Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/f5d0f9-ca2f-4b6e-917c-137109369621/1/igZag3cgyJRdv01vkp4DRY6VvTk.roa
File:                     igZag3cgyJRdv01vkp4DRY6VvTk.roa (raw, json)
Hash identifier:          JpGBcXUxW150Ej7SxtVldKg4tZ/GU0LkZvopH1/QgMo=
Subject key identifier:   8A:06:5A:83:77:20:C8:94:5D:BF:4D:6F:92:9E:03:45:8E:95:BD:39
Certificate issuer:       /CN=2bfb0d548c49b6a5618a4d3b3c1da4c3d144bf46
Certificate serial:       01964EB8B6E5F1878D2D5F6A6DF727271664
Authority key identifier: 2B:FB:0D:54:8C:49:B6:A5:61:8A:4D:3B:3C:1D:A4:C3:D1:44:BF:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K_sNVIxJtqVhik07PB2kw9FEv0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/f5d0f9-ca2f-4b6e-917c-137109369621/1/igZag3cgyJRdv01vkp4DRY6VvTk.roa
Signing time:             Sat 19 Apr 2025 15:44:10 +0000
ROA not before:           Sat 19 Apr 2025 15:44:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210152
IP address blocks:        2001:67c:c14::/48 maxlen: 48
                          2001:67c:e88::/48 maxlen: 48
                          2001:67c:2ff8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/f5d0f9-ca2f-4b6e-917c-137109369621/1/K_sNVIxJtqVhik07PB2kw9FEv0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/f5d0f9-ca2f-4b6e-917c-137109369621/1/K_sNVIxJtqVhik07PB2kw9FEv0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K_sNVIxJtqVhik07PB2kw9FEv0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 12:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:4e:b8:b6:e5:f1:87:8d:2d:5f:6a:6d:f7:27:27:16:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2bfb0d548c49b6a5618a4d3b3c1da4c3d144bf46
        Validity
            Not Before: Apr 19 15:44:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a065a837720c8945dbf4d6f929e03458e95bd39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:43:41:5a:fa:56:e5:50:9d:9b:5d:40:99:3d:
                    25:77:97:e1:ea:e5:64:65:7e:d7:f6:5c:b9:9d:d9:
                    1c:d0:57:d8:22:0e:3f:29:7a:96:41:1a:8a:03:98:
                    46:5b:f6:17:5a:3b:da:56:e0:c0:5f:b5:92:fc:d2:
                    3c:6c:98:01:58:3b:bd:61:93:29:a0:ac:87:e7:12:
                    8c:8c:a1:a5:f0:71:87:10:05:1a:eb:be:3c:8a:0f:
                    62:f0:13:e0:39:ea:59:3f:48:f7:ff:4a:81:8c:f0:
                    fd:29:70:68:12:c8:da:9c:29:d3:d4:73:de:d1:26:
                    3d:da:5d:d6:84:42:5c:52:ed:e8:e7:89:70:80:d8:
                    ea:ff:6e:89:2b:8e:f6:d5:36:34:47:b1:35:a2:8d:
                    36:74:21:ae:64:92:1e:7b:ed:81:12:fb:ed:06:17:
                    10:3e:cb:a4:72:1b:90:7a:9f:e3:13:06:8b:93:91:
                    fa:59:f3:68:b8:1b:3a:d4:92:dd:2f:b1:a3:1b:2d:
                    a3:83:aa:ce:ae:50:17:a6:37:0c:ed:36:c4:8a:8f:
                    a8:49:7e:70:e1:e1:50:10:90:03:d0:85:07:02:95:
                    1b:43:bf:f7:50:65:fb:ed:5e:42:09:24:20:42:bc:
                    0f:30:ae:73:77:04:20:78:ae:b1:3b:48:00:77:69:
                    74:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:06:5A:83:77:20:C8:94:5D:BF:4D:6F:92:9E:03:45:8E:95:BD:39
            X509v3 Authority Key Identifier:
