Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/093fcb-fe77-449b-a1af-21bc48ef1660/1/BCD_tpHD4CbGfbV_PdrLa7vTpXk.roa
File:                     BCD_tpHD4CbGfbV_PdrLa7vTpXk.roa (raw, json)
Hash identifier:          3ZjEUHk0H2GaQYj5jwvFZHg7bwJy5JXMVYVGmhkBhZA=
Subject key identifier:   04:20:FF:B6:91:C3:E0:26:C6:7D:B5:7F:3D:DA:CB:6B:BB:D3:A5:79
Certificate issuer:       /CN=4978a8641ce785be34685030527723e5fdce562a
Certificate serial:       019421B1E053B8203874B7FD80A32A69F123
Authority key identifier: 49:78:A8:64:1C:E7:85:BE:34:68:50:30:52:77:23:E5:FD:CE:56:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SXioZBznhb40aFAwUncj5f3OVio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/093fcb-fe77-449b-a1af-21bc48ef1660/1/BCD_tpHD4CbGfbV_PdrLa7vTpXk.roa
Signing time:             Wed 01 Jan 2025 11:48:12 +0000
ROA not before:           Wed 01 Jan 2025 11:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215912
IP address blocks:        2001:67c:d60::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/093fcb-fe77-449b-a1af-21bc48ef1660/1/SXioZBznhb40aFAwUncj5f3OVio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/093fcb-fe77-449b-a1af-21bc48ef1660/1/SXioZBznhb40aFAwUncj5f3OVio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SXioZBznhb40aFAwUncj5f3OVio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:e0:53:b8:20:38:74:b7:fd:80:a3:2a:69:f1:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4978a8641ce785be34685030527723e5fdce562a
        Validity
            Not Before: Jan  1 11:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0420ffb691c3e026c67db57f3ddacb6bbbd3a579
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:aa:46:93:c6:90:bb:28:21:ae:d9:b3:aa:a4:
                    18:a9:70:2b:5d:98:1d:98:65:e9:1e:0d:92:eb:49:
                    ab:c4:b0:31:92:e6:73:2a:5c:57:17:63:bf:0e:a4:
                    94:ce:7b:1e:f7:33:13:7c:c1:c3:f2:7e:c3:16:34:
                    85:e2:81:e1:e2:7e:03:b3:fb:a5:47:81:4f:8d:31:
                    37:f1:d6:54:da:b3:3c:60:25:a7:d1:d8:e0:ec:17:
                    31:42:10:cd:47:1f:a3:cd:ec:0a:cb:51:a1:5a:17:
                    77:35:40:d1:5e:49:ed:17:35:b2:80:bf:5f:e2:40:
                    70:99:12:00:a9:8f:1b:7e:3e:23:6a:74:cd:b3:65:
                    29:88:67:15:38:d3:41:51:7a:f9:66:31:35:ae:e6:
                    be:e1:fe:1b:ea:f9:07:08:e5:38:57:0d:cf:35:9c:
                    f8:ad:77:db:f1:94:1e:64:8e:0a:39:85:5e:f3:c0:
                    02:a0:bd:a3:e2:fb:a2:94:b0:26:6e:6d:22:7b:b4:
                    a1:7f:31:49:6c:5d:85:20:83:ec:56:dd:6c:fa:3a:
                    b1:41:99:9f:03:51:d2:3c:c6:85:95:31:f2:5b:28:
                    32:93:69:1c:99:33:2c:e7:05:69:b1:ee:c5:0b:54:
                    86:8a:cd:b5:0d:d3:8b:3d:4b:1d:49:bc:d3:50:e4:
                    5e:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:20:FF:B6:91:C3:E0:26:C6:7D:B5:7F:3D:DA:CB:6B:BB:D3:A5:79
            X509v3 Authority Key Identifier:
