Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/d6f1ab-2c9b-4f70-92b0-b7cd52703e8d/1/2PO56c07BT5UqW7VHJgEtBZRuc4.roa
File:                     2PO56c07BT5UqW7VHJgEtBZRuc4.roa (raw, json)
Hash identifier:          j6nnqb1GzOx8EAgfl33x3DbOrwgUFnv8OKDrDXb3GYE=
Subject key identifier:   D8:F3:B9:E9:CD:3B:05:3E:54:A9:6E:D5:1C:98:04:B4:16:51:B9:CE
Certificate issuer:       /CN=eaabfee1d7c8cc876073333c4caa881a37b36c91
Certificate serial:       0196AEF4E22AE7FF015872BC7DB3DE9D9A0A
Authority key identifier: EA:AB:FE:E1:D7:C8:CC:87:60:73:33:3C:4C:AA:88:1A:37:B3:6C:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qv-4dfIzIdgczM8TKqIGjezbJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/d6f1ab-2c9b-4f70-92b0-b7cd52703e8d/1/2PO56c07BT5UqW7VHJgEtBZRuc4.roa
Signing time:             Thu 08 May 2025 08:13:26 +0000
ROA not before:           Thu 08 May 2025 08:13:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209267
IP address blocks:        2001:67c:12c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/d6f1ab-2c9b-4f70-92b0-b7cd52703e8d/1/6qv-4dfIzIdgczM8TKqIGjezbJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/d6f1ab-2c9b-4f70-92b0-b7cd52703e8d/1/6qv-4dfIzIdgczM8TKqIGjezbJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qv-4dfIzIdgczM8TKqIGjezbJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ae:f4:e2:2a:e7:ff:01:58:72:bc:7d:b3:de:9d:9a:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaabfee1d7c8cc876073333c4caa881a37b36c91
        Validity
            Not Before: May  8 08:13:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8f3b9e9cd3b053e54a96ed51c9804b41651b9ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7b:31:87:ef:86:4f:0b:5e:38:60:47:57:9a:
                    53:0b:d9:d1:8c:19:66:88:1e:11:ba:cb:01:23:32:
                    a2:ec:32:b1:11:a4:77:95:1e:c2:4a:27:bd:de:cc:
                    7a:46:77:9f:b0:62:53:6e:09:d4:89:d3:a4:8c:fd:
                    c9:64:3d:d2:ae:86:48:ef:24:ce:4b:e5:0f:31:c5:
                    55:4e:8b:55:f4:21:92:5b:1a:51:69:80:f3:70:45:
                    7d:39:e9:70:38:a6:5a:77:54:66:09:83:f7:ce:b3:
                    2a:52:f0:28:e9:32:45:2d:47:bd:15:ac:f3:ea:b0:
                    73:d6:8b:34:13:34:9a:73:3b:45:ce:2a:31:40:dc:
                    7b:47:2f:00:f6:0f:d5:56:f4:4b:1f:e2:26:99:ad:
                    f4:4b:91:ef:d6:e4:88:32:98:fa:55:b8:1e:92:8c:
                    e9:06:5e:a7:0d:32:6c:69:98:83:ac:ec:d7:3d:f8:
                    89:9f:22:de:4c:ec:92:a6:0c:2a:0a:f8:15:0d:ed:
                    88:1a:ff:e3:05:3e:dc:a2:58:34:cf:33:fd:1f:c0:
                    94:15:8c:dd:7e:9c:df:8b:6d:44:27:86:9c:05:2a:
                    33:60:8a:30:d9:51:21:65:10:7e:1e:19:03:44:5b:
                    b3:07:eb:f7:13:5a:9f:22:51:bb:d3:9b:0c:17:4b:
                    7e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:F3:B9:E9:CD:3B:05:3E:54:A9:6E:D5:1C:98:04:B4:16:51:B9:CE
            X509v3 Authority Key Identifier:
