Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/ddac0d-3743-4cd2-a6a3-a1246c67d9de/1/dhbqsDMCYbdJQ5KWes-T7R0t68c.roa
File:                     dhbqsDMCYbdJQ5KWes-T7R0t68c.roa (raw, json)
Hash identifier:          A26S4K/y1MLobATqv2Mkxdn527XJqQ0E6NlZCnsWU/A=
Subject key identifier:   76:16:EA:B0:33:02:61:B7:49:43:92:96:7A:CF:93:ED:1D:2D:EB:C7
Certificate issuer:       /CN=1b1b4b5c2daaa6fc35071f438f968af6ff6ca4da
Certificate serial:       0194221FDDDC0DB1C32487159C09EC113B0E
Authority key identifier: 1B:1B:4B:5C:2D:AA:A6:FC:35:07:1F:43:8F:96:8A:F6:FF:6C:A4:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GxtLXC2qpvw1Bx9Dj5aK9v9spNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/ddac0d-3743-4cd2-a6a3-a1246c67d9de/1/dhbqsDMCYbdJQ5KWes-T7R0t68c.roa
Signing time:             Wed 01 Jan 2025 13:48:21 +0000
ROA not before:           Wed 01 Jan 2025 13:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210577
IP address blocks:        2001:67c:13dc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/ddac0d-3743-4cd2-a6a3-a1246c67d9de/1/GxtLXC2qpvw1Bx9Dj5aK9v9spNo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/ddac0d-3743-4cd2-a6a3-a1246c67d9de/1/GxtLXC2qpvw1Bx9Dj5aK9v9spNo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GxtLXC2qpvw1Bx9Dj5aK9v9spNo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:dd:dc:0d:b1:c3:24:87:15:9c:09:ec:11:3b:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1b4b5c2daaa6fc35071f438f968af6ff6ca4da
        Validity
            Not Before: Jan  1 13:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7616eab0330261b7494392967acf93ed1d2debc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ce:c7:8b:97:60:08:19:9d:13:0a:0a:f7:b9:
                    76:a4:72:23:6b:38:25:2b:b5:4a:5a:1c:c8:04:05:
                    e4:8f:27:45:9e:b9:3f:1d:09:ec:8f:d9:9e:8b:a0:
                    2c:ea:47:66:7c:88:44:3f:e7:48:b0:86:1d:eb:d0:
                    32:87:fb:2e:a4:3d:2b:3c:d4:a9:91:ef:ec:31:50:
                    67:b2:90:e0:c1:e6:26:07:ba:13:d1:d5:89:58:cc:
                    1d:97:77:79:b2:b6:0c:af:7f:6a:20:60:e0:74:5b:
                    47:15:14:c4:c1:ce:34:25:fb:c9:bf:8c:a6:76:b6:
                    0a:74:4d:45:1e:27:9b:4c:48:e9:a6:fb:d5:29:63:
                    d2:b0:86:0d:db:e0:d9:ba:06:5c:c9:56:b4:e2:74:
                    21:9d:5d:ec:26:6d:70:f5:72:f5:77:b7:22:ba:5f:
                    cc:25:06:5e:17:5f:e0:fc:00:a2:25:b9:24:ac:f6:
                    52:36:d3:90:4d:7a:f5:d1:61:a6:dc:49:6b:85:b6:
                    5b:d8:ca:7e:46:ba:6a:55:ad:db:60:de:97:2c:92:
                    ad:7f:75:5f:16:e4:bf:a4:b0:d5:bb:68:bf:ff:41:
                    12:c9:0d:a8:7f:76:3c:8f:78:26:a5:5b:87:65:20:
                    1f:a4:53:81:b8:d9:6a:18:0b:03:bb:84:af:c9:dd:
                    70:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:16:EA:B0:33:02:61:B7:49:43:92:96:7A:CF:93:ED:1D:2D:EB:C7
            X509v3 Authority Key Identifier:
                keyid:1B:1B:4B:5C:2D:AA:A6:FC:35:07:1F:43:8F:96:8A:F6:FF:6C:A4:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GxtLXC2qpvw1Bx9Dj5aK9v9spNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ddac0d-3743-4cd2-a6a3-a1246c67d9de/1/dhbqsDMCYbdJQ5KWes-T7R0t68c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ddac0d-3743-4cd2-a6a3-a1246c67d9de/1/GxtLXC2qpvw1Bx9Dj5aK9v9spNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:13dc::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:d5:83:5d:5b:74:b1:0e:55:71:27:8e:a2:16:07:4e:c9:83:
         d2:0a:2e:e4:9c:42:da:ef:2d:87:b5:04:e8:4a:ba:52:f6:9a:
         5f:81:49:84:65:8c:e4:a3:23:3f:1e:6e:85:02:92:70:7a:09:
         cf:a6:04:36:60:82:46:ee:5f:76:05:32:95:7c:f1:3e:b7:cd:
         a4:e8:c1:92:af:f5:f3:f8:0f:25:84:fb:36:08:1b:75:a6:64:
         71:e7:4c:18:44:b4:79:39:f1:43:21:5f:dd:51:db:e7:c3:92:
         74:ef:6a:10:64:90:6f:04:31:aa:0b:33:e2:55:89:98:0c:a3:
         0f:37:e9:53:36:62:ad:c2:5f:55:dc:b5:b6:dc:e9:93:b4:7b:
         fe:f8:e5:5b:f4:20:24:f9:6b:2f:0d:08:ed:77:82:da:22:9f:
         19:13:a1:b3:cc:4b:27:8f:dd:f8:3c:37:61:6b:d7:42:e2:57:
         4a:f4:ec:91:4c:70:f7:e7:11:ba:62:fc:7f:7f:0b:28:bb:2f:
         41:77:23:b3:5e:21:90:44:17:7a:c7:cb:d4:eb:63:82:c0:0c:
         23:13:b4:58:6a:d2:86:5d:e6:b8:13:e6:6e:11:61:62:9a:82:
         ba:09:d9:32:df:7b:d4:b3:9c:f9:27:87:dd:49:7e:49:ee:1a:
         07:5a:c6:b7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH93cDbHDJIcVnAnsETsOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMWI0YjVjMmRhYWE2ZmMzNTA3MWY0MzhmOTY4YWY2ZmY2
Y2E0ZGEwHhcNMjUwMTAxMTM0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjE2ZWFiMDMzMDI2MWI3NDk0MzkyOTY3YWNmOTNlZDFkMmRlYmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAos7Hi5dgCBmdEwoK97l2pHIjazgl
K7VKWhzIBAXkjydFnrk/HQnsj9mei6As6kdmfIhEP+dIsIYd69Ayh/supD0rPNSp
ke/sMVBnspDgweYmB7oT0dWJWMwdl3d5srYMr39qIGDgdFtHFRTEwc40JfvJv4ym
drYKdE1FHiebTEjppvvVKWPSsIYN2+DZugZcyVa04nQhnV3sJm1w9XL1d7ciul/M
JQZeF1/g/ACiJbkkrPZSNtOQTXr10WGm3ElrhbZb2Mp+RrpqVa3bYN6XLJKtf3Vf
FuS/pLDVu2i//0ESyQ2of3Y8j3gmpVuHZSAfpFOBuNlqGAsDu4Svyd1wQQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHYW6rAzAmG3SUOSlnrPk+0dLevHMB8GA1UdIwQY
MBaAFBsbS1wtqqb8NQcfQ4+Wivb/bKTaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3h0TFhDMnFwdncxQng5RGo1YUs5djlzcE5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9kZGFjMGQtMzc0My00Y2QyLWE2YTMt
YTEyNDZjNjdkOWRlLzEvZGhicXNETUNZYmRKUTVLV2VzLVQ3UjB0NjhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9kZGFjMGQtMzc0My00Y2QyLWE2YTMtYTEyNDZjNjdkOWRl
LzEvR3h0TFhDMnFwdncxQng5RGo1YUs5djlzcE5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBPc
MA0GCSqGSIb3DQEBCwUAA4IBAQAS1YNdW3SxDlVxJ46iFgdOyYPSCi7knELa7y2H
tQToSrpS9ppfgUmEZYzkoyM/Hm6FApJwegnPpgQ2YIJG7l92BTKVfPE+t82k6MGS
r/Xz+A8lhPs2CBt1pmRx50wYRLR5OfFDIV/dUdvnw5J072oQZJBvBDGqCzPiVYmY
DKMPN+lTNmKtwl9V3LW23OmTtHv++OVb9CAk+WsvDQjtd4LaIp8ZE6GzzEsnj934
PDdha9dC4ldK9OyRTHD35xG6Yvx/fwsouy9BdyOzXiGQRBd6x8vU62OCwAwjE7RY
atKGXea4E+ZuEWFimoK6Cdky33vUs5z5J4fdSX5J7hoHWsa3
-----END CERTIFICATE-----