Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/28c2b7-667e-4def-b415-7b4adeb7a4b5/1/bW-fv4_NbG1PNojUcPp0YRQIoB0.roa
File:                     bW-fv4_NbG1PNojUcPp0YRQIoB0.roa (raw, json)
Hash identifier:          7Z5rf32BgI6fjeUEiIFvBelYmcDYWIutC0cfXs7YxV4=
Subject key identifier:   6D:6F:9F:BF:8F:CD:6C:6D:4F:36:88:D4:70:FA:74:61:14:08:A0:1D
Certificate issuer:       /CN=bd3bcb8628bdbeadb194a235ac4b8c8b711e37d1
Certificate serial:       01942143DC5ACFDC65F3CBDC8A329B180B93
Authority key identifier: BD:3B:CB:86:28:BD:BE:AD:B1:94:A2:35:AC:4B:8C:8B:71:1E:37:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTvLhii9vq2xlKI1rEuMi3EeN9E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/28c2b7-667e-4def-b415-7b4adeb7a4b5/1/bW-fv4_NbG1PNojUcPp0YRQIoB0.roa
Signing time:             Wed 01 Jan 2025 09:48:02 +0000
ROA not before:           Wed 01 Jan 2025 09:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62309
IP address blocks:        2001:67c:af0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/28c2b7-667e-4def-b415-7b4adeb7a4b5/1/vTvLhii9vq2xlKI1rEuMi3EeN9E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/28c2b7-667e-4def-b415-7b4adeb7a4b5/1/vTvLhii9vq2xlKI1rEuMi3EeN9E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTvLhii9vq2xlKI1rEuMi3EeN9E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:dc:5a:cf:dc:65:f3:cb:dc:8a:32:9b:18:0b:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3bcb8628bdbeadb194a235ac4b8c8b711e37d1
        Validity
            Not Before: Jan  1 09:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d6f9fbf8fcd6c6d4f3688d470fa74611408a01d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:45:7d:52:0b:67:c8:72:72:6a:2b:89:6f:b1:
                    8c:d2:d0:e0:a7:d7:59:09:7b:c7:a0:9c:bd:5c:e6:
                    23:86:fa:3c:0e:e3:5a:3c:4e:a3:c5:50:89:17:d3:
                    d3:cb:66:38:55:d3:8b:4b:74:e3:18:60:f7:36:78:
                    00:92:55:6a:2c:5f:c1:b0:e5:a6:07:2d:6a:ec:9e:
                    ea:8d:0f:95:a1:61:da:73:11:e4:e0:32:d3:b4:a2:
                    e3:aa:1b:db:f7:2b:91:1a:62:62:5d:96:50:3f:0d:
                    36:b7:e0:1a:c4:f5:22:12:d3:9f:75:d4:46:0b:b7:
                    d2:27:f0:1d:3b:39:ef:b0:df:56:94:a4:5a:d3:b8:
                    46:de:72:67:a1:b8:a2:2c:d3:bc:02:14:75:94:fa:
                    22:f2:fd:66:2d:f5:66:43:1c:61:cb:30:3f:0d:06:
                    e4:ab:f8:af:0d:19:32:eb:d2:70:77:e1:0a:e9:67:
                    a2:2e:31:60:b3:c4:b9:7b:b2:41:40:21:74:e6:ec:
                    cc:e4:06:86:e2:98:ac:d5:4e:77:22:07:59:ad:02:
                    47:1a:ba:b5:9d:99:19:a5:31:af:f0:19:4e:9d:cf:
                    5e:f5:77:cd:52:3c:14:68:b4:c6:5b:14:ef:59:e7:
                    1c:6f:dc:82:04:fc:80:d6:91:f9:08:e7:8b:6c:e3:
                    92:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:6F:9F:BF:8F:CD:6C:6D:4F:36:88:D4:70:FA:74:61:14:08:A0:1D
            X509v3 Authority Key Identifier:
