Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/6274d7-8d1c-493b-9c22-096ee29d997d/1/dRB7xJtajjzk6UoGyoSGsT51giI.roa
File:                     dRB7xJtajjzk6UoGyoSGsT51giI.roa (raw, json)
Hash identifier:          YcmDNZ/enUR0rChrVz40koeNmEa+q2s38R7f9KQbajo=
Subject key identifier:   75:10:7B:C4:9B:5A:8E:3C:E4:E9:4A:06:CA:84:86:B1:3E:75:82:22
Certificate issuer:       /CN=4e6b32d9d3ebc6ee49bd6fa6cd90e4f5c7d544e8
Certificate serial:       01941FFA046F5F5E84F4361B4184F0DAC0A2
Authority key identifier: 4E:6B:32:D9:D3:EB:C6:EE:49:BD:6F:A6:CD:90:E4:F5:C7:D5:44:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tmsy2dPrxu5JvW-mzZDk9cfVROg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/6274d7-8d1c-493b-9c22-096ee29d997d/1/dRB7xJtajjzk6UoGyoSGsT51giI.roa
Signing time:             Wed 01 Jan 2025 03:47:46 +0000
ROA not before:           Wed 01 Jan 2025 03:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49088
IP address blocks:        2001:67c:edc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/6274d7-8d1c-493b-9c22-096ee29d997d/1/Tmsy2dPrxu5JvW-mzZDk9cfVROg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/6274d7-8d1c-493b-9c22-096ee29d997d/1/Tmsy2dPrxu5JvW-mzZDk9cfVROg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tmsy2dPrxu5JvW-mzZDk9cfVROg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:04:6f:5f:5e:84:f4:36:1b:41:84:f0:da:c0:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e6b32d9d3ebc6ee49bd6fa6cd90e4f5c7d544e8
        Validity
            Not Before: Jan  1 03:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75107bc49b5a8e3ce4e94a06ca8486b13e758222
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:92:dd:97:ce:18:f8:a9:12:30:32:f1:7a:dd:
                    e4:0f:ed:48:1a:2d:ec:28:a1:1e:6e:4c:f4:25:d9:
                    29:7d:11:6d:d5:eb:bb:6d:8d:c3:91:17:8e:7a:90:
                    17:43:99:81:11:7e:9f:af:50:c4:ef:f1:35:b3:15:
                    15:19:32:c8:f2:65:64:f5:f0:61:fe:a3:e1:de:ed:
                    30:7b:6a:71:86:1b:45:6d:1b:16:10:7e:60:2c:a7:
                    a2:5c:8f:7c:14:d0:4b:ef:d0:2e:cb:22:c9:37:b8:
                    f7:f0:61:60:ca:19:5f:74:bb:71:5b:56:d1:75:61:
                    ab:44:ad:dc:41:13:74:a2:9d:5e:23:7e:27:bb:31:
                    d1:d6:f8:74:96:32:ef:6c:3e:e5:d3:d4:ff:d8:ce:
                    4d:4d:9b:16:f8:0e:68:1d:71:79:8e:f7:cc:bd:41:
                    15:9f:6a:b2:4e:1f:e0:6f:e3:ae:c9:7c:10:3f:95:
                    19:b5:17:46:4a:54:2c:fb:b5:85:81:44:7f:df:87:
                    83:81:32:7b:fe:f1:77:ae:82:58:60:50:4f:3a:ea:
                    ce:7e:a6:aa:83:40:b2:76:d0:23:af:3d:6a:93:6a:
                    56:10:9b:49:74:dc:f1:9a:0d:e4:db:4b:6a:1f:00:
                    ee:2f:6a:ca:f3:b3:db:3a:a8:a7:f0:77:f1:71:77:
                    21:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:10:7B:C4:9B:5A:8E:3C:E4:E9:4A:06:CA:84:86:B1:3E:75:82:22
            X509v3 Authority Key Identifier:
                keyid:4E:6B:32:D9:D3:EB:C6:EE:49:BD:6F:A6:CD:90:E4:F5:C7:D5:44:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tmsy2dPrxu5JvW-mzZDk9cfVROg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/6274d7-8d1c-493b-9c22-096ee29d997d/1/dRB7xJtajjzk6UoGyoSGsT51giI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/6274d7-8d1c-493b-9c22-096ee29d997d/1/Tmsy2dPrxu5JvW-mzZDk9cfVROg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:edc::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:f4:8f:f7:28:ab:2f:33:09:e7:1d:3c:d6:20:52:2e:ac:27:
         2f:e2:db:f9:a3:03:7f:ce:c8:a1:c4:57:e7:61:86:39:bc:96:
         d0:6f:97:4c:cb:0b:f6:8a:43:43:84:d6:f6:1f:bf:28:64:88:
         61:6d:e5:57:40:83:ee:c1:b9:9e:42:dd:53:99:d4:0b:c2:e4:
         99:2a:4c:a9:35:d8:54:f8:ed:29:4c:fc:b2:89:6b:52:34:3f:
         37:f8:7d:12:3b:21:98:34:fb:3c:c6:a2:81:89:be:b4:d4:48:
         20:10:ae:d2:6d:d1:a4:ab:1b:ca:2f:ab:f5:56:00:15:a4:7a:
         87:e5:61:1d:53:79:d3:b8:30:42:f6:db:17:3d:19:70:b7:f2:
         bd:2f:ea:e8:d6:d7:24:0b:83:12:f3:67:75:9f:5c:40:46:3b:
         57:a8:49:82:0d:4f:7f:34:2e:40:c3:d9:94:cc:0b:de:0e:03:
         97:40:a6:fe:39:e1:5f:a5:7c:5b:38:95:c5:98:61:62:56:b3:
         90:a6:4a:67:0f:0d:57:7b:05:c2:ca:95:87:08:e1:18:79:58:
         c1:90:1a:40:70:4b:e3:15:3d:ef:55:75:ab:f5:1f:b9:ea:31:
         84:d9:5d:33:38:18:ce:0c:d9:0d:fc:2d:4a:52:e8:e8:5c:08:
         35:e4:1c:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+gRvX16E9DYbQYTw2sCiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNmIzMmQ5ZDNlYmM2ZWU0OWJkNmZhNmNkOTBlNGY1Yzdk
NTQ0ZTgwHhcNMjUwMTAxMDM0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTEwN2JjNDliNWE4ZTNjZTRlOTRhMDZjYTg0ODZiMTNlNzU4MjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJLdl84Y+KkSMDLxet3kD+1IGi3s
KKEebkz0JdkpfRFt1eu7bY3DkReOepAXQ5mBEX6fr1DE7/E1sxUVGTLI8mVk9fBh
/qPh3u0we2pxhhtFbRsWEH5gLKeiXI98FNBL79AuyyLJN7j38GFgyhlfdLtxW1bR
dWGrRK3cQRN0op1eI34nuzHR1vh0ljLvbD7l09T/2M5NTZsW+A5oHXF5jvfMvUEV
n2qyTh/gb+OuyXwQP5UZtRdGSlQs+7WFgUR/34eDgTJ7/vF3roJYYFBPOurOfqaq
g0CydtAjrz1qk2pWEJtJdNzxmg3k20tqHwDuL2rK87PbOqin8HfxcXchbwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHUQe8SbWo485OlKBsqEhrE+dYIiMB8GA1UdIwQY
MBaAFE5rMtnT68buSb1vps2Q5PXH1UToMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVG1zeTJkUHJ4dTVKdlctbXpaRGs5Y2ZWUk9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC82Mjc0ZDctOGQxYy00OTNiLTljMjIt
MDk2ZWUyOWQ5OTdkLzEvZFJCN3hKdGFqanprNlVvR3lvU0dzVDUxZ2lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC82Mjc0ZDctOGQxYy00OTNiLTljMjItMDk2ZWUyOWQ5OTdk
LzEvVG1zeTJkUHJ4dTVKdlctbXpaRGs5Y2ZWUk9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA7c
MA0GCSqGSIb3DQEBCwUAA4IBAQBx9I/3KKsvMwnnHTzWIFIurCcv4tv5owN/zsih
xFfnYYY5vJbQb5dMywv2ikNDhNb2H78oZIhhbeVXQIPuwbmeQt1TmdQLwuSZKkyp
NdhU+O0pTPyyiWtSND83+H0SOyGYNPs8xqKBib601EggEK7SbdGkqxvKL6v1VgAV
pHqH5WEdU3nTuDBC9tsXPRlwt/K9L+ro1tckC4MS82d1n1xARjtXqEmCDU9/NC5A
w9mUzAveDgOXQKb+OeFfpXxbOJXFmGFiVrOQpkpnDw1XewXCypWHCOEYeVjBkBpA
cEvjFT3vVXWr9R+56jGE2V0zOBjODNkN/C1KUujoXAg15BzC
-----END CERTIFICATE-----