Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/fae1c1-aa18-46aa-83a7-8d1c9d1192b0/1/JKIB76zKkkKrBoUXjR0hAQtGTdM.roa
File:                     JKIB76zKkkKrBoUXjR0hAQtGTdM.roa (raw, json)
Hash identifier:          ykn0vkdS9mLj16yNgBoFWQshZXTgOTHfF/eRZDldNCo=
Subject key identifier:   24:A2:01:EF:AC:CA:92:42:AB:06:85:17:8D:1D:21:01:0B:46:4D:D3
Certificate issuer:       /CN=0df6e633067c066ae9bef1d3771cc300e4b4d1a7
Certificate serial:       01941FFA1B6A54FD98C2E8A456AC02161E7A
Authority key identifier: 0D:F6:E6:33:06:7C:06:6A:E9:BE:F1:D3:77:1C:C3:00:E4:B4:D1:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DfbmMwZ8BmrpvvHTdxzDAOS00ac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/fae1c1-aa18-46aa-83a7-8d1c9d1192b0/1/JKIB76zKkkKrBoUXjR0hAQtGTdM.roa
Signing time:             Wed 01 Jan 2025 03:47:52 +0000
ROA not before:           Wed 01 Jan 2025 03:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30887
IP address blocks:        2001:67c:4d4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/fae1c1-aa18-46aa-83a7-8d1c9d1192b0/1/DfbmMwZ8BmrpvvHTdxzDAOS00ac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/fae1c1-aa18-46aa-83a7-8d1c9d1192b0/1/DfbmMwZ8BmrpvvHTdxzDAOS00ac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DfbmMwZ8BmrpvvHTdxzDAOS00ac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:1b:6a:54:fd:98:c2:e8:a4:56:ac:02:16:1e:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0df6e633067c066ae9bef1d3771cc300e4b4d1a7
        Validity
            Not Before: Jan  1 03:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24a201efacca9242ab0685178d1d21010b464dd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:6f:a6:06:1b:a9:e4:c3:88:48:91:c6:6a:e3:
                    58:52:ba:22:9d:61:d5:e8:f1:0e:38:f0:02:dd:76:
                    8f:5f:18:76:81:e7:0f:e1:65:91:e8:9e:20:b8:56:
                    0d:31:2e:86:9d:f8:4d:1d:d4:46:e3:88:aa:a1:2e:
                    dc:90:85:a3:fc:e8:e2:68:f7:b5:34:02:c9:9d:e7:
                    82:2b:22:17:34:d0:95:c9:76:85:45:4f:a3:9b:99:
                    08:7d:07:16:56:bb:c3:77:79:16:1f:ff:70:45:ee:
                    57:96:87:73:7c:a9:69:f8:4f:17:6e:f0:20:45:c4:
                    0e:7a:5c:b8:03:33:49:81:b5:64:ac:3d:45:3d:a2:
                    63:9d:4a:86:aa:20:f9:ad:19:2e:7b:1e:ac:8e:ba:
                    f7:30:5b:13:98:87:7c:1d:34:63:14:4d:d5:09:0e:
                    ae:1f:d1:7e:78:66:a4:90:88:aa:62:14:c3:16:72:
                    53:ef:2d:24:9a:99:7f:f1:d5:b1:88:67:64:42:db:
                    7a:3a:f1:1a:2c:09:11:df:e0:09:0e:47:a8:7a:ef:
                    94:01:57:71:89:e2:fc:bc:f7:55:25:f2:bb:1e:c6:
                    80:61:c9:51:6a:f3:0c:6a:04:85:46:90:34:b0:31:
                    d8:8f:ed:cc:94:3e:b2:20:d8:25:70:ee:ca:a6:b1:
                    01:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:A2:01:EF:AC:CA:92:42:AB:06:85:17:8D:1D:21:01:0B:46:4D:D3
            X509v3 Authority Key Identifier:
