Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/8a7da4-ba19-4b29-87e0-9155132a179a/1/3qIWzYrkrCPP_OpSVUhC7_G6DpI.roa
File:                     3qIWzYrkrCPP_OpSVUhC7_G6DpI.roa (raw, json)
Hash identifier:          yygvsOn7SmxlaOZM9baJ/n8umdT0wN2hx2GnupmdeSk=
Subject key identifier:   DE:A2:16:CD:8A:E4:AC:23:CF:FC:EA:52:55:48:42:EF:F1:BA:0E:92
Certificate issuer:       /CN=3b97de17512cfa8bebc3df80b27b47624ef41691
Certificate serial:       01941FFA38C6E40DD857942FC4404058B4F4
Authority key identifier: 3B:97:DE:17:51:2C:FA:8B:EB:C3:DF:80:B2:7B:47:62:4E:F4:16:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O5feF1Es-ovrw9-AsntHYk70FpE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/8a7da4-ba19-4b29-87e0-9155132a179a/1/3qIWzYrkrCPP_OpSVUhC7_G6DpI.roa
Signing time:             Wed 01 Jan 2025 03:47:59 +0000
ROA not before:           Wed 01 Jan 2025 03:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201257
IP address blocks:        2001:67c:b14::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/8a7da4-ba19-4b29-87e0-9155132a179a/1/O5feF1Es-ovrw9-AsntHYk70FpE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/8a7da4-ba19-4b29-87e0-9155132a179a/1/O5feF1Es-ovrw9-AsntHYk70FpE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O5feF1Es-ovrw9-AsntHYk70FpE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:38:c6:e4:0d:d8:57:94:2f:c4:40:40:58:b4:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b97de17512cfa8bebc3df80b27b47624ef41691
        Validity
            Not Before: Jan  1 03:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dea216cd8ae4ac23cffcea52554842eff1ba0e92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ba:55:2e:2a:e8:3a:38:5b:7d:e3:35:09:e5:
                    65:bb:65:36:18:44:3c:07:26:89:ba:92:dc:9b:0a:
                    e0:3f:19:99:d4:a9:7c:39:23:f3:48:89:6a:5d:6d:
                    a9:e5:63:86:23:fa:60:bc:53:b5:02:b9:49:da:dc:
                    dc:af:1a:3e:a0:ef:30:e6:72:9d:64:fd:7b:bf:76:
                    f5:5f:1d:f6:11:96:cc:62:79:80:ac:c0:00:94:66:
                    2d:7d:ac:bc:62:fd:6f:83:a9:28:ad:79:65:d4:10:
                    81:6b:77:38:ab:03:af:58:04:fe:7e:4b:c1:ac:97:
                    3f:e3:31:e0:f4:40:96:0b:70:a2:c7:ef:cd:f1:81:
                    73:a8:f1:bb:63:4f:9e:f9:92:76:80:d2:40:e6:a5:
                    9a:f6:b4:cc:bb:16:23:13:8a:0d:f0:66:8b:3b:c8:
                    5b:e0:17:52:ee:53:d3:a2:76:c1:7a:a5:34:44:d3:
                    78:1a:0c:34:2c:e9:1c:66:5d:66:26:5c:45:00:5d:
                    06:c6:95:b6:da:55:11:e2:9b:13:15:2c:4d:14:bd:
                    6a:0c:21:5f:05:ac:2c:16:77:87:f7:cd:2c:50:bc:
                    4e:8b:f6:cf:4d:84:58:70:b5:19:61:98:82:9c:bf:
                    be:68:ad:22:31:74:49:30:16:04:08:63:27:e3:c0:
                    98:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:A2:16:CD:8A:E4:AC:23:CF:FC:EA:52:55:48:42:EF:F1:BA:0E:92
            X509v3 Authority Key Identifier:
