Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/8f9f32-c1d5-4fa6-b013-9297b855fa72/1/O9UxuLNdjVpPMRVJ8_xamVbi3ck.roa
File:                     O9UxuLNdjVpPMRVJ8_xamVbi3ck.roa (raw, json)
Hash identifier:          w7PnuXi3vgOvtTP6oScaXCDqYyS0FwVpkDFtt58ndZ4=
Subject key identifier:   3B:D5:31:B8:B3:5D:8D:5A:4F:31:15:49:F3:FC:5A:99:56:E2:DD:C9
Certificate issuer:       /CN=439a7f93fca808c82d26fbfe0fde1b968cf6e8d3
Certificate serial:       019421B1EA9EBF6828304AA667E45D1862EE
Authority key identifier: 43:9A:7F:93:FC:A8:08:C8:2D:26:FB:FE:0F:DE:1B:96:8C:F6:E8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q5p_k_yoCMgtJvv-D94bloz26NM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/8f9f32-c1d5-4fa6-b013-9297b855fa72/1/O9UxuLNdjVpPMRVJ8_xamVbi3ck.roa
Signing time:             Wed 01 Jan 2025 11:48:15 +0000
ROA not before:           Wed 01 Jan 2025 11:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198824
IP address blocks:        2001:67c:c74::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/8f9f32-c1d5-4fa6-b013-9297b855fa72/1/Q5p_k_yoCMgtJvv-D94bloz26NM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/8f9f32-c1d5-4fa6-b013-9297b855fa72/1/Q5p_k_yoCMgtJvv-D94bloz26NM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q5p_k_yoCMgtJvv-D94bloz26NM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ea:9e:bf:68:28:30:4a:a6:67:e4:5d:18:62:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=439a7f93fca808c82d26fbfe0fde1b968cf6e8d3
        Validity
            Not Before: Jan  1 11:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3bd531b8b35d8d5a4f311549f3fc5a9956e2ddc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c1:af:2e:9a:6c:95:ba:34:b9:d9:46:56:8b:
                    06:05:a1:7a:65:14:96:86:95:66:0b:a7:1c:68:13:
                    6f:1d:e3:17:c7:70:3d:56:51:0a:f8:ee:cf:3f:26:
                    3f:d1:ee:e4:12:0b:15:6e:81:87:72:f6:8d:7e:f9:
                    72:da:2a:ef:49:c0:6a:9f:40:e6:fe:67:10:e4:5c:
                    31:d4:be:43:11:05:58:c9:7a:87:48:b7:4e:d9:cf:
                    1c:f7:a6:c3:b5:d4:b4:33:d4:75:04:69:d2:5d:9a:
                    b8:37:97:1e:51:da:19:09:af:f2:fa:db:b3:de:8b:
                    8a:d4:80:5e:95:f9:ae:5c:e2:bc:4d:c7:65:06:c4:
                    e7:62:38:5a:3a:02:ea:e5:04:f5:ff:87:35:ba:25:
                    06:af:ea:6a:56:b0:78:de:67:92:70:d5:a6:99:79:
                    ab:8b:12:a8:46:5f:e6:29:c4:23:e2:e7:41:ee:95:
                    aa:66:99:5d:e2:71:11:e4:1a:0e:4a:5f:65:5e:7c:
                    19:de:81:a9:c3:fd:ce:c4:0c:84:64:38:59:c9:b2:
                    92:6d:5f:2e:df:4f:c8:85:0f:06:bc:2a:c4:ec:66:
                    88:96:5b:fe:76:31:f4:c8:ae:2f:53:6b:d0:f0:d0:
                    be:ea:98:cd:f7:b0:ca:97:e2:46:0f:c7:16:44:1e:
                    ba:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:D5:31:B8:B3:5D:8D:5A:4F:31:15:49:F3:FC:5A:99:56:E2:DD:C9
            X509v3 Authority Key Identifier:
