Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/98c1b5-3396-4d9c-bcac-992627eea9ea/1/1-eEKcv2-HlB3jOunD8sGEQP3iuo.roa
File:                     1-eEKcv2-HlB3jOunD8sGEQP3iuo.roa (raw, json)
Hash identifier:          1bxmvhYpMOeABQ7wYp60dzQC7ktJL7nqMNn/zKkAUDQ=
Subject key identifier:   F9:E1:0A:72:FD:BE:1E:50:77:8C:EB:A7:0F:CB:06:11:03:F7:8A:EA
Certificate issuer:       /CN=f9a16d1f4c7a653e3e20f84d9ba59fdb27c2a61f
Certificate serial:       01942369674F5141A63AAB3A556FDCDFACED
Authority key identifier: F9:A1:6D:1F:4C:7A:65:3E:3E:20:F8:4D:9B:A5:9F:DB:27:C2:A6:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-aFtH0x6ZT4-IPhNm6Wf2yfCph8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/98c1b5-3396-4d9c-bcac-992627eea9ea/1/1-eEKcv2-HlB3jOunD8sGEQP3iuo.roa
Signing time:             Wed 01 Jan 2025 19:48:17 +0000
ROA not before:           Wed 01 Jan 2025 19:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199552
IP address blocks:        2001:67c:2abc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/98c1b5-3396-4d9c-bcac-992627eea9ea/1/1-aFtH0x6ZT4-IPhNm6Wf2yfCph8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/98c1b5-3396-4d9c-bcac-992627eea9ea/1/1-aFtH0x6ZT4-IPhNm6Wf2yfCph8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-aFtH0x6ZT4-IPhNm6Wf2yfCph8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 13:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:67:4f:51:41:a6:3a:ab:3a:55:6f:dc:df:ac:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9a16d1f4c7a653e3e20f84d9ba59fdb27c2a61f
        Validity
            Not Before: Jan  1 19:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9e10a72fdbe1e50778ceba70fcb061103f78aea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:39:8d:65:f1:a5:61:1e:19:a0:00:b1:3e:de:
                    2a:6f:47:10:c1:1d:44:00:5c:7f:10:74:a6:c9:a7:
                    a4:a0:2a:56:c9:63:be:4b:a6:91:54:52:24:90:96:
                    e6:e0:f2:02:39:dd:0e:9f:ff:8d:69:4a:24:2f:16:
                    77:05:7d:85:07:b3:9f:24:c6:b8:d0:69:db:0b:16:
                    b8:1b:af:24:aa:f0:86:98:d7:75:4d:1f:af:ba:a3:
                    3a:50:64:12:4a:77:73:f3:a5:93:23:77:19:06:a2:
                    63:b9:25:c1:b5:85:af:1b:69:41:28:2d:0f:61:2d:
                    9d:ac:12:84:8f:f0:8e:e7:92:33:3a:93:ec:44:bd:
                    0d:b6:bf:6d:57:38:5c:43:24:dc:b7:7c:45:66:ab:
                    dc:4a:71:53:1e:c3:1f:33:8c:f8:09:43:4a:8d:c3:
                    28:99:07:38:92:d5:0f:dd:e7:2e:45:d1:34:4b:b0:
                    46:26:22:0e:01:cb:65:bb:f7:9e:0c:0a:8a:c7:8a:
                    04:a4:90:6d:b5:a6:fb:a5:c9:94:61:86:2b:33:f7:
                    a7:2a:6e:13:0a:e5:29:ac:bf:98:af:1f:a5:54:cd:
                    9a:34:39:be:a9:1d:6d:4b:42:83:fa:fc:d1:d5:e5:
                    dc:cd:6c:b2:3e:21:dc:4c:ee:ed:82:a7:2a:6b:97:
                    de:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:E1:0A:72:FD:BE:1E:50:77:8C:EB:A7:0F:CB:06:11:03:F7:8A:EA
            X509v3 Authority Key Identifier:
                keyid:F9:A1:6D:1F:4C:7A:65:3E:3E:20:F8:4D:9B:A5:9F:DB:27:C2:A6:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-aFtH0x6ZT4-IPhNm6Wf2yfCph8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/98c1b5-3396-4d9c-bcac-992627eea9ea/1/1-eEKcv2-HlB3jOunD8sGEQP3iuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/98c1b5-3396-4d9c-bcac-992627eea9ea/1/1-aFtH0x6ZT4-IPhNm6Wf2yfCph8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2abc::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:cf:1b:ab:44:6c:bf:4a:11:4e:d6:af:1a:99:bd:9a:5e:67:
         6e:19:a4:f5:b8:a7:1d:f3:b7:b4:a5:04:e1:ce:0c:87:e5:dc:
         4e:e4:c3:7e:17:43:bc:d2:10:2e:43:c6:b8:6d:b4:e9:6e:96:
         78:b9:1e:48:22:82:7e:f8:49:f7:6e:2d:79:5f:1b:7f:57:4d:
         76:6c:1e:bd:c8:bb:74:b1:1e:51:4f:34:2c:60:9d:9b:24:d4:
         0a:66:9e:de:0c:0d:ac:7c:b4:71:45:25:fc:fb:ea:7b:57:62:
         a0:0c:1d:aa:99:7c:91:a2:38:70:fa:6d:4a:0b:9a:5f:cb:be:
         e3:a9:b8:31:83:6c:3d:16:fb:77:97:55:25:c3:c4:71:1a:91:
         d8:f6:1c:bd:f6:4b:ae:c0:91:36:03:4e:11:88:52:a7:76:73:
         84:ff:d5:bc:98:e9:5a:48:f7:12:16:28:fe:ae:bd:d8:d2:dd:
         4d:70:b9:1b:1b:82:d6:a6:87:6a:72:91:c9:7d:e6:57:f1:c4:
         ab:a8:33:42:fe:91:28:f4:8a:18:5a:3f:17:c9:97:91:0e:b5:
         c2:1a:80:ea:4b:ce:59:ec:2f:8d:2e:d0:eb:24:31:99:48:38:
         1f:3e:a6:44:e8:85:e2:32:6a:ca:87:d4:48:00:c1:b7:55:b4:
         e1:9e:20:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjaWdPUUGmOqs6VW/c36ztMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5YTE2ZDFmNGM3YTY1M2UzZTIwZjg0ZDliYTU5ZmRiMjdj
MmE2MWYwHhcNMjUwMTAxMTk0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWUxMGE3MmZkYmUxZTUwNzc4Y2ViYTcwZmNiMDYxMTAzZjc4YWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzmNZfGlYR4ZoACxPt4qb0cQwR1E
AFx/EHSmyaekoCpWyWO+S6aRVFIkkJbm4PICOd0On/+NaUokLxZ3BX2FB7OfJMa4
0GnbCxa4G68kqvCGmNd1TR+vuqM6UGQSSndz86WTI3cZBqJjuSXBtYWvG2lBKC0P
YS2drBKEj/CO55IzOpPsRL0Ntr9tVzhcQyTct3xFZqvcSnFTHsMfM4z4CUNKjcMo
mQc4ktUP3ecuRdE0S7BGJiIOActlu/eeDAqKx4oEpJBttab7pcmUYYYrM/enKm4T
CuUprL+Yrx+lVM2aNDm+qR1tS0KD+vzR1eXczWyyPiHcTO7tgqcqa5feUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPnhCnL9vh5Qd4zrpw/LBhED94rqMB8GA1UdIwQY
MBaAFPmhbR9MemU+PiD4TZuln9snwqYfMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1hRnRIMHg2WlQ0LUlQaE5tNldmMnlmQ3BoOC5jZXIw
gY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmYvOThjMWI1LTMzOTYtNGQ5Yy1iY2Fj
LTk5MjYyN2VlYTllYS8xLzEtZUVLY3YyLUhsQjNqT3VuRDhzR0VRUDNpdW8ucm9h
MIGCBgNVHR8EezB5MHegdaBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3Np
dG9yeS9ERUZBVUxUL2ZmLzk4YzFiNS0zMzk2LTRkOWMtYmNhYy05OTI2MjdlZWE5
ZWEvMS8xLWFGdEgweDZaVDQtSVBoTm02V2YyeWZDcGg4LmNybDAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEG
fCq8MA0GCSqGSIb3DQEBCwUAA4IBAQA7zxurRGy/ShFO1q8amb2aXmduGaT1uKcd
87e0pQThzgyH5dxO5MN+F0O80hAuQ8a4bbTpbpZ4uR5IIoJ++En3bi15Xxt/V012
bB69yLt0sR5RTzQsYJ2bJNQKZp7eDA2sfLRxRSX8++p7V2KgDB2qmXyRojhw+m1K
C5pfy77jqbgxg2w9Fvt3l1Ulw8RxGpHY9hy99kuuwJE2A04RiFKndnOE/9W8mOla
SPcSFij+rr3Y0t1NcLkbG4LWpodqcpHJfeZX8cSrqDNC/pEo9IoYWj8XyZeRDrXC
GoDqS85Z7C+NLtDrJDGZSDgfPqZE6IXiMmrKh9RIAMG3VbThniAC
-----END CERTIFICATE-----