Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/ef188b-62e9-4fd6-97f0-bb39329f87f3/1/9cUx35pJdH2wM_3eSozbimAeHfU.roa
File:                     9cUx35pJdH2wM_3eSozbimAeHfU.roa (raw, json)
Hash identifier:          7YW1ZDiZMJTYn9KTvcJh6SoR/wbiN8bpaQ2O/a0WApI=
Subject key identifier:   F5:C5:31:DF:9A:49:74:7D:B0:33:FD:DE:4A:8C:DB:8A:60:1E:1D:F5
Certificate issuer:       /CN=c1173f47ec1d92e7886ea2907ff927ee17cbf2f4
Certificate serial:       019424455B2CA1401FDF45D2183FAA08C533
Authority key identifier: C1:17:3F:47:EC:1D:92:E7:88:6E:A2:90:7F:F9:27:EE:17:CB:F2:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wRc_R-wdkueIbqKQf_kn7hfL8vQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/ef188b-62e9-4fd6-97f0-bb39329f87f3/1/9cUx35pJdH2wM_3eSozbimAeHfU.roa
Signing time:             Wed 01 Jan 2025 23:48:32 +0000
ROA not before:           Wed 01 Jan 2025 23:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6730
IP address blocks:        2001:67c:444::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/ef188b-62e9-4fd6-97f0-bb39329f87f3/1/wRc_R-wdkueIbqKQf_kn7hfL8vQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/ef188b-62e9-4fd6-97f0-bb39329f87f3/1/wRc_R-wdkueIbqKQf_kn7hfL8vQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wRc_R-wdkueIbqKQf_kn7hfL8vQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:5b:2c:a1:40:1f:df:45:d2:18:3f:aa:08:c5:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1173f47ec1d92e7886ea2907ff927ee17cbf2f4
        Validity
            Not Before: Jan  1 23:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5c531df9a49747db033fdde4a8cdb8a601e1df5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:98:39:a3:a7:9c:a0:0f:06:60:5f:48:82:d3:
                    b7:ed:df:e2:39:9c:8c:6a:8f:01:b2:13:37:1a:bb:
                    5a:82:a9:33:80:a0:b5:ed:e2:da:29:26:9e:6b:d7:
                    a1:75:49:18:38:c6:85:3f:93:3f:45:31:96:e0:03:
                    b9:72:64:9c:5c:6f:98:fe:20:1b:c7:e9:f5:5f:77:
                    74:cc:5e:90:cf:d8:6a:31:3a:70:08:9a:4a:cb:a1:
                    39:7d:c3:81:65:b8:db:ac:56:85:42:bf:69:33:05:
                    d5:64:28:f3:4f:34:9f:7a:1e:f6:4a:16:90:b6:e9:
                    74:fc:f5:1d:f6:58:2b:87:f7:73:bf:49:cc:1b:26:
                    d7:ad:d4:02:28:b4:05:4c:03:40:d6:4a:78:d5:a2:
                    e0:44:9b:91:21:9a:3a:e2:d4:2e:17:8b:3b:74:82:
                    b1:a3:68:e5:09:da:05:1b:c8:df:36:05:72:f3:97:
                    2e:35:6e:fb:72:ab:80:47:d5:68:bc:8d:8b:c9:49:
                    98:e1:fd:dd:80:db:c9:c0:26:33:27:3c:c2:a4:00:
                    68:af:2b:be:f2:08:31:c4:6a:7d:b1:f2:52:6f:00:
                    ef:97:80:9f:96:17:d4:54:63:32:54:8e:0c:0a:22:
                    98:ce:1c:8f:23:96:aa:28:2a:04:11:de:06:b9:54:
                    83:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:C5:31:DF:9A:49:74:7D:B0:33:FD:DE:4A:8C:DB:8A:60:1E:1D:F5
            X509v3 Authority Key Identifier:
                keyid:C1:17:3F:47:EC:1D:92:E7:88:6E:A2:90:7F:F9:27:EE:17:CB:F2:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wRc_R-wdkueIbqKQf_kn7hfL8vQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/ef188b-62e9-4fd6-97f0-bb39329f87f3/1/9cUx35pJdH2wM_3eSozbimAeHfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/ef188b-62e9-4fd6-97f0-bb39329f87f3/1/wRc_R-wdkueIbqKQf_kn7hfL8vQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:444::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:68:d1:ea:91:9e:3e:3a:69:7d:ea:6b:0b:c0:fe:dd:d1:81:
         1d:0f:c6:c4:e3:93:88:86:f5:8a:d3:1e:27:19:29:d7:64:1f:
         80:08:d6:ac:b6:f3:5c:f3:45:bd:f6:fb:7e:ad:de:ed:bb:6d:
         69:14:9b:82:1d:93:5f:a0:df:cb:44:a7:05:a6:11:93:cc:f7:
         2b:1e:54:fb:61:fc:1d:70:3a:0f:ad:60:5d:e3:30:cd:c4:77:
         b2:59:da:08:6a:48:45:45:d9:02:3d:7f:8f:01:98:98:af:4e:
         23:50:ef:4c:5a:30:ae:af:92:5d:99:16:95:d7:36:ac:6c:06:
         3c:0c:81:fe:a5:a1:e9:df:d7:c5:f0:a1:b8:92:52:e0:e2:f7:
         54:cb:f0:ba:4b:e3:29:73:9b:5a:a8:57:fd:31:5b:27:91:10:
         71:21:43:24:77:3f:38:35:a7:47:84:8a:46:07:9c:c1:c7:af:
         45:fb:26:de:1a:d2:bc:ae:cd:e0:92:d5:46:a0:67:e3:40:85:
         9d:46:40:03:9a:18:e9:9f:4f:08:89:26:6d:8f:13:65:37:ea:
         60:ab:3b:10:c1:8e:56:f2:9c:d5:83:97:54:a7:cd:0e:4d:1c:
         5b:fd:73:50:9c:77:64:72:c8:00:8a:6a:d2:7a:9b:41:77:7b:
         c5:7d:9c:51
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQkRVssoUAf30XSGD+qCMUzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMTczZjQ3ZWMxZDkyZTc4ODZlYTI5MDdmZjkyN2VlMTdj
YmYyZjQwHhcNMjUwMTAxMjM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWM1MzFkZjlhNDk3NDdkYjAzM2ZkZGU0YThjZGI4YTYwMWUxZGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZg5o6ecoA8GYF9IgtO37d/iOZyM
ao8BshM3GrtagqkzgKC17eLaKSaea9ehdUkYOMaFP5M/RTGW4AO5cmScXG+Y/iAb
x+n1X3d0zF6Qz9hqMTpwCJpKy6E5fcOBZbjbrFaFQr9pMwXVZCjzTzSfeh72ShaQ
tul0/PUd9lgrh/dzv0nMGybXrdQCKLQFTANA1kp41aLgRJuRIZo64tQuF4s7dIKx
o2jlCdoFG8jfNgVy85cuNW77cquAR9VovI2LyUmY4f3dgNvJwCYzJzzCpABoryu+
8ggxxGp9sfJSbwDvl4CflhfUVGMyVI4MCiKYzhyPI5aqKCoEEd4GuVSDEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPXFMd+aSXR9sDP93kqM24pgHh31MB8GA1UdIwQY
MBaAFMEXP0fsHZLniG6ikH/5J+4Xy/L0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1JjX1Itd2RrdWVJYnFLUWZfa243aGZMOHZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lZjE4OGItNjJlOS00ZmQ2LTk3ZjAt
YmIzOTMyOWY4N2YzLzEvOWNVeDM1cEpkSDJ3TV8zZVNvemJpbUFlSGZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lZjE4OGItNjJlOS00ZmQ2LTk3ZjAtYmIzOTMyOWY4N2Yz
LzEvd1JjX1Itd2RrdWVJYnFLUWZfa243aGZMOHZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfARE
MA0GCSqGSIb3DQEBCwUAA4IBAQBvaNHqkZ4+Oml96msLwP7d0YEdD8bE45OIhvWK
0x4nGSnXZB+ACNastvNc80W99vt+rd7tu21pFJuCHZNfoN/LRKcFphGTzPcrHlT7
YfwdcDoPrWBd4zDNxHeyWdoIakhFRdkCPX+PAZiYr04jUO9MWjCur5JdmRaV1zas
bAY8DIH+paHp39fF8KG4klLg4vdUy/C6S+Mpc5taqFf9MVsnkRBxIUMkdz84NadH
hIpGB5zBx69F+ybeGtK8rs3gktVGoGfjQIWdRkADmhjpn08IiSZtjxNlN+pgqzsQ
wY5W8pzVg5dUp80OTRxb/XNQnHdkcsgAimrSeptBd3vFfZxR
-----END CERTIFICATE-----