Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/6bcf3f-5cac-4470-8aab-541f9fcba742/1/05EOtNo-Yw22y8nOEhjh34kR-xs.roa
File:                     05EOtNo-Yw22y8nOEhjh34kR-xs.roa (raw, json)
Hash identifier:          bx1cLzgI6GeSkKgZhlF0GUx8NZh0BLXhkqY0eigb2zc=
Subject key identifier:   D3:91:0E:B4:DA:3E:63:0D:B6:CB:C9:CE:12:18:E1:DF:89:11:FB:1B
Certificate issuer:       /CN=decbef352cac71ad5bae0e8b1c02246e3b650250
Certificate serial:       019420D6113029A8DE64F20259C9D09E4A6A
Authority key identifier: DE:CB:EF:35:2C:AC:71:AD:5B:AE:0E:8B:1C:02:24:6E:3B:65:02:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3svvNSysca1brg6LHAIkbjtlAlA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/6bcf3f-5cac-4470-8aab-541f9fcba742/1/05EOtNo-Yw22y8nOEhjh34kR-xs.roa
Signing time:             Wed 01 Jan 2025 07:48:07 +0000
ROA not before:           Wed 01 Jan 2025 07:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50340
IP address blocks:        2001:67c:6d0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/6bcf3f-5cac-4470-8aab-541f9fcba742/1/3svvNSysca1brg6LHAIkbjtlAlA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/6bcf3f-5cac-4470-8aab-541f9fcba742/1/3svvNSysca1brg6LHAIkbjtlAlA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3svvNSysca1brg6LHAIkbjtlAlA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:11:30:29:a8:de:64:f2:02:59:c9:d0:9e:4a:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=decbef352cac71ad5bae0e8b1c02246e3b650250
        Validity
            Not Before: Jan  1 07:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3910eb4da3e630db6cbc9ce1218e1df8911fb1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:5c:3f:e3:9a:58:8b:f3:1a:a4:e3:8c:25:70:
                    f6:ed:05:c8:b3:fb:bb:73:83:21:21:db:9a:de:3b:
                    c1:7d:2d:ed:17:b8:08:b3:12:68:2e:f6:62:8c:9a:
                    a0:86:d1:de:bb:c1:05:e5:4d:81:98:e1:84:75:5f:
                    fe:04:7c:0c:e5:c0:82:c6:6a:a2:4d:2f:fb:e6:c6:
                    90:47:e6:27:dd:e3:27:fc:23:d2:46:27:5d:9b:3d:
                    48:9c:5b:c8:d7:6d:94:e9:4b:40:91:fa:69:d7:9d:
                    ff:fd:b5:73:e6:1e:f2:fc:66:ff:93:03:5a:37:f0:
                    88:e4:d8:3b:f6:ad:9a:f5:e0:be:e5:29:08:29:af:
                    74:19:15:70:e0:88:32:ec:7c:2d:17:19:da:55:8f:
                    1e:f8:6a:b0:22:b6:dc:02:ab:bf:60:1d:1f:0e:85:
                    d1:f5:a5:a0:6a:58:26:67:cc:88:9d:9c:e8:15:a2:
                    b4:eb:1a:3c:45:34:16:2f:ae:d7:9a:1d:9c:1c:51:
                    73:83:bf:2c:5a:98:6f:34:39:6a:09:b6:73:fb:32:
                    ec:88:92:23:c8:ec:37:0c:dd:29:a6:1e:52:10:8e:
                    ae:00:93:05:79:f0:04:44:5e:61:70:b0:7a:c5:72:
                    51:61:bc:02:6c:6c:87:fa:78:c5:98:f0:aa:19:91:
                    b6:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:91:0E:B4:DA:3E:63:0D:B6:CB:C9:CE:12:18:E1:DF:89:11:FB:1B
            X509v3 Authority Key Identifier:
