Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/0e6542-3abe-45a1-a838-1a37f1076557/1/tCQKTUl91gUF9YCakBjVvOmahA8.roa
File:                     tCQKTUl91gUF9YCakBjVvOmahA8.roa (raw, json)
Hash identifier:          +o4wlq7VWOUaSft8SFBzstGqOiur0Xr8ur6qt9Ob1Nc=
Subject key identifier:   B4:24:0A:4D:49:7D:D6:05:05:F5:80:9A:90:18:D5:BC:E9:9A:84:0F
Certificate issuer:       /CN=0fcd64eaf2594822f3f9a2ebcd19db9b7fa70d9a
Certificate serial:       01945FDC788057E7563C1CC74DDC820EE902
Authority key identifier: 0F:CD:64:EA:F2:59:48:22:F3:F9:A2:EB:CD:19:DB:9B:7F:A7:0D:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D81k6vJZSCLz-aLrzRnbm3-nDZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/0e6542-3abe-45a1-a838-1a37f1076557/1/tCQKTUl91gUF9YCakBjVvOmahA8.roa
Signing time:             Mon 13 Jan 2025 13:31:11 +0000
ROA not before:           Mon 13 Jan 2025 13:31:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202798
IP address blocks:        2001:67c:db8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/0e6542-3abe-45a1-a838-1a37f1076557/1/D81k6vJZSCLz-aLrzRnbm3-nDZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/0e6542-3abe-45a1-a838-1a37f1076557/1/D81k6vJZSCLz-aLrzRnbm3-nDZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D81k6vJZSCLz-aLrzRnbm3-nDZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:5f:dc:78:80:57:e7:56:3c:1c:c7:4d:dc:82:0e:e9:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0fcd64eaf2594822f3f9a2ebcd19db9b7fa70d9a
        Validity
            Not Before: Jan 13 13:31:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4240a4d497dd60505f5809a9018d5bce99a840f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b9:5f:7b:0d:7d:ed:45:cf:38:dd:63:8b:a1:
                    ff:a1:d3:75:c5:39:31:a5:e0:be:86:bc:07:92:06:
                    8d:e6:76:3a:0b:71:fe:18:3b:25:87:ae:02:34:50:
                    f7:fb:3f:68:ae:ff:6d:4e:8b:b3:1f:61:ec:da:c9:
                    80:cd:0a:ec:f3:37:9e:29:4d:ca:e8:4d:6b:ae:d7:
                    fd:89:d6:95:cb:d8:f6:10:bf:e2:79:13:ef:29:7f:
                    8b:ba:74:b1:87:3e:17:7a:ed:94:93:c0:3b:63:2a:
                    8d:02:a3:02:b3:94:44:04:78:69:6a:12:39:0f:fa:
                    1a:54:ff:01:bd:9f:4d:06:f7:18:d6:61:70:e3:e9:
                    c1:2b:a3:44:5b:4e:f2:5c:cb:a4:49:e2:e0:c1:f7:
                    80:dd:df:fb:85:8d:60:05:4e:49:19:49:7f:c9:71:
                    6e:f1:b3:ee:97:83:7a:a6:04:c0:42:3e:a0:83:f6:
                    9f:c8:69:a3:22:46:9c:35:cc:5a:1f:d8:37:f9:42:
                    17:41:16:ab:4c:cf:15:d0:7e:39:ac:04:67:c6:ef:
                    bd:46:f0:94:c4:a5:4c:43:2a:25:e6:ae:bf:13:ae:
                    0b:45:94:87:eb:04:e1:63:be:1f:8d:86:03:48:5a:
                    d1:22:f5:8e:55:3b:5e:3e:d1:75:1a:73:af:00:e8:
                    db:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:24:0A:4D:49:7D:D6:05:05:F5:80:9A:90:18:D5:BC:E9:9A:84:0F
            X509v3 Authority Key Identifier:
                keyid:0F:CD:64:EA:F2:59:48:22:F3:F9:A2:EB:CD:19:DB:9B:7F:A7:0D:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D81k6vJZSCLz-aLrzRnbm3-nDZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/0e6542-3abe-45a1-a838-1a37f1076557/1/tCQKTUl91gUF9YCakBjVvOmahA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/0e6542-3abe-45a1-a838-1a37f1076557/1/D81k6vJZSCLz-aLrzRnbm3-nDZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:db8::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:c6:c7:35:a9:88:66:34:fe:cb:52:4f:0e:ae:c0:89:48:5d:
         18:d7:2a:98:ae:17:07:a7:3d:2f:13:1c:06:10:d4:70:a8:58:
         fa:c1:47:12:05:d1:eb:45:6f:ef:b0:92:7a:86:fb:c8:c9:25:
         83:73:7c:5a:34:49:2a:bb:ce:29:58:c9:0b:33:57:6d:46:73:
         5c:4e:e7:bd:06:47:d6:8d:bc:44:62:2c:91:03:dc:a7:29:a7:
         dc:41:8a:4f:8e:f7:8a:21:c9:3b:5e:7a:a1:6b:17:41:7c:68:
         9f:bf:32:ce:ef:55:b3:94:64:08:eb:0e:be:b8:93:6b:6a:de:
         0d:ca:a6:c3:74:34:e7:3c:f0:07:23:b2:9e:41:2c:ee:21:0a:
         6d:1f:4b:01:de:9b:5b:68:88:f5:1c:0d:df:31:28:a3:b8:49:
         2e:48:e9:02:0c:e8:21:b1:79:a1:2b:4f:c6:4d:2f:23:63:1d:
         10:09:12:3e:3b:f9:f0:61:63:5e:b4:ab:78:51:59:c5:2e:3a:
         03:13:28:d9:cc:cd:03:88:20:58:ca:a1:1c:91:98:17:99:21:
         17:1a:38:63:f6:2c:4c:4b:cc:06:85:f7:34:b6:9a:7e:7a:ec:
         0a:03:80:17:e7:e4:11:ee:0c:d3:66:54:10:27:aa:80:a0:d0:
         6f:f2:61:bc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZRf3HiAV+dWPBzHTdyCDukCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmY2Q2NGVhZjI1OTQ4MjJmM2Y5YTJlYmNkMTlkYjliN2Zh
NzBkOWEwHhcNMjUwMTEzMTMzMTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDI0MGE0ZDQ5N2RkNjA1MDVmNTgwOWE5MDE4ZDViY2U5OWE4NDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrlfew197UXPON1ji6H/odN1xTkx
peC+hrwHkgaN5nY6C3H+GDslh64CNFD3+z9orv9tTouzH2Hs2smAzQrs8zeeKU3K
6E1rrtf9idaVy9j2EL/ieRPvKX+LunSxhz4Xeu2Uk8A7YyqNAqMCs5REBHhpahI5
D/oaVP8BvZ9NBvcY1mFw4+nBK6NEW07yXMukSeLgwfeA3d/7hY1gBU5JGUl/yXFu
8bPul4N6pgTAQj6gg/afyGmjIkacNcxaH9g3+UIXQRarTM8V0H45rARnxu+9RvCU
xKVMQyol5q6/E64LRZSH6wThY74fjYYDSFrRIvWOVTtePtF1GnOvAOjblQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLQkCk1JfdYFBfWAmpAY1bzpmoQPMB8GA1UdIwQY
MBaAFA/NZOryWUgi8/mi680Z25t/pw2aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDgxazZ2SlpTQ0x6LWFMcnpSbmJtMy1uRFpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi8wZTY1NDItM2FiZS00NWExLWE4Mzgt
MWEzN2YxMDc2NTU3LzEvdENRS1RVbDkxZ1VGOVlDYWtCalZ2T21haEE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi8wZTY1NDItM2FiZS00NWExLWE4MzgtMWEzN2YxMDc2NTU3
LzEvRDgxazZ2SlpTQ0x6LWFMcnpSbmJtMy1uRFpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA24
MA0GCSqGSIb3DQEBCwUAA4IBAQB7xsc1qYhmNP7LUk8OrsCJSF0Y1yqYrhcHpz0v
ExwGENRwqFj6wUcSBdHrRW/vsJJ6hvvIySWDc3xaNEkqu84pWMkLM1dtRnNcTue9
BkfWjbxEYiyRA9ynKafcQYpPjveKIck7XnqhaxdBfGifvzLO71WzlGQI6w6+uJNr
at4NyqbDdDTnPPAHI7KeQSzuIQptH0sB3ptbaIj1HA3fMSijuEkuSOkCDOghsXmh
K0/GTS8jYx0QCRI+O/nwYWNetKt4UVnFLjoDEyjZzM0DiCBYyqEckZgXmSEXGjhj
9ixMS8wGhfc0tpp+euwKA4AX5+QR7gzTZlQQJ6qAoNBv8mG8
-----END CERTIFICATE-----