Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/1e06be-4511-45fc-8949-7431d689a8e8/1/FpqX8EZQIVTXkUnqlp9grlBeNrw.roa
File:                     FpqX8EZQIVTXkUnqlp9grlBeNrw.roa (raw, json)
Hash identifier:          P8KxRj81qpEt5Z2QrlNREQ2v0IAaxfxV7ZOlUfOnKHA=
Subject key identifier:   16:9A:97:F0:46:50:21:54:D7:91:49:EA:96:9F:60:AE:50:5E:36:BC
Certificate issuer:       /CN=7657211f8a66561b5770ff19b471aef511e83778
Certificate serial:       0196389943DAC814B99383F5FB90AE69249C
Authority key identifier: 76:57:21:1F:8A:66:56:1B:57:70:FF:19:B4:71:AE:F5:11:E8:37:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dlchH4pmVhtXcP8ZtHGu9RHoN3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/1e06be-4511-45fc-8949-7431d689a8e8/1/FpqX8EZQIVTXkUnqlp9grlBeNrw.roa
Signing time:             Tue 15 Apr 2025 08:38:10 +0000
ROA not before:           Tue 15 Apr 2025 08:38:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215137
IP address blocks:        2001:67c:e8c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/1e06be-4511-45fc-8949-7431d689a8e8/1/dlchH4pmVhtXcP8ZtHGu9RHoN3g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/1e06be-4511-45fc-8949-7431d689a8e8/1/dlchH4pmVhtXcP8ZtHGu9RHoN3g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dlchH4pmVhtXcP8ZtHGu9RHoN3g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 14:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:38:99:43:da:c8:14:b9:93:83:f5:fb:90:ae:69:24:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7657211f8a66561b5770ff19b471aef511e83778
        Validity
            Not Before: Apr 15 08:38:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=169a97f046502154d79149ea969f60ae505e36bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:5c:a3:08:17:b2:9a:d9:fe:8e:e2:2a:3f:e7:
                    15:4c:41:87:e5:c3:21:de:c0:5a:29:ba:ba:ba:d7:
                    56:eb:43:29:3c:b1:e7:d6:44:b3:44:c7:2e:8e:1a:
                    f0:67:10:6c:d2:e9:a8:c5:f3:92:14:78:f0:16:3e:
                    0c:01:74:e3:d5:ee:fb:4b:0b:d9:ae:3c:95:1a:cb:
                    07:ce:22:5f:11:ca:84:18:4f:f8:5e:a3:a7:4a:6a:
                    18:1d:9a:97:2a:a0:e9:88:d4:11:7f:10:9f:df:df:
                    ba:a2:f7:cc:cb:33:d9:e2:0c:31:70:67:e6:f1:b2:
                    6c:72:0e:7e:9f:69:fc:90:e6:c2:5f:69:5b:ad:11:
                    fa:88:a0:3e:46:3c:4e:2a:5d:82:f7:dd:b7:b0:e0:
                    83:64:f7:fe:f1:e8:10:1f:cd:05:d3:57:8f:fe:5e:
                    90:f8:04:53:56:dd:65:38:07:11:f9:18:c0:4b:b4:
                    81:3e:bf:1c:64:28:bb:92:01:b6:c0:b0:4e:46:43:
                    55:44:32:5d:21:f9:c9:8b:9e:3d:ae:f7:44:50:9c:
                    32:66:40:b6:15:c9:da:6e:fb:4e:b4:fb:9f:3d:a4:
                    7e:76:9e:ac:e8:9e:ad:79:bb:0d:68:7c:b5:04:6a:
                    bd:46:bf:56:0b:ac:47:17:f6:db:55:c1:c6:d4:3b:
                    9c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:9A:97:F0:46:50:21:54:D7:91:49:EA:96:9F:60:AE:50:5E:36:BC
            X509v3 Authority Key Identifier:
                keyid:76:57:21:1F:8A:66:56:1B:57:70:FF:19:B4:71:AE:F5:11:E8:37:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dlchH4pmVhtXcP8ZtHGu9RHoN3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1e06be-4511-45fc-8949-7431d689a8e8/1/FpqX8EZQIVTXkUnqlp9grlBeNrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1e06be-4511-45fc-8949-7431d689a8e8/1/dlchH4pmVhtXcP8ZtHGu9RHoN3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e8c::/48

    Signature Algorithm: sha256WithRSAEncryption
         c8:cd:76:60:4a:f7:b8:16:42:98:cb:88:05:91:24:9b:01:68:
         2e:71:15:58:da:44:ec:ee:f3:dd:02:2e:c3:09:a3:48:0e:4f:
         fc:a2:6b:0a:c4:89:ff:01:02:9e:2d:d2:6c:3a:f6:ef:0d:69:
         e9:0f:ef:a1:c3:5d:ac:c1:0f:fa:d1:db:fb:96:64:53:4a:dc:
         d4:ec:dc:ff:06:f5:bf:0b:23:f4:eb:18:10:55:3a:f0:cc:54:
         85:73:70:65:e9:9a:24:bd:92:d8:bc:c9:d3:be:b5:49:47:8f:
         85:63:85:db:72:f3:b8:4b:46:58:09:d1:00:7f:8f:42:1b:13:
         b7:25:0b:46:19:02:cd:5e:1a:9f:49:8e:cd:2f:a7:44:ab:52:
         6b:57:0d:f4:29:5a:91:34:19:22:4c:9e:07:74:d1:10:b2:bb:
         fc:65:0b:ab:2d:97:88:fb:b9:3c:21:8b:89:45:3a:cd:21:22:
         38:fd:80:fc:68:cb:d7:52:dd:3b:79:52:22:b0:ff:3d:2b:bf:
         77:c0:5c:bb:5b:d9:23:c1:e1:00:a9:81:63:61:e9:f5:5b:31:
         0b:45:9e:52:ca:5b:30:78:e0:75:ba:61:ab:a1:02:2a:b1:22:
         7d:63:39:bd:53:c9:47:35:f8:a0:03:a0:84:f9:b6:71:5d:bd:
         5f:15:86:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZY4mUPayBS5k4P1+5CuaSScMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NTcyMTFmOGE2NjU2MWI1NzcwZmYxOWI0NzFhZWY1MTFl
ODM3NzgwHhcNMjUwNDE1MDgzODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjlhOTdmMDQ2NTAyMTU0ZDc5MTQ5ZWE5NjlmNjBhZTUwNWUzNmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlyjCBeymtn+juIqP+cVTEGH5cMh
3sBaKbq6utdW60MpPLHn1kSzRMcujhrwZxBs0umoxfOSFHjwFj4MAXTj1e77SwvZ
rjyVGssHziJfEcqEGE/4XqOnSmoYHZqXKqDpiNQRfxCf39+6ovfMyzPZ4gwxcGfm
8bJscg5+n2n8kObCX2lbrRH6iKA+RjxOKl2C9923sOCDZPf+8egQH80F01eP/l6Q
+ARTVt1lOAcR+RjAS7SBPr8cZCi7kgG2wLBORkNVRDJdIfnJi549rvdEUJwyZkC2
FcnabvtOtPufPaR+dp6s6J6tebsNaHy1BGq9Rr9WC6xHF/bbVcHG1DucyQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBaal/BGUCFU15FJ6pafYK5QXja8MB8GA1UdIwQY
MBaAFHZXIR+KZlYbV3D/GbRxrvUR6Dd4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGxjaEg0cG1WaHRYY1A4WnRIR3U5UkhvTjNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8xZTA2YmUtNDUxMS00NWZjLTg5NDkt
NzQzMWQ2ODlhOGU4LzEvRnBxWDhFWlFJVlRYa1VucWxwOWdybEJlTnJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8xZTA2YmUtNDUxMS00NWZjLTg5NDktNzQzMWQ2ODlhOGU4
LzEvZGxjaEg0cG1WaHRYY1A4WnRIR3U5UkhvTjNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA6M
MA0GCSqGSIb3DQEBCwUAA4IBAQDIzXZgSve4FkKYy4gFkSSbAWgucRVY2kTs7vPd
Ai7DCaNIDk/8omsKxIn/AQKeLdJsOvbvDWnpD++hw12swQ/60dv7lmRTStzU7Nz/
BvW/CyP06xgQVTrwzFSFc3Bl6ZokvZLYvMnTvrVJR4+FY4XbcvO4S0ZYCdEAf49C
GxO3JQtGGQLNXhqfSY7NL6dEq1JrVw30KVqRNBkiTJ4HdNEQsrv8ZQurLZeI+7k8
IYuJRTrNISI4/YD8aMvXUt07eVIisP89K793wFy7W9kjweEAqYFjYen1WzELRZ5S
ylsweOB1umGroQIqsSJ9Yzm9U8lHNfigA6CE+bZxXb1fFYY8
-----END CERTIFICATE-----