Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a00090-6663-46a1-a5fb-661e8fe3c1e9/1/DS8Rbt69Y278qge_4Hmc5o4yuwU.roa
File:                     DS8Rbt69Y278qge_4Hmc5o4yuwU.roa (raw, json)
Hash identifier:          tTLyP2JhBCp2p2WsUyjl7JOVm5G5UBP2M/82U2+yJ6c=
Subject key identifier:   0D:2F:11:6E:DE:BD:63:6E:FC:AA:07:BF:E0:79:9C:E6:8E:32:BB:05
Certificate issuer:       /CN=2682c816f72686ff7aede53538618cc2e8861039
Certificate serial:       01941F8C94891CB5798B5FDB8D3E888CF23B
Authority key identifier: 26:82:C8:16:F7:26:86:FF:7A:ED:E5:35:38:61:8C:C2:E8:86:10:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JoLIFvcmhv967eU1OGGMwuiGEDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/a00090-6663-46a1-a5fb-661e8fe3c1e9/1/DS8Rbt69Y278qge_4Hmc5o4yuwU.roa
Signing time:             Wed 01 Jan 2025 01:48:14 +0000
ROA not before:           Wed 01 Jan 2025 01:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47147
IP address blocks:        2001:67c:2850::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/a00090-6663-46a1-a5fb-661e8fe3c1e9/1/JoLIFvcmhv967eU1OGGMwuiGEDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/a00090-6663-46a1-a5fb-661e8fe3c1e9/1/JoLIFvcmhv967eU1OGGMwuiGEDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JoLIFvcmhv967eU1OGGMwuiGEDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 22:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:94:89:1c:b5:79:8b:5f:db:8d:3e:88:8c:f2:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2682c816f72686ff7aede53538618cc2e8861039
        Validity
            Not Before: Jan  1 01:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d2f116edebd636efcaa07bfe0799ce68e32bb05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:73:5d:e3:18:a2:50:ba:ff:c9:39:7e:69:e6:
                    21:52:46:0a:e8:fd:2b:26:38:0e:f1:b4:91:66:9f:
                    f9:8f:18:ed:e9:92:b6:f7:25:35:21:fb:ff:3b:15:
                    b0:2f:7b:85:66:ec:54:2c:56:46:39:18:cd:78:93:
                    65:d9:4f:b9:94:1c:3e:bc:b3:3f:13:5d:d9:54:06:
                    d1:b4:e1:9d:19:23:f3:4f:a7:32:74:b6:6d:48:01:
                    7c:c0:0d:5b:54:80:8a:03:97:31:ad:36:c5:71:64:
                    ad:50:fb:bc:ba:a6:d4:2d:e6:ac:fe:5d:55:ae:b0:
                    c5:b4:48:9e:0d:93:23:5b:f9:43:1a:51:2a:80:b1:
                    dc:84:7e:f6:53:32:6e:92:75:ec:39:69:53:f6:78:
                    bb:bb:64:e0:34:33:ca:8b:54:2d:14:3c:93:78:92:
                    ae:be:c0:ac:46:45:42:aa:a5:9b:dd:a3:e1:8e:8a:
                    1e:14:02:38:64:83:6a:bd:f3:b0:e4:a3:6e:05:c6:
                    dd:80:3f:17:9d:39:de:e2:92:b4:18:37:ca:df:ab:
                    7c:e9:05:ae:d3:ef:64:cc:83:81:3a:bf:38:9e:02:
                    e3:c7:93:b2:2a:6a:12:24:cd:81:24:af:48:e4:cb:
                    f3:86:06:e9:2d:98:a1:41:7f:77:01:fd:79:84:0c:
                    af:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:2F:11:6E:DE:BD:63:6E:FC:AA:07:BF:E0:79:9C:E6:8E:32:BB:05
            X509v3 Authority Key Identifier:
                keyid:26:82:C8:16:F7:26:86:FF:7A:ED:E5:35:38:61:8C:C2:E8:86:10:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JoLIFvcmhv967eU1OGGMwuiGEDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a00090-6663-46a1-a5fb-661e8fe3c1e9/1/DS8Rbt69Y278qge_4Hmc5o4yuwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a00090-6663-46a1-a5fb-661e8fe3c1e9/1/JoLIFvcmhv967eU1OGGMwuiGEDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2850::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:65:fa:47:4d:fe:b4:f6:32:8f:b1:54:30:03:10:2e:30:83:
         0e:c7:eb:dd:dd:b0:d8:5a:be:2c:14:b0:02:8a:06:00:f6:bf:
         13:1c:e2:58:5f:40:b5:72:8a:d2:b8:17:f0:d6:4c:ad:c0:31:
         0c:21:66:0f:17:05:40:a7:7a:6c:16:c7:68:a9:9d:17:ce:6c:
         48:36:da:2e:04:ba:5f:ac:1f:44:80:1d:64:a6:9e:c9:74:93:
         c5:2a:9f:f6:a8:95:04:7f:cb:01:bd:ff:99:c4:16:13:7d:04:
         5c:f4:f7:67:c4:9c:f2:07:52:0e:05:3c:ca:f0:2f:8e:e5:d9:
         b3:99:93:e9:1c:fd:cf:c6:63:b3:aa:24:a5:06:65:a6:62:44:
         cd:cf:65:ac:8a:03:57:5e:f6:72:71:95:08:80:2f:a8:01:27:
         3c:d6:d1:ea:d4:a7:ae:c1:87:ad:f1:87:ba:a3:35:02:be:d0:
         2d:87:97:b6:68:7e:57:b3:5d:62:3c:ab:a3:06:fe:1f:53:55:
         10:60:6b:2d:8d:a9:1f:37:f3:18:04:c8:5d:7e:3e:fe:b9:02:
         47:26:e3:b5:81:59:9f:10:a3:a1:a1:93:4f:5b:25:3b:e0:b1:
         b0:09:7d:0d:57:b6:45:c5:85:f0:27:b7:27:61:24:ba:ed:14:
         e1:1e:2a:c0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjJSJHLV5i1/bjT6IjPI7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2ODJjODE2ZjcyNjg2ZmY3YWVkZTUzNTM4NjE4Y2MyZTg4
NjEwMzkwHhcNMjUwMTAxMDE0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDJmMTE2ZWRlYmQ2MzZlZmNhYTA3YmZlMDc5OWNlNjhlMzJiYjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXNd4xiiULr/yTl+aeYhUkYK6P0r
JjgO8bSRZp/5jxjt6ZK29yU1Ifv/OxWwL3uFZuxULFZGORjNeJNl2U+5lBw+vLM/
E13ZVAbRtOGdGSPzT6cydLZtSAF8wA1bVICKA5cxrTbFcWStUPu8uqbULeas/l1V
rrDFtEieDZMjW/lDGlEqgLHchH72UzJuknXsOWlT9ni7u2TgNDPKi1QtFDyTeJKu
vsCsRkVCqqWb3aPhjooeFAI4ZINqvfOw5KNuBcbdgD8XnTne4pK0GDfK36t86QWu
0+9kzIOBOr84ngLjx5OyKmoSJM2BJK9I5MvzhgbpLZihQX93Af15hAyvAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA0vEW7evWNu/KoHv+B5nOaOMrsFMB8GA1UdIwQY
MBaAFCaCyBb3Job/eu3lNThhjMLohhA5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm9MSUZ2Y21odjk2N2VVMU9HR013dWlHRURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hMDAwOTAtNjY2My00NmExLWE1ZmIt
NjYxZThmZTNjMWU5LzEvRFM4UmJ0NjlZMjc4cWdlXzRIbWM1bzR5dXdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hMDAwOTAtNjY2My00NmExLWE1ZmItNjYxZThmZTNjMWU5
LzEvSm9MSUZ2Y21odjk2N2VVMU9HR013dWlHRURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfChQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB+ZfpHTf609jKPsVQwAxAuMIMOx+vd3bDYWr4s
FLACigYA9r8THOJYX0C1corSuBfw1kytwDEMIWYPFwVAp3psFsdoqZ0XzmxINtou
BLpfrB9EgB1kpp7JdJPFKp/2qJUEf8sBvf+ZxBYTfQRc9PdnxJzyB1IOBTzK8C+O
5dmzmZPpHP3PxmOzqiSlBmWmYkTNz2WsigNXXvZycZUIgC+oASc81tHq1KeuwYet
8Ye6ozUCvtAth5e2aH5Xs11iPKujBv4fU1UQYGstjakfN/MYBMhdfj7+uQJHJuO1
gVmfEKOhoZNPWyU74LGwCX0NV7ZFxYXwJ7cnYSS67RThHirA
-----END CERTIFICATE-----