Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/77f977-015b-4caf-893f-0504e111a3b8/1/2muVnH1_oI_9ztpeyJIqq88lM1c.roa
File:                     2muVnH1_oI_9ztpeyJIqq88lM1c.roa (raw, json)
Hash identifier:          UznFOVn685h5ihMi8FItxWdR/wWRBKXy+8YPxE2cn9c=
Subject key identifier:   DA:6B:95:9C:7D:7F:A0:8F:FD:CE:DA:5E:C8:92:2A:AB:CF:25:33:57
Certificate issuer:       /CN=29375c9c00b1529d551ee7e28c6070ab43a2fe76
Certificate serial:       0194252181A96AB7C317245EBD48E9307AC5
Authority key identifier: 29:37:5C:9C:00:B1:52:9D:55:1E:E7:E2:8C:60:70:AB:43:A2:FE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KTdcnACxUp1VHufijGBwq0Oi_nY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/77f977-015b-4caf-893f-0504e111a3b8/1/2muVnH1_oI_9ztpeyJIqq88lM1c.roa
Signing time:             Thu 02 Jan 2025 03:49:00 +0000
ROA not before:           Thu 02 Jan 2025 03:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29014
IP address blocks:        2001:67c:2e78::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/77f977-015b-4caf-893f-0504e111a3b8/1/KTdcnACxUp1VHufijGBwq0Oi_nY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/77f977-015b-4caf-893f-0504e111a3b8/1/KTdcnACxUp1VHufijGBwq0Oi_nY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KTdcnACxUp1VHufijGBwq0Oi_nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:81:a9:6a:b7:c3:17:24:5e:bd:48:e9:30:7a:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29375c9c00b1529d551ee7e28c6070ab43a2fe76
        Validity
            Not Before: Jan  2 03:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da6b959c7d7fa08ffdceda5ec8922aabcf253357
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d7:7e:0b:24:5b:5c:c3:8b:8c:07:cb:eb:ef:
                    15:78:da:8a:12:08:a2:ac:e8:71:ea:f3:58:7f:b9:
                    db:b8:e8:e5:7b:07:c6:5b:d2:f3:10:d4:14:98:a7:
                    7f:ef:8e:73:34:c3:64:d5:9a:08:36:ac:71:6e:1f:
                    3b:c8:2d:9d:b2:66:1e:23:2b:93:be:c3:cb:ee:30:
                    a3:80:af:06:5f:66:79:63:36:03:75:bc:28:a7:ad:
                    8c:ca:fe:5c:b9:4c:e8:d1:71:e0:03:91:ef:6a:8b:
                    c2:54:dc:55:ed:c6:31:07:cb:e9:cd:54:b9:56:45:
                    b4:d9:ef:b5:c3:00:eb:6c:ef:b8:ef:e9:e6:52:04:
                    dd:71:88:f2:0d:6a:a5:44:7b:13:20:d4:d5:1d:a6:
                    e2:21:e6:29:00:d5:2e:65:e1:43:07:c7:74:f5:d0:
                    76:92:e1:b5:1a:1a:79:f4:64:83:f3:22:09:ef:62:
                    da:44:b0:72:f7:d0:74:1d:2d:4c:3a:17:8d:a3:c0:
                    5c:64:13:37:3d:53:8f:ff:fd:d5:eb:54:9f:65:1e:
                    5e:12:06:c0:41:53:e7:8b:c9:33:b0:8e:53:e6:fa:
                    ea:7a:4c:72:ec:b3:9e:97:ee:50:19:1d:3e:57:bf:
                    89:62:ef:8f:c1:4f:6e:37:ec:6f:a7:ba:88:32:1e:
                    26:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:6B:95:9C:7D:7F:A0:8F:FD:CE:DA:5E:C8:92:2A:AB:CF:25:33:57
            X509v3 Authority Key Identifier:
                keyid:29:37:5C:9C:00:B1:52:9D:55:1E:E7:E2:8C:60:70:AB:43:A2:FE:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KTdcnACxUp1VHufijGBwq0Oi_nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/77f977-015b-4caf-893f-0504e111a3b8/1/2muVnH1_oI_9ztpeyJIqq88lM1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/77f977-015b-4caf-893f-0504e111a3b8/1/KTdcnACxUp1VHufijGBwq0Oi_nY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2e78::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:b7:48:5c:c0:62:28:05:61:f9:63:66:c5:e5:2f:63:b1:0a:
         87:26:ba:51:d1:79:c7:02:17:64:df:59:1c:b7:44:0b:bd:29:
         d2:be:24:ed:42:e1:8b:d8:a0:16:e8:4f:9a:99:76:a8:23:67:
         cb:f4:e3:49:4c:b2:6e:6e:9e:71:a2:7b:8a:61:0f:28:8d:ac:
         ff:35:a1:da:88:01:78:9c:3f:91:1c:9f:7f:5a:1a:c8:72:67:
         62:06:6b:cb:74:e9:df:40:49:b5:bf:cf:a7:f3:ef:31:fc:b6:
         51:0c:c3:34:62:33:0a:91:9c:d2:5b:ea:52:5f:b7:11:b8:8d:
         5c:33:2b:a1:bc:70:e4:8e:8a:53:23:24:2c:27:b1:ec:fa:7f:
         a0:cf:07:39:89:46:1b:07:22:bf:2a:1f:55:d3:78:6c:c6:61:
         8d:30:b4:16:6d:ef:9e:65:56:be:53:cc:6f:80:b3:7f:7f:76:
         1f:c2:29:dd:90:42:bf:35:b3:e0:50:85:d2:e4:a3:cd:a8:ef:
         de:67:aa:9b:12:ee:00:52:1c:92:d3:3f:6f:65:2e:2e:bc:80:
         0c:76:51:6a:8c:ef:62:03:20:25:49:cd:70:f7:25:06:3c:c7:
         d2:da:1e:1e:83:ee:09:e9:9b:6d:a6:33:9a:01:4a:f0:d0:47:
         a6:ca:b1:c6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIYGparfDFyRevUjpMHrFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5Mzc1YzljMDBiMTUyOWQ1NTFlZTdlMjhjNjA3MGFiNDNh
MmZlNzYwHhcNMjUwMTAyMDM0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTZiOTU5YzdkN2ZhMDhmZmRjZWRhNWVjODkyMmFhYmNmMjUzMzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNd+CyRbXMOLjAfL6+8VeNqKEgii
rOhx6vNYf7nbuOjlewfGW9LzENQUmKd/745zNMNk1ZoINqxxbh87yC2dsmYeIyuT
vsPL7jCjgK8GX2Z5YzYDdbwop62Myv5cuUzo0XHgA5HvaovCVNxV7cYxB8vpzVS5
VkW02e+1wwDrbO+47+nmUgTdcYjyDWqlRHsTINTVHabiIeYpANUuZeFDB8d09dB2
kuG1Ghp59GSD8yIJ72LaRLBy99B0HS1MOheNo8BcZBM3PVOP//3V61SfZR5eEgbA
QVPni8kzsI5T5vrqekxy7LOel+5QGR0+V7+JYu+PwU9uN+xvp7qIMh4mVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNprlZx9f6CP/c7aXsiSKqvPJTNXMB8GA1UdIwQY
MBaAFCk3XJwAsVKdVR7n4oxgcKtDov52MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1RkY25BQ3hVcDFWSHVmaWpHQndxME9pX25ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy83N2Y5NzctMDE1Yi00Y2FmLTg5M2Yt
MDUwNGUxMTFhM2I4LzEvMm11Vm5IMV9vSV85enRwZXlKSXFxODhsTTFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy83N2Y5NzctMDE1Yi00Y2FmLTg5M2YtMDUwNGUxMTFhM2I4
LzEvS1RkY25BQ3hVcDFWSHVmaWpHQndxME9pX25ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC54
MA0GCSqGSIb3DQEBCwUAA4IBAQALt0hcwGIoBWH5Y2bF5S9jsQqHJrpR0XnHAhdk
31kct0QLvSnSviTtQuGL2KAW6E+amXaoI2fL9ONJTLJubp5xonuKYQ8ojaz/NaHa
iAF4nD+RHJ9/WhrIcmdiBmvLdOnfQEm1v8+n8+8x/LZRDMM0YjMKkZzSW+pSX7cR
uI1cMyuhvHDkjopTIyQsJ7Hs+n+gzwc5iUYbByK/Kh9V03hsxmGNMLQWbe+eZVa+
U8xvgLN/f3YfwindkEK/NbPgUIXS5KPNqO/eZ6qbEu4AUhyS0z9vZS4uvIAMdlFq
jO9iAyAlSc1w9yUGPMfS2h4eg+4J6ZttpjOaAUrw0EemyrHG
-----END CERTIFICATE-----