Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/017849-7ccf-4815-bc69-a77f0b32144e/1/xjqb8HoLRLAR-p4-R3Sb4dWDULU.roa
File:                     xjqb8HoLRLAR-p4-R3Sb4dWDULU.roa (raw, json)
Hash identifier:          1mq/X/AhDxzJxbocaN5soLh/qNxvhHjRbgctopoVrKg=
Subject key identifier:   C6:3A:9B:F0:7A:0B:44:B0:11:FA:9E:3E:47:74:9B:E1:D5:83:50:B5
Certificate issuer:       /CN=0e5a08fc34690f52db0c2b7e47e8e53883145a98
Certificate serial:       01963DAE3A67A3256BA596BCD3AC28339841
Authority key identifier: 0E:5A:08:FC:34:69:0F:52:DB:0C:2B:7E:47:E8:E5:38:83:14:5A:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DloI_DRpD1LbDCt-R-jlOIMUWpg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/017849-7ccf-4815-bc69-a77f0b32144e/1/xjqb8HoLRLAR-p4-R3Sb4dWDULU.roa
Signing time:             Wed 16 Apr 2025 08:19:10 +0000
ROA not before:           Wed 16 Apr 2025 08:19:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210360
IP address blocks:        2001:678:b24::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/017849-7ccf-4815-bc69-a77f0b32144e/1/DloI_DRpD1LbDCt-R-jlOIMUWpg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/017849-7ccf-4815-bc69-a77f0b32144e/1/DloI_DRpD1LbDCt-R-jlOIMUWpg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DloI_DRpD1LbDCt-R-jlOIMUWpg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 20:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3d:ae:3a:67:a3:25:6b:a5:96:bc:d3:ac:28:33:98:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e5a08fc34690f52db0c2b7e47e8e53883145a98
        Validity
            Not Before: Apr 16 08:19:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c63a9bf07a0b44b011fa9e3e47749be1d58350b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2d:97:dc:d7:53:e5:01:fe:02:0c:9e:d0:30:
                    5b:89:03:7e:6f:a6:df:86:50:f9:28:c1:28:d2:ee:
                    de:4e:dc:96:4d:85:89:33:2b:98:17:ac:0c:a7:a6:
                    e3:2e:ef:27:62:2c:1d:c5:a3:53:94:ec:10:61:e4:
                    b0:36:41:2a:c8:7a:6a:23:5f:8f:9f:8a:3b:62:6f:
                    0f:3a:af:e9:38:cd:f5:57:bd:f0:d3:ac:0c:b3:c4:
                    82:da:78:1e:1f:a5:0b:24:45:7e:bd:dc:24:5b:c6:
                    c0:67:5e:e0:8f:80:d0:ac:e1:02:c8:17:37:7b:ce:
                    56:ee:c9:e8:45:c3:99:36:33:e4:49:01:3a:4f:06:
                    11:6c:5e:55:7e:ff:46:9d:4c:24:9b:9c:72:4f:09:
                    ed:36:95:93:08:2f:7c:0e:81:d6:d6:a3:37:91:f1:
                    f8:55:28:8c:58:92:f1:a7:8b:f2:b9:cd:1d:8a:69:
                    2c:25:5d:c9:12:4d:95:55:b3:5e:70:97:d6:01:6d:
                    3c:3c:57:80:82:37:1d:0b:15:9d:28:8f:59:45:c9:
                    10:c9:e2:fc:13:38:57:10:3b:f0:55:43:6b:f6:f3:
                    6e:9f:88:e5:19:06:34:d9:2b:b1:1d:2d:00:c9:20:
                    e6:6a:09:b9:8c:13:ae:80:c4:6e:4a:c3:51:e9:38:
                    db:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:3A:9B:F0:7A:0B:44:B0:11:FA:9E:3E:47:74:9B:E1:D5:83:50:B5
            X509v3 Authority Key Identifier:
                keyid:0E:5A:08:FC:34:69:0F:52:DB:0C:2B:7E:47:E8:E5:38:83:14:5A:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DloI_DRpD1LbDCt-R-jlOIMUWpg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/017849-7ccf-4815-bc69-a77f0b32144e/1/xjqb8HoLRLAR-p4-R3Sb4dWDULU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/017849-7ccf-4815-bc69-a77f0b32144e/1/DloI_DRpD1LbDCt-R-jlOIMUWpg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:b24::/48

    Signature Algorithm: sha256WithRSAEncryption
         d5:74:00:a0:23:df:94:59:f9:ab:42:63:a5:88:61:3f:95:41:
         4d:27:f2:24:db:26:5f:4e:6f:8c:e5:8e:71:6e:2a:bb:8f:d5:
         9d:9d:d7:27:af:b8:96:d2:df:25:a9:5b:e0:c6:3c:c2:76:01:
         32:0b:ab:6c:d7:44:1a:d0:b6:d9:de:1c:cd:cc:0d:ae:f1:f7:
         e5:5b:97:ea:c0:da:24:25:b8:b3:94:14:d7:d1:a9:7c:10:05:
         48:e1:d4:a2:11:c2:46:3d:ee:44:ac:58:7d:6b:ee:e7:1d:64:
         ef:2f:8e:46:b5:02:40:04:d2:b9:ad:3b:6b:65:9c:4f:15:92:
         7e:49:4b:79:f4:77:af:f2:99:2c:a7:7b:2c:51:8a:30:60:3f:
         44:db:1e:de:59:a8:76:d0:6e:b3:52:3b:72:90:bd:b4:7e:41:
         3c:76:fb:09:df:ab:39:8e:8d:21:ac:b5:e4:f5:3e:a9:14:19:
         16:1e:1b:6d:ed:db:33:57:b4:0a:3e:0f:d7:91:1b:28:00:6e:
         e6:b1:40:ba:98:95:3c:1e:a4:8c:26:75:e2:d0:16:70:31:c0:
         2c:d6:c1:d2:70:3b:4a:7b:c7:56:e3:44:c8:d2:18:d7:09:d5:
         fd:21:43:04:1c:32:19:d0:24:8f:c6:e0:5e:81:f9:0e:ae:7c:
         87:b7:91:12
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZY9rjpnoyVrpZa806woM5hBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNWEwOGZjMzQ2OTBmNTJkYjBjMmI3ZTQ3ZThlNTM4ODMx
NDVhOTgwHhcNMjUwNDE2MDgxOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjNhOWJmMDdhMGI0NGIwMTFmYTllM2U0Nzc0OWJlMWQ1ODM1MGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuy2X3NdT5QH+Agye0DBbiQN+b6bf
hlD5KMEo0u7eTtyWTYWJMyuYF6wMp6bjLu8nYiwdxaNTlOwQYeSwNkEqyHpqI1+P
n4o7Ym8POq/pOM31V73w06wMs8SC2ngeH6ULJEV+vdwkW8bAZ17gj4DQrOECyBc3
e85W7snoRcOZNjPkSQE6TwYRbF5Vfv9GnUwkm5xyTwntNpWTCC98DoHW1qM3kfH4
VSiMWJLxp4vyuc0dimksJV3JEk2VVbNecJfWAW08PFeAgjcdCxWdKI9ZRckQyeL8
EzhXEDvwVUNr9vNun4jlGQY02SuxHS0AySDmagm5jBOugMRuSsNR6TjbfQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMY6m/B6C0SwEfqePkd0m+HVg1C1MB8GA1UdIwQY
MBaAFA5aCPw0aQ9S2wwrfkfo5TiDFFqYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGxvSV9EUnBEMUxiREN0LVItamxPSU1VV3BnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMTc4NDktN2NjZi00ODE1LWJjNjkt
YTc3ZjBiMzIxNDRlLzEveGpxYjhIb0xSTEFSLXA0LVIzU2I0ZFdEVUxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMTc4NDktN2NjZi00ODE1LWJjNjktYTc3ZjBiMzIxNDRl
LzEvRGxvSV9EUnBEMUxiREN0LVItamxPSU1VV3BnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAsk
MA0GCSqGSIb3DQEBCwUAA4IBAQDVdACgI9+UWfmrQmOliGE/lUFNJ/Ik2yZfTm+M
5Y5xbiq7j9Wdndcnr7iW0t8lqVvgxjzCdgEyC6ts10Qa0LbZ3hzNzA2u8fflW5fq
wNokJbizlBTX0al8EAVI4dSiEcJGPe5ErFh9a+7nHWTvL45GtQJABNK5rTtrZZxP
FZJ+SUt59Hev8pksp3ssUYowYD9E2x7eWah20G6zUjtykL20fkE8dvsJ36s5jo0h
rLXk9T6pFBkWHhtt7dszV7QKPg/XkRsoAG7msUC6mJU8HqSMJnXi0BZwMcAs1sHS
cDtKe8dW40TI0hjXCdX9IUMEHDIZ0CSPxuBegfkOrnyHt5ES
-----END CERTIFICATE-----