Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/624546-4ac8-4dbe-8697-aace878bab65/1/YHDrFWwxkrS_T2zm-XD8OnCCk3I.roa
File:                     YHDrFWwxkrS_T2zm-XD8OnCCk3I.roa (raw, json)
Hash identifier:          ats4DX7q3HbDaXBiSmUVMOKuQb0H1KPc5eA6NgFMmhA=
Subject key identifier:   60:70:EB:15:6C:31:92:B4:BF:4F:6C:E6:F9:70:FC:3A:70:82:93:72
Certificate issuer:       /CN=f9cb9094cb7cda138bd010013eb9ecc331903041
Certificate serial:       01942444C34D006C52F18F93C57449ECD466
Authority key identifier: F9:CB:90:94:CB:7C:DA:13:8B:D0:10:01:3E:B9:EC:C3:31:90:30:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-cuQlMt82hOL0BABPrnswzGQMEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/624546-4ac8-4dbe-8697-aace878bab65/1/YHDrFWwxkrS_T2zm-XD8OnCCk3I.roa
Signing time:             Wed 01 Jan 2025 23:47:53 +0000
ROA not before:           Wed 01 Jan 2025 23:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60391
IP address blocks:        2001:67c:12ac::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/624546-4ac8-4dbe-8697-aace878bab65/1/1-cuQlMt82hOL0BABPrnswzGQMEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/624546-4ac8-4dbe-8697-aace878bab65/1/1-cuQlMt82hOL0BABPrnswzGQMEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-cuQlMt82hOL0BABPrnswzGQMEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:c3:4d:00:6c:52:f1:8f:93:c5:74:49:ec:d4:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9cb9094cb7cda138bd010013eb9ecc331903041
        Validity
            Not Before: Jan  1 23:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6070eb156c3192b4bf4f6ce6f970fc3a70829372
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d4:14:66:63:80:b2:26:5f:c5:8c:d3:f6:56:
                    47:81:30:a4:34:07:7d:78:0d:bd:1e:f0:85:b2:30:
                    9b:f7:2a:f9:3c:8a:31:6a:59:66:31:95:1b:5e:14:
                    53:0d:80:84:38:9b:fb:8d:81:2d:ae:1e:9e:c4:79:
                    53:0c:59:41:3c:59:6d:36:fb:29:2b:60:a4:0f:16:
                    25:ad:d4:84:5e:a7:9f:2f:f8:af:01:21:ee:8d:07:
                    31:d9:39:1f:e1:cb:73:a0:0a:1e:d9:c4:a5:13:7b:
                    a7:a9:d8:88:20:b0:cd:3f:e3:80:7f:18:6f:e6:70:
                    59:6a:b2:a4:2b:ef:aa:cb:6a:68:1a:54:fe:86:26:
                    19:eb:3f:2e:13:0c:30:3c:57:0b:7e:6a:5b:48:12:
                    11:b8:9c:b0:fc:58:20:f3:ba:4f:6a:9b:36:65:4d:
                    23:11:9a:43:96:e0:23:dd:09:84:4d:6f:e9:08:7e:
                    a9:8d:07:f7:b9:f7:12:7c:d6:19:25:d6:b8:89:ad:
                    c8:15:f0:34:0a:51:8d:ec:a2:99:0f:bd:bf:36:df:
                    52:ca:f3:50:56:1f:36:e6:10:8a:f6:62:8a:fc:b2:
                    44:03:f1:7b:66:f3:fe:09:dd:0c:59:eb:15:7d:77:
                    c6:b0:fb:cd:dc:fa:6b:54:41:86:89:05:0f:36:1a:
                    d7:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:70:EB:15:6C:31:92:B4:BF:4F:6C:E6:F9:70:FC:3A:70:82:93:72
            X509v3 Authority Key Identifier:
                keyid:F9:CB:90:94:CB:7C:DA:13:8B:D0:10:01:3E:B9:EC:C3:31:90:30:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-cuQlMt82hOL0BABPrnswzGQMEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/624546-4ac8-4dbe-8697-aace878bab65/1/YHDrFWwxkrS_T2zm-XD8OnCCk3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/624546-4ac8-4dbe-8697-aace878bab65/1/1-cuQlMt82hOL0BABPrnswzGQMEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:12ac::/48

    Signature Algorithm: sha256WithRSAEncryption
         cb:ef:20:e0:35:fe:09:22:39:c3:da:39:b3:54:c9:4f:f0:26:
         1c:03:82:ee:60:9d:6a:dd:67:a9:d1:a2:47:e8:53:23:c1:d7:
         f4:e4:fd:0c:5c:82:b5:81:2e:48:fc:08:9d:0f:0a:51:ad:f1:
         32:6e:78:c1:22:18:b9:f0:b2:81:93:c4:99:1b:30:51:02:c5:
         17:17:54:09:fb:1f:67:76:39:62:92:55:e8:4b:30:85:98:4a:
         66:eb:87:97:7b:8b:b4:8e:07:35:0d:1c:8a:59:7d:f8:b2:af:
         dd:dd:03:91:c0:b2:ab:fb:d1:8a:2b:59:c2:dc:71:79:20:15:
         2b:0c:92:91:da:e4:12:ba:66:87:ea:1d:dd:3a:a5:f0:c4:19:
         94:9f:32:7b:e2:e2:e0:82:d7:82:46:90:7b:2b:38:4d:49:fd:
         c6:29:b7:3d:ee:17:e4:51:f0:91:cc:1d:f9:c7:17:b9:c1:52:
         57:42:a8:84:8f:cf:40:ca:10:31:99:d8:2b:c9:5f:a0:be:bc:
         53:9d:57:b2:6e:32:4e:db:df:e3:ef:a9:be:48:0a:0d:86:39:
         fd:1f:f8:4f:a8:67:34:af:9d:2c:9a:d3:73:ba:66:b6:49:f0:
         70:d6:b1:cb:97:cc:36:c0:7d:bb:fb:e0:cf:c2:f0:c4:29:49:
         83:5e:2e:af
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZQkRMNNAGxS8Y+TxXRJ7NRmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5Y2I5MDk0Y2I3Y2RhMTM4YmQwMTAwMTNlYjllY2MzMzE5
MDMwNDEwHhcNMjUwMTAxMjM0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDcwZWIxNTZjMzE5MmI0YmY0ZjZjZTZmOTcwZmMzYTcwODI5MzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtQUZmOAsiZfxYzT9lZHgTCkNAd9
eA29HvCFsjCb9yr5PIoxallmMZUbXhRTDYCEOJv7jYEtrh6exHlTDFlBPFltNvsp
K2CkDxYlrdSEXqefL/ivASHujQcx2Tkf4ctzoAoe2cSlE3unqdiIILDNP+OAfxhv
5nBZarKkK++qy2poGlT+hiYZ6z8uEwwwPFcLfmpbSBIRuJyw/Fgg87pPaps2ZU0j
EZpDluAj3QmETW/pCH6pjQf3ufcSfNYZJda4ia3IFfA0ClGN7KKZD72/Nt9SyvNQ
Vh825hCK9mKK/LJEA/F7ZvP+Cd0MWesVfXfGsPvN3PprVEGGiQUPNhrXLwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFGBw6xVsMZK0v09s5vlw/DpwgpNyMB8GA1UdIwQY
MBaAFPnLkJTLfNoTi9AQAT657MMxkDBBMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1jdVFsTXQ4MmhPTDBCQUJQcm5zd3pHUU1FRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWEvNjI0NTQ2LTRhYzgtNGRiZS04Njk3
LWFhY2U4NzhiYWI2NS8xL1lIRHJGV3d4a3JTX1Qyem0tWEQ4T25DQ2szSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWEvNjI0NTQ2LTRhYzgtNGRiZS04Njk3LWFhY2U4NzhiYWI2
NS8xLzEtY3VRbE10ODJoT0wwQkFCUHJuc3d6R1FNRUUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQZ8
EqwwDQYJKoZIhvcNAQELBQADggEBAMvvIOA1/gkiOcPaObNUyU/wJhwDgu5gnWrd
Z6nRokfoUyPB1/Tk/QxcgrWBLkj8CJ0PClGt8TJueMEiGLnwsoGTxJkbMFECxRcX
VAn7H2d2OWKSVehLMIWYSmbrh5d7i7SOBzUNHIpZffiyr93dA5HAsqv70YorWcLc
cXkgFSsMkpHa5BK6ZofqHd06pfDEGZSfMnvi4uCC14JGkHsrOE1J/cYptz3uF+RR
8JHMHfnHF7nBUldCqISPz0DKEDGZ2CvJX6C+vFOdV7JuMk7b3+Pvqb5ICg2GOf0f
+E+oZzSvnSya03O6ZrZJ8HDWscuXzDbAfbv74M/C8MQpSYNeLq8=
-----END CERTIFICATE-----