                keyid:49:78:A8:64:1C:E7:85:BE:34:68:50:30:52:77:23:E5:FD:CE:56:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SXioZBznhb40aFAwUncj5f3OVio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/093fcb-fe77-449b-a1af-21bc48ef1660/1/BCD_tpHD4CbGfbV_PdrLa7vTpXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/093fcb-fe77-449b-a1af-21bc48ef1660/1/SXioZBznhb40aFAwUncj5f3OVio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d60::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:3c:57:e2:47:a6:67:e4:22:d5:89:48:c4:d6:b0:f2:b7:0a:
         de:b0:df:7d:6f:04:ea:db:0c:11:7e:68:54:7d:7c:c9:a4:4e:
         e7:2f:e8:39:ac:a3:62:20:4f:72:d9:ca:ff:16:20:60:38:7e:
         a2:1e:04:47:b3:fb:1c:fb:61:0a:da:ce:d5:d1:ef:69:dc:1b:
         14:a3:e5:38:54:8f:e9:ae:c7:7e:05:43:5f:b3:62:81:69:33:
         7b:43:b2:17:d6:29:f8:6c:a0:96:25:4b:1e:20:a8:64:fa:60:
         78:10:e5:8c:2a:e1:a3:d4:eb:20:b4:e0:b8:04:5f:b5:46:68:
         15:90:9b:af:f3:0c:65:29:4b:2b:92:d3:a7:b1:1b:00:6b:33:
         a6:ab:21:c2:3a:ac:20:a9:04:89:3c:56:f9:36:3c:dc:cf:23:
         89:34:25:be:11:32:f0:2b:f0:87:bb:c1:5d:26:7b:11:8e:09:
         da:0d:6b:70:51:b8:81:e9:4d:df:af:51:4c:b7:88:fc:96:6b:
         b6:4f:b7:b9:75:1f:d3:5e:1b:76:2d:63:c6:e7:44:14:be:c3:
         43:63:03:98:99:a3:d0:8f:50:0d:f4:0d:04:2a:73:23:f5:ec:
         a8:cf:90:63:d3:ae:85:0a:96:a3:7f:ed:b2:84:65:b0:da:5d:
         a5:ab:17:46
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhseBTuCA4dLf9gKMqafEjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NzhhODY0MWNlNzg1YmUzNDY4NTAzMDUyNzcyM2U1ZmRj
ZTU2MmEwHhcNMjUwMTAxMTE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDIwZmZiNjkxYzNlMDI2YzY3ZGI1N2YzZGRhY2I2YmJiZDNhNTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76pGk8aQuyghrtmzqqQYqXArXZgd
mGXpHg2S60mrxLAxkuZzKlxXF2O/DqSUznse9zMTfMHD8n7DFjSF4oHh4n4Ds/ul
R4FPjTE38dZU2rM8YCWn0djg7BcxQhDNRx+jzewKy1GhWhd3NUDRXkntFzWygL9f
4kBwmRIAqY8bfj4janTNs2UpiGcVONNBUXr5ZjE1rua+4f4b6vkHCOU4Vw3PNZz4
rXfb8ZQeZI4KOYVe88ACoL2j4vuilLAmbm0ie7ShfzFJbF2FIIPsVt1s+jqxQZmf
A1HSPMaFlTHyWygyk2kcmTMs5wVpse7FC1SGis21DdOLPUsdSbzTUORedQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAQg/7aRw+Amxn21fz3ay2u706V5MB8GA1UdIwQY
MBaAFEl4qGQc54W+NGhQMFJ3I+X9zlYqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1hpb1pCem5oYjQwYUZBd1VuY2o1ZjNPVmlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wOTNmY2ItZmU3Ny00NDliLWExYWYt
MjFiYzQ4ZWYxNjYwLzEvQkNEX3RwSEQ0Q2JHZmJWX1BkckxhN3ZUcFhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wOTNmY2ItZmU3Ny00NDliLWExYWYtMjFiYzQ4ZWYxNjYw
LzEvU1hpb1pCem5oYjQwYUZBd1VuY2o1ZjNPVmlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA1g
MA0GCSqGSIb3DQEBCwUAA4IBAQBoPFfiR6Zn5CLViUjE1rDytwresN99bwTq2wwR
fmhUfXzJpE7nL+g5rKNiIE9y2cr/FiBgOH6iHgRHs/sc+2EK2s7V0e9p3BsUo+U4
VI/prsd+BUNfs2KBaTN7Q7IX1in4bKCWJUseIKhk+mB4EOWMKuGj1OsgtOC4BF+1
RmgVkJuv8wxlKUsrktOnsRsAazOmqyHCOqwgqQSJPFb5NjzczyOJNCW+ETLwK/CH
u8FdJnsRjgnaDWtwUbiB6U3fr1FMt4j8lmu2T7e5dR/TXht2LWPG50QUvsNDYwOY
maPQj1AN9A0EKnMj9eyoz5Bj066FCpajf+2yhGWw2l2lqxdG
-----END CERTIFICATE-----