                keyid:BD:3B:CB:86:28:BD:BE:AD:B1:94:A2:35:AC:4B:8C:8B:71:1E:37:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTvLhii9vq2xlKI1rEuMi3EeN9E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/28c2b7-667e-4def-b415-7b4adeb7a4b5/1/bW-fv4_NbG1PNojUcPp0YRQIoB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/28c2b7-667e-4def-b415-7b4adeb7a4b5/1/vTvLhii9vq2xlKI1rEuMi3EeN9E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:af0::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:8b:90:38:06:be:e4:a8:f8:17:da:08:d8:87:c2:f9:b1:af:
         cf:ba:91:bf:4f:6e:53:77:43:f4:17:f8:3c:4e:17:23:2f:a4:
         05:05:5b:df:a6:2a:ae:37:c6:1d:b1:ad:b6:07:c4:95:2f:82:
         bc:9b:33:cd:58:2e:17:87:8a:0e:35:3f:99:ba:c3:70:af:0c:
         c6:ab:02:b6:31:01:f4:16:28:c8:3e:35:fa:fc:d1:e3:71:70:
         5e:08:ea:42:06:db:79:11:11:42:92:4a:25:42:07:15:92:88:
         ec:17:fe:0e:9f:b9:30:22:8f:85:e8:c2:2e:8c:c9:5c:9d:49:
         85:9b:9b:be:4f:b9:d4:26:2f:79:25:4e:9f:0d:c5:a3:32:ee:
         09:b8:76:8b:10:ef:ec:7e:a2:a2:68:a9:83:34:7b:88:c5:a3:
         39:5e:42:37:8f:13:73:7f:f8:7a:e9:fa:1e:a3:8f:30:b4:33:
         a6:2a:99:ed:9e:5d:a7:92:5c:09:4b:19:5f:b4:19:2b:31:42:
         66:5d:2d:bb:6c:68:68:f5:75:63:36:f5:ff:7b:ca:06:5f:66:
         64:95:32:e3:6d:38:fe:a9:92:9a:79:20:a8:96:73:94:df:fb:
         5c:5c:ea:0b:50:a4:a3:54:91:a0:6f:bd:5c:53:5a:01:33:8b:
         c2:46:dd:28
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhQ9xaz9xl88vcijKbGAuTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkM2JjYjg2MjhiZGJlYWRiMTk0YTIzNWFjNGI4YzhiNzEx
ZTM3ZDEwHhcNMjUwMTAxMDk0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDZmOWZiZjhmY2Q2YzZkNGYzNjg4ZDQ3MGZhNzQ2MTE0MDhhMDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9kV9UgtnyHJyaiuJb7GM0tDgp9dZ
CXvHoJy9XOYjhvo8DuNaPE6jxVCJF9PTy2Y4VdOLS3TjGGD3NngAklVqLF/BsOWm
By1q7J7qjQ+VoWHacxHk4DLTtKLjqhvb9yuRGmJiXZZQPw02t+AaxPUiEtOfddRG
C7fSJ/AdOznvsN9WlKRa07hG3nJnobiiLNO8AhR1lPoi8v1mLfVmQxxhyzA/DQbk
q/ivDRky69Jwd+EK6WeiLjFgs8S5e7JBQCF05uzM5AaG4pis1U53IgdZrQJHGrq1
nZkZpTGv8BlOnc9e9XfNUjwUaLTGWxTvWeccb9yCBPyA1pH5COeLbOOSSQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG1vn7+PzWxtTzaI1HD6dGEUCKAdMB8GA1UdIwQY
MBaAFL07y4Yovb6tsZSiNaxLjItxHjfRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlR2TGhpaTl2cTJ4bEtJMXJFdU1pM0VlTjlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8yOGMyYjctNjY3ZS00ZGVmLWI0MTUt
N2I0YWRlYjdhNGI1LzEvYlctZnY0X05iRzFQTm9qVWNQcDBZUlFJb0IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8yOGMyYjctNjY3ZS00ZGVmLWI0MTUtN2I0YWRlYjdhNGI1
LzEvdlR2TGhpaTl2cTJ4bEtJMXJFdU1pM0VlTjlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfArw
MA0GCSqGSIb3DQEBCwUAA4IBAQA/i5A4Br7kqPgX2gjYh8L5sa/PupG/T25Td0P0
F/g8ThcjL6QFBVvfpiquN8Ydsa22B8SVL4K8mzPNWC4Xh4oONT+ZusNwrwzGqwK2
MQH0FijIPjX6/NHjcXBeCOpCBtt5ERFCkkolQgcVkojsF/4On7kwIo+F6MIujMlc
nUmFm5u+T7nUJi95JU6fDcWjMu4JuHaLEO/sfqKiaKmDNHuIxaM5XkI3jxNzf/h6
6foeo48wtDOmKpntnl2nklwJSxlftBkrMUJmXS27bGho9XVjNvX/e8oGX2ZklTLj
bTj+qZKaeSColnOU3/tcXOoLUKSjVJGgb71cU1oBM4vCRt0o
-----END CERTIFICATE-----