Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/dffb19-d467-4ee5-8cf6-f63d20a78f75/1/Dm667XnaRqtK2i3UfsThVeXTWc4.roa
File:                     Dm667XnaRqtK2i3UfsThVeXTWc4.roa (raw, json)
Hash identifier:          8yEFF1MNlsRKs74/fi+3dMb5d+dLJ3drU0IwlTP+fus=
Subject key identifier:   0E:6E:BA:ED:79:DA:46:AB:4A:DA:2D:D4:7E:C4:E1:55:E5:D3:59:CE
Certificate issuer:       /CN=8b819441c7093034a9d4656a2f6d36ab24033fe4
Certificate serial:       019768764E12127EEF059CB937741CC98E36
Authority key identifier: 8B:81:94:41:C7:09:30:34:A9:D4:65:6A:2F:6D:36:AB:24:03:3F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i4GUQccJMDSp1GVqL202qyQDP-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/dffb19-d467-4ee5-8cf6-f63d20a78f75/1/Dm667XnaRqtK2i3UfsThVeXTWc4.roa
Signing time:             Fri 13 Jun 2025 08:44:32 +0000
ROA not before:           Fri 13 Jun 2025 08:44:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213405
IP address blocks:        2001:67c:2920::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/dffb19-d467-4ee5-8cf6-f63d20a78f75/1/i4GUQccJMDSp1GVqL202qyQDP-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/dffb19-d467-4ee5-8cf6-f63d20a78f75/1/i4GUQccJMDSp1GVqL202qyQDP-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i4GUQccJMDSp1GVqL202qyQDP-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:68:76:4e:12:12:7e:ef:05:9c:b9:37:74:1c:c9:8e:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b819441c7093034a9d4656a2f6d36ab24033fe4
        Validity
            Not Before: Jun 13 08:44:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e6ebaed79da46ab4ada2dd47ec4e155e5d359ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:2f:7d:50:d3:e2:c1:33:ab:02:e9:8a:a8:05:
                    07:57:9e:4d:0c:23:e6:bf:d8:4e:7a:11:e7:69:66:
                    ea:48:ba:3f:41:5b:14:5d:0d:37:4e:94:f4:b5:27:
                    16:7e:ca:a0:b8:df:f0:fd:5c:e7:60:88:5e:f1:9c:
                    c1:80:28:82:0c:41:d5:12:cf:0f:a3:58:43:e4:62:
                    8a:20:ce:d3:86:ea:28:a4:d8:fa:a6:54:64:14:4c:
                    84:69:a1:a9:58:7a:3d:30:86:95:d1:9e:c3:9a:ce:
                    c1:5b:7b:93:41:98:18:b7:22:3b:f0:cc:ac:e0:dd:
                    ca:ca:12:54:fd:29:90:de:99:14:d9:ce:cf:60:35:
                    e7:13:4a:a6:33:19:6a:b1:5b:c2:cc:f7:c6:4e:dd:
                    8d:35:2c:dc:a7:fb:72:1a:dd:2d:a7:f5:2a:e8:9e:
                    b2:51:93:1a:d5:17:cd:30:38:4b:a1:1d:61:23:1a:
                    78:64:7a:1a:87:c1:e2:1b:18:de:f6:af:17:93:f1:
                    59:00:13:74:72:ef:8d:36:7b:05:d7:40:8e:6c:01:
                    1f:3b:38:fa:c6:39:fa:f8:e9:3d:04:a9:80:cc:60:
                    9e:36:d1:c4:83:fe:1b:d7:39:61:99:40:2b:d5:eb:
                    11:34:fa:a3:a5:a3:35:e7:73:df:03:86:a9:d9:57:
                    79:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:6E:BA:ED:79:DA:46:AB:4A:DA:2D:D4:7E:C4:E1:55:E5:D3:59:CE
            X509v3 Authority Key Identifier:
