Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/7j4WA3ysp1rOkVmQlKAKuU1wD8E.roa
File:                     7j4WA3ysp1rOkVmQlKAKuU1wD8E.roa (raw, json)
Hash identifier:          50o1sY9mxiaVzB3RiC3eXccX8VD4SmfGqHVWyBgG97Q=
Subject key identifier:   EE:3E:16:03:7C:AC:A7:5A:CE:91:59:90:94:A0:0A:B9:4D:70:0F:C1
Certificate issuer:       /CN=dba12207af4d186c44da2533c0b8f1fd1f55d8db
Certificate serial:       019426D963305AFFE6626A7444342C1264B8
Authority key identifier: DB:A1:22:07:AF:4D:18:6C:44:DA:25:33:C0:B8:F1:FD:1F:55:D8:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/26EiB69NGGxE2iUzwLjx_R9V2Ns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/7j4WA3ysp1rOkVmQlKAKuU1wD8E.roa
Signing time:             Thu 02 Jan 2025 11:49:28 +0000
ROA not before:           Thu 02 Jan 2025 11:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211895
IP address blocks:        2001:67c:21b4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/26EiB69NGGxE2iUzwLjx_R9V2Ns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/26EiB69NGGxE2iUzwLjx_R9V2Ns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/26EiB69NGGxE2iUzwLjx_R9V2Ns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:63:30:5a:ff:e6:62:6a:74:44:34:2c:12:64:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dba12207af4d186c44da2533c0b8f1fd1f55d8db
        Validity
            Not Before: Jan  2 11:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee3e16037caca75ace91599094a00ab94d700fc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:3d:07:9c:70:3f:47:50:d4:b8:dd:7d:05:32:
                    e2:1e:3e:28:b8:24:9a:94:da:a0:3a:d7:c9:ba:e2:
                    a3:af:c9:fd:d4:6c:e5:7b:b6:f6:2a:42:ec:8a:07:
                    fd:d3:be:06:9f:05:a5:f9:43:d8:45:6d:6f:c3:09:
                    e0:9b:92:7f:f2:1f:25:92:05:f9:fd:38:43:eb:ae:
                    b4:42:09:6e:66:3b:e8:ad:0f:14:0f:e5:d9:7b:86:
                    61:81:2f:e5:60:a7:6c:db:a4:61:e9:8a:ba:27:7f:
                    73:ad:47:67:5b:9a:c9:72:b4:7d:93:ee:8d:58:f8:
                    39:bb:73:42:c6:24:a8:a2:94:7a:72:9d:af:22:ff:
                    01:65:92:41:6d:23:37:f3:86:33:4a:ba:49:28:05:
                    69:85:4f:fe:c5:3d:10:65:c0:9e:48:b0:1f:b3:78:
                    57:17:77:7d:2f:d6:67:6a:57:5d:fb:8b:d1:c2:fe:
                    1b:34:32:cf:5f:1b:7e:5e:90:fd:b6:c0:fd:47:c4:
                    ce:72:43:ec:7c:94:d9:d2:6c:fa:c8:e3:ee:f6:11:
                    68:e0:ca:d0:7a:39:d5:3d:26:2c:d8:ef:ef:0d:37:
                    13:55:11:f2:ab:e1:bf:bc:aa:52:95:6c:ae:ef:1e:
                    60:fb:12:47:46:bd:11:7d:d5:a0:28:48:17:33:18:
                    22:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:3E:16:03:7C:AC:A7:5A:CE:91:59:90:94:A0:0A:B9:4D:70:0F:C1
            X509v3 Authority Key Identifier:
