Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/78a861-b918-4ea7-88a8-603cb083714b/1/10gRzD3VrAGl4bbzZAnzRnZ-9NY.roa
File:                     10gRzD3VrAGl4bbzZAnzRnZ-9NY.roa (raw, json)
Hash identifier:          lcACm1XYWQGs+OoRyS5RawPhw9wP7Mmy1MtCSpjZTr8=
Subject key identifier:   D7:48:11:CC:3D:D5:AC:01:A5:E1:B6:F3:64:09:F3:46:76:7E:F4:D6
Certificate issuer:       /CN=0ba56abdcb4f6f0c86b832ecc13f5e249721d6f8
Certificate serial:       019420D5E64299414417625A7FEFE4D8C636
Authority key identifier: 0B:A5:6A:BD:CB:4F:6F:0C:86:B8:32:EC:C1:3F:5E:24:97:21:D6:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C6VqvctPbwyGuDLswT9eJJch1vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/78a861-b918-4ea7-88a8-603cb083714b/1/10gRzD3VrAGl4bbzZAnzRnZ-9NY.roa
Signing time:             Wed 01 Jan 2025 07:47:56 +0000
ROA not before:           Wed 01 Jan 2025 07:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201909
IP address blocks:        2001:67c:624::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/78a861-b918-4ea7-88a8-603cb083714b/1/C6VqvctPbwyGuDLswT9eJJch1vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/78a861-b918-4ea7-88a8-603cb083714b/1/C6VqvctPbwyGuDLswT9eJJch1vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C6VqvctPbwyGuDLswT9eJJch1vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:e6:42:99:41:44:17:62:5a:7f:ef:e4:d8:c6:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ba56abdcb4f6f0c86b832ecc13f5e249721d6f8
        Validity
            Not Before: Jan  1 07:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d74811cc3dd5ac01a5e1b6f36409f346767ef4d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:0e:89:57:a0:aa:12:29:0f:8e:3a:30:44:f5:
                    d8:d8:10:52:c8:ce:dd:e2:2c:f1:11:e0:3c:bf:39:
                    0a:83:e9:3a:84:68:a2:f4:d9:4c:dc:97:9e:34:63:
                    97:c6:9d:10:86:7d:f8:e2:be:a2:a9:06:97:86:3a:
                    d5:d9:5c:33:0f:4c:52:f6:1b:0b:7a:1c:6c:99:33:
                    08:ad:ea:1a:e2:83:bf:28:23:9d:56:6e:41:2d:17:
                    02:c9:d4:f3:e4:f3:ce:1b:da:01:c4:92:0b:b5:48:
                    90:57:03:f4:05:37:2b:4c:74:0d:11:ae:3e:fa:0b:
                    b9:a8:0f:0c:2c:74:b0:c7:58:70:35:6c:2f:73:6e:
                    54:f4:7e:da:a0:57:fb:66:dd:89:c0:38:ce:20:e5:
                    94:ff:f5:ff:23:69:cd:38:12:29:ee:c0:01:e9:9c:
                    61:8b:44:7c:fe:37:cf:24:9a:81:25:7f:f9:77:c6:
                    ac:98:96:2b:f4:8c:9a:59:23:b2:97:46:27:d8:55:
                    dc:34:66:e0:33:72:3b:a1:7a:52:5e:85:e8:47:bf:
                    d0:e1:61:a1:5a:31:58:38:fc:13:8e:df:57:e7:70:
                    9a:02:8c:0b:96:9a:6c:85:87:05:fa:f4:c1:d7:2b:
                    e0:00:8d:d1:f1:fc:ec:8b:5c:d7:4c:88:2a:f4:11:
                    20:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:48:11:CC:3D:D5:AC:01:A5:E1:B6:F3:64:09:F3:46:76:7E:F4:D6
            X509v3 Authority Key Identifier:
                keyid:0B:A5:6A:BD:CB:4F:6F:0C:86:B8:32:EC:C1:3F:5E:24:97:21:D6:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C6VqvctPbwyGuDLswT9eJJch1vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/78a861-b918-4ea7-88a8-603cb083714b/1/10gRzD3VrAGl4bbzZAnzRnZ-9NY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/78a861-b918-4ea7-88a8-603cb083714b/1/C6VqvctPbwyGuDLswT9eJJch1vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:624::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:e9:21:5d:00:7a:d7:0f:c4:71:ed:ee:cd:bd:7d:3f:a7:5d:
         af:36:af:fd:c9:df:82:09:9b:f1:38:95:4e:97:d8:89:ec:9a:
         e9:86:4a:13:46:91:cb:f5:e0:d9:f7:66:c7:1d:8f:b9:c7:b0:
         e0:4e:fe:5b:8f:1f:41:10:f5:8e:30:35:45:49:86:c6:b1:0b:
         c8:95:90:a3:35:07:92:48:5e:9e:1e:e6:c9:4b:59:e9:9f:d5:
         57:e9:bb:64:74:de:b1:d1:19:1b:44:ee:4f:fc:61:80:d7:f2:
         33:d1:c0:58:b7:4f:0c:58:71:09:9c:cf:29:0d:ce:cd:b6:97:
         09:71:64:a3:57:04:84:c5:e9:e5:5a:d2:77:64:c9:ba:31:61:
         d2:0e:f8:98:ad:83:d6:b9:9d:a0:49:0b:31:83:fe:0d:28:44:
         bf:27:0c:49:a4:56:31:fb:04:1b:a0:df:77:d7:b4:f6:78:cb:
         89:c3:5b:bf:3b:27:84:dc:ae:f8:73:75:4a:0b:5b:c7:99:47:
         fc:e6:cd:e2:51:d6:80:9d:78:7c:36:1f:ba:f4:ae:3d:13:16:
         76:82:f8:a7:a3:c1:c7:4f:c4:d3:9f:9e:31:e5:3a:6e:9e:50:
         04:87:ca:3b:dc:c1:5b:94:86:e8:01:9d:60:1c:fb:f3:c5:68:
         df:36:60:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1eZCmUFEF2Jaf+/k2MY2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYTU2YWJkY2I0ZjZmMGM4NmI4MzJlY2MxM2Y1ZTI0OTcy
MWQ2ZjgwHhcNMjUwMTAxMDc0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzQ4MTFjYzNkZDVhYzAxYTVlMWI2ZjM2NDA5ZjM0Njc2N2VmNGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkw6JV6CqEikPjjowRPXY2BBSyM7d
4izxEeA8vzkKg+k6hGii9NlM3JeeNGOXxp0Qhn344r6iqQaXhjrV2VwzD0xS9hsL
ehxsmTMIreoa4oO/KCOdVm5BLRcCydTz5PPOG9oBxJILtUiQVwP0BTcrTHQNEa4+
+gu5qA8MLHSwx1hwNWwvc25U9H7aoFf7Zt2JwDjOIOWU//X/I2nNOBIp7sAB6Zxh
i0R8/jfPJJqBJX/5d8asmJYr9IyaWSOyl0Yn2FXcNGbgM3I7oXpSXoXoR7/Q4WGh
WjFYOPwTjt9X53CaAowLlppshYcF+vTB1yvgAI3R8fzsi1zXTIgq9BEgBwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNdIEcw91awBpeG282QJ80Z2fvTWMB8GA1UdIwQY
MBaAFAular3LT28Mhrgy7ME/XiSXIdb4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzZWcXZjdFBid3lHdURMc3dUOWVKSmNoMXZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC83OGE4NjEtYjkxOC00ZWE3LTg4YTgt
NjAzY2IwODM3MTRiLzEvMTBnUnpEM1ZyQUdsNGJielpBbnpSblotOU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC83OGE4NjEtYjkxOC00ZWE3LTg4YTgtNjAzY2IwODM3MTRi
LzEvQzZWcXZjdFBid3lHdURMc3dUOWVKSmNoMXZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAYk
MA0GCSqGSIb3DQEBCwUAA4IBAQCE6SFdAHrXD8Rx7e7NvX0/p12vNq/9yd+CCZvx
OJVOl9iJ7JrphkoTRpHL9eDZ92bHHY+5x7DgTv5bjx9BEPWOMDVFSYbGsQvIlZCj
NQeSSF6eHubJS1npn9VX6btkdN6x0RkbRO5P/GGA1/Iz0cBYt08MWHEJnM8pDc7N
tpcJcWSjVwSExenlWtJ3ZMm6MWHSDviYrYPWuZ2gSQsxg/4NKES/JwxJpFYx+wQb
oN9317T2eMuJw1u/OyeE3K74c3VKC1vHmUf85s3iUdaAnXh8Nh+69K49ExZ2gvin
o8HHT8TTn54x5TpunlAEh8o73MFblIboAZ1gHPvzxWjfNmCv
-----END CERTIFICATE-----