Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/d2ff0f-e24a-4313-98c1-22e5547316b5/1/rqSMK05KYSg_B0GzBcqvNHZV8BM.roa
File:                     rqSMK05KYSg_B0GzBcqvNHZV8BM.roa (raw, json)
Hash identifier:          7UiFO6ZTlzbJGR5qeW9I8KOwaVtEW4c742Prj97IAno=
Subject key identifier:   AE:A4:8C:2B:4E:4A:61:28:3F:07:41:B3:05:CA:AF:34:76:55:F0:13
Certificate issuer:       /CN=e81d2dcf2b69abdbd609436440115a9e4ea19a05
Certificate serial:       019420D637C86469473A841CBDC7964A1080
Authority key identifier: E8:1D:2D:CF:2B:69:AB:DB:D6:09:43:64:40:11:5A:9E:4E:A1:9A:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6B0tzytpq9vWCUNkQBFank6hmgU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/d2ff0f-e24a-4313-98c1-22e5547316b5/1/rqSMK05KYSg_B0GzBcqvNHZV8BM.roa
Signing time:             Wed 01 Jan 2025 07:48:17 +0000
ROA not before:           Wed 01 Jan 2025 07:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205016
IP address blocks:        2001:67c:198c::/48 maxlen: 48
                          2001:67c:2628::/48 maxlen: 48
                          2001:67c:2660::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/d2ff0f-e24a-4313-98c1-22e5547316b5/1/6B0tzytpq9vWCUNkQBFank6hmgU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/d2ff0f-e24a-4313-98c1-22e5547316b5/1/6B0tzytpq9vWCUNkQBFank6hmgU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6B0tzytpq9vWCUNkQBFank6hmgU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:37:c8:64:69:47:3a:84:1c:bd:c7:96:4a:10:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e81d2dcf2b69abdbd609436440115a9e4ea19a05
        Validity
            Not Before: Jan  1 07:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aea48c2b4e4a61283f0741b305caaf347655f013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:c6:9a:31:3b:1f:f2:97:0a:8f:ae:8a:2e:a9:
                    aa:a5:9c:4d:07:bf:01:27:b7:2e:6d:00:a9:80:1b:
                    ab:dc:8c:f7:9c:b2:fd:de:c5:b9:ed:b2:ac:74:b4:
                    ea:9c:27:17:f9:d3:bc:89:5d:95:50:da:c6:94:09:
                    e7:3e:f1:98:a3:cd:ff:64:70:3d:a0:e5:0f:4b:1a:
                    a6:c1:f8:42:9a:6e:3a:cf:6d:78:c7:ba:f2:6a:0a:
                    96:25:43:5b:fc:96:e7:d7:7c:08:83:c5:03:d1:ed:
                    08:3c:25:29:9f:9e:e0:bc:50:be:a1:03:fb:27:87:
                    dd:8f:35:bb:16:ac:fd:99:53:2b:b9:82:97:2d:75:
                    ba:7a:08:ed:ea:e9:d7:60:9d:cd:a4:8d:2b:23:b3:
                    32:6b:2f:ce:97:17:9c:bf:8b:66:d5:53:a4:2b:d8:
                    1a:cc:85:5c:43:4e:36:60:47:6d:02:ba:a7:af:e5:
                    93:dd:13:d3:c4:2a:31:c0:a0:09:18:28:bf:51:f7:
                    a3:19:b8:e3:64:e0:20:6a:ce:b7:03:cf:a4:1b:ab:
                    bb:87:a5:ef:cf:ac:52:da:a2:45:8e:e3:1d:02:75:
                    16:d2:3d:cb:e8:1b:55:cb:7c:53:c4:80:c6:30:01:
                    9e:d4:51:d2:14:60:14:2b:79:68:85:dc:9d:5b:1f:
                    bd:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:A4:8C:2B:4E:4A:61:28:3F:07:41:B3:05:CA:AF:34:76:55:F0:13
            X509v3 Authority Key Identifier:
                keyid:E8:1D:2D:CF:2B:69:AB:DB:D6:09:43:64:40:11:5A:9E:4E:A1:9A:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6B0tzytpq9vWCUNkQBFank6hmgU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/d2ff0f-e24a-4313-98c1-22e5547316b5/1/rqSMK05KYSg_B0GzBcqvNHZV8BM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/d2ff0f-e24a-4313-98c1-22e5547316b5/1/6B0tzytpq9vWCUNkQBFank6hmgU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:198c::/48
                  2001:67c:2628::/48
                  2001:67c:2660::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:15:bd:ac:63:6c:9b:03:06:7c:e1:ee:5d:9c:12:0b:4e:e3:
         af:c1:f0:bc:8b:5a:49:1e:7b:1f:59:ee:5d:bb:dc:91:59:6e:
         6a:0a:a2:aa:4f:5a:fc:c6:d7:ba:cd:a3:bf:99:ea:d1:d0:94:
         3a:7e:42:1a:82:e8:8c:75:10:5e:84:2b:f3:0b:16:91:f5:b1:
         e5:87:d0:c8:ed:c9:55:2a:7d:ae:85:19:89:1b:da:6a:bb:42:
         99:a4:ac:99:d7:67:b7:9d:8a:80:dc:49:c1:0e:54:22:1d:ed:
         b6:eb:76:d5:52:43:c6:73:44:fd:47:0c:18:84:3b:14:6d:1f:
         b6:e3:16:27:1c:22:93:74:f9:a7:18:08:cc:68:29:aa:00:22:
         2e:e0:1a:c8:8d:d8:da:aa:2e:dc:af:90:60:fc:5d:c9:9b:88:
         80:80:92:74:54:4d:7e:82:74:9e:8c:75:ba:92:b1:40:9b:0f:
         ad:32:58:57:97:af:5a:02:46:48:b2:d4:31:36:94:cb:66:ed:
         bd:fd:82:98:b7:39:08:b0:3d:9b:e3:4b:15:65:d6:96:5f:c1:
         74:31:ea:ba:06:27:a2:2f:74:02:aa:3a:ec:d9:9f:b1:48:83:
         08:c3:d2:59:67:1e:49:c2:1b:ee:8f:b8:1b:07:fc:91:6f:5b:
         d7:6b:7a:80
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQg1jfIZGlHOoQcvceWShCAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MWQyZGNmMmI2OWFiZGJkNjA5NDM2NDQwMTE1YTllNGVh
MTlhMDUwHhcNMjUwMTAxMDc0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWE0OGMyYjRlNGE2MTI4M2YwNzQxYjMwNWNhYWYzNDc2NTVmMDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8aaMTsf8pcKj66KLqmqpZxNB78B
J7cubQCpgBur3Iz3nLL93sW57bKsdLTqnCcX+dO8iV2VUNrGlAnnPvGYo83/ZHA9
oOUPSxqmwfhCmm46z214x7ryagqWJUNb/Jbn13wIg8UD0e0IPCUpn57gvFC+oQP7
J4fdjzW7Fqz9mVMruYKXLXW6egjt6unXYJ3NpI0rI7Myay/Olxecv4tm1VOkK9ga
zIVcQ042YEdtArqnr+WT3RPTxCoxwKAJGCi/UfejGbjjZOAgas63A8+kG6u7h6Xv
z6xS2qJFjuMdAnUW0j3L6BtVy3xTxIDGMAGe1FHSFGAUK3lohdydWx+9vQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFK6kjCtOSmEoPwdBswXKrzR2VfATMB8GA1UdIwQY
MBaAFOgdLc8raavb1glDZEARWp5OoZoFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkIwdHp5dHBxOXZXQ1VOa1FCRmFuazZobWdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9kMmZmMGYtZTI0YS00MzEzLTk4YzEt
MjJlNTU0NzMxNmI1LzEvcnFTTUswNUtZU2dfQjBHekJjcXZOSFpWOEJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9kMmZmMGYtZTI0YS00MzEzLTk4YzEtMjJlNTU0NzMxNmI1
LzEvNkIwdHp5dHBxOXZXQ1VOa1FCRmFuazZobWdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAIAEGfBmM
AwcAIAEGfCYoAwcAIAEGfCZgMA0GCSqGSIb3DQEBCwUAA4IBAQCeFb2sY2ybAwZ8
4e5dnBILTuOvwfC8i1pJHnsfWe5du9yRWW5qCqKqT1r8xte6zaO/merR0JQ6fkIa
guiMdRBehCvzCxaR9bHlh9DI7clVKn2uhRmJG9pqu0KZpKyZ12e3nYqA3EnBDlQi
He2263bVUkPGc0T9RwwYhDsUbR+24xYnHCKTdPmnGAjMaCmqACIu4BrIjdjaqi7c
r5Bg/F3Jm4iAgJJ0VE1+gnSejHW6krFAmw+tMlhXl69aAkZIstQxNpTLZu29/YKY
tzkIsD2b40sVZdaWX8F0Meq6BieiL3QCqjrs2Z+xSIMIw9JZZx5Jwhvuj7gbB/yR
b1vXa3qA
-----END CERTIFICATE-----