Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/d527f8-e5af-4820-a248-1e66505131ca/1/cD0i6eXUEb95MRC9zt2P-QsR-zI.roa
File:                     cD0i6eXUEb95MRC9zt2P-QsR-zI.roa (raw, json)
Hash identifier:          bwRfJD4nIDDz+Ohj/YcPEu2i5IBHAbvcA7uyG/Ew8EE=
Subject key identifier:   70:3D:22:E9:E5:D4:11:BF:79:31:10:BD:CE:DD:8F:F9:0B:11:FB:32
Certificate issuer:       /CN=65d66329576c9c01b3cd8285f4b54b0170d8c39a
Certificate serial:       0194244558EC8354F24F787BFBB2C063EE28
Authority key identifier: 65:D6:63:29:57:6C:9C:01:B3:CD:82:85:F4:B5:4B:01:70:D8:C3:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZdZjKVdsnAGzzYKF9LVLAXDYw5o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/d527f8-e5af-4820-a248-1e66505131ca/1/cD0i6eXUEb95MRC9zt2P-QsR-zI.roa
Signing time:             Wed 01 Jan 2025 23:48:32 +0000
ROA not before:           Wed 01 Jan 2025 23:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31317
IP address blocks:        2001:67c:2048::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/d527f8-e5af-4820-a248-1e66505131ca/1/ZdZjKVdsnAGzzYKF9LVLAXDYw5o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/d527f8-e5af-4820-a248-1e66505131ca/1/ZdZjKVdsnAGzzYKF9LVLAXDYw5o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZdZjKVdsnAGzzYKF9LVLAXDYw5o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:58:ec:83:54:f2:4f:78:7b:fb:b2:c0:63:ee:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65d66329576c9c01b3cd8285f4b54b0170d8c39a
        Validity
            Not Before: Jan  1 23:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=703d22e9e5d411bf793110bdcedd8ff90b11fb32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f1:77:6c:34:ff:00:a4:1c:d0:80:23:d3:a2:
                    52:f0:4e:2f:84:94:60:ba:1f:94:02:84:3a:6a:71:
                    6f:c6:48:ba:2c:2f:fe:a8:6f:cc:6a:22:a2:84:54:
                    d0:67:e0:90:11:94:81:20:00:bc:07:0a:96:50:ac:
                    9e:3f:a7:3a:d7:19:22:9d:8e:7a:f8:1d:0c:79:d0:
                    29:26:ee:0a:5c:80:fa:20:b7:14:7f:3a:ab:7b:cb:
                    fa:0e:59:f1:81:1b:4a:09:b7:f6:f8:21:22:b0:4f:
                    b7:f2:91:53:3e:00:49:79:13:5d:a4:2a:95:f8:4a:
                    93:3f:23:62:18:7f:54:23:e6:85:44:39:f4:e0:83:
                    72:95:8b:3f:28:c7:17:6f:e9:b1:cb:4b:24:80:e7:
                    25:13:dc:0c:a8:82:4c:b8:c7:69:62:62:b4:58:f0:
                    cd:a9:59:17:0d:05:04:3a:65:4a:b2:f0:0f:25:1d:
                    e7:b1:01:96:45:96:c9:1d:34:a8:2d:b7:e5:8b:35:
                    c8:c1:23:9e:7c:f9:bd:54:9e:dd:9c:c0:03:d7:20:
                    ce:62:37:28:47:de:10:85:8c:78:94:73:66:b1:45:
                    69:83:92:31:14:8c:ed:f8:38:76:b9:73:67:f2:7e:
                    2c:bb:8b:06:b5:4c:00:2e:51:8a:c1:5d:e6:6d:39:
                    ed:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:3D:22:E9:E5:D4:11:BF:79:31:10:BD:CE:DD:8F:F9:0B:11:FB:32
            X509v3 Authority Key Identifier:
                keyid:65:D6:63:29:57:6C:9C:01:B3:CD:82:85:F4:B5:4B:01:70:D8:C3:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZdZjKVdsnAGzzYKF9LVLAXDYw5o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/d527f8-e5af-4820-a248-1e66505131ca/1/cD0i6eXUEb95MRC9zt2P-QsR-zI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/d527f8-e5af-4820-a248-1e66505131ca/1/ZdZjKVdsnAGzzYKF9LVLAXDYw5o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2048::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:49:0a:4c:8e:1c:c6:37:6f:0a:1c:1b:5b:47:eb:f6:9a:d6:
         e2:35:31:ea:bb:e2:36:bf:82:61:41:c4:ad:9e:63:b0:c3:99:
         bd:e2:f3:0d:e3:99:3e:55:42:19:c3:fa:73:6d:c3:57:4f:a2:
         c4:1e:06:06:a1:2e:08:b6:98:0f:f6:88:a8:14:aa:3b:88:28:
         ef:d3:93:f5:79:d8:bc:77:e3:31:ec:7d:7c:04:e4:53:44:7a:
         6a:52:aa:76:68:74:b1:83:6a:96:7f:27:56:58:e3:19:bc:4b:
         c9:4e:43:53:85:11:b6:53:dd:b7:4b:df:89:ac:3f:32:1c:94:
         3d:bc:40:88:04:cf:0e:79:50:30:4b:60:7d:ad:cf:64:56:12:
         80:a2:2c:1c:5e:ca:39:61:c1:44:29:76:84:b9:04:02:bb:fc:
         6c:8d:07:c4:1d:95:39:01:1a:c6:77:58:23:f5:94:f0:dd:91:
         e8:b2:7d:05:70:e3:52:4f:21:25:6a:4f:94:b1:4d:ed:34:59:
         89:21:b9:d4:3f:29:43:6d:59:5d:87:c3:b8:73:fe:2c:b5:d9:
         eb:6e:08:e8:23:11:61:ce:97:73:6f:fe:dc:a3:33:ee:82:b6:
         57:dd:26:3e:81:a8:1d:e2:b5:03:fd:e6:e3:92:de:4b:c1:8e:
         32:32:55:ac
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQkRVjsg1TyT3h7+7LAY+4oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ZDY2MzI5NTc2YzljMDFiM2NkODI4NWY0YjU0YjAxNzBk
OGMzOWEwHhcNMjUwMTAxMjM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDNkMjJlOWU1ZDQxMWJmNzkzMTEwYmRjZWRkOGZmOTBiMTFmYjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/F3bDT/AKQc0IAj06JS8E4vhJRg
uh+UAoQ6anFvxki6LC/+qG/MaiKihFTQZ+CQEZSBIAC8BwqWUKyeP6c61xkinY56
+B0MedApJu4KXID6ILcUfzqre8v6DlnxgRtKCbf2+CEisE+38pFTPgBJeRNdpCqV
+EqTPyNiGH9UI+aFRDn04INylYs/KMcXb+mxy0skgOclE9wMqIJMuMdpYmK0WPDN
qVkXDQUEOmVKsvAPJR3nsQGWRZbJHTSoLbflizXIwSOefPm9VJ7dnMAD1yDOYjco
R94QhYx4lHNmsUVpg5IxFIzt+Dh2uXNn8n4su4sGtUwALlGKwV3mbTnttwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHA9Iunl1BG/eTEQvc7dj/kLEfsyMB8GA1UdIwQY
MBaAFGXWYylXbJwBs82ChfS1SwFw2MOaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmRaaktWZHNuQUd6ellLRjlMVkxBWERZdzVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9kNTI3ZjgtZTVhZi00ODIwLWEyNDgt
MWU2NjUwNTEzMWNhLzEvY0QwaTZlWFVFYjk1TVJDOXp0MlAtUXNSLXpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9kNTI3ZjgtZTVhZi00ODIwLWEyNDgtMWU2NjUwNTEzMWNh
LzEvWmRaaktWZHNuQUd6ellLRjlMVkxBWERZdzVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCBI
MA0GCSqGSIb3DQEBCwUAA4IBAQBBSQpMjhzGN28KHBtbR+v2mtbiNTHqu+I2v4Jh
QcStnmOww5m94vMN45k+VUIZw/pzbcNXT6LEHgYGoS4ItpgP9oioFKo7iCjv05P1
edi8d+Mx7H18BORTRHpqUqp2aHSxg2qWfydWWOMZvEvJTkNThRG2U923S9+JrD8y
HJQ9vECIBM8OeVAwS2B9rc9kVhKAoiwcXso5YcFEKXaEuQQCu/xsjQfEHZU5ARrG
d1gj9ZTw3ZHosn0FcONSTyElak+UsU3tNFmJIbnUPylDbVldh8O4c/4stdnrbgjo
IxFhzpdzb/7cozPugrZX3SY+gagd4rUD/ebjkt5LwY4yMlWs
-----END CERTIFICATE-----