                keyid:3B:97:DE:17:51:2C:FA:8B:EB:C3:DF:80:B2:7B:47:62:4E:F4:16:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O5feF1Es-ovrw9-AsntHYk70FpE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/8a7da4-ba19-4b29-87e0-9155132a179a/1/3qIWzYrkrCPP_OpSVUhC7_G6DpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/8a7da4-ba19-4b29-87e0-9155132a179a/1/O5feF1Es-ovrw9-AsntHYk70FpE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b14::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:08:fb:fa:be:ca:18:e8:bb:76:d6:81:8b:43:d2:6f:e0:5c:
         fd:6a:bb:88:d1:42:13:96:0b:d0:41:13:6a:28:8e:0a:b9:30:
         0d:cc:e0:d4:5d:b4:5c:bb:36:2b:93:ff:ed:d9:25:d3:03:22:
         be:1f:e8:8e:8a:de:79:24:f2:5e:0e:81:91:17:75:02:f3:99:
         15:bb:5f:b9:e8:71:ee:fa:2b:0e:05:19:bd:f0:4e:d0:69:7c:
         68:1a:89:de:0e:90:da:c6:87:b1:f2:2e:1c:be:7c:cb:2c:e4:
         1d:c8:b1:41:a0:a3:9a:44:36:53:91:30:84:f9:a7:6b:6f:55:
         b8:2b:b1:c1:68:44:0f:7e:3f:95:ea:8d:04:f9:ca:63:65:85:
         ca:ec:31:8c:16:a0:fd:7e:5d:1f:11:5c:b3:a2:09:87:23:3e:
         24:b6:ad:0a:c2:49:e5:f1:0f:51:66:ad:0c:ff:5e:98:ad:a5:
         8a:9d:29:f5:5a:b7:1d:03:8c:ab:90:57:d2:8d:39:2a:4c:ec:
         46:5b:83:20:72:1e:0f:40:0b:56:bc:d1:63:6d:30:9d:e9:1b:
         40:85:15:8e:dd:86:92:fd:6b:06:a7:de:56:f2:df:c9:93:d4:
         07:34:03:3c:e4:fd:fe:b8:a7:82:b0:a0:9a:38:0f:bb:f0:f2:
         32:1f:db:8e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+jjG5A3YV5QvxEBAWLT0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiOTdkZTE3NTEyY2ZhOGJlYmMzZGY4MGIyN2I0NzYyNGVm
NDE2OTEwHhcNMjUwMTAxMDM0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWEyMTZjZDhhZTRhYzIzY2ZmY2VhNTI1NTQ4NDJlZmYxYmEwZTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLpVLiroOjhbfeM1CeVlu2U2GEQ8
ByaJupLcmwrgPxmZ1Kl8OSPzSIlqXW2p5WOGI/pgvFO1ArlJ2tzcrxo+oO8w5nKd
ZP17v3b1Xx32EZbMYnmArMAAlGYtfay8Yv1vg6korXll1BCBa3c4qwOvWAT+fkvB
rJc/4zHg9ECWC3Cix+/N8YFzqPG7Y0+e+ZJ2gNJA5qWa9rTMuxYjE4oN8GaLO8hb
4BdS7lPTonbBeqU0RNN4Ggw0LOkcZl1mJlxFAF0GxpW22lUR4psTFSxNFL1qDCFf
BawsFneH980sULxOi/bPTYRYcLUZYZiCnL++aK0iMXRJMBYECGMn48CY4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN6iFs2K5Kwjz/zqUlVIQu/xug6SMB8GA1UdIwQY
MBaAFDuX3hdRLPqL68PfgLJ7R2JO9BaRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzVmZUYxRXMtb3ZydzktQXNudEhZazcwRnBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy84YTdkYTQtYmExOS00YjI5LTg3ZTAt
OTE1NTEzMmExNzlhLzEvM3FJV3pZcmtyQ1BQX09wU1ZVaEM3X0c2RHBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy84YTdkYTQtYmExOS00YjI5LTg3ZTAtOTE1NTEzMmExNzlh
LzEvTzVmZUYxRXMtb3ZydzktQXNudEhZazcwRnBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAsU
MA0GCSqGSIb3DQEBCwUAA4IBAQAkCPv6vsoY6Lt21oGLQ9Jv4Fz9aruI0UITlgvQ
QRNqKI4KuTANzODUXbRcuzYrk//t2SXTAyK+H+iOit55JPJeDoGRF3UC85kVu1+5
6HHu+isOBRm98E7QaXxoGoneDpDaxoex8i4cvnzLLOQdyLFBoKOaRDZTkTCE+adr
b1W4K7HBaEQPfj+V6o0E+cpjZYXK7DGMFqD9fl0fEVyzogmHIz4ktq0Kwknl8Q9R
Zq0M/16YraWKnSn1WrcdA4yrkFfSjTkqTOxGW4Mgch4PQAtWvNFjbTCd6RtAhRWO
3YaS/WsGp95W8t/Jk9QHNAM85P3+uKeCsKCaOA+78PIyH9uO
-----END CERTIFICATE-----