                keyid:8B:81:94:41:C7:09:30:34:A9:D4:65:6A:2F:6D:36:AB:24:03:3F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i4GUQccJMDSp1GVqL202qyQDP-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/dffb19-d467-4ee5-8cf6-f63d20a78f75/1/Dm667XnaRqtK2i3UfsThVeXTWc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/dffb19-d467-4ee5-8cf6-f63d20a78f75/1/i4GUQccJMDSp1GVqL202qyQDP-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2920::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:14:85:ae:3c:00:4e:8d:f6:19:6c:3e:d0:37:1b:14:a4:89:
         a1:ea:b4:a3:69:95:4f:c4:3d:e3:13:a9:ef:a9:48:b3:89:62:
         64:de:6a:07:d8:b2:ae:3d:61:bf:a4:66:0a:aa:68:36:c1:47:
         cb:9b:6a:67:7f:21:83:ac:54:f2:e4:92:20:b0:66:22:a6:43:
         a4:ee:3b:26:93:1e:80:71:52:9f:e6:bc:72:ca:bd:b5:dd:dd:
         a5:17:db:80:d0:ff:50:09:d4:1f:0f:3c:a8:10:0f:b0:4c:24:
         87:86:74:80:69:25:d1:0f:38:94:3b:a5:b7:b3:fe:c0:7c:c7:
         b7:b6:6a:2b:82:b1:10:c5:f8:af:aa:90:8d:88:ab:08:81:e9:
         4f:71:86:f6:2d:91:74:f4:ce:4a:e1:25:41:77:2a:8f:8a:43:
         43:78:06:f7:36:76:0b:65:ad:b1:4c:bc:df:09:7e:aa:0d:44:
         bc:c4:db:f2:8a:03:bd:af:a5:6a:ec:1b:82:26:a8:9b:29:98:
         68:6a:db:86:ef:d9:0d:52:fd:8c:50:69:ec:5f:45:aa:96:5e:
         c4:22:1a:ba:4b:15:16:a5:13:9a:69:08:d4:6b:29:1a:c2:62:
         ff:bc:68:58:d5:6f:07:10:4b:12:e0:be:12:02:9c:18:71:b1:
         07:02:bb:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZdodk4SEn7vBZy5N3QcyY42MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiODE5NDQxYzcwOTMwMzRhOWQ0NjU2YTJmNmQzNmFiMjQw
MzNmZTQwHhcNMjUwNjEzMDg0NDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTZlYmFlZDc5ZGE0NmFiNGFkYTJkZDQ3ZWM0ZTE1NWU1ZDM1OWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0i99UNPiwTOrAumKqAUHV55NDCPm
v9hOehHnaWbqSLo/QVsUXQ03TpT0tScWfsqguN/w/VznYIhe8ZzBgCiCDEHVEs8P
o1hD5GKKIM7ThuoopNj6plRkFEyEaaGpWHo9MIaV0Z7Dms7BW3uTQZgYtyI78Mys
4N3KyhJU/SmQ3pkU2c7PYDXnE0qmMxlqsVvCzPfGTt2NNSzcp/tyGt0tp/Uq6J6y
UZMa1RfNMDhLoR1hIxp4ZHoah8HiGxje9q8Xk/FZABN0cu+NNnsF10CObAEfOzj6
xjn6+Ok9BKmAzGCeNtHEg/4b1zlhmUAr1esRNPqjpaM153PfA4ap2Vd5SQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA5uuu152karStot1H7E4VXl01nOMB8GA1UdIwQY
MBaAFIuBlEHHCTA0qdRlai9tNqskAz/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTRHVVFjY0pNRFNwMUdWcUwyMDJxeVFEUC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9kZmZiMTktZDQ2Ny00ZWU1LThjZjYt
ZjYzZDIwYTc4Zjc1LzEvRG02NjdYbmFScXRLMmkzVWZzVGhWZVhUV2M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9kZmZiMTktZDQ2Ny00ZWU1LThjZjYtZjYzZDIwYTc4Zjc1
LzEvaTRHVVFjY0pNRFNwMUdWcUwyMDJxeVFEUC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCkg
MA0GCSqGSIb3DQEBCwUAA4IBAQBkFIWuPABOjfYZbD7QNxsUpImh6rSjaZVPxD3j
E6nvqUiziWJk3moH2LKuPWG/pGYKqmg2wUfLm2pnfyGDrFTy5JIgsGYipkOk7jsm
kx6AcVKf5rxyyr213d2lF9uA0P9QCdQfDzyoEA+wTCSHhnSAaSXRDziUO6W3s/7A
fMe3tmorgrEQxfivqpCNiKsIgelPcYb2LZF09M5K4SVBdyqPikNDeAb3NnYLZa2x
TLzfCX6qDUS8xNvyigO9r6Vq7BuCJqibKZhoatuG79kNUv2MUGnsX0Wqll7EIhq6
SxUWpROaaQjUaykawmL/vGhY1W8HEEsS4L4SApwYcbEHArsJ
-----END CERTIFICATE-----