Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/f37203-f172-459f-8315-82f25ac6887f/1/25SW2pj3F9sQQZMDR2RMcEngkMc.roa
File:                     25SW2pj3F9sQQZMDR2RMcEngkMc.roa (raw, json)
Hash identifier:          sf46s/kdJrtglYzmsHfLJakYVODfs50Q1cZVZ793qWE=
Subject key identifier:   DB:94:96:DA:98:F7:17:DB:10:41:93:03:47:64:4C:70:49:E0:90:C7
Certificate issuer:       /CN=e623299ee47b4f612db90a14f95e40767ae06657
Certificate serial:       01941F8C6F5CCA5B7C8E45217671A41584FC
Authority key identifier: E6:23:29:9E:E4:7B:4F:61:2D:B9:0A:14:F9:5E:40:76:7A:E0:66:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5iMpnuR7T2EtuQoU-V5AdnrgZlc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/f37203-f172-459f-8315-82f25ac6887f/1/25SW2pj3F9sQQZMDR2RMcEngkMc.roa
Signing time:             Wed 01 Jan 2025 01:48:04 +0000
ROA not before:           Wed 01 Jan 2025 01:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35044
IP address blocks:        2001:67c:484::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/f37203-f172-459f-8315-82f25ac6887f/1/5iMpnuR7T2EtuQoU-V5AdnrgZlc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/f37203-f172-459f-8315-82f25ac6887f/1/5iMpnuR7T2EtuQoU-V5AdnrgZlc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5iMpnuR7T2EtuQoU-V5AdnrgZlc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:6f:5c:ca:5b:7c:8e:45:21:76:71:a4:15:84:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e623299ee47b4f612db90a14f95e40767ae06657
        Validity
            Not Before: Jan  1 01:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db9496da98f717db1041930347644c7049e090c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:37:cf:84:fb:5d:f3:54:cf:f0:46:c0:4c:f3:
                    52:e8:db:ea:5c:29:aa:17:c2:d6:9e:d6:37:1f:fc:
                    9f:91:96:c2:34:28:25:ae:3b:cb:bd:77:82:ab:74:
                    3d:de:f1:86:c4:1f:ec:55:16:ce:5c:9e:37:85:0d:
                    25:40:73:f7:37:23:4c:a4:08:6d:00:ad:08:ea:e1:
                    81:6c:63:14:96:90:f1:d6:29:b6:b0:78:07:1a:e3:
                    7f:ba:c8:83:d3:ff:05:65:9b:1b:9c:93:06:30:6b:
                    17:87:9c:17:9b:bc:15:44:09:be:67:81:d3:4c:80:
                    59:a9:fd:9b:28:69:67:71:13:10:70:27:6f:c2:2a:
                    30:1c:6e:1a:2e:ec:c0:4c:83:88:85:35:39:11:7e:
                    67:f2:c8:66:f7:5d:ae:fe:32:7f:14:cd:2f:e6:b3:
                    87:f1:cc:81:36:d9:5e:82:47:cc:29:de:15:7f:3f:
                    d7:03:37:73:78:8f:f9:52:34:31:87:79:10:eb:17:
                    54:ca:cb:e6:df:bc:bd:d1:7b:39:7e:23:fd:b6:42:
                    6d:04:c3:81:c4:df:98:ce:e4:47:ff:59:ed:f2:a1:
                    8b:3f:5e:dc:84:c2:bb:dc:86:74:51:a6:40:20:93:
                    a3:fe:32:71:3c:bf:5f:83:8b:0b:f5:da:30:f4:d5:
                    7d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:94:96:DA:98:F7:17:DB:10:41:93:03:47:64:4C:70:49:E0:90:C7
            X509v3 Authority Key Identifier:
                keyid:E6:23:29:9E:E4:7B:4F:61:2D:B9:0A:14:F9:5E:40:76:7A:E0:66:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5iMpnuR7T2EtuQoU-V5AdnrgZlc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/f37203-f172-459f-8315-82f25ac6887f/1/25SW2pj3F9sQQZMDR2RMcEngkMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/f37203-f172-459f-8315-82f25ac6887f/1/5iMpnuR7T2EtuQoU-V5AdnrgZlc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:484::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:e0:09:34:6a:13:87:77:9f:1c:ae:95:63:66:ad:40:94:90:
         16:fd:a6:cd:87:c4:b9:b4:8a:9d:b0:53:88:b7:a0:eb:91:29:
         bb:5b:72:36:f4:cc:46:aa:7d:37:2a:20:80:c1:05:ec:01:89:
         1b:81:61:20:44:c6:8c:04:5e:2e:90:a6:e0:9b:4f:5f:f1:f3:
         e2:21:ac:2e:8d:e6:2e:51:01:33:97:1f:4e:ab:a7:fe:7b:1c:
         28:67:20:0e:ab:d7:79:e0:e5:6d:c7:a1:94:45:87:09:31:b4:
         40:a9:5a:b9:a4:a3:c2:38:46:c0:11:fd:7a:b8:77:9c:e6:4c:
         d9:9f:8f:9b:db:ac:9a:a5:61:5b:42:c5:39:35:f5:05:e9:bf:
         6c:c4:20:b7:80:46:cf:bb:fa:79:06:2c:e1:ed:64:ac:3d:40:
         46:56:f0:56:d3:53:fa:cc:97:58:b4:66:ed:e3:63:e5:89:63:
         f5:ac:86:8a:0c:08:9c:93:b3:f2:19:38:ff:c0:8c:d5:ce:08:
         98:dc:4d:48:52:e3:c9:b9:32:91:fa:a9:f6:a4:07:fe:85:f9:
         7b:ab:25:79:9a:11:0a:68:87:ed:fe:80:02:e4:32:d1:e4:6c:
         d7:30:26:97:c8:d5:55:bb:64:3e:a7:fc:97:96:54:7a:fc:ea:
         2f:5c:e8:39
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjG9cylt8jkUhdnGkFYT8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MjMyOTllZTQ3YjRmNjEyZGI5MGExNGY5NWU0MDc2N2Fl
MDY2NTcwHhcNMjUwMTAxMDE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjk0OTZkYTk4ZjcxN2RiMTA0MTkzMDM0NzY0NGM3MDQ5ZTA5MGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTfPhPtd81TP8EbATPNS6NvqXCmq
F8LWntY3H/yfkZbCNCglrjvLvXeCq3Q93vGGxB/sVRbOXJ43hQ0lQHP3NyNMpAht
AK0I6uGBbGMUlpDx1im2sHgHGuN/usiD0/8FZZsbnJMGMGsXh5wXm7wVRAm+Z4HT
TIBZqf2bKGlncRMQcCdvwiowHG4aLuzATIOIhTU5EX5n8shm912u/jJ/FM0v5rOH
8cyBNtlegkfMKd4Vfz/XAzdzeI/5UjQxh3kQ6xdUysvm37y90Xs5fiP9tkJtBMOB
xN+YzuRH/1nt8qGLP17chMK73IZ0UaZAIJOj/jJxPL9fg4sL9dow9NV9DQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNuUltqY9xfbEEGTA0dkTHBJ4JDHMB8GA1UdIwQY
MBaAFOYjKZ7ke09hLbkKFPleQHZ64GZXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWlNcG51UjdUMkV0dVFvVS1WNUFkbnJnWmxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9mMzcyMDMtZjE3Mi00NTlmLTgzMTUt
ODJmMjVhYzY4ODdmLzEvMjVTVzJwajNGOXNRUVpNRFIyUk1jRW5na01jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9mMzcyMDMtZjE3Mi00NTlmLTgzMTUtODJmMjVhYzY4ODdm
LzEvNWlNcG51UjdUMkV0dVFvVS1WNUFkbnJnWmxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfASE
MA0GCSqGSIb3DQEBCwUAA4IBAQBC4Ak0ahOHd58crpVjZq1AlJAW/abNh8S5tIqd
sFOIt6DrkSm7W3I29MxGqn03KiCAwQXsAYkbgWEgRMaMBF4ukKbgm09f8fPiIawu
jeYuUQEzlx9Oq6f+exwoZyAOq9d54OVtx6GURYcJMbRAqVq5pKPCOEbAEf16uHec
5kzZn4+b26yapWFbQsU5NfUF6b9sxCC3gEbPu/p5Bizh7WSsPUBGVvBW01P6zJdY
tGbt42PliWP1rIaKDAick7PyGTj/wIzVzgiY3E1IUuPJuTKR+qn2pAf+hfl7qyV5
mhEKaIft/oAC5DLR5GzXMCaXyNVVu2Q+p/yXllR6/OovXOg5
-----END CERTIFICATE-----