                keyid:EA:AB:FE:E1:D7:C8:CC:87:60:73:33:3C:4C:AA:88:1A:37:B3:6C:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qv-4dfIzIdgczM8TKqIGjezbJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/d6f1ab-2c9b-4f70-92b0-b7cd52703e8d/1/2PO56c07BT5UqW7VHJgEtBZRuc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/d6f1ab-2c9b-4f70-92b0-b7cd52703e8d/1/6qv-4dfIzIdgczM8TKqIGjezbJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:12c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:71:01:13:38:73:6b:6b:8c:29:7c:1e:9a:ab:93:39:1f:6c:
         98:4c:af:46:e4:21:80:7e:d1:b4:85:4d:f4:72:ac:37:6e:d5:
         25:bb:1f:e0:f5:01:8c:95:f3:9e:c5:e0:7c:e1:81:16:8d:2d:
         bc:54:26:b9:2f:50:44:bd:03:b8:56:50:a3:87:fe:c4:dc:77:
         b8:7e:a5:cc:b0:2a:cc:c6:77:3e:42:e4:96:37:4f:42:79:9b:
         0b:56:b1:4f:d5:2f:fd:5d:bc:0e:33:d1:30:fa:e3:44:6d:d8:
         64:8a:4c:4c:8d:db:14:b3:7b:0f:00:2b:b2:9e:3c:14:f5:c1:
         e3:f8:f2:c8:80:c8:6c:e7:08:10:bd:48:1c:ce:98:31:b8:31:
         7e:a0:ba:40:0d:6f:5f:39:0b:46:9f:e5:c0:39:9e:bd:b3:e0:
         89:0d:10:99:c7:df:71:3b:68:08:cd:66:9f:68:ea:52:a5:ff:
         0a:58:15:fa:57:1e:0f:80:b2:3b:e6:7d:16:cc:5f:49:da:be:
         47:11:da:f2:3b:35:99:bd:d9:bf:ae:37:be:b9:99:25:b8:8a:
         9b:5f:47:73:eb:56:71:11:d5:1b:bc:c9:15:e6:ee:d1:18:dc:
         6b:64:cf:ad:ba:22:23:4e:a3:97:e0:27:6a:b8:61:d8:ea:53:
         6d:d8:3b:bd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZau9OIq5/8BWHK8fbPenZoKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWJmZWUxZDdjOGNjODc2MDczMzMzYzRjYWE4ODFhMzdi
MzZjOTEwHhcNMjUwNTA4MDgxMzI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGYzYjllOWNkM2IwNTNlNTRhOTZlZDUxYzk4MDRiNDE2NTFiOWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXsxh++GTwteOGBHV5pTC9nRjBlm
iB4RussBIzKi7DKxEaR3lR7CSie93sx6RnefsGJTbgnUidOkjP3JZD3SroZI7yTO
S+UPMcVVTotV9CGSWxpRaYDzcEV9OelwOKZad1RmCYP3zrMqUvAo6TJFLUe9Fazz
6rBz1os0EzSacztFzioxQNx7Ry8A9g/VVvRLH+Imma30S5Hv1uSIMpj6Vbgekozp
Bl6nDTJsaZiDrOzXPfiJnyLeTOySpgwqCvgVDe2IGv/jBT7colg0zzP9H8CUFYzd
fpzfi21EJ4acBSozYIow2VEhZRB+HhkDRFuzB+v3E1qfIlG705sMF0t+WwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNjzuenNOwU+VKlu1RyYBLQWUbnOMB8GA1UdIwQY
MBaAFOqr/uHXyMyHYHMzPEyqiBo3s2yRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnF2LTRkZkl6SWRnY3pNOFRLcUlHamV6YkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9kNmYxYWItMmM5Yi00ZjcwLTkyYjAt
YjdjZDUyNzAzZThkLzEvMlBPNTZjMDdCVDVVcVc3VkhKZ0V0QlpSdWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9kNmYxYWItMmM5Yi00ZjcwLTkyYjAtYjdjZDUyNzAzZThk
LzEvNnF2LTRkZkl6SWRnY3pNOFRLcUlHamV6YkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBLA
MA0GCSqGSIb3DQEBCwUAA4IBAQAUcQETOHNra4wpfB6aq5M5H2yYTK9G5CGAftG0
hU30cqw3btUlux/g9QGMlfOexeB84YEWjS28VCa5L1BEvQO4VlCjh/7E3He4fqXM
sCrMxnc+QuSWN09CeZsLVrFP1S/9XbwOM9Ew+uNEbdhkikxMjdsUs3sPACuynjwU
9cHj+PLIgMhs5wgQvUgczpgxuDF+oLpADW9fOQtGn+XAOZ69s+CJDRCZx99xO2gI
zWafaOpSpf8KWBX6Vx4PgLI75n0WzF9J2r5HEdryOzWZvdm/rje+uZkluIqbX0dz
61ZxEdUbvMkV5u7RGNxrZM+tuiIjTqOX4CdquGHY6lNt2Du9
-----END CERTIFICATE-----