Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/a831c0-457c-4ba8-bec7-e251109bfd19/1/7YKaewqyZbI9lVFIivFUL2FPVzU.roa
File:                     7YKaewqyZbI9lVFIivFUL2FPVzU.roa (raw, json)
Hash identifier:          wf42n7crwFg9XaXHUPxEE3NTHiwbzXO1xRDVNEMLG6A=
Subject key identifier:   ED:82:9A:7B:0A:B2:65:B2:3D:95:51:48:8A:F1:54:2F:61:4F:57:35
Certificate issuer:       /CN=4da3711dc5de45f2f5b47901659e956d938272fe
Certificate serial:       019424B37BB552D806EE647BEF58553DBBE3
Authority key identifier: 4D:A3:71:1D:C5:DE:45:F2:F5:B4:79:01:65:9E:95:6D:93:82:72:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TaNxHcXeRfL1tHkBZZ6VbZOCcv4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/a831c0-457c-4ba8-bec7-e251109bfd19/1/7YKaewqyZbI9lVFIivFUL2FPVzU.roa
Signing time:             Thu 02 Jan 2025 01:48:49 +0000
ROA not before:           Thu 02 Jan 2025 01:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204896
IP address blocks:        2001:67c:1384::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/a831c0-457c-4ba8-bec7-e251109bfd19/1/TaNxHcXeRfL1tHkBZZ6VbZOCcv4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/a831c0-457c-4ba8-bec7-e251109bfd19/1/TaNxHcXeRfL1tHkBZZ6VbZOCcv4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TaNxHcXeRfL1tHkBZZ6VbZOCcv4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 13:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:7b:b5:52:d8:06:ee:64:7b:ef:58:55:3d:bb:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4da3711dc5de45f2f5b47901659e956d938272fe
        Validity
            Not Before: Jan  2 01:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed829a7b0ab265b23d9551488af1542f614f5735
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:11:35:3a:32:75:18:65:76:5f:09:1e:ad:6e:
                    58:79:1c:e3:b5:73:f2:12:ee:07:4d:d3:33:56:55:
                    ec:ac:c6:90:6a:cf:66:65:49:8e:a7:ea:1f:02:70:
                    79:52:ce:7a:48:eb:8d:70:e1:b1:1f:93:10:15:37:
                    a8:f3:b4:d9:d9:70:5b:d8:17:69:46:17:e1:b5:be:
                    62:50:f4:12:f6:12:ab:a9:28:b8:22:cd:9b:bf:c4:
                    34:04:e3:79:68:60:d4:72:61:39:6d:7d:af:d0:af:
                    60:b1:62:d7:50:c5:74:23:ac:cc:66:f2:ec:6f:7b:
                    38:0a:f5:fa:ea:26:59:d8:4b:86:4f:29:61:fb:97:
                    ae:12:5c:bc:6d:4c:ed:a3:df:60:bb:f6:72:6a:11:
                    d5:0f:dd:f6:5b:40:45:46:07:b5:34:00:7f:e5:dd:
                    1a:51:82:23:ae:48:20:1b:fa:89:9e:c5:71:b9:8d:
                    fc:92:8c:22:8d:90:0f:dc:ad:0f:81:ea:70:b4:f3:
                    7e:83:8c:6d:b4:f8:82:d8:35:3d:d1:c6:a1:6c:0d:
                    a3:7b:af:83:39:59:c0:6c:d1:7e:8b:bd:ca:23:e3:
                    cf:94:cd:b1:dd:d5:80:3a:0a:a5:a2:4f:2a:ad:f1:
                    a3:a2:f4:5a:72:bc:88:c8:de:e9:a8:82:c1:a5:aa:
                    6e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:82:9A:7B:0A:B2:65:B2:3D:95:51:48:8A:F1:54:2F:61:4F:57:35
            X509v3 Authority Key Identifier:
                keyid:4D:A3:71:1D:C5:DE:45:F2:F5:B4:79:01:65:9E:95:6D:93:82:72:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TaNxHcXeRfL1tHkBZZ6VbZOCcv4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/a831c0-457c-4ba8-bec7-e251109bfd19/1/7YKaewqyZbI9lVFIivFUL2FPVzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/a831c0-457c-4ba8-bec7-e251109bfd19/1/TaNxHcXeRfL1tHkBZZ6VbZOCcv4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1384::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:98:6b:8a:db:13:ec:74:a5:a2:7a:da:f2:d7:9d:9e:42:9f:
         63:87:39:98:a9:1d:ef:cd:8d:99:6d:cb:05:18:5d:c4:e6:d6:
         03:0b:92:69:81:85:04:ac:2e:f8:1e:3a:7d:2c:d8:8e:2b:dd:
         95:61:92:3e:8f:10:0f:9f:a1:2b:5b:5e:7f:f3:39:76:d5:c4:
         0d:c1:cb:a9:4f:63:18:95:5b:98:82:fd:a8:65:38:17:b5:3e:
         09:60:e3:68:64:55:83:2f:e9:7e:d2:38:f8:2f:c1:88:a0:cf:
         76:fb:d9:b9:cd:71:84:9e:78:fd:8e:fb:30:0c:07:84:ff:da:
         02:df:47:b3:b1:51:a5:b5:37:1f:ea:73:2f:8a:58:f5:55:ef:
         f0:05:67:83:6c:78:96:79:3b:13:90:b5:b8:d0:53:3c:38:95:
         78:f8:e9:af:d1:4e:30:42:18:a4:2b:ef:ce:63:fa:44:3a:53:
         0c:fd:0f:f4:c6:4c:d6:e1:48:8c:ef:89:bc:80:2e:b9:b0:f6:
         25:e4:69:bf:22:6d:9b:5b:0b:63:da:c7:c5:7b:9c:28:65:0f:
         5c:9f:f3:5a:0b:0f:11:f4:09:b4:3e:ce:3a:c5:56:b6:98:60:
         ab:df:72:31:f4:e6:59:08:b3:c0:49:60:7e:4a:fd:d0:93:e9:
         29:86:e4:15
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQks3u1UtgG7mR771hVPbvjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYTM3MTFkYzVkZTQ1ZjJmNWI0NzkwMTY1OWU5NTZkOTM4
MjcyZmUwHhcNMjUwMTAyMDE0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDgyOWE3YjBhYjI2NWIyM2Q5NTUxNDg4YWYxNTQyZjYxNGY1NzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRE1OjJ1GGV2XwkerW5YeRzjtXPy
Eu4HTdMzVlXsrMaQas9mZUmOp+ofAnB5Us56SOuNcOGxH5MQFTeo87TZ2XBb2Bdp
Rhfhtb5iUPQS9hKrqSi4Is2bv8Q0BON5aGDUcmE5bX2v0K9gsWLXUMV0I6zMZvLs
b3s4CvX66iZZ2EuGTylh+5euEly8bUzto99gu/ZyahHVD932W0BFRge1NAB/5d0a
UYIjrkggG/qJnsVxuY38kowijZAP3K0PgepwtPN+g4xttPiC2DU90cahbA2je6+D
OVnAbNF+i73KI+PPlM2x3dWAOgqlok8qrfGjovRacryIyN7pqILBpapuhQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO2CmnsKsmWyPZVRSIrxVC9hT1c1MB8GA1UdIwQY
MBaAFE2jcR3F3kXy9bR5AWWelW2TgnL+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGFOeEhjWGVSZkwxdEhrQlpaNlZiWk9DY3Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9hODMxYzAtNDU3Yy00YmE4LWJlYzct
ZTI1MTEwOWJmZDE5LzEvN1lLYWV3cXlaYkk5bFZGSWl2RlVMMkZQVnpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9hODMxYzAtNDU3Yy00YmE4LWJlYzctZTI1MTEwOWJmZDE5
LzEvVGFOeEhjWGVSZkwxdEhrQlpaNlZiWk9DY3Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBOE
MA0GCSqGSIb3DQEBCwUAA4IBAQBMmGuK2xPsdKWietry152eQp9jhzmYqR3vzY2Z
bcsFGF3E5tYDC5JpgYUErC74Hjp9LNiOK92VYZI+jxAPn6ErW15/8zl21cQNwcup
T2MYlVuYgv2oZTgXtT4JYONoZFWDL+l+0jj4L8GIoM92+9m5zXGEnnj9jvswDAeE
/9oC30ezsVGltTcf6nMvilj1Ve/wBWeDbHiWeTsTkLW40FM8OJV4+Omv0U4wQhik
K+/OY/pEOlMM/Q/0xkzW4UiM74m8gC65sPYl5Gm/Im2bWwtj2sfFe5woZQ9cn/Na
Cw8R9Am0Ps46xVa2mGCr33Ix9OZZCLPASWB+Sv3Qk+kphuQV
-----END CERTIFICATE-----