                keyid:DB:A1:22:07:AF:4D:18:6C:44:DA:25:33:C0:B8:F1:FD:1F:55:D8:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/26EiB69NGGxE2iUzwLjx_R9V2Ns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/7j4WA3ysp1rOkVmQlKAKuU1wD8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/26EiB69NGGxE2iUzwLjx_R9V2Ns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:21b4::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:df:f6:fc:48:73:e8:f4:64:36:47:68:54:bd:50:b7:1c:22:
         77:2e:e1:49:3a:5b:5a:80:24:40:73:3c:29:53:59:72:22:13:
         d3:c1:32:a5:be:a5:e7:15:cc:18:2e:58:26:02:85:d9:b2:49:
         3c:e8:f1:1b:d4:60:fe:9e:74:5b:ac:df:f8:9c:10:cb:02:73:
         d9:42:82:3a:15:26:69:6d:cb:18:b5:7c:1f:1c:27:61:8e:2e:
         06:86:54:c7:4b:86:4f:ed:9e:79:1d:38:23:62:c2:24:68:fc:
         92:61:f9:cb:10:3f:68:f8:5f:07:ad:57:38:ae:61:fe:76:7c:
         95:93:c5:51:27:11:ab:b1:e5:2f:36:62:c1:e7:f8:82:d0:e5:
         cf:17:3e:a4:02:ac:c4:6a:3d:51:f2:db:de:0d:4a:87:be:ea:
         43:8a:32:8b:80:d5:0c:83:fa:07:5e:6a:13:fa:a0:b0:79:e6:
         bd:eb:79:4c:d7:d2:d3:15:70:f5:2c:d5:b0:96:41:cd:e3:38:
         d7:89:c9:84:8c:64:ee:57:bf:f2:bb:28:a2:85:82:11:da:5a:
         de:05:29:6f:a8:0e:99:74:16:a8:bf:20:f1:e0:b8:5f:97:38:
         3a:3c:8b:99:3e:51:c2:59:36:79:bf:b2:18:74:07:43:42:bb:
         b7:44:23:99
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQm2WMwWv/mYmp0RDQsEmS4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYTEyMjA3YWY0ZDE4NmM0NGRhMjUzM2MwYjhmMWZkMWY1
NWQ4ZGIwHhcNMjUwMTAyMTE0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTNlMTYwMzdjYWNhNzVhY2U5MTU5OTA5NGEwMGFiOTRkNzAwZmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5D0HnHA/R1DUuN19BTLiHj4ouCSa
lNqgOtfJuuKjr8n91Gzle7b2KkLsigf9074GnwWl+UPYRW1vwwngm5J/8h8lkgX5
/ThD6660QgluZjvorQ8UD+XZe4ZhgS/lYKds26Rh6Yq6J39zrUdnW5rJcrR9k+6N
WPg5u3NCxiSoopR6cp2vIv8BZZJBbSM384YzSrpJKAVphU/+xT0QZcCeSLAfs3hX
F3d9L9Znaldd+4vRwv4bNDLPXxt+XpD9tsD9R8TOckPsfJTZ0mz6yOPu9hFo4MrQ
ejnVPSYs2O/vDTcTVRHyq+G/vKpSlWyu7x5g+xJHRr0RfdWgKEgXMxgiDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO4+FgN8rKdazpFZkJSgCrlNcA/BMB8GA1UdIwQY
MBaAFNuhIgevTRhsRNolM8C48f0fVdjbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjZFaUI2OU5HR3hFMmlVendManhfUjlWMk5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9jODAxMGUtMzI4OS00YTM2LWEyYjgt
MTJiMmJjNTgwNTNhLzEvN2o0V0EzeXNwMXJPa1ZtUWxLQUt1VTF3RDhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9jODAxMGUtMzI4OS00YTM2LWEyYjgtMTJiMmJjNTgwNTNh
LzEvMjZFaUI2OU5HR3hFMmlVendManhfUjlWMk5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCG0
MA0GCSqGSIb3DQEBCwUAA4IBAQAu3/b8SHPo9GQ2R2hUvVC3HCJ3LuFJOltagCRA
czwpU1lyIhPTwTKlvqXnFcwYLlgmAoXZskk86PEb1GD+nnRbrN/4nBDLAnPZQoI6
FSZpbcsYtXwfHCdhji4GhlTHS4ZP7Z55HTgjYsIkaPySYfnLED9o+F8HrVc4rmH+
dnyVk8VRJxGrseUvNmLB5/iC0OXPFz6kAqzEaj1R8tveDUqHvupDijKLgNUMg/oH
XmoT+qCweea963lM19LTFXD1LNWwlkHN4zjXicmEjGTuV7/yuyiihYIR2lreBSlv
qA6ZdBaovyDx4Lhflzg6PIuZPlHCWTZ5v7IYdAdDQru3RCOZ
-----END CERTIFICATE-----