Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/50bdd4-e2a9-46c9-836e-68c1b7dfb190/1/O4fx24MkcOun7eOMuF45FXz1Rp4.roa
File:                     O4fx24MkcOun7eOMuF45FXz1Rp4.roa (raw, json)
Hash identifier:          Oql3zSLN2xRRYzfupmVInGA+80An5sqYygQF4rxwNdI=
Subject key identifier:   3B:87:F1:DB:83:24:70:EB:A7:ED:E3:8C:B8:5E:39:15:7C:F5:46:9E
Certificate issuer:       /CN=0e69a67d4b215a3f31fc462f0ea534ef83f8ef57
Certificate serial:       0194221FBDA91CC736D8788193CC6BFABDF4
Authority key identifier: 0E:69:A6:7D:4B:21:5A:3F:31:FC:46:2F:0E:A5:34:EF:83:F8:EF:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DmmmfUshWj8x_EYvDqU074P471c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/50bdd4-e2a9-46c9-836e-68c1b7dfb190/1/O4fx24MkcOun7eOMuF45FXz1Rp4.roa
Signing time:             Wed 01 Jan 2025 13:48:13 +0000
ROA not before:           Wed 01 Jan 2025 13:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8893
IP address blocks:        2001:67c:2064::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/50bdd4-e2a9-46c9-836e-68c1b7dfb190/1/DmmmfUshWj8x_EYvDqU074P471c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/50bdd4-e2a9-46c9-836e-68c1b7dfb190/1/DmmmfUshWj8x_EYvDqU074P471c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DmmmfUshWj8x_EYvDqU074P471c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 04:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:bd:a9:1c:c7:36:d8:78:81:93:cc:6b:fa:bd:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e69a67d4b215a3f31fc462f0ea534ef83f8ef57
        Validity
            Not Before: Jan  1 13:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b87f1db832470eba7ede38cb85e39157cf5469e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:e3:42:ea:de:17:35:85:5d:e5:4a:c6:d2:a5:
                    7c:bb:b4:87:67:62:27:fc:52:39:35:fc:86:eb:83:
                    b2:8c:dd:5e:4c:4d:b3:f9:5f:3d:e1:e0:0c:27:0e:
                    1c:22:86:d5:6b:54:91:1c:bf:8c:2e:f4:9a:35:1a:
                    c3:42:d0:d9:f4:72:f4:51:1b:21:bc:ee:af:b2:b5:
                    c5:5a:67:a2:90:0a:d9:ac:e7:75:98:71:34:56:2b:
                    05:54:13:d3:58:a6:fc:22:19:b0:14:1d:fd:dd:da:
                    a5:b7:f9:9e:8f:1a:7a:cb:88:a4:dc:31:49:03:95:
                    d7:a4:81:75:6b:e2:04:3a:3e:9f:63:a8:c2:0f:92:
                    e7:1d:08:d6:9f:96:dd:86:04:81:15:8d:a5:38:82:
                    cb:96:4f:95:07:42:b8:6e:24:84:6e:66:d0:45:aa:
                    3d:fe:f6:48:7a:88:7e:6e:b8:58:ad:eb:30:48:dd:
                    c7:b4:6a:08:3f:33:f1:c8:34:46:3a:a8:91:31:9b:
                    5c:3b:ea:fa:3e:34:90:31:0e:92:0d:c7:46:4f:fc:
                    be:29:17:8b:58:54:70:36:ab:53:be:9a:4c:93:8b:
                    aa:23:c0:62:1f:e0:ea:f1:15:30:c8:b1:6a:e6:37:
                    8c:26:e7:47:2d:3e:55:a9:5d:73:98:a2:14:fb:ed:
                    16:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:87:F1:DB:83:24:70:EB:A7:ED:E3:8C:B8:5E:39:15:7C:F5:46:9E
            X509v3 Authority Key Identifier:
