Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/3176ea-2f54-4472-9eb2-93a35694f685/1/BI83gyIjEGBOS7ZKdoDrSv8devY.roa
File:                     BI83gyIjEGBOS7ZKdoDrSv8devY.roa (raw, json)
Hash identifier:          jLwvUyWb11PVZ3r8d/OcSHQ4Hzj4d1bbdW3f/BH7o3c=
Subject key identifier:   04:8F:37:83:22:23:10:60:4E:4B:B6:4A:76:80:EB:4A:FF:1D:7A:F6
Certificate issuer:       /CN=a45cec1660ad2dfe771a9a1234b1d12a9c5b8211
Certificate serial:       0197AD9A56AAFA37742DBEADA51343D0F7C3
Authority key identifier: A4:5C:EC:16:60:AD:2D:FE:77:1A:9A:12:34:B1:D1:2A:9C:5B:82:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pFzsFmCtLf53GpoSNLHRKpxbghE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/3176ea-2f54-4472-9eb2-93a35694f685/1/BI83gyIjEGBOS7ZKdoDrSv8devY.roa
Signing time:             Thu 26 Jun 2025 18:57:42 +0000
ROA not before:           Thu 26 Jun 2025 18:57:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201173
IP address blocks:        2001:67c:2d50::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/3176ea-2f54-4472-9eb2-93a35694f685/1/pFzsFmCtLf53GpoSNLHRKpxbghE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/3176ea-2f54-4472-9eb2-93a35694f685/1/pFzsFmCtLf53GpoSNLHRKpxbghE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pFzsFmCtLf53GpoSNLHRKpxbghE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 03:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ad:9a:56:aa:fa:37:74:2d:be:ad:a5:13:43:d0:f7:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a45cec1660ad2dfe771a9a1234b1d12a9c5b8211
        Validity
            Not Before: Jun 26 18:57:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=048f3783222310604e4bb64a7680eb4aff1d7af6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e3:a3:84:6b:19:4c:03:04:60:32:19:c0:c1:
                    1c:64:d5:1d:5d:bf:75:6d:f5:83:2d:03:da:23:9e:
                    f5:e3:f3:02:73:8f:08:61:54:f4:ab:ee:0a:0c:c8:
                    fc:be:2a:46:fe:2e:c1:a6:52:59:bf:17:14:4c:55:
                    81:5a:b2:aa:ec:11:5d:fb:01:dd:12:b6:af:2b:fb:
                    c4:54:ad:0d:9d:51:20:52:87:83:04:3f:5d:86:cf:
                    c5:2a:f7:85:af:05:0a:b5:ca:50:c1:8d:4a:ce:f2:
                    5e:f0:3c:8f:22:7b:ac:a1:b8:ed:aa:48:1e:1f:e1:
                    a8:16:fd:cf:7a:84:e1:c5:eb:02:58:0c:28:f7:34:
                    10:f1:41:28:df:cf:a4:2b:96:65:75:ba:e6:2a:23:
                    c8:ab:32:1c:9a:9c:bc:01:43:38:3d:c9:7e:97:3b:
                    15:5e:57:92:be:3f:2e:ab:cd:0d:2f:71:39:bf:88:
                    5c:7b:52:fd:8f:f9:f2:ce:06:ad:0b:5d:5d:dd:7d:
                    2f:c6:22:83:93:7d:90:26:9d:96:6c:03:13:84:95:
                    71:06:1f:91:0a:40:84:79:0e:24:c8:88:ab:5a:48:
                    e1:4c:86:7e:91:5b:cb:8f:fb:d0:a7:a6:fd:3c:4d:
                    a5:eb:a8:78:f1:3d:95:74:75:20:e3:af:5c:38:27:
                    b1:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:8F:37:83:22:23:10:60:4E:4B:B6:4A:76:80:EB:4A:FF:1D:7A:F6
            X509v3 Authority Key Identifier:
                keyid:A4:5C:EC:16:60:AD:2D:FE:77:1A:9A:12:34:B1:D1:2A:9C:5B:82:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pFzsFmCtLf53GpoSNLHRKpxbghE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/3176ea-2f54-4472-9eb2-93a35694f685/1/BI83gyIjEGBOS7ZKdoDrSv8devY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/3176ea-2f54-4472-9eb2-93a35694f685/1/pFzsFmCtLf53GpoSNLHRKpxbghE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2d50::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:06:2c:c4:84:c8:6c:f8:70:b3:44:e3:ec:56:2c:86:be:99:
         27:14:bc:20:84:fc:d9:5d:6d:65:95:c7:1c:38:6f:44:5b:67:
         90:48:34:01:17:b7:84:9f:f7:31:6f:6e:44:02:b3:82:9e:ca:
         3e:24:4e:40:38:fa:72:2e:3b:57:43:d6:9b:02:ef:ec:3b:cd:
         f1:1e:75:6a:a1:b6:71:6f:5f:78:cb:77:ba:80:5a:c9:7f:55:
         8a:0c:bb:5c:dc:86:f7:46:96:07:e7:73:18:fe:ff:e7:c7:2e:
         06:f3:bf:b4:53:fd:9c:69:c0:e1:17:bc:e5:4c:05:f5:a8:55:
         b8:84:86:40:f2:5a:8b:eb:05:4a:5e:fd:2c:6d:91:41:6e:a1:
         e9:b9:48:47:de:87:c4:d6:2e:8c:28:83:02:f5:0f:c4:ee:56:
         37:bd:58:37:a7:79:39:eb:ac:f4:cf:c7:02:9e:2f:80:50:e9:
         ed:c3:70:25:ec:75:ac:ff:92:dd:53:7a:c2:bc:c0:ff:3a:2c:
         30:87:24:be:22:3e:1a:bc:3f:e8:6c:d5:a5:2a:6c:65:44:4d:
         8e:96:55:32:e6:c4:fb:59:a2:70:0a:13:70:7c:96:06:85:eb:
         5e:a1:ab:29:67:db:5c:d8:07:d5:b0:30:40:f5:1a:3d:71:37:
         c0:ab:bc:62
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZetmlaq+jd0Lb6tpRND0PfDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0NWNlYzE2NjBhZDJkZmU3NzFhOWExMjM0YjFkMTJhOWM1
YjgyMTEwHhcNMjUwNjI2MTg1NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDhmMzc4MzIyMjMxMDYwNGU0YmI2NGE3NjgwZWI0YWZmMWQ3YWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+OjhGsZTAMEYDIZwMEcZNUdXb91
bfWDLQPaI5714/MCc48IYVT0q+4KDMj8vipG/i7BplJZvxcUTFWBWrKq7BFd+wHd
EravK/vEVK0NnVEgUoeDBD9dhs/FKveFrwUKtcpQwY1KzvJe8DyPInusobjtqkge
H+GoFv3PeoThxesCWAwo9zQQ8UEo38+kK5ZldbrmKiPIqzIcmpy8AUM4Pcl+lzsV
XleSvj8uq80NL3E5v4hce1L9j/nyzgatC11d3X0vxiKDk32QJp2WbAMThJVxBh+R
CkCEeQ4kyIirWkjhTIZ+kVvLj/vQp6b9PE2l66h48T2VdHUg469cOCex1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFASPN4MiIxBgTku2SnaA60r/HXr2MB8GA1UdIwQY
MBaAFKRc7BZgrS3+dxqaEjSx0SqcW4IRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEZ6c0ZtQ3RMZjUzR3BvU05MSFJLcHhiZ2hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8zMTc2ZWEtMmY1NC00NDcyLTllYjIt
OTNhMzU2OTRmNjg1LzEvQkk4M2d5SWpFR0JPUzdaS2RvRHJTdjhkZXZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8zMTc2ZWEtMmY1NC00NDcyLTllYjItOTNhMzU2OTRmNjg1
LzEvcEZ6c0ZtQ3RMZjUzR3BvU05MSFJLcHhiZ2hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC1Q
MA0GCSqGSIb3DQEBCwUAA4IBAQB7BizEhMhs+HCzROPsViyGvpknFLwghPzZXW1l
lcccOG9EW2eQSDQBF7eEn/cxb25EArOCnso+JE5AOPpyLjtXQ9abAu/sO83xHnVq
obZxb194y3e6gFrJf1WKDLtc3Ib3RpYH53MY/v/nxy4G87+0U/2cacDhF7zlTAX1
qFW4hIZA8lqL6wVKXv0sbZFBbqHpuUhH3ofE1i6MKIMC9Q/E7lY3vVg3p3k566z0
z8cCni+AUOntw3Al7HWs/5LdU3rCvMD/OiwwhyS+Ij4avD/obNWlKmxlRE2OllUy
5sT7WaJwChNwfJYGheteoaspZ9tc2AfVsDBA9Ro9cTfAq7xi
-----END CERTIFICATE-----