Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/765f62-e035-45da-bc64-4753efc8929d/1/uJDTTmn4-4oW9k1wMlYj6SoOXQ4.roa
File:                     uJDTTmn4-4oW9k1wMlYj6SoOXQ4.roa (raw, json)
Hash identifier:          pc1//08OK0uZCD5sEikyCqJI0sYd32Do1RYyDgm63AU=
Subject key identifier:   B8:90:D3:4E:69:F8:FB:8A:16:F6:4D:70:32:56:23:E9:2A:0E:5D:0E
Certificate issuer:       /CN=22edf0d881aeea2e59999b81d2975113e14055f5
Certificate serial:       019424B3C40319BEE925B768AA2EB3DDA89B
Authority key identifier: 22:ED:F0:D8:81:AE:EA:2E:59:99:9B:81:D2:97:51:13:E1:40:55:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iu3w2IGu6i5ZmZuB0pdRE-FAVfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/765f62-e035-45da-bc64-4753efc8929d/1/uJDTTmn4-4oW9k1wMlYj6SoOXQ4.roa
Signing time:             Thu 02 Jan 2025 01:49:08 +0000
ROA not before:           Thu 02 Jan 2025 01:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206290
IP address blocks:        2001:67c:9e0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/765f62-e035-45da-bc64-4753efc8929d/1/Iu3w2IGu6i5ZmZuB0pdRE-FAVfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/765f62-e035-45da-bc64-4753efc8929d/1/Iu3w2IGu6i5ZmZuB0pdRE-FAVfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iu3w2IGu6i5ZmZuB0pdRE-FAVfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c4:03:19:be:e9:25:b7:68:aa:2e:b3:dd:a8:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22edf0d881aeea2e59999b81d2975113e14055f5
        Validity
            Not Before: Jan  2 01:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b890d34e69f8fb8a16f64d70325623e92a0e5d0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:5e:87:ac:4f:98:85:05:b6:7b:17:59:43:f8:
                    2b:da:87:dc:cf:d1:ec:71:b4:d3:8c:e5:75:cc:81:
                    46:08:d0:af:8c:11:36:41:d7:33:0f:2d:bf:3f:a3:
                    48:9c:f0:af:ca:79:22:14:0b:ad:49:17:0b:a5:1a:
                    6b:be:8c:ad:20:58:80:87:d5:20:45:5d:48:1f:c1:
                    f9:6d:a1:6d:87:59:8e:41:a3:77:8c:96:42:60:1d:
                    0e:72:00:74:ab:77:a3:ee:49:29:2e:22:15:ee:55:
                    8b:95:85:f5:f2:8e:90:57:08:c7:ff:1b:5a:73:21:
                    ad:34:7e:d3:3f:6b:fb:74:26:5c:4d:d6:0c:15:6e:
                    8a:ea:2d:1f:d9:e3:07:d2:9e:bb:e2:b3:ae:76:f2:
                    81:d0:52:31:f6:1a:9f:66:31:d1:b4:6e:58:ea:12:
                    d5:f9:63:1f:ba:e3:1c:bc:32:0e:40:ec:1e:07:10:
                    e6:c5:d9:df:ef:fa:39:a2:0f:5e:82:ce:40:94:ff:
                    4a:30:c9:f5:3c:30:59:02:f0:7d:86:f0:b5:89:06:
                    95:a0:1e:fe:82:95:10:58:cc:1a:89:cc:d9:58:c0:
                    b4:f8:e9:7f:66:61:fb:60:bb:cb:79:83:7e:f1:91:
                    d2:fb:54:f3:43:3f:71:98:04:ea:77:56:97:20:b7:
                    6d:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:90:D3:4E:69:F8:FB:8A:16:F6:4D:70:32:56:23:E9:2A:0E:5D:0E
            X509v3 Authority Key Identifier:
                keyid:22:ED:F0:D8:81:AE:EA:2E:59:99:9B:81:D2:97:51:13:E1:40:55:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iu3w2IGu6i5ZmZuB0pdRE-FAVfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/765f62-e035-45da-bc64-4753efc8929d/1/uJDTTmn4-4oW9k1wMlYj6SoOXQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/765f62-e035-45da-bc64-4753efc8929d/1/Iu3w2IGu6i5ZmZuB0pdRE-FAVfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:9e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         c3:2a:d2:82:56:36:e1:18:30:97:56:ce:07:92:11:84:65:4d:
         46:4e:c6:36:6e:a6:46:4c:37:5a:b6:7c:b8:b2:c0:42:af:1b:
         af:5b:fe:a3:b1:51:93:c8:0a:51:81:8b:9d:dd:1f:a2:c6:d6:
         82:9f:a9:da:f3:f1:59:29:f9:2a:ad:a9:ff:00:60:c9:50:9f:
         e9:50:c3:33:34:0c:6a:e3:c7:dc:9e:22:aa:f1:d5:e0:bc:97:
         a6:1b:be:9b:19:01:88:0d:21:d1:2b:ce:2c:a5:c2:a8:29:a2:
         74:01:4c:6e:96:bb:40:92:c8:b4:7f:eb:a1:76:3a:61:c1:ec:
         21:37:a1:38:2d:8e:67:64:f9:57:03:61:1c:cd:f0:df:5b:e0:
         f0:0d:27:6b:d0:59:ba:32:a8:b6:8d:1b:60:0a:86:8d:a2:a3:
         aa:ec:64:9d:eb:27:b5:52:fa:99:5c:21:e9:37:e2:49:4a:c4:
         ce:0a:bb:ac:eb:be:4c:c8:76:f7:35:db:ed:e7:c3:56:35:0d:
         d3:7e:fd:4b:3a:ed:ef:28:63:54:a0:14:e0:f5:fc:61:a3:9d:
         01:8f:d4:e0:eb:7f:13:b2:70:a9:43:8d:b6:08:74:97:48:1f:
         28:74:66:d7:7d:70:1d:24:54:93:e5:0d:e2:83:c3:fc:a9:af:
         cb:46:4d:85
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQks8QDGb7pJbdoqi6z3aibMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZWRmMGQ4ODFhZWVhMmU1OTk5OWI4MWQyOTc1MTEzZTE0
MDU1ZjUwHhcNMjUwMTAyMDE0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODkwZDM0ZTY5ZjhmYjhhMTZmNjRkNzAzMjU2MjNlOTJhMGU1ZDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxV6HrE+YhQW2exdZQ/gr2ofcz9Hs
cbTTjOV1zIFGCNCvjBE2QdczDy2/P6NInPCvynkiFAutSRcLpRprvoytIFiAh9Ug
RV1IH8H5baFth1mOQaN3jJZCYB0OcgB0q3ej7kkpLiIV7lWLlYX18o6QVwjH/xta
cyGtNH7TP2v7dCZcTdYMFW6K6i0f2eMH0p674rOudvKB0FIx9hqfZjHRtG5Y6hLV
+WMfuuMcvDIOQOweBxDmxdnf7/o5og9egs5AlP9KMMn1PDBZAvB9hvC1iQaVoB7+
gpUQWMwaiczZWMC0+Ol/ZmH7YLvLeYN+8ZHS+1TzQz9xmATqd1aXILdtpQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLiQ005p+PuKFvZNcDJWI+kqDl0OMB8GA1UdIwQY
MBaAFCLt8NiBruouWZmbgdKXURPhQFX1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXUzdzJJR3U2aTVabVp1QjBwZFJFLUZBVmZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC83NjVmNjItZTAzNS00NWRhLWJjNjQt
NDc1M2VmYzg5MjlkLzEvdUpEVFRtbjQtNG9XOWsxd01sWWo2U29PWFE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC83NjVmNjItZTAzNS00NWRhLWJjNjQtNDc1M2VmYzg5Mjlk
LzEvSXUzdzJJR3U2aTVabVp1QjBwZFJFLUZBVmZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAng
MA0GCSqGSIb3DQEBCwUAA4IBAQDDKtKCVjbhGDCXVs4HkhGEZU1GTsY2bqZGTDda
tny4ssBCrxuvW/6jsVGTyApRgYud3R+ixtaCn6na8/FZKfkqran/AGDJUJ/pUMMz
NAxq48fcniKq8dXgvJemG76bGQGIDSHRK84spcKoKaJ0AUxulrtAksi0f+uhdjph
wewhN6E4LY5nZPlXA2EczfDfW+DwDSdr0Fm6Mqi2jRtgCoaNoqOq7GSd6ye1UvqZ
XCHpN+JJSsTOCrus675MyHb3Ndvt58NWNQ3Tfv1LOu3vKGNUoBTg9fxho50Bj9Tg
638TsnCpQ422CHSXSB8odGbXfXAdJFST5Q3ig8P8qa/LRk2F
-----END CERTIFICATE-----