Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/508a26-e199-41b9-9e19-f98c75dea292/1/cj4zWw5xq9EoEtqlLeBFl4S5Tw8.roa
File:                     cj4zWw5xq9EoEtqlLeBFl4S5Tw8.roa (raw, json)
Hash identifier:          juaSzbzMDJ0sK0T5VgO//FmV7+h5xttoXCzQBonEpPE=
Subject key identifier:   72:3E:33:5B:0E:71:AB:D1:28:12:DA:A5:2D:E0:45:97:84:B9:4F:0F
Certificate issuer:       /CN=943c903b4d0e83bc8b2d4543136e9cd5f39864f5
Certificate serial:       01941F8C797CE8019D8192EB176E8FE41EFF
Authority key identifier: 94:3C:90:3B:4D:0E:83:BC:8B:2D:45:43:13:6E:9C:D5:F3:98:64:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lDyQO00Og7yLLUVDE26c1fOYZPU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/508a26-e199-41b9-9e19-f98c75dea292/1/cj4zWw5xq9EoEtqlLeBFl4S5Tw8.roa
Signing time:             Wed 01 Jan 2025 01:48:07 +0000
ROA not before:           Wed 01 Jan 2025 01:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16019
IP address blocks:        2001:678:95c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/508a26-e199-41b9-9e19-f98c75dea292/1/lDyQO00Og7yLLUVDE26c1fOYZPU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/508a26-e199-41b9-9e19-f98c75dea292/1/lDyQO00Og7yLLUVDE26c1fOYZPU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lDyQO00Og7yLLUVDE26c1fOYZPU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 19:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:79:7c:e8:01:9d:81:92:eb:17:6e:8f:e4:1e:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=943c903b4d0e83bc8b2d4543136e9cd5f39864f5
        Validity
            Not Before: Jan  1 01:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=723e335b0e71abd12812daa52de0459784b94f0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:ce:a3:79:68:72:0c:d3:44:f1:39:01:05:b3:
                    92:5c:d7:9d:72:70:b6:55:98:95:28:6f:b8:db:5d:
                    23:eb:ae:33:a8:78:d9:8a:3b:a7:45:8d:75:81:2c:
                    89:38:44:1f:ad:62:98:89:51:88:a3:a2:3a:b4:62:
                    15:ed:f8:ff:4f:b5:76:41:0d:16:0e:09:8a:53:0d:
                    ea:77:f8:c4:a6:f8:74:57:13:c3:07:2b:ce:b3:33:
                    24:b8:a9:c9:63:be:d6:68:7c:6b:dd:39:be:ad:8a:
                    a2:a2:bf:60:2f:70:e3:58:17:53:05:61:a8:be:2c:
                    5c:dd:92:0d:ab:53:41:f8:3e:bc:b7:f8:75:08:0b:
                    a2:df:d2:e3:b6:7d:52:fa:c3:07:1a:9a:84:7c:66:
                    a7:7a:32:7b:19:2e:d6:f8:d4:bd:5b:38:52:cf:5f:
                    15:88:f2:d8:3b:6e:29:08:e4:ac:2b:bc:ed:5a:01:
                    4c:b4:34:72:d3:93:0e:37:ae:9d:39:82:7e:69:1f:
                    4d:36:d8:dc:45:00:1c:bb:02:d7:cd:2c:8a:35:0c:
                    1d:93:b0:cc:02:c7:7e:97:51:93:45:be:7a:75:e8:
                    8f:05:f7:6d:a9:71:7b:2b:6c:99:7a:f6:be:32:dc:
                    0c:fc:9a:a4:65:8f:36:f8:89:ac:f9:e6:7f:5e:bf:
                    3b:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:3E:33:5B:0E:71:AB:D1:28:12:DA:A5:2D:E0:45:97:84:B9:4F:0F
            X509v3 Authority Key Identifier:
                keyid:94:3C:90:3B:4D:0E:83:BC:8B:2D:45:43:13:6E:9C:D5:F3:98:64:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lDyQO00Og7yLLUVDE26c1fOYZPU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/508a26-e199-41b9-9e19-f98c75dea292/1/cj4zWw5xq9EoEtqlLeBFl4S5Tw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/508a26-e199-41b9-9e19-f98c75dea292/1/lDyQO00Og7yLLUVDE26c1fOYZPU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:95c::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:a9:2f:2e:35:87:63:22:af:ca:eb:3d:bf:ba:ac:02:4c:6a:
         3a:d4:8c:4d:28:1b:6c:0d:6f:b7:93:f1:69:7a:54:40:76:b9:
         99:13:9b:88:f0:ba:8f:b3:fc:c9:67:d6:df:0b:eb:1f:1d:b0:
         46:34:26:40:f3:ef:d7:db:a8:ff:d7:5a:9e:4b:53:00:88:01:
         2d:71:4e:40:ce:3e:a6:d6:ba:8c:dc:91:0f:ba:d8:9d:59:43:
         40:c8:3c:c5:ba:2b:75:c8:bd:44:96:cc:44:91:b1:29:61:4f:
         c8:f1:5c:58:00:ac:6a:5e:86:0f:28:11:a2:6c:7c:a9:96:a5:
         61:7c:27:b5:64:be:b6:ea:fa:6d:f3:a2:1b:73:76:f5:d1:b3:
         dd:03:a2:57:9a:61:6a:f4:31:07:dd:e1:fd:ed:cd:8c:33:97:
         1f:44:3a:12:6f:93:db:12:57:4f:da:25:97:e5:4a:d9:18:05:
         21:fd:70:c2:ef:6b:a1:11:2e:23:44:0b:3c:14:55:31:5e:4a:
         80:ac:2b:c0:62:81:5d:58:bf:4e:ef:25:9e:cd:ae:39:71:ef:
         93:18:44:9a:25:1d:77:ec:18:3a:45:50:4a:c3:a8:aa:21:a2:
         00:ac:af:f4:e3:19:11:4c:3d:f7:e4:a0:8b:7e:6e:9b:8e:91:
         57:0c:35:0c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjHl86AGdgZLrF26P5B7/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0M2M5MDNiNGQwZTgzYmM4YjJkNDU0MzEzNmU5Y2Q1ZjM5
ODY0ZjUwHhcNMjUwMTAxMDE0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjNlMzM1YjBlNzFhYmQxMjgxMmRhYTUyZGUwNDU5Nzg0Yjk0ZjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0M6jeWhyDNNE8TkBBbOSXNedcnC2
VZiVKG+4210j664zqHjZijunRY11gSyJOEQfrWKYiVGIo6I6tGIV7fj/T7V2QQ0W
DgmKUw3qd/jEpvh0VxPDByvOszMkuKnJY77WaHxr3Tm+rYqior9gL3DjWBdTBWGo
vixc3ZINq1NB+D68t/h1CAui39Ljtn1S+sMHGpqEfGanejJ7GS7W+NS9WzhSz18V
iPLYO24pCOSsK7ztWgFMtDRy05MON66dOYJ+aR9NNtjcRQAcuwLXzSyKNQwdk7DM
Asd+l1GTRb56deiPBfdtqXF7K2yZeva+MtwM/JqkZY82+Ims+eZ/Xr87JwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHI+M1sOcavRKBLapS3gRZeEuU8PMB8GA1UdIwQY
MBaAFJQ8kDtNDoO8iy1FQxNunNXzmGT1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbER5UU8wME9nN3lMTFVWREUyNmMxZk9ZWlBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS81MDhhMjYtZTE5OS00MWI5LTllMTkt
Zjk4Yzc1ZGVhMjkyLzEvY2o0eld3NXhxOUVvRXRxbExlQkZsNFM1VHc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS81MDhhMjYtZTE5OS00MWI5LTllMTktZjk4Yzc1ZGVhMjky
LzEvbER5UU8wME9nN3lMTFVWREUyNmMxZk9ZWlBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAlc
MA0GCSqGSIb3DQEBCwUAA4IBAQBgqS8uNYdjIq/K6z2/uqwCTGo61IxNKBtsDW+3
k/FpelRAdrmZE5uI8LqPs/zJZ9bfC+sfHbBGNCZA8+/X26j/11qeS1MAiAEtcU5A
zj6m1rqM3JEPutidWUNAyDzFuit1yL1ElsxEkbEpYU/I8VxYAKxqXoYPKBGibHyp
lqVhfCe1ZL626vpt86Ibc3b10bPdA6JXmmFq9DEH3eH97c2MM5cfRDoSb5PbEldP
2iWX5UrZGAUh/XDC72uhES4jRAs8FFUxXkqArCvAYoFdWL9O7yWeza45ce+TGESa
JR137Bg6RVBKw6iqIaIArK/04xkRTD335KCLfm6bjpFXDDUM
-----END CERTIFICATE-----