Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/1d3c15-3416-44ad-9a89-6547bb1b80c2/1/Fy-RDVpoQYqhk9YIhC0_OXJ7Ngw.roa
File:                     Fy-RDVpoQYqhk9YIhC0_OXJ7Ngw.roa (raw, json)
Hash identifier:          MSpbkpTae0BKWb0wW1Z5MLxX2eex/b1uULBuB1GrJoU=
Subject key identifier:   17:2F:91:0D:5A:68:41:8A:A1:93:D6:08:84:2D:3F:39:72:7B:36:0C
Certificate issuer:       /CN=43fd9362e83b852f3fd3311b09096f6289a6a0f8
Certificate serial:       0194228DA451167721A64DC137E04295C7E8
Authority key identifier: 43:FD:93:62:E8:3B:85:2F:3F:D3:31:1B:09:09:6F:62:89:A6:A0:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q_2TYug7hS8_0zEbCQlvYommoPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/1d3c15-3416-44ad-9a89-6547bb1b80c2/1/Fy-RDVpoQYqhk9YIhC0_OXJ7Ngw.roa
Signing time:             Wed 01 Jan 2025 15:48:15 +0000
ROA not before:           Wed 01 Jan 2025 15:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207576
IP address blocks:        2001:67c:2d38::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/1d3c15-3416-44ad-9a89-6547bb1b80c2/1/Q_2TYug7hS8_0zEbCQlvYommoPg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/1d3c15-3416-44ad-9a89-6547bb1b80c2/1/Q_2TYug7hS8_0zEbCQlvYommoPg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q_2TYug7hS8_0zEbCQlvYommoPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:a4:51:16:77:21:a6:4d:c1:37:e0:42:95:c7:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43fd9362e83b852f3fd3311b09096f6289a6a0f8
        Validity
            Not Before: Jan  1 15:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=172f910d5a68418aa193d608842d3f39727b360c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:85:0d:a5:75:f0:fb:9d:2b:05:29:9c:eb:70:
                    0a:85:d2:b1:76:50:7a:ee:11:70:7d:00:9a:0d:b8:
                    27:42:b2:6d:d3:d5:ee:f3:50:22:56:22:1e:e6:74:
                    8f:a9:54:81:a7:2b:be:bf:0f:e2:5a:34:db:06:3a:
                    8f:fc:81:68:3b:5d:de:84:4b:8c:06:c2:cf:98:8b:
                    db:f4:71:6d:34:3b:fc:cb:6a:b1:cf:42:c3:45:84:
                    54:db:01:26:1e:83:d4:22:7e:98:f1:28:25:ee:92:
                    96:04:76:b9:14:ab:49:da:64:45:48:f7:34:7c:a9:
                    4d:e1:29:ac:cb:b3:15:93:1f:ec:7f:d2:85:15:73:
                    ad:ab:f1:4d:7a:1d:b4:7a:fd:35:70:9f:d1:a6:ec:
                    fc:6b:9f:05:13:6c:4f:74:ba:3f:db:09:a2:c3:19:
                    c7:ed:15:a6:19:7e:da:fb:f3:68:d2:84:be:86:03:
                    64:79:c1:54:b4:b9:fe:48:ca:a2:44:ed:ec:f3:b5:
                    36:35:29:3a:0b:0a:72:28:c8:f4:4c:94:ce:5e:3d:
                    19:eb:50:c7:1d:46:ec:af:78:ac:85:6b:1c:ac:bf:
                    0e:10:51:7c:8a:05:fa:5c:b2:df:78:c0:80:a0:aa:
                    47:0b:0a:ee:6d:96:ed:2f:b8:9d:4e:a9:51:29:7e:
                    fa:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:2F:91:0D:5A:68:41:8A:A1:93:D6:08:84:2D:3F:39:72:7B:36:0C
            X509v3 Authority Key Identifier:
                keyid:43:FD:93:62:E8:3B:85:2F:3F:D3:31:1B:09:09:6F:62:89:A6:A0:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q_2TYug7hS8_0zEbCQlvYommoPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/1d3c15-3416-44ad-9a89-6547bb1b80c2/1/Fy-RDVpoQYqhk9YIhC0_OXJ7Ngw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/1d3c15-3416-44ad-9a89-6547bb1b80c2/1/Q_2TYug7hS8_0zEbCQlvYommoPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2d38::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:99:29:f0:c9:2e:6f:2b:ac:e0:fd:21:c9:c2:d0:9f:3c:e7:
         d5:aa:e0:f1:08:99:78:b0:74:f9:fa:72:c3:b0:9a:44:d6:7a:
         f7:4f:7e:e7:82:7b:75:74:c6:5f:a3:d8:b3:e1:c8:be:01:42:
         11:86:10:c7:b2:9d:b2:3e:86:1f:1a:31:84:f8:1d:ed:64:b3:
         f4:fc:bc:1d:2d:4a:fe:22:c3:a5:a7:ec:0e:cc:3c:93:ab:8c:
         9e:22:f4:8f:8f:98:ba:4b:ef:a6:95:35:8c:28:07:b5:86:50:
         bc:ab:a8:8a:d3:01:a0:c7:62:bd:f8:6a:77:ef:07:9a:78:40:
         10:2d:82:cc:93:cd:ce:50:04:0c:fe:57:57:35:e2:33:30:04:
         96:e3:6a:f7:44:e3:2f:1a:69:bc:b0:05:fb:28:1d:a2:2d:20:
         aa:e9:c5:50:bb:6d:2d:15:52:ae:b2:19:68:10:fe:28:09:71:
         e8:f1:b7:b9:73:29:6d:2e:c0:fe:da:5f:2b:06:20:3c:7e:bc:
         99:9d:40:fe:ac:99:80:fb:61:09:47:7c:07:9a:51:e8:b5:10:
         c1:2a:e7:09:0d:24:d2:9b:fa:90:c3:51:12:a2:f2:5d:0f:7a:
         04:d2:60:f8:fe:76:c9:d7:f9:88:af:fb:ed:64:5d:9b:14:5b:
         a8:fd:f7:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijaRRFnchpk3BN+BClcfoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZmQ5MzYyZTgzYjg1MmYzZmQzMzExYjA5MDk2ZjYyODlh
NmEwZjgwHhcNMjUwMTAxMTU0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzJmOTEwZDVhNjg0MThhYTE5M2Q2MDg4NDJkM2YzOTcyN2IzNjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooUNpXXw+50rBSmc63AKhdKxdlB6
7hFwfQCaDbgnQrJt09Xu81AiViIe5nSPqVSBpyu+vw/iWjTbBjqP/IFoO13ehEuM
BsLPmIvb9HFtNDv8y2qxz0LDRYRU2wEmHoPUIn6Y8Sgl7pKWBHa5FKtJ2mRFSPc0
fKlN4Smsy7MVkx/sf9KFFXOtq/FNeh20ev01cJ/Rpuz8a58FE2xPdLo/2wmiwxnH
7RWmGX7a+/No0oS+hgNkecFUtLn+SMqiRO3s87U2NSk6CwpyKMj0TJTOXj0Z61DH
HUbsr3ishWscrL8OEFF8igX6XLLfeMCAoKpHCwrubZbtL7idTqlRKX76qQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBcvkQ1aaEGKoZPWCIQtPzlyezYMMB8GA1UdIwQY
MBaAFEP9k2LoO4UvP9MxGwkJb2KJpqD4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUV8yVFl1ZzdoUzhfMHpFYkNRbHZZb21tb1BnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8xZDNjMTUtMzQxNi00NGFkLTlhODkt
NjU0N2JiMWI4MGMyLzEvRnktUkRWcG9RWXFoazlZSWhDMF9PWEo3Tmd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8xZDNjMTUtMzQxNi00NGFkLTlhODktNjU0N2JiMWI4MGMy
LzEvUV8yVFl1ZzdoUzhfMHpFYkNRbHZZb21tb1BnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC04
MA0GCSqGSIb3DQEBCwUAA4IBAQCgmSnwyS5vK6zg/SHJwtCfPOfVquDxCJl4sHT5
+nLDsJpE1nr3T37ngnt1dMZfo9iz4ci+AUIRhhDHsp2yPoYfGjGE+B3tZLP0/Lwd
LUr+IsOlp+wOzDyTq4yeIvSPj5i6S++mlTWMKAe1hlC8q6iK0wGgx2K9+Gp37wea
eEAQLYLMk83OUAQM/ldXNeIzMASW42r3ROMvGmm8sAX7KB2iLSCq6cVQu20tFVKu
shloEP4oCXHo8be5cyltLsD+2l8rBiA8fryZnUD+rJmA+2EJR3wHmlHotRDBKucJ
DSTSm/qQw1ESovJdD3oE0mD4/nbJ1/mIr/vtZF2bFFuo/fdL
-----END CERTIFICATE-----