Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/6f5dc2-30cb-4c0c-aa62-8226524e4acf/1/SkEoFqWz8Nesa-6bLQGwcsWuCyc.roa
File:                     SkEoFqWz8Nesa-6bLQGwcsWuCyc.roa (raw, json)
Hash identifier:          YBTkqmp/iQfLCssDb/tS/QsoGIchXV4bMdX9APnUYwY=
Subject key identifier:   4A:41:28:16:A5:B3:F0:D7:AC:6B:EE:9B:2D:01:B0:72:C5:AE:0B:27
Certificate issuer:       /CN=9ae2534df509c96ecb811bc85d76d62baadf3d29
Certificate serial:       0194221F8BA51E971AB7C678F987D324375C
Authority key identifier: 9A:E2:53:4D:F5:09:C9:6E:CB:81:1B:C8:5D:76:D6:2B:AA:DF:3D:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/muJTTfUJyW7LgRvIXXbWK6rfPSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/6f5dc2-30cb-4c0c-aa62-8226524e4acf/1/SkEoFqWz8Nesa-6bLQGwcsWuCyc.roa
Signing time:             Wed 01 Jan 2025 13:48:00 +0000
ROA not before:           Wed 01 Jan 2025 13:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200305
IP address blocks:        2001:67c:b4c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/6f5dc2-30cb-4c0c-aa62-8226524e4acf/1/muJTTfUJyW7LgRvIXXbWK6rfPSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/6f5dc2-30cb-4c0c-aa62-8226524e4acf/1/muJTTfUJyW7LgRvIXXbWK6rfPSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/muJTTfUJyW7LgRvIXXbWK6rfPSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:8b:a5:1e:97:1a:b7:c6:78:f9:87:d3:24:37:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ae2534df509c96ecb811bc85d76d62baadf3d29
        Validity
            Not Before: Jan  1 13:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a412816a5b3f0d7ac6bee9b2d01b072c5ae0b27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:97:45:06:f2:36:ea:35:d2:38:c8:a7:1d:88:
                    a4:e5:cc:7a:e2:5c:d7:79:7d:03:15:de:db:3d:1b:
                    1a:14:88:a9:83:66:b8:69:2d:e8:d8:e3:e9:7d:10:
                    19:82:c2:09:5b:07:a2:2a:4c:54:f6:b8:2c:f0:71:
                    fe:10:a8:c9:6d:02:70:1e:e5:74:bb:09:ca:0d:00:
                    c4:45:b8:e2:93:4f:35:4b:0e:74:93:a2:8e:4c:ff:
                    16:a0:3a:0c:b6:14:aa:c0:7a:fe:77:74:3e:ea:7a:
                    be:03:7f:b8:60:24:ec:15:e5:c4:38:06:cb:f3:98:
                    d7:12:0d:94:86:49:9a:d3:38:05:8a:98:96:c5:11:
                    47:dd:a5:f7:bf:45:d0:b5:21:d0:ed:35:53:6c:70:
                    6d:24:c5:42:c9:f7:0d:22:aa:02:c8:d5:a9:70:38:
                    0a:0c:18:2f:1f:74:be:a8:58:4b:17:06:36:da:dd:
                    57:66:08:3c:5b:e8:ae:90:ed:ad:47:f6:dd:fb:24:
                    d4:67:e0:b4:f9:f5:85:d5:c2:87:7b:55:09:4b:e2:
                    cb:a4:8e:41:66:10:a6:69:7c:c0:29:ef:6b:ae:8c:
                    54:65:bf:f0:f3:ce:ec:48:7a:f4:83:27:48:59:88:
                    48:d5:01:4e:23:36:23:89:0a:52:b0:93:6c:f8:8a:
                    a5:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:41:28:16:A5:B3:F0:D7:AC:6B:EE:9B:2D:01:B0:72:C5:AE:0B:27
            X509v3 Authority Key Identifier:
                keyid:9A:E2:53:4D:F5:09:C9:6E:CB:81:1B:C8:5D:76:D6:2B:AA:DF:3D:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/muJTTfUJyW7LgRvIXXbWK6rfPSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/6f5dc2-30cb-4c0c-aa62-8226524e4acf/1/SkEoFqWz8Nesa-6bLQGwcsWuCyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/6f5dc2-30cb-4c0c-aa62-8226524e4acf/1/muJTTfUJyW7LgRvIXXbWK6rfPSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b4c::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:98:ba:bd:57:3d:43:dc:06:99:cf:93:19:16:4f:42:60:95:
         31:3a:92:e2:4a:8b:73:03:a8:64:de:d7:0a:02:dd:15:ec:a5:
         ff:43:5d:95:bc:10:20:bb:25:d9:fe:17:9b:c1:fa:c5:df:e1:
         db:40:2f:8a:6a:f3:9c:cc:cd:de:5a:d6:e8:29:27:63:b5:b5:
         66:7c:fb:2d:a4:e9:d9:69:f8:07:e6:cf:38:ec:3b:50:fa:7a:
         00:12:ed:ee:a8:19:9d:9d:63:8e:f4:51:ff:6f:56:42:47:29:
         58:3e:75:ce:b0:56:c3:59:1f:51:71:04:41:23:92:9c:2e:e2:
         6a:40:ab:5e:00:bd:cd:f3:61:2e:bc:38:63:89:e4:3e:46:50:
         cc:6e:77:f4:46:a0:28:64:00:6a:10:d3:5e:bf:4d:8d:9d:4f:
         2e:d7:f3:c9:6f:f6:12:ef:aa:3d:34:fe:69:29:06:fd:73:62:
         46:2b:7d:6a:ef:3e:34:a5:96:c0:da:5b:21:52:d1:f9:19:45:
         ea:5d:32:cb:ad:f6:bd:56:a9:4b:61:47:43:4b:a4:08:e3:d7:
         ca:cd:83:fe:8f:d9:b2:e3:b1:94:c8:a3:21:69:1f:f5:71:4c:
         c9:51:c1:a0:de:0c:56:5c:8a:c3:de:9b:6e:40:17:63:34:a9:
         e9:c3:38:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH4ulHpcat8Z4+YfTJDdcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZTI1MzRkZjUwOWM5NmVjYjgxMWJjODVkNzZkNjJiYWFk
ZjNkMjkwHhcNMjUwMTAxMTM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTQxMjgxNmE1YjNmMGQ3YWM2YmVlOWIyZDAxYjA3MmM1YWUwYjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpdFBvI26jXSOMinHYik5cx64lzX
eX0DFd7bPRsaFIipg2a4aS3o2OPpfRAZgsIJWweiKkxU9rgs8HH+EKjJbQJwHuV0
uwnKDQDERbjik081Sw50k6KOTP8WoDoMthSqwHr+d3Q+6nq+A3+4YCTsFeXEOAbL
85jXEg2Uhkma0zgFipiWxRFH3aX3v0XQtSHQ7TVTbHBtJMVCyfcNIqoCyNWpcDgK
DBgvH3S+qFhLFwY22t1XZgg8W+iukO2tR/bd+yTUZ+C0+fWF1cKHe1UJS+LLpI5B
ZhCmaXzAKe9rroxUZb/w887sSHr0gydIWYhI1QFOIzYjiQpSsJNs+Iql+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEpBKBals/DXrGvumy0BsHLFrgsnMB8GA1UdIwQY
MBaAFJriU031Ccluy4EbyF121iuq3z0pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXVKVFRmVUp5VzdMZ1J2SVhYYldLNnJmUFNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS82ZjVkYzItMzBjYi00YzBjLWFhNjIt
ODIyNjUyNGU0YWNmLzEvU2tFb0ZxV3o4TmVzYS02YkxRR3djc1d1Q3ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS82ZjVkYzItMzBjYi00YzBjLWFhNjItODIyNjUyNGU0YWNm
LzEvbXVKVFRmVUp5VzdMZ1J2SVhYYldLNnJmUFNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAtM
MA0GCSqGSIb3DQEBCwUAA4IBAQCImLq9Vz1D3AaZz5MZFk9CYJUxOpLiSotzA6hk
3tcKAt0V7KX/Q12VvBAguyXZ/hebwfrF3+HbQC+KavOczM3eWtboKSdjtbVmfPst
pOnZafgH5s847DtQ+noAEu3uqBmdnWOO9FH/b1ZCRylYPnXOsFbDWR9RcQRBI5Kc
LuJqQKteAL3N82EuvDhjieQ+RlDMbnf0RqAoZABqENNev02NnU8u1/PJb/YS76o9
NP5pKQb9c2JGK31q7z40pZbA2lshUtH5GUXqXTLLrfa9VqlLYUdDS6QI49fKzYP+
j9my47GUyKMhaR/1cUzJUcGg3gxWXIrD3ptuQBdjNKnpwzil
-----END CERTIFICATE-----