Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/cmFziYev2vZctSPYHCuJUahmrts.roa
File:                     cmFziYev2vZctSPYHCuJUahmrts.roa (raw, json)
Hash identifier:          q804av0BwiqkRQu8gnJltLcVXPVfUIsNBKBCcl2mC3o=
Subject key identifier:   72:61:73:89:87:AF:DA:F6:5C:B5:23:D8:1C:2B:89:51:A8:66:AE:DB
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       0194221FCB8F98E46F3AFFF2BEFE5B73D20F
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/cmFziYev2vZctSPYHCuJUahmrts.roa
Signing time:             Wed 01 Jan 2025 13:48:16 +0000
ROA not before:           Wed 01 Jan 2025 13:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34665
IP address blocks:        2a0c:6900::/29 maxlen: 29
                          2a0c:6900::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:cb:8f:98:e4:6f:3a:ff:f2:be:fe:5b:73:d2:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Jan  1 13:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7261738987afdaf65cb523d81c2b8951a866aedb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:9d:0a:b7:b9:a2:64:6d:e3:91:03:93:85:fd:
                    a5:f4:b6:f9:1e:9d:af:be:33:4d:f9:fa:89:b8:aa:
                    a2:2a:69:65:da:04:b5:1a:fc:87:e0:70:7e:1a:1f:
                    5e:31:2c:f7:24:3a:d6:01:ed:71:44:a2:3c:b4:50:
                    d2:62:78:e7:14:96:77:69:5d:86:ff:29:f8:f1:de:
                    7e:73:51:73:3a:55:1e:ac:76:28:ea:1a:62:22:54:
                    1b:0d:c8:d5:6c:e8:84:17:33:53:5d:83:bf:53:7c:
                    d1:e4:9d:ae:9f:e7:e1:99:4c:79:12:c1:d1:06:0f:
                    c5:7b:ab:83:ef:e3:c9:32:36:5b:0b:10:78:18:13:
                    96:ad:2a:aa:f5:c2:cf:56:d1:3c:d9:db:f2:4f:61:
                    dc:37:6f:04:1e:e1:ef:67:36:42:53:71:b0:c7:ee:
                    54:ae:f6:fb:40:3f:2b:2e:5a:f5:6a:22:f3:0a:75:
                    91:52:f8:f4:48:4c:e8:bc:06:5e:ee:2f:d2:d1:7c:
                    6f:7e:83:4b:79:b9:7b:92:8a:23:74:f4:9c:4d:36:
                    4f:d9:fd:9d:da:ff:13:1c:2e:2d:fe:1a:25:17:47:
                    c4:21:6b:ba:f6:a1:84:f3:7a:bc:36:24:85:f3:b6:
                    68:0c:37:40:46:72:b5:29:8f:4f:9c:60:86:77:0f:
                    3d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:61:73:89:87:AF:DA:F6:5C:B5:23:D8:1C:2B:89:51:A8:66:AE:DB
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/cmFziYev2vZctSPYHCuJUahmrts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:6900::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:df:30:4a:73:ef:11:c3:8a:90:92:a0:3d:45:74:4f:16:77:
         c8:df:b6:8b:f7:bd:c0:5e:99:03:cf:9d:95:1d:89:ec:7e:39:
         ba:f4:96:db:e3:b0:58:96:eb:64:aa:3d:1f:d4:25:59:07:2c:
         0e:13:3c:31:e1:91:d3:ff:c9:cb:a5:dc:af:00:a3:af:6e:7a:
         db:23:85:23:dd:cf:36:d0:fa:92:6a:f6:9d:04:31:e9:ca:7d:
         11:02:ad:8b:9f:22:c5:af:f8:50:f5:84:82:8f:94:1d:b1:fc:
         1e:ad:ba:15:dc:67:4f:60:3f:a4:1f:f2:3d:a1:d5:bb:a7:4a:
         14:43:f9:28:ed:d2:48:38:0e:8c:e6:9c:70:06:b4:c0:25:b8:
         43:62:90:77:e6:ff:f7:84:93:fe:fa:8a:88:67:44:b8:e2:b6:
         ec:c5:84:e7:a9:90:51:17:2a:47:2e:c8:84:fc:3e:d1:ab:52:
         cb:6d:2b:8f:55:aa:22:e7:37:3e:3a:3d:66:ad:fd:54:9a:67:
         e0:25:cb:cd:6a:05:06:e6:90:d7:ea:5d:cd:d1:65:a8:7f:a5:
         8c:19:09:30:ee:7a:63:d7:6d:74:df:3b:78:89:b6:cf:13:28:
         93:19:62:60:da:ac:41:c3:73:e0:b7:60:ca:de:08:50:a7:d9:
         85:50:18:d0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQiH8uPmORvOv/yvv5bc9IPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjUwMTAxMTM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjYxNzM4OTg3YWZkYWY2NWNiNTIzZDgxYzJiODk1MWE4NjZhZWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJ0Kt7miZG3jkQOThf2l9Lb5Hp2v
vjNN+fqJuKqiKmll2gS1GvyH4HB+Gh9eMSz3JDrWAe1xRKI8tFDSYnjnFJZ3aV2G
/yn48d5+c1FzOlUerHYo6hpiIlQbDcjVbOiEFzNTXYO/U3zR5J2un+fhmUx5EsHR
Bg/Fe6uD7+PJMjZbCxB4GBOWrSqq9cLPVtE82dvyT2HcN28EHuHvZzZCU3Gwx+5U
rvb7QD8rLlr1aiLzCnWRUvj0SEzovAZe7i/S0XxvfoNLebl7koojdPScTTZP2f2d
2v8THC4t/holF0fEIWu69qGE83q8NiSF87ZoDDdARnK1KY9PnGCGdw89xwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHJhc4mHr9r2XLUj2BwriVGoZq7bMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvY21GemlZZXYydlpjdFNQWUhDdUpVYWhtcnRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgxpADAN
BgkqhkiG9w0BAQsFAAOCAQEAgt8wSnPvEcOKkJKgPUV0TxZ3yN+2i/e9wF6ZA8+d
lR2J7H45uvSW2+OwWJbrZKo9H9QlWQcsDhM8MeGR0//Jy6XcrwCjr2562yOFI93P
NtD6kmr2nQQx6cp9EQKti58ixa/4UPWEgo+UHbH8Hq26FdxnT2A/pB/yPaHVu6dK
FEP5KO3SSDgOjOaccAa0wCW4Q2KQd+b/94ST/vqKiGdEuOK27MWE56mQURcqRy7I
hPw+0atSy20rj1WqIuc3Pjo9Zq39VJpn4CXLzWoFBuaQ1+pdzdFlqH+ljBkJMO56
Y9dtdN87eIm2zxMokxliYNqsQcNz4Ldgyt4IUKfZhVAY0A==
-----END CERTIFICATE-----