Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/eb7e0c-59a1-4f93-8b27-ac4883e47665/1/UXfwFJz04X4XmU1ABHkr-Q0ovq0.roa
File:                     UXfwFJz04X4XmU1ABHkr-Q0ovq0.roa (raw, json)
Hash identifier:          vTofq9wYPlysSoUgx6HvDr7C9PTa+inohQrNa6Pfbqs=
Subject key identifier:   51:77:F0:14:9C:F4:E1:7E:17:99:4D:40:04:79:2B:F9:0D:28:BE:AD
Certificate issuer:       /CN=e67d7b3570077064013da18e29e690cd4c9bd710
Certificate serial:       0194228E02E1A4CFD5A4B3330FBBD2653947
Authority key identifier: E6:7D:7B:35:70:07:70:64:01:3D:A1:8E:29:E6:90:CD:4C:9B:D7:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5n17NXAHcGQBPaGOKeaQzUyb1xA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/eb7e0c-59a1-4f93-8b27-ac4883e47665/1/UXfwFJz04X4XmU1ABHkr-Q0ovq0.roa
Signing time:             Wed 01 Jan 2025 15:48:39 +0000
ROA not before:           Wed 01 Jan 2025 15:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2116
IP address blocks:        2001:67c:514::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/eb7e0c-59a1-4f93-8b27-ac4883e47665/1/5n17NXAHcGQBPaGOKeaQzUyb1xA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/eb7e0c-59a1-4f93-8b27-ac4883e47665/1/5n17NXAHcGQBPaGOKeaQzUyb1xA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5n17NXAHcGQBPaGOKeaQzUyb1xA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:02:e1:a4:cf:d5:a4:b3:33:0f:bb:d2:65:39:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e67d7b3570077064013da18e29e690cd4c9bd710
        Validity
            Not Before: Jan  1 15:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5177f0149cf4e17e17994d4004792bf90d28bead
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:80:2a:fb:9b:f9:94:cf:b7:aa:eb:50:ea:7a:
                    47:b3:54:d9:57:e2:a5:90:4f:9e:70:4a:a1:6a:72:
                    8d:66:2c:34:95:09:e3:c3:c9:36:3f:6f:32:e3:b7:
                    7c:76:68:62:73:c2:42:af:fb:5a:20:8f:65:70:d2:
                    01:73:e6:ac:e3:68:79:81:41:ea:54:79:8e:3e:a6:
                    7e:5d:f1:68:8c:02:eb:96:3a:af:e3:22:6a:0e:ee:
                    49:37:71:b8:74:9e:12:3c:94:db:63:db:d8:43:72:
                    57:d5:89:e0:ec:39:96:08:ba:79:95:04:07:57:cb:
                    d0:e6:cf:a4:43:64:8f:84:49:17:d7:31:95:4c:9c:
                    ac:d4:86:3b:7f:85:b4:0f:bb:5e:b4:de:cc:66:30:
                    7e:7e:85:52:f2:02:8f:34:2f:c7:fe:d8:94:0e:c4:
                    5a:6d:52:06:fd:5c:8e:24:5c:01:2a:20:9c:19:18:
                    04:9e:67:60:ee:24:c8:f2:df:00:25:9e:de:14:68:
                    d8:2a:a6:f2:54:21:ef:32:8f:0d:0b:38:4f:fd:72:
                    3c:34:4f:92:ac:72:1b:10:4d:6c:fc:3a:d9:1f:fa:
                    b8:3e:cf:47:d0:30:bb:91:37:33:e4:ee:52:7d:82:
                    58:15:02:df:9e:4e:64:19:30:ff:e2:47:f7:2b:3d:
                    98:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:77:F0:14:9C:F4:E1:7E:17:99:4D:40:04:79:2B:F9:0D:28:BE:AD
            X509v3 Authority Key Identifier:
                keyid:E6:7D:7B:35:70:07:70:64:01:3D:A1:8E:29:E6:90:CD:4C:9B:D7:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5n17NXAHcGQBPaGOKeaQzUyb1xA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/eb7e0c-59a1-4f93-8b27-ac4883e47665/1/UXfwFJz04X4XmU1ABHkr-Q0ovq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/eb7e0c-59a1-4f93-8b27-ac4883e47665/1/5n17NXAHcGQBPaGOKeaQzUyb1xA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:514::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:ee:1a:3f:61:16:ca:81:25:63:3a:87:90:81:8e:d1:1f:1d:
         61:db:f1:f1:9e:fd:f7:13:42:58:6b:f8:c7:28:6a:e8:ba:6b:
         29:43:7a:94:92:39:3c:a9:bf:db:3a:3b:e3:0d:2f:b8:66:5e:
         8a:3c:ef:5b:8f:97:84:13:3b:b1:4d:87:62:89:60:a6:96:0c:
         d5:a0:e4:e9:9e:4e:85:98:68:91:d4:72:74:df:ab:d4:0a:ba:
         51:28:e6:dc:23:40:fa:a8:aa:b5:ce:47:85:71:e2:bd:21:71:
         f0:d0:6a:b6:62:30:98:b8:73:14:99:c4:51:59:f1:cc:c7:58:
         38:fc:0d:55:c1:d6:f3:8b:ad:96:d2:86:a3:c8:f0:1a:53:6e:
         61:8d:be:9f:9a:e0:3a:15:6b:f3:8b:16:c8:d7:3b:1e:cf:16:
         22:65:ed:9d:ca:41:3b:c4:d8:b9:20:c9:a9:5c:43:b1:f0:aa:
         36:a6:f0:4f:41:df:a8:64:fa:15:39:42:7e:a8:76:75:44:80:
         f6:df:f3:b8:5d:e9:09:27:95:2a:6d:3e:e6:70:39:42:b5:96:
         ce:6a:33:38:f0:07:88:c5:79:b1:04:0c:15:52:66:96:0f:ff:
         c3:88:88:7a:11:ab:32:dd:a1:bf:0f:f8:23:e6:40:90:81:8c:
         8a:9b:2d:61
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijgLhpM/VpLMzD7vSZTlHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2N2Q3YjM1NzAwNzcwNjQwMTNkYTE4ZTI5ZTY5MGNkNGM5
YmQ3MTAwHhcNMjUwMTAxMTU0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTc3ZjAxNDljZjRlMTdlMTc5OTRkNDAwNDc5MmJmOTBkMjhiZWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoAq+5v5lM+3qutQ6npHs1TZV+Kl
kE+ecEqhanKNZiw0lQnjw8k2P28y47d8dmhic8JCr/taII9lcNIBc+as42h5gUHq
VHmOPqZ+XfFojALrljqv4yJqDu5JN3G4dJ4SPJTbY9vYQ3JX1Yng7DmWCLp5lQQH
V8vQ5s+kQ2SPhEkX1zGVTJys1IY7f4W0D7tetN7MZjB+foVS8gKPNC/H/tiUDsRa
bVIG/VyOJFwBKiCcGRgEnmdg7iTI8t8AJZ7eFGjYKqbyVCHvMo8NCzhP/XI8NE+S
rHIbEE1s/DrZH/q4Ps9H0DC7kTcz5O5SfYJYFQLfnk5kGTD/4kf3Kz2YhQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFF38BSc9OF+F5lNQAR5K/kNKL6tMB8GA1UdIwQY
MBaAFOZ9ezVwB3BkAT2hjinmkM1Mm9cQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNW4xN05YQUhjR1FCUGFHT0tlYVF6VXliMXhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9lYjdlMGMtNTlhMS00ZjkzLThiMjct
YWM0ODgzZTQ3NjY1LzEvVVhmd0ZKejA0WDRYbVUxQUJIa3ItUTBvdnEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9lYjdlMGMtNTlhMS00ZjkzLThiMjctYWM0ODgzZTQ3NjY1
LzEvNW4xN05YQUhjR1FCUGFHT0tlYVF6VXliMXhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAUU
MA0GCSqGSIb3DQEBCwUAA4IBAQCJ7ho/YRbKgSVjOoeQgY7RHx1h2/Hxnv33E0JY
a/jHKGroumspQ3qUkjk8qb/bOjvjDS+4Zl6KPO9bj5eEEzuxTYdiiWCmlgzVoOTp
nk6FmGiR1HJ036vUCrpRKObcI0D6qKq1zkeFceK9IXHw0Gq2YjCYuHMUmcRRWfHM
x1g4/A1Vwdbzi62W0oajyPAaU25hjb6fmuA6FWvzixbI1zsezxYiZe2dykE7xNi5
IMmpXEOx8Ko2pvBPQd+oZPoVOUJ+qHZ1RID23/O4XekJJ5UqbT7mcDlCtZbOajM4
8AeIxXmxBAwVUmaWD//DiIh6Easy3aG/D/gj5kCQgYyKmy1h
-----END CERTIFICATE-----