                keyid:DE:CB:EF:35:2C:AC:71:AD:5B:AE:0E:8B:1C:02:24:6E:3B:65:02:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3svvNSysca1brg6LHAIkbjtlAlA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/6bcf3f-5cac-4470-8aab-541f9fcba742/1/05EOtNo-Yw22y8nOEhjh34kR-xs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/6bcf3f-5cac-4470-8aab-541f9fcba742/1/3svvNSysca1brg6LHAIkbjtlAlA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:6d0::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:b8:22:80:c5:3e:4b:6a:07:45:d3:b0:94:03:f5:f3:2d:15:
         32:53:34:f8:45:a3:04:8e:e0:a7:03:1a:b4:2e:65:6c:1a:37:
         9d:0e:d2:82:29:fa:0e:98:78:00:1a:5a:5c:d5:38:6c:12:ae:
         72:d1:00:c7:9c:a9:e7:1c:75:5f:58:8d:da:d9:02:7e:cb:98:
         a3:b8:a5:52:73:da:f6:26:31:32:b4:2b:11:96:46:02:d6:09:
         b8:ed:e0:5a:38:cb:df:0d:e6:32:13:8d:97:b5:7c:3f:27:37:
         29:59:13:16:35:26:69:fb:38:51:7e:87:0c:9e:0a:4d:ba:d5:
         c1:88:a1:f6:4f:80:46:4e:cb:b3:fe:ec:47:c7:61:cd:7f:3c:
         cc:23:f8:d6:15:eb:b4:61:9c:96:e3:7c:f8:70:3e:06:43:cf:
         f2:23:89:ea:b8:92:f9:01:72:3e:04:55:28:35:4b:2b:e4:4a:
         38:17:d6:a6:06:63:8d:95:51:9b:59:dc:a1:83:f9:bd:69:b6:
         53:a3:49:bd:48:c9:e6:e7:23:a3:1f:02:eb:ea:73:b9:af:fa:
         19:10:3c:25:85:19:01:c9:c7:ed:f7:ef:89:8e:a8:fa:27:a3:
         0b:c8:81:68:47:42:31:73:82:6a:84:2a:0c:fb:7b:4e:c6:a7:
         78:41:29:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1hEwKajeZPICWcnQnkpqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlY2JlZjM1MmNhYzcxYWQ1YmFlMGU4YjFjMDIyNDZlM2I2
NTAyNTAwHhcNMjUwMTAxMDc0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzkxMGViNGRhM2U2MzBkYjZjYmM5Y2UxMjE4ZTFkZjg5MTFmYjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA71w/45pYi/MapOOMJXD27QXIs/u7
c4MhIdua3jvBfS3tF7gIsxJoLvZijJqghtHeu8EF5U2BmOGEdV/+BHwM5cCCxmqi
TS/75saQR+Yn3eMn/CPSRiddmz1InFvI122U6UtAkfpp153//bVz5h7y/Gb/kwNa
N/CI5Ng79q2a9eC+5SkIKa90GRVw4Igy7HwtFxnaVY8e+GqwIrbcAqu/YB0fDoXR
9aWgalgmZ8yInZzoFaK06xo8RTQWL67Xmh2cHFFzg78sWphvNDlqCbZz+zLsiJIj
yOw3DN0pph5SEI6uAJMFefAERF5hcLB6xXJRYbwCbGyH+njFmPCqGZG2/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNORDrTaPmMNtsvJzhIY4d+JEfsbMB8GA1UdIwQY
MBaAFN7L7zUsrHGtW64OixwCJG47ZQJQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3N2dk5TeXNjYTFicmc2TEhBSWtianRsQWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC82YmNmM2YtNWNhYy00NDcwLThhYWIt
NTQxZjlmY2JhNzQyLzEvMDVFT3ROby1ZdzIyeThuT0VoamgzNGtSLXhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC82YmNmM2YtNWNhYy00NDcwLThhYWItNTQxZjlmY2JhNzQy
LzEvM3N2dk5TeXNjYTFicmc2TEhBSWtianRsQWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAbQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBouCKAxT5LagdF07CUA/XzLRUyUzT4RaMEjuCn
Axq0LmVsGjedDtKCKfoOmHgAGlpc1ThsEq5y0QDHnKnnHHVfWI3a2QJ+y5ijuKVS
c9r2JjEytCsRlkYC1gm47eBaOMvfDeYyE42XtXw/JzcpWRMWNSZp+zhRfocMngpN
utXBiKH2T4BGTsuz/uxHx2HNfzzMI/jWFeu0YZyW43z4cD4GQ8/yI4nquJL5AXI+
BFUoNUsr5Eo4F9amBmONlVGbWdyhg/m9abZTo0m9SMnm5yOjHwLr6nO5r/oZEDwl
hRkBycft9++Jjqj6J6MLyIFoR0Ixc4JqhCoM+3tOxqd4QSn/
-----END CERTIFICATE-----