Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/9ded2e-3973-4bcf-9562-3774881e7e1e/1/kDT6d1olq2g9PhBud1lpevtgwMM.roa
File:                     kDT6d1olq2g9PhBud1lpevtgwMM.roa (raw, json)
Hash identifier:          GVT4b+j1f9W7ipFuYf2UE8OPchdOvhrHWTWGtiol0Gg=
Subject key identifier:   90:34:FA:77:5A:25:AB:68:3D:3E:10:6E:77:59:69:7A:FB:60:C0:C3
Certificate issuer:       /CN=c2937b9461a3d266e935834e5047a182238362c8
Certificate serial:       019421B243EF06BF92DFC1F574BF4F10786F
Authority key identifier: C2:93:7B:94:61:A3:D2:66:E9:35:83:4E:50:47:A1:82:23:83:62:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wpN7lGGj0mbpNYNOUEehgiODYsg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/9ded2e-3973-4bcf-9562-3774881e7e1e/1/kDT6d1olq2g9PhBud1lpevtgwMM.roa
Signing time:             Wed 01 Jan 2025 11:48:38 +0000
ROA not before:           Wed 01 Jan 2025 11:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204228
IP address blocks:        2001:67c:24d8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/9ded2e-3973-4bcf-9562-3774881e7e1e/1/wpN7lGGj0mbpNYNOUEehgiODYsg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/9ded2e-3973-4bcf-9562-3774881e7e1e/1/wpN7lGGj0mbpNYNOUEehgiODYsg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wpN7lGGj0mbpNYNOUEehgiODYsg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 23:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:43:ef:06:bf:92:df:c1:f5:74:bf:4f:10:78:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2937b9461a3d266e935834e5047a182238362c8
        Validity
            Not Before: Jan  1 11:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9034fa775a25ab683d3e106e7759697afb60c0c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ca:ec:13:b0:9e:5c:30:45:0d:ea:ee:43:ec:
                    c6:13:45:ec:70:d2:37:17:49:f9:05:51:15:6b:e8:
                    57:8e:ed:82:21:36:65:1c:f8:77:de:43:32:f1:c6:
                    e2:e2:ac:dd:a7:f1:49:0d:40:3e:d6:82:c8:a2:cf:
                    82:db:f2:92:e1:35:50:a9:6d:72:e9:11:72:0e:c7:
                    44:b8:63:38:26:b3:9f:2a:b5:bd:c0:f4:d0:7b:97:
                    92:75:d3:1a:af:3f:7c:9f:88:ac:e3:ef:17:8b:27:
                    2e:99:59:1d:90:b0:1e:df:84:4b:53:70:b9:01:7f:
                    57:0d:70:7a:11:79:87:7b:ad:24:dc:d8:e8:43:f3:
                    d4:a8:73:93:28:fa:bd:2e:73:fe:bc:ff:50:a0:59:
                    8a:03:db:77:3e:fe:c7:8e:d2:78:10:f4:ca:d1:7f:
                    e5:ad:d2:fc:41:28:56:43:e1:68:89:f8:db:40:41:
                    e5:63:3d:6d:b9:ba:72:65:c5:c6:2b:94:b2:f1:3f:
                    81:d1:d7:5b:15:d5:f0:99:b5:99:56:2a:b5:1d:2c:
                    37:ab:e3:77:83:54:96:51:3c:27:20:28:0e:75:42:
                    43:1b:70:78:0f:4f:9c:2d:7e:c1:af:0e:3b:8e:a2:
                    01:ca:b8:b2:04:a3:41:cc:af:d0:03:55:8e:57:ad:
                    0e:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:34:FA:77:5A:25:AB:68:3D:3E:10:6E:77:59:69:7A:FB:60:C0:C3
            X509v3 Authority Key Identifier:
                keyid:C2:93:7B:94:61:A3:D2:66:E9:35:83:4E:50:47:A1:82:23:83:62:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wpN7lGGj0mbpNYNOUEehgiODYsg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/9ded2e-3973-4bcf-9562-3774881e7e1e/1/kDT6d1olq2g9PhBud1lpevtgwMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/9ded2e-3973-4bcf-9562-3774881e7e1e/1/wpN7lGGj0mbpNYNOUEehgiODYsg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:24d8::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:88:47:b4:c4:ba:37:7f:23:1d:d3:3e:4d:cb:8e:d3:bf:09:
         10:f9:85:99:23:97:8f:6b:17:94:2f:1b:9e:27:27:e6:ba:5a:
         3f:cb:23:4d:26:4c:29:de:d7:bd:eb:3d:5c:a7:be:df:67:1a:
         2e:82:b5:63:2d:e4:9a:f3:1d:10:a6:38:d0:93:48:06:9c:2d:
         00:8c:72:89:96:96:f4:d8:a8:0d:13:c5:98:88:fa:59:10:d1:
         0c:bb:db:e8:14:84:cb:65:0f:19:8f:5f:6d:eb:c9:9f:67:45:
         6b:b2:68:58:8f:d1:18:0a:c8:47:bc:14:a8:54:7e:be:cf:f0:
         2c:6d:36:a5:03:e2:13:44:e0:c2:e0:3e:39:a6:3f:ed:1c:28:
         d5:47:e0:30:df:12:13:0f:16:30:5c:81:3f:1e:b1:11:bc:ea:
         dd:3a:87:47:07:37:55:f9:b2:dc:95:b3:fc:95:16:8d:ad:1c:
         ad:20:4a:b4:ff:e0:13:2c:ed:86:89:d1:6e:dc:40:94:2a:35:
         2b:b4:a9:b1:69:51:cd:bc:78:2f:dc:ae:cd:fb:f8:81:a9:d1:
         97:5c:e8:fb:42:d2:b9:8d:4e:f5:cc:4e:9d:ee:ca:69:25:45:
         13:a7:4d:fb:7b:9a:03:66:60:9c:bf:aa:7c:32:70:80:a1:4e:
         d9:f7:b7:90
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhskPvBr+S38H1dL9PEHhvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyOTM3Yjk0NjFhM2QyNjZlOTM1ODM0ZTUwNDdhMTgyMjM4
MzYyYzgwHhcNMjUwMTAxMTE0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDM0ZmE3NzVhMjVhYjY4M2QzZTEwNmU3NzU5Njk3YWZiNjBjMGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycrsE7CeXDBFDeruQ+zGE0XscNI3
F0n5BVEVa+hXju2CITZlHPh33kMy8cbi4qzdp/FJDUA+1oLIos+C2/KS4TVQqW1y
6RFyDsdEuGM4JrOfKrW9wPTQe5eSddMarz98n4is4+8XiycumVkdkLAe34RLU3C5
AX9XDXB6EXmHe60k3NjoQ/PUqHOTKPq9LnP+vP9QoFmKA9t3Pv7HjtJ4EPTK0X/l
rdL8QShWQ+FoifjbQEHlYz1tubpyZcXGK5Sy8T+B0ddbFdXwmbWZViq1HSw3q+N3
g1SWUTwnICgOdUJDG3B4D0+cLX7Brw47jqIByriyBKNBzK/QA1WOV60ObwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJA0+ndaJatoPT4QbndZaXr7YMDDMB8GA1UdIwQY
MBaAFMKTe5Rho9Jm6TWDTlBHoYIjg2LIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3BON2xHR2owbWJwTllOT1VFZWhnaU9EWXNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC85ZGVkMmUtMzk3My00YmNmLTk1NjIt
Mzc3NDg4MWU3ZTFlLzEva0RUNmQxb2xxMmc5UGhCdWQxbHBldnRnd01NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC85ZGVkMmUtMzk3My00YmNmLTk1NjItMzc3NDg4MWU3ZTFl
LzEvd3BON2xHR2owbWJwTllOT1VFZWhnaU9EWXNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCTY
MA0GCSqGSIb3DQEBCwUAA4IBAQAZiEe0xLo3fyMd0z5Ny47TvwkQ+YWZI5ePaxeU
LxueJyfmulo/yyNNJkwp3te96z1cp77fZxougrVjLeSa8x0QpjjQk0gGnC0AjHKJ
lpb02KgNE8WYiPpZENEMu9voFITLZQ8Zj19t68mfZ0VrsmhYj9EYCshHvBSoVH6+
z/AsbTalA+ITRODC4D45pj/tHCjVR+Aw3xITDxYwXIE/HrERvOrdOodHBzdV+bLc
lbP8lRaNrRytIEq0/+ATLO2GidFu3ECUKjUrtKmxaVHNvHgv3K7N+/iBqdGXXOj7
QtK5jU71zE6d7sppJUUTp037e5oDZmCcv6p8MnCAoU7Z97eQ
-----END CERTIFICATE-----