Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/9a0497-cd0d-48dc-86ae-51c99bc8e8d0/1/Jsf76Or5KR0tYVQe-qvm1Pz7D2M.roa
File:                     Jsf76Or5KR0tYVQe-qvm1Pz7D2M.roa (raw, json)
Hash identifier:          ZyYh0ODppDUprYuNAsV1hqE/g7ygxL4G0rExXkHsi7w=
Subject key identifier:   26:C7:FB:E8:EA:F9:29:1D:2D:61:54:1E:FA:AB:E6:D4:FC:FB:0F:63
Certificate issuer:       /CN=ca35f54a3b0e2e48dd5efb3624c1fe0e85fe261d
Certificate serial:       019423D78EE2E6E81DB71761AE65C8DE23BB
Authority key identifier: CA:35:F5:4A:3B:0E:2E:48:DD:5E:FB:36:24:C1:FE:0E:85:FE:26:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yjX1SjsOLkjdXvs2JMH-DoX-Jh0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/9a0497-cd0d-48dc-86ae-51c99bc8e8d0/1/Jsf76Or5KR0tYVQe-qvm1Pz7D2M.roa
Signing time:             Wed 01 Jan 2025 21:48:36 +0000
ROA not before:           Wed 01 Jan 2025 21:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213767
IP address blocks:        2001:67c:fc0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/9a0497-cd0d-48dc-86ae-51c99bc8e8d0/1/yjX1SjsOLkjdXvs2JMH-DoX-Jh0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/9a0497-cd0d-48dc-86ae-51c99bc8e8d0/1/yjX1SjsOLkjdXvs2JMH-DoX-Jh0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yjX1SjsOLkjdXvs2JMH-DoX-Jh0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:8e:e2:e6:e8:1d:b7:17:61:ae:65:c8:de:23:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca35f54a3b0e2e48dd5efb3624c1fe0e85fe261d
        Validity
            Not Before: Jan  1 21:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26c7fbe8eaf9291d2d61541efaabe6d4fcfb0f63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6f:da:ec:10:98:f5:c4:81:fb:e2:8b:1f:9e:
                    02:53:79:05:fd:32:78:d4:34:c4:9c:4a:18:e4:ac:
                    65:2e:79:1d:53:cf:f4:12:fd:e1:7e:62:71:5e:73:
                    65:77:68:46:08:e6:54:26:ca:37:8c:79:35:b1:0f:
                    55:82:75:89:8f:48:41:e8:6f:62:d1:41:24:b7:fb:
                    7b:2b:6b:bd:35:b3:18:be:34:02:f3:65:00:e5:89:
                    31:de:22:fe:ce:e4:a2:17:59:89:d3:5f:f0:ef:bd:
                    56:db:b6:86:4d:d8:ca:25:2f:91:30:02:21:dd:e9:
                    4a:e6:41:ec:c3:7b:74:63:e9:aa:44:94:e9:c8:3b:
                    c3:73:36:93:98:75:f8:59:39:ef:9b:b4:02:5b:64:
                    d7:24:da:dc:3d:c9:d1:63:92:5c:df:b8:6e:19:1a:
                    75:8f:d6:aa:6e:32:1b:b4:a0:d4:1e:97:bc:4f:de:
                    d6:fa:bb:52:8b:80:90:be:13:09:7f:b9:6c:09:d1:
                    22:e5:4f:40:da:de:2c:7b:88:47:47:05:2e:66:aa:
                    3e:f6:a4:89:96:0c:df:5a:27:f0:ed:9b:0c:1c:2d:
                    b7:49:fb:38:d8:83:bf:7a:a3:00:3e:14:13:05:ed:
                    88:93:1b:53:ff:6d:38:33:b9:c3:88:6c:e2:c3:63:
                    4c:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:C7:FB:E8:EA:F9:29:1D:2D:61:54:1E:FA:AB:E6:D4:FC:FB:0F:63
            X509v3 Authority Key Identifier:
                keyid:CA:35:F5:4A:3B:0E:2E:48:DD:5E:FB:36:24:C1:FE:0E:85:FE:26:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yjX1SjsOLkjdXvs2JMH-DoX-Jh0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/9a0497-cd0d-48dc-86ae-51c99bc8e8d0/1/Jsf76Or5KR0tYVQe-qvm1Pz7D2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/9a0497-cd0d-48dc-86ae-51c99bc8e8d0/1/yjX1SjsOLkjdXvs2JMH-DoX-Jh0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:fc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:3a:1d:92:11:5b:53:18:98:46:aa:28:02:33:80:d9:43:6e:
         49:eb:81:7d:fa:97:d0:2f:64:73:44:b0:81:e2:45:79:e4:e1:
         e5:34:61:2c:4c:c5:03:dd:a7:b0:f8:63:62:6e:31:4f:b8:be:
         a2:52:8b:cd:da:bb:df:89:83:0f:7e:61:90:91:1b:6e:1c:8c:
         80:49:36:d5:ca:59:63:39:4f:43:90:0c:a8:4f:e6:2a:d2:bc:
         cb:32:65:ec:41:3b:e2:f2:fe:40:08:d9:41:8e:ea:16:f1:ca:
         cf:d4:25:1c:56:a1:aa:11:15:36:a0:58:d8:f7:e7:9d:dd:8c:
         27:fb:02:ac:89:b6:9c:0a:42:6c:5b:83:84:4d:21:e5:db:37:
         19:86:8e:12:a7:3a:58:6f:86:d6:f7:a3:0c:fd:17:03:c5:aa:
         88:c8:4e:a0:84:fa:0f:67:17:c2:45:31:b6:79:16:a2:74:7b:
         0d:da:c6:bc:04:96:93:8b:51:a8:ab:34:c3:25:61:9c:77:de:
         23:e1:85:83:5b:00:1b:44:48:50:dc:ed:4a:65:de:41:51:73:
         f9:c4:35:31:97:10:39:7d:7c:c8:36:bb:18:74:cf:18:e8:15:
         fe:2a:8a:49:cf:26:ed:40:a5:09:b5:f1:78:47:6f:b3:0c:aa:
         86:dd:6d:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQj147i5ugdtxdhrmXI3iO7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMzVmNTRhM2IwZTJlNDhkZDVlZmIzNjI0YzFmZTBlODVm
ZTI2MWQwHhcNMjUwMTAxMjE0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmM3ZmJlOGVhZjkyOTFkMmQ2MTU0MWVmYWFiZTZkNGZjZmIwZjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArG/a7BCY9cSB++KLH54CU3kF/TJ4
1DTEnEoY5KxlLnkdU8/0Ev3hfmJxXnNld2hGCOZUJso3jHk1sQ9VgnWJj0hB6G9i
0UEkt/t7K2u9NbMYvjQC82UA5Ykx3iL+zuSiF1mJ01/w771W27aGTdjKJS+RMAIh
3elK5kHsw3t0Y+mqRJTpyDvDczaTmHX4WTnvm7QCW2TXJNrcPcnRY5Jc37huGRp1
j9aqbjIbtKDUHpe8T97W+rtSi4CQvhMJf7lsCdEi5U9A2t4se4hHRwUuZqo+9qSJ
lgzfWifw7ZsMHC23Sfs42IO/eqMAPhQTBe2IkxtT/204M7nDiGziw2NMGQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCbH++jq+SkdLWFUHvqr5tT8+w9jMB8GA1UdIwQY
MBaAFMo19Uo7Di5I3V77NiTB/g6F/iYdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWpYMVNqc09Ma2pkWHZzMkpNSC1Eb1gtSmgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC85YTA0OTctY2QwZC00OGRjLTg2YWUt
NTFjOTliYzhlOGQwLzEvSnNmNzZPcjVLUjB0WVZRZS1xdm0xUHo3RDJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC85YTA0OTctY2QwZC00OGRjLTg2YWUtNTFjOTliYzhlOGQw
LzEveWpYMVNqc09Ma2pkWHZzMkpNSC1Eb1gtSmgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA/A
MA0GCSqGSIb3DQEBCwUAA4IBAQCMOh2SEVtTGJhGqigCM4DZQ25J64F9+pfQL2Rz
RLCB4kV55OHlNGEsTMUD3aew+GNibjFPuL6iUovN2rvfiYMPfmGQkRtuHIyASTbV
ylljOU9DkAyoT+Yq0rzLMmXsQTvi8v5ACNlBjuoW8crP1CUcVqGqERU2oFjY9+ed
3Ywn+wKsibacCkJsW4OETSHl2zcZho4SpzpYb4bW96MM/RcDxaqIyE6ghPoPZxfC
RTG2eRaidHsN2sa8BJaTi1GoqzTDJWGcd94j4YWDWwAbREhQ3O1KZd5BUXP5xDUx
lxA5fXzINrsYdM8Y6BX+KopJzybtQKUJtfF4R2+zDKqG3W1y
-----END CERTIFICATE-----