                keyid:2B:FB:0D:54:8C:49:B6:A5:61:8A:4D:3B:3C:1D:A4:C3:D1:44:BF:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K_sNVIxJtqVhik07PB2kw9FEv0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/f5d0f9-ca2f-4b6e-917c-137109369621/1/igZag3cgyJRdv01vkp4DRY6VvTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/f5d0f9-ca2f-4b6e-917c-137109369621/1/K_sNVIxJtqVhik07PB2kw9FEv0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c14::/48
                  2001:67c:e88::/48
                  2001:67c:2ff8::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:be:fa:59:48:3e:f2:c1:37:37:95:23:d6:70:e4:03:2e:bb:
         47:7c:4b:3b:d3:19:86:d4:54:7f:9c:74:06:4c:5b:59:39:27:
         53:d0:0f:8b:12:a7:de:41:30:78:1b:02:2c:23:43:98:7a:95:
         26:38:c3:9a:b6:c2:df:ce:11:16:06:b4:07:3d:83:66:a2:42:
         85:7c:5d:ea:95:eb:5d:0b:f4:14:93:cd:40:76:40:1e:0a:d6:
         1a:53:d1:3b:64:43:16:72:24:ce:01:ce:ff:26:e6:18:f9:84:
         57:ef:de:b1:10:04:25:4b:50:19:61:44:87:19:b4:aa:26:e6:
         58:8c:cb:2a:39:04:9e:85:8d:ab:79:4e:7a:a8:8a:93:02:bf:
         57:93:d4:dc:1c:dd:87:c3:fd:a8:06:de:35:8c:0f:29:19:14:
         23:63:ca:0c:79:0b:21:59:e1:6f:cd:99:23:ed:a3:18:06:b1:
         e5:6b:b1:f2:c3:0d:f8:59:9f:12:0b:5c:08:b8:6c:8b:79:ec:
         36:27:1b:d8:36:bc:d2:39:e1:05:5c:06:68:ba:f9:e3:17:cb:
         b6:e9:b2:52:4b:de:ed:a5:39:7e:54:f8:92:2d:c2:62:c3:22:
         45:80:5f:0f:45:07:9b:63:c1:7e:30:f4:40:46:a3:91:43:79:
         a6:59:cb:76
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZZOuLbl8YeNLV9qbfcnJxZkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiZmIwZDU0OGM0OWI2YTU2MThhNGQzYjNjMWRhNGMzZDE0
NGJmNDYwHhcNMjUwNDE5MTU0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTA2NWE4Mzc3MjBjODk0NWRiZjRkNmY5MjllMDM0NThlOTViZDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0NBWvpW5VCdm11AmT0ld5fh6uVk
ZX7X9ly5ndkc0FfYIg4/KXqWQRqKA5hGW/YXWjvaVuDAX7WS/NI8bJgBWDu9YZMp
oKyH5xKMjKGl8HGHEAUa6748ig9i8BPgOepZP0j3/0qBjPD9KXBoEsjanCnT1HPe
0SY92l3WhEJcUu3o54lwgNjq/26JK4721TY0R7E1oo02dCGuZJIee+2BEvvtBhcQ
PsukchuQep/jEwaLk5H6WfNouBs61JLdL7GjGy2jg6rOrlAXpjcM7TbEio+oSX5w
4eFQEJAD0IUHApUbQ7/3UGX77V5CCSQgQrwPMK5zdwQgeK6xO0gAd2l0TQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIoGWoN3IMiUXb9Nb5KeA0WOlb05MB8GA1UdIwQY
MBaAFCv7DVSMSbalYYpNOzwdpMPRRL9GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS19zTlZJeEp0cVZoaWswN1BCMmt3OUZFdjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mNWQwZjktY2EyZi00YjZlLTkxN2Mt
MTM3MTA5MzY5NjIxLzEvaWdaYWczY2d5SlJkdjAxdmtwNERSWTZWdlRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mNWQwZjktY2EyZi00YjZlLTkxN2MtMTM3MTA5MzY5NjIx
LzEvS19zTlZJeEp0cVZoaWswN1BCMmt3OUZFdjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAIAEGfAwU
AwcAIAEGfA6IAwcAIAEGfC/4MA0GCSqGSIb3DQEBCwUAA4IBAQAgvvpZSD7ywTc3
lSPWcOQDLrtHfEs70xmG1FR/nHQGTFtZOSdT0A+LEqfeQTB4GwIsI0OYepUmOMOa
tsLfzhEWBrQHPYNmokKFfF3qletdC/QUk81AdkAeCtYaU9E7ZEMWciTOAc7/JuYY
+YRX796xEAQlS1AZYUSHGbSqJuZYjMsqOQSehY2reU56qIqTAr9Xk9TcHN2Hw/2o
Bt41jA8pGRQjY8oMeQshWeFvzZkj7aMYBrHla7Hyww34WZ8SC1wIuGyLeew2JxvY
NrzSOeEFXAZouvnjF8u26bJSS97tpTl+VPiSLcJiwyJFgF8PRQebY8F+MPRARqOR
Q3mmWct2
-----END CERTIFICATE-----