Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/afdf95-2834-4dcc-b41d-3f9f264ceb20/1/67cURHvE8N468SNY-596hMGCZrE.roa
File:                     67cURHvE8N468SNY-596hMGCZrE.roa (raw, json)
Hash identifier:          FN6Q1cZazUZE1w3lj4UC84iZc47H5rmnpO3kr+z0CXA=
Subject key identifier:   EB:B7:14:44:7B:C4:F0:DE:3A:F1:23:58:FB:9F:7A:84:C1:82:66:B1
Certificate issuer:       /CN=e9b1a6c061455c08e9147b281fc7424cbc545f41
Certificate serial:       01977E824BB3A9597BD2EBCAC5ED4300956C
Authority key identifier: E9:B1:A6:C0:61:45:5C:08:E9:14:7B:28:1F:C7:42:4C:BC:54:5F:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6bGmwGFFXAjpFHsoH8dCTLxUX0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/afdf95-2834-4dcc-b41d-3f9f264ceb20/1/67cURHvE8N468SNY-596hMGCZrE.roa
Signing time:             Tue 17 Jun 2025 15:29:17 +0000
ROA not before:           Tue 17 Jun 2025 15:29:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202803
IP address blocks:        80.64.212.0/22 maxlen: 24
                          80.64.212.0/23 maxlen: 23
                          80.64.214.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/afdf95-2834-4dcc-b41d-3f9f264ceb20/1/6bGmwGFFXAjpFHsoH8dCTLxUX0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/afdf95-2834-4dcc-b41d-3f9f264ceb20/1/6bGmwGFFXAjpFHsoH8dCTLxUX0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6bGmwGFFXAjpFHsoH8dCTLxUX0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 01:02:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7e:82:4b:b3:a9:59:7b:d2:eb:ca:c5:ed:43:00:95:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9b1a6c061455c08e9147b281fc7424cbc545f41
        Validity
            Not Before: Jun 17 15:29:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebb714447bc4f0de3af12358fb9f7a84c18266b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:95:c8:6d:9d:49:db:34:da:09:5b:c4:8d:2e:
                    ff:cf:95:ae:36:ef:60:9c:92:0d:64:04:cd:89:66:
                    63:bb:42:f5:55:e2:64:c1:dd:cd:e7:a3:f0:19:c6:
                    fc:ce:d4:40:31:c9:78:aa:67:0a:ec:35:cb:2a:b3:
                    ba:0c:83:c3:62:30:aa:1f:ba:51:f2:14:2c:bd:88:
                    32:0b:e3:92:80:08:f4:28:c2:17:4a:f0:df:a6:6a:
                    5a:df:8a:3e:df:5b:bc:3d:5b:69:5d:d4:28:06:b1:
                    4c:80:33:82:4b:9c:24:f1:7a:32:50:35:97:41:a5:
                    03:31:56:48:d5:4d:63:8f:06:5b:c3:09:d6:5f:25:
                    69:78:7a:0d:c5:44:04:78:4f:77:54:75:9f:04:dc:
                    33:6e:3f:56:1d:b9:c6:cb:56:4a:31:1c:0e:24:88:
                    ae:46:7d:05:52:dc:14:98:b9:5b:d6:5b:d8:5a:df:
                    cf:be:cc:5e:9e:7b:de:2e:14:bc:54:4c:d8:43:1a:
                    cd:ef:c5:c8:ae:9e:33:94:6b:bb:e2:bf:bf:cb:2a:
                    31:8b:c4:5e:a0:ec:93:02:2a:c6:96:23:30:3e:c1:
                    67:02:c6:5b:47:79:99:b2:67:a6:2b:a6:05:80:57:
                    7a:b4:5f:77:c5:f2:fe:55:d7:09:0a:5a:57:75:0e:
                    f2:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:B7:14:44:7B:C4:F0:DE:3A:F1:23:58:FB:9F:7A:84:C1:82:66:B1
