Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/031463-58e6-4fcb-8ca1-1fcfd0c8bdf5/1/0otUjOmrbrE-UtuXVDDSBPTMgt4.roa
File:                     0otUjOmrbrE-UtuXVDDSBPTMgt4.roa (raw, json)
Hash identifier:          /6O4kder5Q4c9HIL3TM9q/fRb3AXNbQJDsO22/m8/9o=
Subject key identifier:   D2:8B:54:8C:E9:AB:6E:B1:3E:52:DB:97:54:30:D2:04:F4:CC:82:DE
Certificate issuer:       /CN=83ecfb64bda5213708ff67bad4c83950b1ffdc38
Certificate serial:       01942D667D6F0B6B48DE9944B8B3B0EDA48A
Authority key identifier: 83:EC:FB:64:BD:A5:21:37:08:FF:67:BA:D4:C8:39:50:B1:FF:DC:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g-z7ZL2lITcI_2e61Mg5ULH_3Dg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/031463-58e6-4fcb-8ca1-1fcfd0c8bdf5/1/0otUjOmrbrE-UtuXVDDSBPTMgt4.roa
Signing time:             Fri 03 Jan 2025 18:21:18 +0000
ROA not before:           Fri 03 Jan 2025 18:21:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57757
IP address blocks:        2001:67c:fe8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/031463-58e6-4fcb-8ca1-1fcfd0c8bdf5/1/g-z7ZL2lITcI_2e61Mg5ULH_3Dg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/031463-58e6-4fcb-8ca1-1fcfd0c8bdf5/1/g-z7ZL2lITcI_2e61Mg5ULH_3Dg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g-z7ZL2lITcI_2e61Mg5ULH_3Dg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:2d:66:7d:6f:0b:6b:48:de:99:44:b8:b3:b0:ed:a4:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83ecfb64bda5213708ff67bad4c83950b1ffdc38
        Validity
            Not Before: Jan  3 18:21:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d28b548ce9ab6eb13e52db975430d204f4cc82de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:16:bd:16:3a:9d:da:d5:ae:4e:d0:21:13:ff:
                    a0:ce:f7:4c:0b:5e:9f:f5:3b:22:3e:eb:ae:b4:7b:
                    a7:9a:61:09:56:75:ef:36:b0:3d:78:03:4c:1e:fb:
                    14:f3:ce:74:57:2b:90:b0:5d:d2:a9:3f:05:3d:20:
                    52:95:10:2d:80:af:67:c5:f6:df:6f:60:7e:08:9e:
                    74:8d:c3:8f:e0:37:cc:96:7e:5b:8c:67:d6:e6:d7:
                    13:79:67:9a:da:20:47:44:45:47:4d:3f:a7:53:9d:
                    c4:60:16:01:0e:0e:3b:4b:55:60:9a:66:a2:9b:43:
                    98:4a:12:78:1f:6c:aa:75:78:d5:90:45:f6:b5:13:
                    23:c6:1b:21:e2:6e:a9:58:b7:fd:d8:46:bb:9c:8e:
                    d7:c5:6e:22:79:8e:53:d4:c3:b3:a5:5f:cb:9c:f5:
                    89:1d:9e:54:c1:8a:7a:20:14:21:93:4a:75:f0:92:
                    a0:3a:08:fa:6d:3d:40:23:07:73:80:e9:d7:1d:15:
                    7b:32:5e:54:03:73:1f:3c:da:f8:c9:56:f0:99:98:
                    d5:90:20:fd:d0:3d:25:9f:fd:dc:6d:29:d3:2b:7e:
                    69:e0:e6:00:0f:89:1e:69:f7:91:1e:c3:36:d1:c6:
                    e6:8f:01:bf:6d:79:60:25:59:28:e0:b1:cc:a9:6e:
                    68:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:8B:54:8C:E9:AB:6E:B1:3E:52:DB:97:54:30:D2:04:F4:CC:82:DE
            X509v3 Authority Key Identifier:
                keyid:83:EC:FB:64:BD:A5:21:37:08:FF:67:BA:D4:C8:39:50:B1:FF:DC:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g-z7ZL2lITcI_2e61Mg5ULH_3Dg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/031463-58e6-4fcb-8ca1-1fcfd0c8bdf5/1/0otUjOmrbrE-UtuXVDDSBPTMgt4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/031463-58e6-4fcb-8ca1-1fcfd0c8bdf5/1/g-z7ZL2lITcI_2e61Mg5ULH_3Dg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:fe8::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:b5:c9:03:35:e7:9f:9d:30:6b:58:16:b8:09:01:8a:1d:e5:
         af:20:38:1d:58:a8:15:6f:e7:36:e4:a9:db:a9:d5:55:af:a2:
         e2:25:c8:17:85:78:66:07:ac:96:5c:73:e0:a0:1b:ec:59:15:
         5e:7d:1c:c4:c4:8e:2b:2e:a6:c2:76:13:47:31:47:d9:25:d5:
         bc:7d:f1:41:78:61:70:93:ec:0d:06:9c:b0:be:42:68:f4:bb:
         d6:5f:dc:94:bc:09:ec:28:f0:48:33:2c:d6:f6:a0:1a:e3:66:
         0b:87:75:9d:04:44:16:d8:55:66:e7:77:fb:68:a5:92:e6:13:
         9c:0f:00:61:20:67:95:d0:90:9d:9b:70:60:58:a5:ed:26:36:
         4b:ed:3c:c2:4e:65:60:2b:99:3e:c3:e2:50:1e:be:11:5e:a3:
         86:57:ff:70:f6:7b:49:73:73:52:81:52:ec:e8:c1:e9:94:6c:
         c3:ff:7e:98:13:d9:46:33:88:08:8d:38:aa:a3:b9:80:83:0d:
         8e:84:87:53:f5:db:1f:86:d1:8e:24:a8:39:98:6e:a9:d9:d7:
         c8:1c:d9:40:c6:31:97:a0:8e:d1:c6:1a:50:ca:8e:a8:a9:79:
         84:23:47:16:69:6a:f1:29:e5:58:c0:1e:0a:1e:c6:53:8c:ee:
         03:55:b4:88
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQtZn1vC2tI3plEuLOw7aSKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzZWNmYjY0YmRhNTIxMzcwOGZmNjdiYWQ0YzgzOTUwYjFm
ZmRjMzgwHhcNMjUwMTAzMTgyMTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjhiNTQ4Y2U5YWI2ZWIxM2U1MmRiOTc1NDMwZDIwNGY0Y2M4MmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRa9Fjqd2tWuTtAhE/+gzvdMC16f
9TsiPuuutHunmmEJVnXvNrA9eANMHvsU8850VyuQsF3SqT8FPSBSlRAtgK9nxfbf
b2B+CJ50jcOP4DfMln5bjGfW5tcTeWea2iBHREVHTT+nU53EYBYBDg47S1Vgmmai
m0OYShJ4H2yqdXjVkEX2tRMjxhsh4m6pWLf92Ea7nI7XxW4ieY5T1MOzpV/LnPWJ
HZ5UwYp6IBQhk0p18JKgOgj6bT1AIwdzgOnXHRV7Ml5UA3MfPNr4yVbwmZjVkCD9
0D0ln/3cbSnTK35p4OYAD4keafeRHsM20cbmjwG/bXlgJVko4LHMqW5okQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNKLVIzpq26xPlLbl1Qw0gT0zILeMB8GA1UdIwQY
MBaAFIPs+2S9pSE3CP9nutTIOVCx/9w4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZy16N1pMMmxJVGNJXzJlNjFNZzVVTEhfM0RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8wMzE0NjMtNThlNi00ZmNiLThjYTEt
MWZjZmQwYzhiZGY1LzEvMG90VWpPbXJickUtVXR1WFZERFNCUFRNZ3Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8wMzE0NjMtNThlNi00ZmNiLThjYTEtMWZjZmQwYzhiZGY1
LzEvZy16N1pMMmxJVGNJXzJlNjFNZzVVTEhfM0RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA/o
MA0GCSqGSIb3DQEBCwUAA4IBAQAttckDNeefnTBrWBa4CQGKHeWvIDgdWKgVb+c2
5KnbqdVVr6LiJcgXhXhmB6yWXHPgoBvsWRVefRzExI4rLqbCdhNHMUfZJdW8ffFB
eGFwk+wNBpywvkJo9LvWX9yUvAnsKPBIMyzW9qAa42YLh3WdBEQW2FVm53f7aKWS
5hOcDwBhIGeV0JCdm3BgWKXtJjZL7TzCTmVgK5k+w+JQHr4RXqOGV/9w9ntJc3NS
gVLs6MHplGzD/36YE9lGM4gIjTiqo7mAgw2OhIdT9dsfhtGOJKg5mG6p2dfIHNlA
xjGXoI7RxhpQyo6oqXmEI0cWaWrxKeVYwB4KHsZTjO4DVbSI
-----END CERTIFICATE-----