Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/f12d80-deb6-4bf5-853c-d5da858e15fb/1/2LFR55bzEg917ZVxswXc708avQY.roa
File:                     2LFR55bzEg917ZVxswXc708avQY.roa (raw, json)
Hash identifier:          09G2R5A6VRyPInwdzmXjWMU+vVVMHeHCt8VJGVFJ0ks=
Subject key identifier:   D8:B1:51:E7:96:F3:12:0F:75:ED:95:71:B3:05:DC:EF:4F:1A:BD:06
Certificate issuer:       /CN=5009bcb2252eb646902ccbfd4c986cb0c2b91398
Certificate serial:       019644DD85310EAE34570A15BDC9EB34E2DF
Authority key identifier: 50:09:BC:B2:25:2E:B6:46:90:2C:CB:FD:4C:98:6C:B0:C2:B9:13:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UAm8siUutkaQLMv9TJhssMK5E5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/f12d80-deb6-4bf5-853c-d5da858e15fb/1/2LFR55bzEg917ZVxswXc708avQY.roa
Signing time:             Thu 17 Apr 2025 17:48:10 +0000
ROA not before:           Thu 17 Apr 2025 17:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212591
IP address blocks:        2001:67c:590::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/f12d80-deb6-4bf5-853c-d5da858e15fb/1/UAm8siUutkaQLMv9TJhssMK5E5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/f12d80-deb6-4bf5-853c-d5da858e15fb/1/UAm8siUutkaQLMv9TJhssMK5E5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UAm8siUutkaQLMv9TJhssMK5E5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 11:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:44:dd:85:31:0e:ae:34:57:0a:15:bd:c9:eb:34:e2:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5009bcb2252eb646902ccbfd4c986cb0c2b91398
        Validity
            Not Before: Apr 17 17:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8b151e796f3120f75ed9571b305dcef4f1abd06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ec:8a:76:15:8f:4f:97:e6:34:6b:65:4b:70:
                    ec:5e:8e:ec:56:5c:dc:77:4a:1f:7e:08:42:45:8f:
                    27:95:96:38:8b:a2:42:d7:1a:ec:2d:ce:c4:c7:c0:
                    a6:d4:b9:00:64:8a:5f:09:f1:ab:77:c4:95:b9:77:
                    28:0e:18:58:9d:d7:86:6d:da:c1:63:f7:f2:fa:93:
                    32:a5:ec:24:7a:3b:7e:53:53:50:c3:94:96:8d:b5:
                    19:8d:dc:43:33:3d:80:d1:50:97:db:93:a4:4f:ed:
                    ec:e6:25:5b:61:c9:c3:58:de:c3:3a:38:61:e4:8d:
                    ad:20:e8:dd:81:ce:24:0a:8a:4e:1e:58:93:a9:07:
                    b1:8d:95:c6:2a:23:e3:3e:64:a1:53:cb:55:b4:5f:
                    6e:08:4f:54:26:1f:3e:3c:ef:98:fc:61:f8:b8:0c:
                    f5:61:47:1d:40:f0:cf:01:23:62:9f:f2:c9:40:a2:
                    67:30:00:0d:b6:49:a9:73:00:f6:6a:a9:35:b9:2c:
                    75:da:76:d9:81:db:87:7d:82:f9:86:9b:d6:5b:f4:
                    02:c5:77:06:2b:db:66:b5:70:20:a9:e1:f0:80:0d:
                    80:aa:8c:6b:ea:6a:12:bf:51:4a:a4:ac:8c:ef:cb:
                    48:d4:c5:bc:16:c2:ed:0b:17:ce:1e:24:e9:67:20:
                    e4:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:B1:51:E7:96:F3:12:0F:75:ED:95:71:B3:05:DC:EF:4F:1A:BD:06
            X509v3 Authority Key Identifier:
                keyid:50:09:BC:B2:25:2E:B6:46:90:2C:CB:FD:4C:98:6C:B0:C2:B9:13:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UAm8siUutkaQLMv9TJhssMK5E5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/f12d80-deb6-4bf5-853c-d5da858e15fb/1/2LFR55bzEg917ZVxswXc708avQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/f12d80-deb6-4bf5-853c-d5da858e15fb/1/UAm8siUutkaQLMv9TJhssMK5E5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:590::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:c7:43:ba:91:41:8b:76:5e:e2:2c:b1:56:7a:bc:45:e2:d6:
         d1:e8:03:7b:2c:d5:4c:11:f4:0e:31:af:cd:08:5e:a0:74:03:
         0f:ba:46:1a:f7:38:21:77:e3:ee:cc:8b:29:98:0a:fc:bd:5c:
         de:4a:43:eb:19:0a:06:ab:a0:df:5f:93:a3:61:c8:f5:e1:ab:
         b9:97:e1:95:e1:cc:43:72:c0:05:e5:96:38:cc:ab:3b:b0:b1:
         54:c4:fc:05:65:a3:6e:a6:56:df:fe:a0:d7:f6:f0:8e:70:2c:
         2b:47:51:83:51:9a:a2:8f:ba:ac:35:65:c6:e4:5c:89:3b:81:
         c6:81:c3:69:49:2b:90:59:be:a4:be:c6:81:a3:bf:dc:39:18:
         a2:bd:3a:a5:67:4f:d0:04:66:d8:02:6f:16:9d:6e:ac:ef:60:
         1d:28:39:fe:0d:0a:2d:49:e2:7b:fa:8f:4e:8f:a8:40:5d:da:
         ba:cc:5a:a8:cc:aa:a3:6e:65:1c:4e:85:a4:01:e5:e7:98:4d:
         38:f6:62:41:4a:fe:55:fa:79:a8:06:68:5b:d4:36:4e:a9:d9:
         c0:27:66:4c:ce:26:24:de:5a:f4:31:97:5e:32:43:c6:f9:cc:
         9a:e9:26:49:45:e5:28:41:0f:c7:fa:df:d8:6a:ed:7a:fa:af:
         b0:27:2b:a9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZZE3YUxDq40VwoVvcnrNOLfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMDliY2IyMjUyZWI2NDY5MDJjY2JmZDRjOTg2Y2IwYzJi
OTEzOTgwHhcNMjUwNDE3MTc0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGIxNTFlNzk2ZjMxMjBmNzVlZDk1NzFiMzA1ZGNlZjRmMWFiZDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+yKdhWPT5fmNGtlS3DsXo7sVlzc
d0offghCRY8nlZY4i6JC1xrsLc7Ex8Cm1LkAZIpfCfGrd8SVuXcoDhhYndeGbdrB
Y/fy+pMypewkejt+U1NQw5SWjbUZjdxDMz2A0VCX25OkT+3s5iVbYcnDWN7DOjhh
5I2tIOjdgc4kCopOHliTqQexjZXGKiPjPmShU8tVtF9uCE9UJh8+PO+Y/GH4uAz1
YUcdQPDPASNin/LJQKJnMAANtkmpcwD2aqk1uSx12nbZgduHfYL5hpvWW/QCxXcG
K9tmtXAgqeHwgA2Aqoxr6moSv1FKpKyM78tI1MW8FsLtCxfOHiTpZyDkQQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNixUeeW8xIPde2VcbMF3O9PGr0GMB8GA1UdIwQY
MBaAFFAJvLIlLrZGkCzL/UyYbLDCuROYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUFtOHNpVXV0a2FRTE12OVRKaHNzTUs1RTVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9mMTJkODAtZGViNi00YmY1LTg1M2Mt
ZDVkYTg1OGUxNWZiLzEvMkxGUjU1YnpFZzkxN1pWeHN3WGM3MDhhdlFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9mMTJkODAtZGViNi00YmY1LTg1M2MtZDVkYTg1OGUxNWZi
LzEvVUFtOHNpVXV0a2FRTE12OVRKaHNzTUs1RTVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAWQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCix0O6kUGLdl7iLLFWerxF4tbR6AN7LNVMEfQO
Ma/NCF6gdAMPukYa9zghd+PuzIspmAr8vVzeSkPrGQoGq6DfX5OjYcj14au5l+GV
4cxDcsAF5ZY4zKs7sLFUxPwFZaNuplbf/qDX9vCOcCwrR1GDUZqij7qsNWXG5FyJ
O4HGgcNpSSuQWb6kvsaBo7/cORiivTqlZ0/QBGbYAm8WnW6s72AdKDn+DQotSeJ7
+o9Oj6hAXdq6zFqozKqjbmUcToWkAeXnmE049mJBSv5V+nmoBmhb1DZOqdnAJ2ZM
ziYk3lr0MZdeMkPG+cya6SZJReUoQQ/H+t/Yau16+q+wJyup
-----END CERTIFICATE-----