Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/777746-fbef-4e58-afdf-b551e49435a2/1/LDFoqWoquL9wTVn9saN9JZc4auE.roa
File:                     LDFoqWoquL9wTVn9saN9JZc4auE.roa (raw, json)
Hash identifier:          YdwrX0/CFiNvv9tuZOtWWVIYa8NZD1PSP+bR1o1/Vn8=
Subject key identifier:   2C:31:68:A9:6A:2A:B8:BF:70:4D:59:FD:B1:A3:7D:25:97:38:6A:E1
Certificate issuer:       /CN=6b19d1bcac752312ec4de6f5bd39acce32ab6bd6
Certificate serial:       01942444CE6B51A74EC03621B78E0F5FF376
Authority key identifier: 6B:19:D1:BC:AC:75:23:12:EC:4D:E6:F5:BD:39:AC:CE:32:AB:6B:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/axnRvKx1IxLsTeb1vTmszjKra9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/777746-fbef-4e58-afdf-b551e49435a2/1/LDFoqWoquL9wTVn9saN9JZc4auE.roa
Signing time:             Wed 01 Jan 2025 23:47:56 +0000
ROA not before:           Wed 01 Jan 2025 23:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60918
IP address blocks:        2001:67c:1720::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/777746-fbef-4e58-afdf-b551e49435a2/1/axnRvKx1IxLsTeb1vTmszjKra9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/777746-fbef-4e58-afdf-b551e49435a2/1/axnRvKx1IxLsTeb1vTmszjKra9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/axnRvKx1IxLsTeb1vTmszjKra9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:ce:6b:51:a7:4e:c0:36:21:b7:8e:0f:5f:f3:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b19d1bcac752312ec4de6f5bd39acce32ab6bd6
        Validity
            Not Before: Jan  1 23:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c3168a96a2ab8bf704d59fdb1a37d2597386ae1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:31:e1:19:31:72:77:aa:1f:42:7e:ce:42:63:
                    66:0f:b1:96:a2:6e:cc:e2:f2:79:dc:20:16:c0:de:
                    5d:05:4b:f1:4a:93:5b:43:8e:c6:73:a3:88:b0:0e:
                    81:44:32:20:76:6d:7a:8c:d8:30:ff:ae:67:4f:9d:
                    d4:6b:51:63:6a:95:c1:48:06:ef:7d:42:91:ec:13:
                    89:02:36:b0:df:36:00:c1:47:56:b3:a2:3b:d9:42:
                    82:f1:de:9b:72:48:68:bb:33:00:6b:28:a1:07:c4:
                    11:d8:d5:f5:54:81:9e:6b:f9:f4:eb:6c:a3:43:ac:
                    2c:c8:f2:de:f8:25:95:44:90:b2:6a:09:d9:5d:4a:
                    e9:50:b2:c3:77:02:7b:91:91:1e:3a:9e:5e:5a:38:
                    4b:d5:34:3d:b3:05:8d:d8:ee:3f:c2:d1:22:f3:ad:
                    88:86:46:ad:1c:e2:79:2a:2d:af:f9:a1:0c:c3:70:
                    3e:5c:0f:cc:46:15:30:2a:f3:bc:b7:50:67:37:27:
                    bd:9f:63:cd:d5:78:97:fb:63:b9:e2:37:1e:84:65:
                    40:de:35:ee:c9:2e:19:c2:93:aa:a7:9a:8d:f6:42:
                    52:5b:2f:ba:18:e7:9c:7a:06:76:74:d4:85:32:ba:
                    8b:69:c4:e7:49:c3:2d:d0:2a:a2:70:5e:3d:23:fe:
                    28:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:31:68:A9:6A:2A:B8:BF:70:4D:59:FD:B1:A3:7D:25:97:38:6A:E1
            X509v3 Authority Key Identifier:
                keyid:6B:19:D1:BC:AC:75:23:12:EC:4D:E6:F5:BD:39:AC:CE:32:AB:6B:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/axnRvKx1IxLsTeb1vTmszjKra9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/777746-fbef-4e58-afdf-b551e49435a2/1/LDFoqWoquL9wTVn9saN9JZc4auE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/777746-fbef-4e58-afdf-b551e49435a2/1/axnRvKx1IxLsTeb1vTmszjKra9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1720::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:b2:d4:a9:42:52:7c:0b:df:ae:38:15:27:be:df:ad:da:99:
         e2:90:ec:41:99:81:e5:f4:70:18:04:30:6a:ec:97:df:09:69:
         b1:b9:1a:f4:9e:8d:78:8e:64:46:58:68:61:11:54:00:da:64:
         73:d4:d7:7d:34:b6:33:37:78:2f:b8:92:c3:ef:d5:86:fa:5d:
         0c:c5:20:fa:63:73:a9:e7:eb:dd:6f:67:03:c7:0d:6f:48:3c:
         59:ab:35:a2:95:5c:bd:d7:21:c3:06:16:38:db:c9:6b:6a:22:
         a3:c4:c3:91:99:e6:49:a7:fa:67:e7:b1:22:f4:a2:1a:76:9c:
         cb:b9:70:d5:0c:6a:b2:4e:8c:14:8f:4e:49:eb:c2:7f:63:65:
         ed:c6:c7:bd:bc:51:0b:ca:18:ba:88:21:6c:23:ce:bc:44:b4:
         e2:03:3a:c0:da:d2:c3:5a:99:d6:9a:35:a6:ee:7c:83:74:dc:
         f7:30:3f:63:a3:c7:df:08:39:5c:ac:4e:75:60:5a:8f:b7:02:
         dc:06:6e:e5:4a:91:62:12:09:f8:bd:89:97:30:9d:e3:5c:3d:
         7c:a7:8a:3b:04:eb:d5:2c:8f:c6:78:08:8e:6b:0f:9a:aa:b3:
         43:82:00:af:4d:23:c9:ed:24:62:22:fe:b6:91:0d:2c:46:ff:
         e7:bc:ca:a1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQkRM5rUadOwDYht44PX/N2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMTlkMWJjYWM3NTIzMTJlYzRkZTZmNWJkMzlhY2NlMzJh
YjZiZDYwHhcNMjUwMTAxMjM0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzMxNjhhOTZhMmFiOGJmNzA0ZDU5ZmRiMWEzN2QyNTk3Mzg2YWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDHhGTFyd6ofQn7OQmNmD7GWom7M
4vJ53CAWwN5dBUvxSpNbQ47Gc6OIsA6BRDIgdm16jNgw/65nT53Ua1FjapXBSAbv
fUKR7BOJAjaw3zYAwUdWs6I72UKC8d6bckhouzMAayihB8QR2NX1VIGea/n062yj
Q6wsyPLe+CWVRJCyagnZXUrpULLDdwJ7kZEeOp5eWjhL1TQ9swWN2O4/wtEi862I
hkatHOJ5Ki2v+aEMw3A+XA/MRhUwKvO8t1BnNye9n2PN1XiX+2O54jcehGVA3jXu
yS4ZwpOqp5qN9kJSWy+6GOecegZ2dNSFMrqLacTnScMt0CqicF49I/4okQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCwxaKlqKri/cE1Z/bGjfSWXOGrhMB8GA1UdIwQY
MBaAFGsZ0bysdSMS7E3m9b05rM4yq2vWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXhuUnZLeDFJeExzVGViMXZUbXN6aktyYTlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC83Nzc3NDYtZmJlZi00ZTU4LWFmZGYt
YjU1MWU0OTQzNWEyLzEvTERGb3FXb3F1TDl3VFZuOXNhTjlKWmM0YXVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC83Nzc3NDYtZmJlZi00ZTU4LWFmZGYtYjU1MWU0OTQzNWEy
LzEvYXhuUnZLeDFJeExzVGViMXZUbXN6aktyYTlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBcg
MA0GCSqGSIb3DQEBCwUAA4IBAQAcstSpQlJ8C9+uOBUnvt+t2pnikOxBmYHl9HAY
BDBq7JffCWmxuRr0no14jmRGWGhhEVQA2mRz1Nd9NLYzN3gvuJLD79WG+l0MxSD6
Y3Op5+vdb2cDxw1vSDxZqzWilVy91yHDBhY428lraiKjxMORmeZJp/pn57Ei9KIa
dpzLuXDVDGqyTowUj05J68J/Y2Xtxse9vFELyhi6iCFsI868RLTiAzrA2tLDWpnW
mjWm7nyDdNz3MD9jo8ffCDlcrE51YFqPtwLcBm7lSpFiEgn4vYmXMJ3jXD18p4o7
BOvVLI/GeAiOaw+aqrNDggCvTSPJ7SRiIv62kQ0sRv/nvMqh
-----END CERTIFICATE-----