Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/8cf51c-54d7-4c3a-90c4-bd512ed58f78/1/8i0pFHh3jLLr_PpCWW1tgeOnNls.roa
File:                     8i0pFHh3jLLr_PpCWW1tgeOnNls.roa (raw, json)
Hash identifier:          zniHfjj60ALgt1todbQ0gmqBBGRN1w6Z180L0gimowg=
Subject key identifier:   F2:2D:29:14:78:77:8C:B2:EB:FC:FA:42:59:6D:6D:81:E3:A7:36:5B
Certificate issuer:       /CN=4eaf14b67e051cfbd5e1b1d51693d44682392792
Certificate serial:       0194B28064DD6ACA6120C471D7FAF0013763
Authority key identifier: 4E:AF:14:B6:7E:05:1C:FB:D5:E1:B1:D5:16:93:D4:46:82:39:27:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tq8Utn4FHPvV4bHVFpPURoI5J5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/8cf51c-54d7-4c3a-90c4-bd512ed58f78/1/8i0pFHh3jLLr_PpCWW1tgeOnNls.roa
Signing time:             Wed 29 Jan 2025 14:39:06 +0000
ROA not before:           Wed 29 Jan 2025 14:39:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215286
IP address blocks:        2001:678:110::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/8cf51c-54d7-4c3a-90c4-bd512ed58f78/1/Tq8Utn4FHPvV4bHVFpPURoI5J5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/8cf51c-54d7-4c3a-90c4-bd512ed58f78/1/Tq8Utn4FHPvV4bHVFpPURoI5J5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tq8Utn4FHPvV4bHVFpPURoI5J5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b2:80:64:dd:6a:ca:61:20:c4:71:d7:fa:f0:01:37:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4eaf14b67e051cfbd5e1b1d51693d44682392792
        Validity
            Not Before: Jan 29 14:39:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f22d291478778cb2ebfcfa42596d6d81e3a7365b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a0:03:f4:88:17:da:e9:86:65:39:ac:0f:32:
                    dd:d9:ca:3c:48:a5:c6:26:66:07:3f:68:c5:c9:7e:
                    e8:c9:ef:3a:2a:4f:7f:3d:d5:b8:02:6a:b2:80:82:
                    fb:5f:50:03:19:67:7e:f3:a1:c6:2e:5e:b5:98:85:
                    4e:3d:ab:7b:9d:2f:49:5a:08:8c:98:94:46:0d:d7:
                    70:f1:ec:3e:37:d8:b2:d8:1c:39:6c:b8:ad:1c:0e:
                    4b:e6:84:8c:37:4a:56:45:4a:93:fa:1b:e8:76:a8:
                    37:3b:41:86:e0:f0:19:ac:9d:48:b0:38:b3:7b:c6:
                    82:63:67:76:d5:67:b7:cf:3b:2f:ae:1a:26:0a:56:
                    b2:08:50:6a:6f:8c:50:88:8b:f8:5e:5f:bd:42:c0:
                    4b:0b:d6:6f:38:ee:57:6a:65:d2:b8:ff:8e:83:e1:
                    34:e0:3c:62:99:c1:ce:c9:2c:7d:97:c6:79:6e:08:
                    f3:6e:df:b7:e8:ec:15:57:fb:ba:44:6c:d1:50:c4:
                    7d:28:8f:4a:47:19:5d:2e:43:b2:b4:3e:3a:20:10:
                    dd:2b:77:cb:14:99:10:d6:82:80:c4:37:92:50:67:
                    9f:5e:e7:a6:8e:22:ec:be:97:89:ef:81:0f:58:4c:
                    52:4b:00:b2:aa:91:89:97:99:78:ef:ce:54:ec:4a:
                    ea:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:2D:29:14:78:77:8C:B2:EB:FC:FA:42:59:6D:6D:81:E3:A7:36:5B
            X509v3 Authority Key Identifier:
                keyid:4E:AF:14:B6:7E:05:1C:FB:D5:E1:B1:D5:16:93:D4:46:82:39:27:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tq8Utn4FHPvV4bHVFpPURoI5J5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/8cf51c-54d7-4c3a-90c4-bd512ed58f78/1/8i0pFHh3jLLr_PpCWW1tgeOnNls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/8cf51c-54d7-4c3a-90c4-bd512ed58f78/1/Tq8Utn4FHPvV4bHVFpPURoI5J5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:110::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:a4:ac:5d:5c:3b:08:67:43:19:f6:39:fd:30:01:b8:02:f5:
         72:f0:b9:13:13:ab:80:25:77:86:70:7d:db:0a:c4:ba:7a:2b:
         c5:91:9d:0d:0c:28:a9:f3:4e:f2:2d:81:85:d7:73:01:e3:b3:
         b8:5b:54:cc:ec:ce:ac:c4:69:5b:90:82:39:91:a5:6e:2d:bf:
         ab:a8:22:43:6b:28:47:66:0e:92:24:0c:9e:53:2a:66:7e:d4:
         75:bf:1f:61:ff:1e:58:28:29:a9:7a:f9:7a:47:a8:a6:75:78:
         31:0c:a1:31:ff:50:90:4b:72:e6:fc:ce:e5:fa:f9:98:23:5a:
         1d:c4:12:84:00:03:a1:fc:71:fe:3f:46:e6:c3:45:08:b2:0f:
         5c:87:4c:89:f2:87:4f:8c:0b:6f:5d:04:62:ee:1b:12:9c:75:
         5d:bd:08:13:44:c7:33:7c:99:e0:80:19:15:03:c6:73:e8:38:
         39:45:6b:aa:32:71:2a:ce:12:a2:dc:1e:c2:75:c2:ea:93:02:
         30:c5:aa:b3:1b:08:ba:00:20:3d:fd:11:e1:74:8c:d4:ca:44:
         73:37:7a:a8:c0:1e:54:62:af:d9:7f:c6:56:7a:13:c1:f1:3e:
         b6:ca:3f:da:bb:18:d4:7f:86:ee:a5:31:32:59:54:1a:60:1b:
         cd:53:04:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZSygGTdasphIMRx1/rwATdjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlYWYxNGI2N2UwNTFjZmJkNWUxYjFkNTE2OTNkNDQ2ODIz
OTI3OTIwHhcNMjUwMTI5MTQzOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjJkMjkxNDc4Nzc4Y2IyZWJmY2ZhNDI1OTZkNmQ4MWUzYTczNjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqAD9IgX2umGZTmsDzLd2co8SKXG
JmYHP2jFyX7oye86Kk9/PdW4AmqygIL7X1ADGWd+86HGLl61mIVOPat7nS9JWgiM
mJRGDddw8ew+N9iy2Bw5bLitHA5L5oSMN0pWRUqT+hvodqg3O0GG4PAZrJ1IsDiz
e8aCY2d21We3zzsvrhomClayCFBqb4xQiIv4Xl+9QsBLC9ZvOO5XamXSuP+Og+E0
4DximcHOySx9l8Z5bgjzbt+36OwVV/u6RGzRUMR9KI9KRxldLkOytD46IBDdK3fL
FJkQ1oKAxDeSUGefXuemjiLsvpeJ74EPWExSSwCyqpGJl5l4785U7ErqKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPItKRR4d4yy6/z6QlltbYHjpzZbMB8GA1UdIwQY
MBaAFE6vFLZ+BRz71eGx1RaT1EaCOSeSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHE4VXRuNEZIUHZWNGJIVkZwUFVSb0k1SjVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS84Y2Y1MWMtNTRkNy00YzNhLTkwYzQt
YmQ1MTJlZDU4Zjc4LzEvOGkwcEZIaDNqTExyX1BwQ1dXMXRnZU9uTmxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS84Y2Y1MWMtNTRkNy00YzNhLTkwYzQtYmQ1MTJlZDU4Zjc4
LzEvVHE4VXRuNEZIUHZWNGJIVkZwUFVSb0k1SjVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB0pKxdXDsIZ0MZ9jn9MAG4AvVy8LkTE6uAJXeG
cH3bCsS6eivFkZ0NDCip807yLYGF13MB47O4W1TM7M6sxGlbkII5kaVuLb+rqCJD
ayhHZg6SJAyeUypmftR1vx9h/x5YKCmpevl6R6imdXgxDKEx/1CQS3Lm/M7l+vmY
I1odxBKEAAOh/HH+P0bmw0UIsg9ch0yJ8odPjAtvXQRi7hsSnHVdvQgTRMczfJng
gBkVA8Zz6Dg5RWuqMnEqzhKi3B7CdcLqkwIwxaqzGwi6ACA9/RHhdIzUykRzN3qo
wB5UYq/Zf8ZWehPB8T62yj/auxjUf4bupTEyWVQaYBvNUwT6
-----END CERTIFICATE-----