                keyid:43:9A:7F:93:FC:A8:08:C8:2D:26:FB:FE:0F:DE:1B:96:8C:F6:E8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q5p_k_yoCMgtJvv-D94bloz26NM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/8f9f32-c1d5-4fa6-b013-9297b855fa72/1/O9UxuLNdjVpPMRVJ8_xamVbi3ck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/8f9f32-c1d5-4fa6-b013-9297b855fa72/1/Q5p_k_yoCMgtJvv-D94bloz26NM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c74::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:94:f5:09:86:d7:49:83:7f:a8:cc:26:f4:55:13:bf:ca:fb:
         07:5c:41:1a:24:79:ec:56:c5:1f:5e:62:da:27:43:a2:23:dd:
         3a:4c:40:4c:99:25:06:31:24:a4:fd:76:b7:e8:76:48:4b:eb:
         32:08:ea:30:1a:ee:cf:f2:df:9f:d9:66:31:32:f3:f9:2e:56:
         c6:3e:a4:ca:1d:3c:82:59:0c:07:d1:6d:5c:49:47:a7:81:c1:
         2b:dc:a2:c7:09:88:3a:d0:cd:09:0a:f0:f9:77:41:3b:0d:f6:
         fa:c8:df:83:38:df:5d:93:d5:9b:58:36:4b:22:cf:d1:d2:71:
         3a:67:9d:b5:94:f6:c3:d5:1f:06:bb:40:5a:91:aa:98:97:3e:
         de:37:66:00:d5:c6:bd:af:2a:1b:3b:de:d3:b2:4c:bc:d9:16:
         4c:cb:04:ec:05:95:7e:df:9d:44:0f:8a:de:e9:c0:8b:f8:c8:
         1d:2d:82:c5:71:cc:06:38:a7:73:17:6d:5d:71:33:1a:e4:b3:
         57:de:4b:4a:e6:88:51:d4:8c:3a:b3:ba:e5:bd:66:f0:2f:99:
         7d:41:d7:5a:a0:e1:d4:c3:06:f1:25:14:b1:20:4b:01:b2:38:
         ea:2d:40:f9:bb:0a:9a:10:66:4e:6f:18:1e:69:50:40:ff:fe:
         74:b3:f4:f9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhseqev2goMEqmZ+RdGGLuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzOWE3ZjkzZmNhODA4YzgyZDI2ZmJmZTBmZGUxYjk2OGNm
NmU4ZDMwHhcNMjUwMTAxMTE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmQ1MzFiOGIzNWQ4ZDVhNGYzMTE1NDlmM2ZjNWE5OTU2ZTJkZGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsGvLppslbo0udlGVosGBaF6ZRSW
hpVmC6ccaBNvHeMXx3A9VlEK+O7PPyY/0e7kEgsVboGHcvaNfvly2irvScBqn0Dm
/mcQ5Fwx1L5DEQVYyXqHSLdO2c8c96bDtdS0M9R1BGnSXZq4N5ceUdoZCa/y+tuz
3ouK1IBelfmuXOK8TcdlBsTnYjhaOgLq5QT1/4c1uiUGr+pqVrB43meScNWmmXmr
ixKoRl/mKcQj4udB7pWqZpld4nER5BoOSl9lXnwZ3oGpw/3OxAyEZDhZybKSbV8u
30/IhQ8GvCrE7GaIllv+djH0yK4vU2vQ8NC+6pjN97DKl+JGD8cWRB66EQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDvVMbizXY1aTzEVSfP8WplW4t3JMB8GA1UdIwQY
MBaAFEOaf5P8qAjILSb7/g/eG5aM9ujTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTVwX2tfeW9DTWd0SnZ2LUQ5NGJsb3oyNk5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy84ZjlmMzItYzFkNS00ZmE2LWIwMTMt
OTI5N2I4NTVmYTcyLzEvTzlVeHVMTmRqVnBQTVJWSjhfeGFtVmJpM2NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy84ZjlmMzItYzFkNS00ZmE2LWIwMTMtOTI5N2I4NTVmYTcy
LzEvUTVwX2tfeW9DTWd0SnZ2LUQ5NGJsb3oyNk5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAx0
MA0GCSqGSIb3DQEBCwUAA4IBAQBslPUJhtdJg3+ozCb0VRO/yvsHXEEaJHnsVsUf
XmLaJ0OiI906TEBMmSUGMSSk/Xa36HZIS+syCOowGu7P8t+f2WYxMvP5LlbGPqTK
HTyCWQwH0W1cSUengcEr3KLHCYg60M0JCvD5d0E7Dfb6yN+DON9dk9WbWDZLIs/R
0nE6Z521lPbD1R8Gu0BakaqYlz7eN2YA1ca9ryobO97Tsky82RZMywTsBZV+351E
D4re6cCL+MgdLYLFccwGOKdzF21dcTMa5LNX3ktK5ohR1Iw6s7rlvWbwL5l9Qdda
oOHUwwbxJRSxIEsBsjjqLUD5uwqaEGZObxgeaVBA//50s/T5
-----END CERTIFICATE-----