                keyid:0E:69:A6:7D:4B:21:5A:3F:31:FC:46:2F:0E:A5:34:EF:83:F8:EF:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DmmmfUshWj8x_EYvDqU074P471c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/50bdd4-e2a9-46c9-836e-68c1b7dfb190/1/O4fx24MkcOun7eOMuF45FXz1Rp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/50bdd4-e2a9-46c9-836e-68c1b7dfb190/1/DmmmfUshWj8x_EYvDqU074P471c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2064::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:b9:f7:79:eb:f1:55:ab:f4:2f:7b:81:7c:96:7b:c9:fd:d8:
         95:f6:e2:40:1b:9e:dd:5c:e1:d2:ea:f4:de:cb:75:26:a2:18:
         52:73:dc:df:eb:91:09:20:cc:b7:5b:f5:26:e4:0e:10:24:c1:
         96:58:af:6a:5a:c4:b2:2e:d0:6f:74:c8:2c:24:69:3c:32:28:
         2f:3e:11:ea:96:85:09:c3:95:ef:7b:a1:77:8e:b0:34:da:5b:
         36:63:d2:cd:f6:c7:0b:4e:80:6a:d0:00:7c:7c:1f:18:bb:a3:
         18:7e:0a:7c:cc:fa:73:80:5c:d1:1d:95:ed:fc:df:b5:e3:26:
         dc:da:63:8f:ae:b2:25:9e:fd:dc:d7:6b:8b:9d:e9:bd:8d:1c:
         c9:d0:65:c8:f1:46:ee:58:36:67:8a:d2:e9:f4:41:f3:af:39:
         5a:7e:71:44:67:e2:81:9a:37:84:d5:26:67:ae:64:92:ee:bc:
         be:4e:66:b7:18:f4:c8:15:ed:5d:1b:9f:76:9b:61:61:67:c3:
         8d:01:31:42:63:24:ba:60:09:e6:f3:2f:86:b1:73:d5:76:bf:
         cc:94:44:10:6e:23:5d:b6:bc:8f:e9:d3:98:01:1c:18:fa:c5:
         9a:05:a9:49:c1:ce:09:f8:e3:33:bb:03:59:4c:c9:d6:b1:8f:
         ec:12:05:56
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH72pHMc22HiBk8xr+r30MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNjlhNjdkNGIyMTVhM2YzMWZjNDYyZjBlYTUzNGVmODNm
OGVmNTcwHhcNMjUwMTAxMTM0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjg3ZjFkYjgzMjQ3MGViYTdlZGUzOGNiODVlMzkxNTdjZjU0NjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7eNC6t4XNYVd5UrG0qV8u7SHZ2In
/FI5NfyG64OyjN1eTE2z+V894eAMJw4cIobVa1SRHL+MLvSaNRrDQtDZ9HL0URsh
vO6vsrXFWmeikArZrOd1mHE0VisFVBPTWKb8IhmwFB393dqlt/mejxp6y4ik3DFJ
A5XXpIF1a+IEOj6fY6jCD5LnHQjWn5bdhgSBFY2lOILLlk+VB0K4biSEbmbQRao9
/vZIeoh+brhYreswSN3HtGoIPzPxyDRGOqiRMZtcO+r6PjSQMQ6SDcdGT/y+KReL
WFRwNqtTvppMk4uqI8BiH+Dq8RUwyLFq5jeMJudHLT5VqV1zmKIU++0W5wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDuH8duDJHDrp+3jjLheORV89UaeMB8GA1UdIwQY
MBaAFA5ppn1LIVo/MfxGLw6lNO+D+O9XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG1tbWZVc2hXajh4X0VZdkRxVTA3NFA0NzFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy81MGJkZDQtZTJhOS00NmM5LTgzNmUt
NjhjMWI3ZGZiMTkwLzEvTzRmeDI0TWtjT3VuN2VPTXVGNDVGWHoxUnA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy81MGJkZDQtZTJhOS00NmM5LTgzNmUtNjhjMWI3ZGZiMTkw
LzEvRG1tbWZVc2hXajh4X0VZdkRxVTA3NFA0NzFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCBk
MA0GCSqGSIb3DQEBCwUAA4IBAQBAufd56/FVq/Qve4F8lnvJ/diV9uJAG57dXOHS
6vTey3UmohhSc9zf65EJIMy3W/Um5A4QJMGWWK9qWsSyLtBvdMgsJGk8MigvPhHq
loUJw5Xve6F3jrA02ls2Y9LN9scLToBq0AB8fB8Yu6MYfgp8zPpzgFzRHZXt/N+1
4ybc2mOPrrIlnv3c12uLnem9jRzJ0GXI8UbuWDZnitLp9EHzrzlafnFEZ+KBmjeE
1SZnrmSS7ry+Tma3GPTIFe1dG592m2FhZ8ONATFCYyS6YAnm8y+GsXPVdr/MlEQQ
biNdtryP6dOYARwY+sWaBalJwc4J+OMzuwNZTMnWsY/sEgVW
-----END CERTIFICATE-----