                keyid:0D:F6:E6:33:06:7C:06:6A:E9:BE:F1:D3:77:1C:C3:00:E4:B4:D1:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DfbmMwZ8BmrpvvHTdxzDAOS00ac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/fae1c1-aa18-46aa-83a7-8d1c9d1192b0/1/JKIB76zKkkKrBoUXjR0hAQtGTdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/fae1c1-aa18-46aa-83a7-8d1c9d1192b0/1/DfbmMwZ8BmrpvvHTdxzDAOS00ac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:4d4::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:a6:e1:71:69:cd:71:22:34:86:40:b8:20:20:c1:cc:d6:58:
         12:70:00:24:11:0a:85:5d:16:aa:de:a6:30:2a:67:e9:7d:26:
         8f:3d:e8:bc:fa:a2:88:e6:f4:5f:98:18:de:5c:0c:b2:2b:b6:
         bc:dd:46:88:89:c5:87:22:ba:4d:55:99:c2:81:49:56:ad:d3:
         f8:07:8a:ed:86:98:92:42:fb:3f:53:0e:6e:46:00:40:0d:88:
         c4:dc:67:42:e4:d8:c4:f8:67:b5:15:26:91:1d:86:be:7a:ab:
         df:a2:50:81:95:a0:34:45:f4:0b:ac:fa:34:63:d3:2f:d1:e7:
         eb:08:ef:99:ed:77:7d:06:7b:5c:a6:b2:e1:79:36:63:86:81:
         0d:37:0c:24:93:6e:29:f2:22:cc:00:c6:14:11:d8:1c:60:e5:
         50:7a:b0:97:b5:b1:78:73:2a:5a:ba:92:57:51:9d:08:9f:0d:
         50:89:6e:ad:af:bc:af:35:5a:5a:95:6c:2b:82:8f:9c:ac:9c:
         76:f7:07:b4:45:db:43:87:49:c3:7d:7e:ba:8c:12:e7:42:32:
         c7:2a:c1:dc:ee:fa:49:15:2b:7d:9c:29:83:d9:68:17:56:6d:
         5e:87:a7:87:59:94:e6:e8:6e:57:16:a7:e3:17:c9:fb:d4:a1:
         58:05:7c:28
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+htqVP2YwuikVqwCFh56MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkZjZlNjMzMDY3YzA2NmFlOWJlZjFkMzc3MWNjMzAwZTRi
NGQxYTcwHhcNMjUwMTAxMDM0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGEyMDFlZmFjY2E5MjQyYWIwNjg1MTc4ZDFkMjEwMTBiNDY0ZGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG+mBhup5MOISJHGauNYUroinWHV
6PEOOPAC3XaPXxh2gecP4WWR6J4guFYNMS6GnfhNHdRG44iqoS7ckIWj/OjiaPe1
NALJneeCKyIXNNCVyXaFRU+jm5kIfQcWVrvDd3kWH/9wRe5XlodzfKlp+E8XbvAg
RcQOely4AzNJgbVkrD1FPaJjnUqGqiD5rRkuex6sjrr3MFsTmId8HTRjFE3VCQ6u
H9F+eGakkIiqYhTDFnJT7y0kmpl/8dWxiGdkQtt6OvEaLAkR3+AJDkeoeu+UAVdx
ieL8vPdVJfK7HsaAYclRavMMagSFRpA0sDHYj+3MlD6yINglcO7KprEBPQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCSiAe+sypJCqwaFF40dIQELRk3TMB8GA1UdIwQY
MBaAFA325jMGfAZq6b7x03ccwwDktNGnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGZibU13WjhCbXJwdnZIVGR4ekRBT1MwMGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9mYWUxYzEtYWExOC00NmFhLTgzYTct
OGQxYzlkMTE5MmIwLzEvSktJQjc2ektra0tyQm9VWGpSMGhBUXRHVGRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9mYWUxYzEtYWExOC00NmFhLTgzYTctOGQxYzlkMTE5MmIw
LzEvRGZibU13WjhCbXJwdnZIVGR4ekRBT1MwMGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfATU
MA0GCSqGSIb3DQEBCwUAA4IBAQBDpuFxac1xIjSGQLggIMHM1lgScAAkEQqFXRaq
3qYwKmfpfSaPPei8+qKI5vRfmBjeXAyyK7a83UaIicWHIrpNVZnCgUlWrdP4B4rt
hpiSQvs/Uw5uRgBADYjE3GdC5NjE+Ge1FSaRHYa+eqvfolCBlaA0RfQLrPo0Y9Mv
0efrCO+Z7Xd9BntcprLheTZjhoENNwwkk24p8iLMAMYUEdgcYOVQerCXtbF4cypa
upJXUZ0Inw1QiW6tr7yvNVpalWwrgo+crJx29we0RdtDh0nDfX66jBLnQjLHKsHc
7vpJFSt9nCmD2WgXVm1eh6eHWZTm6G5XFqfjF8n71KFYBXwo
-----END CERTIFICATE-----