Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/2d8e6c-69e2-47cb-bf8d-ef9a584bd113/1/vu4Plg05nKKxO7-zyqD-UVbYxtw.roa
File:                     vu4Plg05nKKxO7-zyqD-UVbYxtw.roa (raw, json)
Hash identifier:          VNGXTJm2qjOCVOfzY/Ol932aR/HbK5RQpSPZuClIe/g=
Subject key identifier:   BE:EE:0F:96:0D:39:9C:A2:B1:3B:BF:B3:CA:A0:FE:51:56:D8:C6:DC
Certificate issuer:       /CN=96e5ad53bfc73840c425711c010453571057dc23
Certificate serial:       0194258E84B9D1069B9A167C369DA32359B7
Authority key identifier: 96:E5:AD:53:BF:C7:38:40:C4:25:71:1C:01:04:53:57:10:57:DC:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/luWtU7_HOEDEJXEcAQRTVxBX3CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/2d8e6c-69e2-47cb-bf8d-ef9a584bd113/1/vu4Plg05nKKxO7-zyqD-UVbYxtw.roa
Signing time:             Thu 02 Jan 2025 05:48:04 +0000
ROA not before:           Thu 02 Jan 2025 05:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215197
IP address blocks:        2001:67c:e40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/2d8e6c-69e2-47cb-bf8d-ef9a584bd113/1/luWtU7_HOEDEJXEcAQRTVxBX3CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/2d8e6c-69e2-47cb-bf8d-ef9a584bd113/1/luWtU7_HOEDEJXEcAQRTVxBX3CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/luWtU7_HOEDEJXEcAQRTVxBX3CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:84:b9:d1:06:9b:9a:16:7c:36:9d:a3:23:59:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96e5ad53bfc73840c425711c010453571057dc23
        Validity
            Not Before: Jan  2 05:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=beee0f960d399ca2b13bbfb3caa0fe5156d8c6dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:14:68:40:18:6f:3e:eb:3c:03:e0:ab:f3:81:
                    69:8f:94:10:30:0b:c8:97:c2:ca:51:9c:30:31:73:
                    9c:39:c6:db:54:10:ab:3b:12:2f:58:c6:13:9b:0f:
                    e4:e8:9e:6c:72:43:36:61:45:9d:6f:4f:2b:9d:19:
                    46:ca:e2:4f:ea:08:9d:6c:27:c0:ee:62:ee:7d:95:
                    f4:65:8c:70:da:5b:2e:61:f3:0c:f2:e1:81:ad:0e:
                    62:56:bf:7c:c6:9c:81:c5:29:ec:bd:fd:2f:6c:47:
                    1e:d8:3b:64:58:32:f7:01:3f:04:a7:30:fa:69:58:
                    da:40:66:a1:d3:51:3a:1d:e7:02:06:c2:8c:a6:13:
                    d7:9e:8a:1a:17:3e:d9:a5:ff:6e:84:cf:b9:56:2a:
                    7b:bf:47:95:b9:98:55:ae:a5:88:60:d6:6a:9d:79:
                    0d:d1:5e:fd:c6:49:16:e1:47:98:d1:51:4b:69:d1:
                    4d:b1:63:92:69:cb:33:7a:0f:e5:14:aa:8f:bf:9b:
                    69:e3:6c:a1:e8:70:06:73:69:28:d0:ba:c3:02:a2:
                    4c:82:18:68:af:88:73:32:87:e8:4b:25:46:8e:a8:
                    12:83:84:a3:9b:4b:7d:2c:58:c5:96:62:97:b0:92:
                    10:dd:92:fc:5a:43:90:08:4e:18:54:6e:e8:1f:db:
                    0a:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:EE:0F:96:0D:39:9C:A2:B1:3B:BF:B3:CA:A0:FE:51:56:D8:C6:DC
            X509v3 Authority Key Identifier:
