Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/0f8ce7-ca96-435b-8574-ac620da2f87e/1/CtRLEvt809yNddQQC3-YdVEz8S0.roa
File:                     CtRLEvt809yNddQQC3-YdVEz8S0.roa (raw, json)
Hash identifier:          iOnEw767paDA6G2cUVNf8J3Qp7lK0IUOS20QbdMgtb4=
Subject key identifier:   0A:D4:4B:12:FB:7C:D3:DC:8D:75:D4:10:0B:7F:98:75:51:33:F1:2D
Certificate issuer:       /CN=5053c7da9c8fffea5ced97a7990200d4beee4177
Certificate serial:       0194228D929647D49765778C856F2C222556
Authority key identifier: 50:53:C7:DA:9C:8F:FF:EA:5C:ED:97:A7:99:02:00:D4:BE:EE:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UFPH2pyP_-pc7ZenmQIA1L7uQXc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/0f8ce7-ca96-435b-8574-ac620da2f87e/1/CtRLEvt809yNddQQC3-YdVEz8S0.roa
Signing time:             Wed 01 Jan 2025 15:48:10 +0000
ROA not before:           Wed 01 Jan 2025 15:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25417
IP address blocks:        2001:67c:266c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/0f8ce7-ca96-435b-8574-ac620da2f87e/1/UFPH2pyP_-pc7ZenmQIA1L7uQXc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/0f8ce7-ca96-435b-8574-ac620da2f87e/1/UFPH2pyP_-pc7ZenmQIA1L7uQXc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UFPH2pyP_-pc7ZenmQIA1L7uQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:92:96:47:d4:97:65:77:8c:85:6f:2c:22:25:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5053c7da9c8fffea5ced97a7990200d4beee4177
        Validity
            Not Before: Jan  1 15:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ad44b12fb7cd3dc8d75d4100b7f98755133f12d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:80:5c:2e:20:3e:c2:77:53:d4:8a:4b:b3:c0:
                    b5:17:55:fe:33:9d:70:ae:cd:cb:3f:7a:9a:f3:ec:
                    97:05:5a:af:28:2a:f8:56:c8:50:47:64:f7:8a:6e:
                    35:c5:a9:3f:31:b6:03:bb:92:95:72:7a:9e:37:e0:
                    63:54:81:31:a4:66:c6:a2:e5:29:85:a2:c6:94:22:
                    2b:da:64:e8:75:4e:2e:ae:58:1a:57:87:f2:f6:17:
                    7d:71:4e:12:73:a9:ec:c3:17:ca:14:ca:d8:90:d1:
                    ca:c6:a1:3b:d2:03:6e:d6:99:2b:ae:bd:2d:6b:b1:
                    78:e3:50:d5:e9:54:73:8b:59:cc:06:3d:26:79:d3:
                    56:34:18:c8:a8:0e:e8:f1:33:ef:ef:52:69:39:9b:
                    b9:14:f4:83:1a:48:28:fb:d6:e7:21:31:e7:f6:30:
                    96:06:24:c9:6c:a4:07:f9:4e:b1:36:a0:86:8d:cc:
                    bf:44:92:69:fb:c7:97:5e:f8:f8:73:a4:30:32:3c:
                    83:7b:35:c0:64:33:5e:e9:0e:bb:da:56:82:2d:53:
                    47:67:22:94:1d:ad:41:f3:21:46:4b:34:82:8e:20:
                    23:80:49:5c:95:66:9f:12:cd:96:9c:e2:8a:11:b5:
                    aa:dc:5c:6c:f0:b2:42:28:40:bf:cd:e2:d6:9b:ae:
                    86:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:D4:4B:12:FB:7C:D3:DC:8D:75:D4:10:0B:7F:98:75:51:33:F1:2D
            X509v3 Authority Key Identifier:
                keyid:50:53:C7:DA:9C:8F:FF:EA:5C:ED:97:A7:99:02:00:D4:BE:EE:41:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFPH2pyP_-pc7ZenmQIA1L7uQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/0f8ce7-ca96-435b-8574-ac620da2f87e/1/CtRLEvt809yNddQQC3-YdVEz8S0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/0f8ce7-ca96-435b-8574-ac620da2f87e/1/UFPH2pyP_-pc7ZenmQIA1L7uQXc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:266c::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:25:eb:05:c2:bc:de:1e:b9:54:cc:cc:6e:61:19:88:b8:ca:
         05:76:f8:92:6a:64:b3:b7:d6:9f:85:68:73:18:a2:f9:94:00:
         25:bf:d6:3e:59:9b:de:19:1f:13:3b:72:59:4a:a1:c0:e4:2f:
         ef:ec:ec:e0:18:69:2b:96:d6:0d:36:47:d5:aa:c7:1b:f9:15:
         8d:33:9e:48:40:3d:b1:00:44:fa:0b:f5:5c:63:a0:ee:f1:cc:
         2e:96:b2:a6:d1:2c:5e:d9:74:69:ec:25:cb:85:68:20:2a:36:
         82:2c:39:69:d7:4a:07:bf:ac:5d:5e:ef:6f:6f:ec:c5:ed:59:
         96:1a:6c:78:c8:05:4b:2c:01:98:74:27:41:2e:52:97:56:12:
         14:94:54:f1:15:91:bf:a3:b9:89:fb:19:f0:79:d2:a6:c9:88:
         d7:7a:a4:ce:31:ac:79:bd:87:07:0f:44:9c:2b:e4:bd:8e:c5:
         86:f9:08:14:70:d8:6e:ec:67:13:05:4e:23:8b:35:e7:17:a5:
         27:0b:f1:7b:43:d1:8e:80:e0:0c:d0:36:03:ad:38:96:4f:8d:
         83:2d:02:7f:85:89:e2:bc:37:90:86:cb:fe:d6:a4:78:79:58:
         55:ef:7a:ba:51:ce:58:ad:70:44:78:2f:c9:7f:42:ba:2f:31:
         1d:14:cd:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijZKWR9SXZXeMhW8sIiVWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNTNjN2RhOWM4ZmZmZWE1Y2VkOTdhNzk5MDIwMGQ0YmVl
ZTQxNzcwHhcNMjUwMTAxMTU0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWQ0NGIxMmZiN2NkM2RjOGQ3NWQ0MTAwYjdmOTg3NTUxMzNmMTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIBcLiA+wndT1IpLs8C1F1X+M51w
rs3LP3qa8+yXBVqvKCr4VshQR2T3im41xak/MbYDu5KVcnqeN+BjVIExpGbGouUp
haLGlCIr2mTodU4urlgaV4fy9hd9cU4Sc6nswxfKFMrYkNHKxqE70gNu1pkrrr0t
a7F441DV6VRzi1nMBj0medNWNBjIqA7o8TPv71JpOZu5FPSDGkgo+9bnITHn9jCW
BiTJbKQH+U6xNqCGjcy/RJJp+8eXXvj4c6QwMjyDezXAZDNe6Q672laCLVNHZyKU
Ha1B8yFGSzSCjiAjgElclWafEs2WnOKKEbWq3Fxs8LJCKEC/zeLWm66GdQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFArUSxL7fNPcjXXUEAt/mHVRM/EtMB8GA1UdIwQY
MBaAFFBTx9qcj//qXO2Xp5kCANS+7kF3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUZQSDJweVBfLXBjN1plbm1RSUExTDd1UVhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8wZjhjZTctY2E5Ni00MzViLTg1NzQt
YWM2MjBkYTJmODdlLzEvQ3RSTEV2dDgwOXlOZGRRUUMzLVlkVkV6OFMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8wZjhjZTctY2E5Ni00MzViLTg1NzQtYWM2MjBkYTJmODdl
LzEvVUZQSDJweVBfLXBjN1plbm1RSUExTDd1UVhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCZs
MA0GCSqGSIb3DQEBCwUAA4IBAQAQJesFwrzeHrlUzMxuYRmIuMoFdviSamSzt9af
hWhzGKL5lAAlv9Y+WZveGR8TO3JZSqHA5C/v7OzgGGkrltYNNkfVqscb+RWNM55I
QD2xAET6C/VcY6Du8cwulrKm0Sxe2XRp7CXLhWggKjaCLDlp10oHv6xdXu9vb+zF
7VmWGmx4yAVLLAGYdCdBLlKXVhIUlFTxFZG/o7mJ+xnwedKmyYjXeqTOMax5vYcH
D0ScK+S9jsWG+QgUcNhu7GcTBU4jizXnF6UnC/F7Q9GOgOAM0DYDrTiWT42DLQJ/
hYnivDeQhsv+1qR4eVhV73q6Uc5YrXBEeC/Jf0K6LzEdFM0N
-----END CERTIFICATE-----