Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/b737f6-304b-4c4f-b887-71108258f1b9/1/xOYkGw3SqmDNjUBUXBvZW0U-4J4.roa
File:                     xOYkGw3SqmDNjUBUXBvZW0U-4J4.roa (raw, json)
Hash identifier:          CMrEVMiwQAaT7qSr6cVaZ45q/VR6zzPcJBOroZoc7n8=
Subject key identifier:   C4:E6:24:1B:0D:D2:AA:60:CD:8D:40:54:5C:1B:D9:5B:45:3E:E0:9E
Certificate issuer:       /CN=4d3f54f304e6b851608c293978b16ba51ac0350e
Certificate serial:       019427B5EFA5DA55CD811D1A6205C46DD1A6
Authority key identifier: 4D:3F:54:F3:04:E6:B8:51:60:8C:29:39:78:B1:6B:A5:1A:C0:35:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TT9U8wTmuFFgjCk5eLFrpRrANQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/b737f6-304b-4c4f-b887-71108258f1b9/1/xOYkGw3SqmDNjUBUXBvZW0U-4J4.roa
Signing time:             Thu 02 Jan 2025 15:50:22 +0000
ROA not before:           Thu 02 Jan 2025 15:50:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8434
IP address blocks:        2001:67c:2f50::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/b737f6-304b-4c4f-b887-71108258f1b9/1/TT9U8wTmuFFgjCk5eLFrpRrANQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/b737f6-304b-4c4f-b887-71108258f1b9/1/TT9U8wTmuFFgjCk5eLFrpRrANQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TT9U8wTmuFFgjCk5eLFrpRrANQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:ef:a5:da:55:cd:81:1d:1a:62:05:c4:6d:d1:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d3f54f304e6b851608c293978b16ba51ac0350e
        Validity
            Not Before: Jan  2 15:50:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4e6241b0dd2aa60cd8d40545c1bd95b453ee09e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:86:85:99:05:d4:bf:22:33:d1:19:0a:78:ab:
                    bf:f9:67:c3:76:cb:21:85:73:94:b5:1d:2c:4b:b2:
                    f4:89:3f:ff:d1:8b:05:8e:b4:31:09:a2:30:43:ce:
                    c5:1f:fd:71:14:11:ce:bb:1c:a8:0c:7d:a5:8b:52:
                    27:c3:7e:a9:cf:58:07:f5:02:c2:9d:f0:93:9e:17:
                    0d:3c:b8:34:48:b6:dc:92:2c:a9:57:96:3c:35:89:
                    4a:79:dd:58:1d:ca:61:1e:2f:69:ab:f6:3f:a2:ee:
                    25:0f:28:54:b0:f2:7f:39:e3:07:14:8b:c8:58:25:
                    86:43:3f:da:02:94:ff:ff:4b:22:cc:e3:04:2b:e3:
                    c6:e6:33:a5:dc:92:bc:0f:97:56:26:14:ed:d7:68:
                    f7:61:31:68:97:49:38:6e:49:df:7a:ad:5f:04:ad:
                    ae:10:34:dd:40:f0:c1:b8:9d:8c:38:7c:22:97:77:
                    2f:0b:04:48:23:af:0f:f7:23:fa:ec:01:4b:39:dd:
                    9d:b8:8c:62:2a:a1:7b:6a:5f:81:48:68:dd:fc:a3:
                    3a:ed:60:09:74:75:d6:16:53:44:38:f4:12:47:69:
                    29:62:a7:a0:68:4e:ee:94:90:66:42:7a:46:43:11:
                    cb:60:5e:a9:9e:d9:f7:96:46:a7:15:0e:d1:f2:00:
                    20:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:E6:24:1B:0D:D2:AA:60:CD:8D:40:54:5C:1B:D9:5B:45:3E:E0:9E
            X509v3 Authority Key Identifier:
                keyid:4D:3F:54:F3:04:E6:B8:51:60:8C:29:39:78:B1:6B:A5:1A:C0:35:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TT9U8wTmuFFgjCk5eLFrpRrANQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/b737f6-304b-4c4f-b887-71108258f1b9/1/xOYkGw3SqmDNjUBUXBvZW0U-4J4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/b737f6-304b-4c4f-b887-71108258f1b9/1/TT9U8wTmuFFgjCk5eLFrpRrANQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2f50::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:52:58:0b:48:59:69:2d:ce:ad:07:da:10:0f:d1:d8:ed:80:
         f9:9e:f8:88:ea:70:de:00:d9:da:1f:9d:04:c0:6e:5b:f4:f7:
         13:7a:e0:10:e3:a9:e3:ac:00:59:70:29:cb:8e:62:3a:58:7e:
         46:8a:25:96:c9:b8:dd:b4:24:21:cc:d0:b4:04:c9:40:8a:ae:
         3d:36:1c:89:95:b4:85:c9:43:25:b3:ac:13:a6:82:66:44:5d:
         4a:23:2c:5f:7f:b8:fb:54:d3:32:26:61:aa:3a:a9:fa:14:a2:
         72:af:fc:d6:5e:60:da:9f:01:19:21:d4:82:55:2d:bd:02:ba:
         1f:a1:dc:b5:59:37:de:85:86:00:d3:fa:01:44:86:fd:7b:0c:
         4b:6f:e1:21:b5:c9:24:3d:a2:39:9c:44:3a:38:7e:c7:c0:fd:
         ce:05:7d:e9:48:31:30:50:50:77:e5:aa:91:1b:7a:95:d1:67:
         f1:77:d5:9c:af:99:68:7e:8f:93:9e:6a:fa:68:c6:64:35:e6:
         ba:3d:60:4a:ba:6a:84:06:e9:45:15:0a:53:8d:cb:ff:83:dc:
         b3:38:ff:bb:d2:f6:a2:8b:45:23:ea:48:8f:fc:68:ee:04:fd:
         12:35:a0:96:70:de:96:2a:71:a4:e0:07:59:cb:7c:ed:35:90:
         24:97:01:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnte+l2lXNgR0aYgXEbdGmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkM2Y1NGYzMDRlNmI4NTE2MDhjMjkzOTc4YjE2YmE1MWFj
MDM1MGUwHhcNMjUwMTAyMTU1MDIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGU2MjQxYjBkZDJhYTYwY2Q4ZDQwNTQ1YzFiZDk1YjQ1M2VlMDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6oaFmQXUvyIz0RkKeKu/+WfDdssh
hXOUtR0sS7L0iT//0YsFjrQxCaIwQ87FH/1xFBHOuxyoDH2li1Inw36pz1gH9QLC
nfCTnhcNPLg0SLbckiypV5Y8NYlKed1YHcphHi9pq/Y/ou4lDyhUsPJ/OeMHFIvI
WCWGQz/aApT//0sizOMEK+PG5jOl3JK8D5dWJhTt12j3YTFol0k4bknfeq1fBK2u
EDTdQPDBuJ2MOHwil3cvCwRII68P9yP67AFLOd2duIxiKqF7al+BSGjd/KM67WAJ
dHXWFlNEOPQSR2kpYqegaE7ulJBmQnpGQxHLYF6pntn3lkanFQ7R8gAgVwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMTmJBsN0qpgzY1AVFwb2VtFPuCeMB8GA1UdIwQY
MBaAFE0/VPME5rhRYIwpOXixa6UawDUOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFQ5VTh3VG11RkZnakNrNWVMRnJwUnJBTlE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9iNzM3ZjYtMzA0Yi00YzRmLWI4ODct
NzExMDgyNThmMWI5LzEveE9Za0d3M1NxbUROalVCVVhCdlpXMFUtNEo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9iNzM3ZjYtMzA0Yi00YzRmLWI4ODctNzExMDgyNThmMWI5
LzEvVFQ5VTh3VG11RkZnakNrNWVMRnJwUnJBTlE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC9Q
MA0GCSqGSIb3DQEBCwUAA4IBAQBCUlgLSFlpLc6tB9oQD9HY7YD5nviI6nDeANna
H50EwG5b9PcTeuAQ46njrABZcCnLjmI6WH5GiiWWybjdtCQhzNC0BMlAiq49NhyJ
lbSFyUMls6wTpoJmRF1KIyxff7j7VNMyJmGqOqn6FKJyr/zWXmDanwEZIdSCVS29
Arofody1WTfehYYA0/oBRIb9ewxLb+EhtckkPaI5nEQ6OH7HwP3OBX3pSDEwUFB3
5aqRG3qV0Wfxd9Wcr5lofo+Tnmr6aMZkNea6PWBKumqEBulFFQpTjcv/g9yzOP+7
0vaii0Uj6kiP/GjuBP0SNaCWcN6WKnGk4AdZy3ztNZAklwE9
-----END CERTIFICATE-----