Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/cMPo4YpyyDUN4HXAKavH7BLGaEg.roa
File:                     cMPo4YpyyDUN4HXAKavH7BLGaEg.roa (raw, json)
Hash identifier:          FZFlaBgot9IWdhWeB9A0YvT5yJ4VmfaV20DXW7RaKRw=
Subject key identifier:   70:C3:E8:E1:8A:72:C8:35:0D:E0:75:C0:29:AB:C7:EC:12:C6:68:48
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       019423D761797F4B5E17F0DA314153407957
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/cMPo4YpyyDUN4HXAKavH7BLGaEg.roa
Signing time:             Wed 01 Jan 2025 21:48:25 +0000
ROA not before:           Wed 01 Jan 2025 21:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47536
IP address blocks:        5.1.67.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Mar 2025 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:61:79:7f:4b:5e:17:f0:da:31:41:53:40:79:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 21:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70c3e8e18a72c8350de075c029abc7ec12c66848
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:74:77:48:a9:96:5d:08:51:55:3d:0d:a1:80:
                    42:bc:4b:ab:8e:56:30:94:a0:0b:e6:b6:6c:1a:65:
                    b5:b7:a5:25:41:ff:78:00:d7:05:c7:5c:a2:bf:67:
                    45:59:d0:90:1b:3d:59:4d:e4:8b:80:bc:31:dc:ca:
                    4d:c7:ce:24:bc:ab:dc:b8:e4:9b:09:a2:c2:2d:e7:
                    85:78:e8:2c:6c:c6:e1:49:9b:02:81:24:4d:ac:d5:
                    38:53:be:06:a9:11:99:04:c6:14:db:e5:f6:ad:9d:
                    44:ca:ef:23:cd:73:20:f8:bb:53:29:43:80:83:72:
                    10:88:8a:8b:94:a4:e9:70:a9:5f:4f:3c:fe:4e:53:
                    79:1a:be:8d:2b:68:4d:dc:42:f5:8a:21:30:78:7c:
                    37:a7:eb:09:7a:19:44:70:24:71:12:32:d6:f7:1d:
                    c5:41:d2:6f:c4:11:f1:85:3c:60:13:68:9f:c7:ed:
                    9a:02:5b:14:1c:65:2a:48:42:2f:99:f5:e1:3b:ee:
                    e1:e7:76:77:dc:df:7f:5a:45:16:0e:a7:2c:37:97:
                    b1:18:34:70:13:06:25:ae:59:e4:27:a0:d5:97:1d:
                    70:00:b7:f7:46:06:f8:a8:d2:cb:a1:52:d4:7b:84:
                    78:e8:f1:85:48:00:bd:19:04:43:fe:92:73:4b:8c:
                    82:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:C3:E8:E1:8A:72:C8:35:0D:E0:75:C0:29:AB:C7:EC:12:C6:68:48
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/cMPo4YpyyDUN4HXAKavH7BLGaEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:3b:aa:ee:4f:8b:80:67:91:46:8b:b6:c0:22:d8:0e:85:c4:
         49:9e:ed:32:bc:4d:c1:e9:ec:cc:06:22:7d:bf:83:0c:0a:1e:
         ed:81:70:d7:70:a3:ac:6a:e3:fc:7d:ee:64:bc:d8:26:97:ce:
         fa:f5:5e:da:5a:69:66:74:06:3e:de:ff:bc:a2:b5:98:06:a6:
         47:7b:6c:d4:82:bb:8b:c6:5f:ca:71:12:bc:9a:bd:f1:c5:8a:
         9a:31:21:da:cc:17:55:cb:2a:16:40:1f:31:0d:a5:91:6a:36:
         de:9d:04:cc:a1:ad:59:3a:b2:fd:07:f8:c1:a1:bf:fc:8d:18:
         3e:b2:1a:e7:1f:ec:a0:4d:9b:29:20:05:80:23:56:56:1f:da:
         43:da:09:1b:da:36:f8:ee:21:c0:51:cd:c5:c5:1b:c5:92:80:
         20:f8:dc:b1:19:5f:33:df:d2:23:73:b3:d0:b9:ea:55:3d:7c:
         21:e1:ad:66:77:ab:0a:2e:56:62:75:b4:6b:8c:67:ce:53:12:
         c1:cf:91:9e:3b:9e:59:68:6c:bf:01:a4:31:b5:40:bd:98:39:
         97:e5:19:70:e8:67:67:c5:f9:7f:1e:40:54:f9:6b:3e:1d:99:
         59:88:0f:33:cc:f7:d0:53:2c:90:65:11:e9:38:eb:ab:89:13:
         79:aa:66:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj12F5f0teF/DaMUFTQHlXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwMTAxMjE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGMzZThlMThhNzJjODM1MGRlMDc1YzAyOWFiYzdlYzEyYzY2ODQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3R3SKmWXQhRVT0NoYBCvEurjlYw
lKAL5rZsGmW1t6UlQf94ANcFx1yiv2dFWdCQGz1ZTeSLgLwx3MpNx84kvKvcuOSb
CaLCLeeFeOgsbMbhSZsCgSRNrNU4U74GqRGZBMYU2+X2rZ1Eyu8jzXMg+LtTKUOA
g3IQiIqLlKTpcKlfTzz+TlN5Gr6NK2hN3EL1iiEweHw3p+sJehlEcCRxEjLW9x3F
QdJvxBHxhTxgE2ifx+2aAlsUHGUqSEIvmfXhO+7h53Z33N9/WkUWDqcsN5exGDRw
EwYlrlnkJ6DVlx1wALf3Rgb4qNLLoVLUe4R46PGFSAC9GQRD/pJzS4yCewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDD6OGKcsg1DeB1wCmrx+wSxmhIMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvY01QbzRZcHl5RFVONEhYQUthdkg3QkxHYUVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQFDMA0G
CSqGSIb3DQEBCwUAA4IBAQBRO6ruT4uAZ5FGi7bAItgOhcRJnu0yvE3B6ezMBiJ9
v4MMCh7tgXDXcKOsauP8fe5kvNgml8769V7aWmlmdAY+3v+8orWYBqZHe2zUgruL
xl/KcRK8mr3xxYqaMSHazBdVyyoWQB8xDaWRajbenQTMoa1ZOrL9B/jBob/8jRg+
shrnH+ygTZspIAWAI1ZWH9pD2gkb2jb47iHAUc3FxRvFkoAg+NyxGV8z39Ijc7PQ
uepVPXwh4a1md6sKLlZidbRrjGfOUxLBz5GeO55ZaGy/AaQxtUC9mDmX5Rlw6Gdn
xfl/HkBU+Ws+HZlZiA8zzPfQUyyQZRHpOOuriRN5qmbL
-----END CERTIFICATE-----