            X509v3 Authority Key Identifier:
                keyid:E9:B1:A6:C0:61:45:5C:08:E9:14:7B:28:1F:C7:42:4C:BC:54:5F:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6bGmwGFFXAjpFHsoH8dCTLxUX0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/afdf95-2834-4dcc-b41d-3f9f264ceb20/1/67cURHvE8N468SNY-596hMGCZrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/afdf95-2834-4dcc-b41d-3f9f264ceb20/1/6bGmwGFFXAjpFHsoH8dCTLxUX0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6d:fa:da:c7:bd:97:18:7f:0a:50:ba:e4:4c:79:cf:2b:7b:9e:
         2a:e7:fb:f0:00:8b:8a:4c:8f:ef:33:db:cc:d9:66:e8:8e:49:
         83:ad:73:02:50:d7:58:78:a1:a1:fe:d9:64:f7:88:4d:96:fa:
         b4:69:a2:e3:1b:04:ce:9a:11:2b:32:e8:97:d7:82:77:a0:45:
         30:76:b7:73:ce:4a:c7:2b:66:6e:b1:99:21:0e:f4:69:a5:9e:
         66:18:f1:28:d2:c6:73:93:3e:43:e9:a7:02:c4:4f:f7:65:8e:
         48:85:83:9e:68:ac:50:fd:8f:78:d4:5f:03:08:d0:96:ea:70:
         d2:35:54:9b:53:f9:d0:61:f8:3a:a2:46:7d:6a:3a:8d:5c:64:
         04:ba:aa:54:dc:85:e1:6e:0b:23:f4:25:94:b7:b9:c9:19:ca:
         68:59:71:75:7a:c8:9e:60:98:05:5e:81:7d:d6:03:29:03:ac:
         ec:a2:b9:9a:9b:de:69:40:80:a3:d9:07:0f:30:2b:50:d4:29:
         24:14:f8:15:76:c0:b8:92:2e:14:49:3e:9a:4a:98:52:33:be:
         94:09:e7:f8:b6:bc:2e:26:a8:11:72:d9:b5:50:17:0a:09:61:
         d6:f3:04:a1:e6:73:26:a6:ed:76:dd:32:d6:da:36:3c:0f:a3:
         16:2a:3d:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd+gkuzqVl70uvKxe1DAJVsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YjFhNmMwNjE0NTVjMDhlOTE0N2IyODFmYzc0MjRjYmM1
NDVmNDEwHhcNMjUwNjE3MTUyOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmI3MTQ0NDdiYzRmMGRlM2FmMTIzNThmYjlmN2E4NGMxODI2NmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5XIbZ1J2zTaCVvEjS7/z5WuNu9g
nJINZATNiWZju0L1VeJkwd3N56PwGcb8ztRAMcl4qmcK7DXLKrO6DIPDYjCqH7pR
8hQsvYgyC+OSgAj0KMIXSvDfpmpa34o+31u8PVtpXdQoBrFMgDOCS5wk8XoyUDWX
QaUDMVZI1U1jjwZbwwnWXyVpeHoNxUQEeE93VHWfBNwzbj9WHbnGy1ZKMRwOJIiu
Rn0FUtwUmLlb1lvYWt/PvsxennveLhS8VEzYQxrN78XIrp4zlGu74r+/yyoxi8Re
oOyTAirGliMwPsFnAsZbR3mZsmemK6YFgFd6tF93xfL+VdcJClpXdQ7y3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOu3FER7xPDeOvEjWPufeoTBgmaxMB8GA1UdIwQY
MBaAFOmxpsBhRVwI6RR7KB/HQky8VF9BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmJHbXdHRkZYQWpwRkhzb0g4ZENUTHhVWDBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9hZmRmOTUtMjgzNC00ZGNjLWI0MWQt
M2Y5ZjI2NGNlYjIwLzEvNjdjVVJIdkU4TjQ2OFNOWS01OTZoTUdDWnJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9hZmRmOTUtMjgzNC00ZGNjLWI0MWQtM2Y5ZjI2NGNlYjIw
LzEvNmJHbXdHRkZYQWpwRkhzb0g4ZENUTHhVWDBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUEDUMA0G
CSqGSIb3DQEBCwUAA4IBAQBt+trHvZcYfwpQuuRMec8re54q5/vwAIuKTI/vM9vM
2WbojkmDrXMCUNdYeKGh/tlk94hNlvq0aaLjGwTOmhErMuiX14J3oEUwdrdzzkrH
K2ZusZkhDvRppZ5mGPEo0sZzkz5D6acCxE/3ZY5IhYOeaKxQ/Y941F8DCNCW6nDS
NVSbU/nQYfg6okZ9ajqNXGQEuqpU3IXhbgsj9CWUt7nJGcpoWXF1esieYJgFXoF9
1gMpA6zsormam95pQICj2QcPMCtQ1CkkFPgVdsC4ki4UST6aSphSM76UCef4trwu
JqgRctm1UBcKCWHW8wSh5nMmpu123TLW2jY8D6MWKj04
-----END CERTIFICATE-----