1NzcwZmYxOWI0NzFhZWY1MTFl
ODM3NzgwHhcNMjUwNTI3MTUwNTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGJiNjNjZWRhMzU0ZjBkMWJlYzM5NDMwNTBhY2E1ZmNlZWU4YWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1M+KRZ8G8UhHXpyKa3t5NdsIs3qH
k5oAEsQwlRdXrvvkgoM9oYAsho/IBwQYmuKOZkwZoAjeETjTPZD9NpfMW6NBK74/
If1Le/jMXKIhieJ/8YsCiEsARY9KcIe92uyqH3au7dYfgw5vVnsdlsN1rRQbovLg
r24PyzHMBSyBw9XQKYXO1tXlkrSKoJQlFRsZ2Ekr4xYBGs9Qh8/uBRc9xCiw9JVm
wsRQxDo24lJ2ZuVT7hxQl4QLVnP3ywjNHv7YmCKLdBpRgpTu+ILPMPQkFE/Qhzh4
XjHJZNq+Wp+dn+LDXQ55y+Eo5iw6iGGpdjlL63+5FLmSRQLl2fZz4jXIswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMi7Y87aNU8NG+w5QwUKyl/O7oqtMB8GA1UdIwQY
MBaAFHZXIR+KZlYbV3D/GbRxrvUR6Dd4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGxjaEg0cG1WaHRYY1A4WnRIR3U5UkhvTjNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8xZTA2YmUtNDUxMS00NWZjLTg5NDkt
NzQzMWQ2ODlhOGU4LzEveUx0anp0bzFUdzBiN0RsREJRcktYODd1aXEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8xZTA2YmUtNDUxMS00NWZjLTg5NDktNzQzMWQ2ODlhOGU4
LzEvZGxjaEg0cG1WaHRYY1A4WnRIR3U5UkhvTjNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA6M
MA0GCSqGSIb3DQEBCwUAA4IBAQCOrjBC2k/NO4cVljF6DDQ66WfaJ3en0tiua8TC
JHnQ1T02BlAcaDYnMIEQMaEH9uPRUayngO192oQ7bWZrelME1wI5OZ/39RwMKfuB
uvHrIoIkP0ILJwrUIUH5C6MYSXOmQdALzHxOjDHiw0ilhamoOY+bs2zHIxT/IsD1
20Ix8bqNaVq+WOSbgXfptk7VMdM9uWfJMJIz5k9p75IhM8bCtoeAb4rfOh9UoIuD
YHNiPR2RDJRvFrr5ENOyIIVScVfe4cxy1aX0MnH5R7G0CkqlfaWSTARCFN/1dIXF
qIbOUmG2yxd2YbbzKeSQ/5WjF5aTeqIRg/rDcwX/NAG/ghir
-----END CERTIFICATE-----