                keyid:96:E5:AD:53:BF:C7:38:40:C4:25:71:1C:01:04:53:57:10:57:DC:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/luWtU7_HOEDEJXEcAQRTVxBX3CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/2d8e6c-69e2-47cb-bf8d-ef9a584bd113/1/vu4Plg05nKKxO7-zyqD-UVbYxtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/2d8e6c-69e2-47cb-bf8d-ef9a584bd113/1/luWtU7_HOEDEJXEcAQRTVxBX3CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e40::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:c8:f0:9b:44:95:f1:60:4d:63:79:8e:c8:44:be:67:d7:d3:
         c1:29:84:e7:fd:4d:7b:05:36:55:f8:d1:ee:14:8d:55:3b:66:
         a0:ee:b9:c6:9b:26:f7:f2:98:33:2c:8e:6d:c2:f7:36:fa:4c:
         22:f5:b0:3b:3f:11:0c:b4:b9:ef:a9:84:62:7d:ab:00:1f:f5:
         a8:32:37:27:e6:f8:6c:97:d9:d5:93:1b:1f:ae:02:bf:03:b3:
         25:22:0e:83:62:62:43:d8:7a:fe:2f:ae:3c:c6:d3:5e:8c:0f:
         e7:48:79:57:54:69:ef:79:dd:8d:a2:71:9f:89:fe:67:c7:ed:
         74:45:71:ba:2d:36:22:c1:7e:95:d6:77:4f:2b:5f:45:ea:f8:
         35:db:cb:cd:24:a4:62:ff:cc:e9:19:eb:0a:f2:85:78:12:67:
         67:9e:02:07:9e:25:3e:c6:68:5e:b0:5c:8d:cb:74:8a:d0:94:
         a4:c2:d6:93:05:66:ec:67:65:e6:1f:d1:bd:9a:5c:a4:12:da:
         12:6d:3a:96:7f:18:32:c6:8c:82:c0:03:5d:a9:07:4e:66:d7:
         57:88:21:1a:00:15:82:c5:28:a7:81:ae:a2:b4:43:fd:d4:2c:
         a1:c9:a3:ab:26:69:e0:2f:f1:c0:d7:34:a1:bf:1d:4e:bc:f4:
         35:24:f9:55
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljoS50QabmhZ8Np2jI1m3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZTVhZDUzYmZjNzM4NDBjNDI1NzExYzAxMDQ1MzU3MTA1
N2RjMjMwHhcNMjUwMTAyMDU0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWVlMGY5NjBkMzk5Y2EyYjEzYmJmYjNjYWEwZmU1MTU2ZDhjNmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1BRoQBhvPus8A+Cr84Fpj5QQMAvI
l8LKUZwwMXOcOcbbVBCrOxIvWMYTmw/k6J5sckM2YUWdb08rnRlGyuJP6gidbCfA
7mLufZX0ZYxw2lsuYfMM8uGBrQ5iVr98xpyBxSnsvf0vbEce2DtkWDL3AT8EpzD6
aVjaQGah01E6HecCBsKMphPXnooaFz7Zpf9uhM+5Vip7v0eVuZhVrqWIYNZqnXkN
0V79xkkW4UeY0VFLadFNsWOSacszeg/lFKqPv5tp42yh6HAGc2ko0LrDAqJMghho
r4hzMofoSyVGjqgSg4Sjm0t9LFjFlmKXsJIQ3ZL8WkOQCE4YVG7oH9sKwwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL7uD5YNOZyisTu/s8qg/lFW2MbcMB8GA1UdIwQY
MBaAFJblrVO/xzhAxCVxHAEEU1cQV9wjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHVXdFU3X0hPRURFSlhFY0FRUlRWeEJYM0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8yZDhlNmMtNjllMi00N2NiLWJmOGQt
ZWY5YTU4NGJkMTEzLzEvdnU0UGxnMDVuS0t4TzctenlxRC1VVmJZeHR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8yZDhlNmMtNjllMi00N2NiLWJmOGQtZWY5YTU4NGJkMTEz
LzEvbHVXdFU3X0hPRURFSlhFY0FRUlRWeEJYM0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA5A
MA0GCSqGSIb3DQEBCwUAA4IBAQAIyPCbRJXxYE1jeY7IRL5n19PBKYTn/U17BTZV
+NHuFI1VO2ag7rnGmyb38pgzLI5twvc2+kwi9bA7PxEMtLnvqYRifasAH/WoMjcn
5vhsl9nVkxsfrgK/A7MlIg6DYmJD2Hr+L648xtNejA/nSHlXVGnved2NonGfif5n
x+10RXG6LTYiwX6V1ndPK19F6vg128vNJKRi/8zpGesK8oV4EmdnngIHniU+xmhe
sFyNy3SK0JSkwtaTBWbsZ2XmH9G9mlykEtoSbTqWfxgyxoyCwANdqQdOZtdXiCEa
ABWCxSinga6itEP91CyhyaOrJmngL/HA1zShvx1OvPQ1JPlV
-----END CERTIFICATE-----