Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/19b008-b6f9-4271-b130-0b7e38a122fe/1/1-3EfbNDzCPBhm-MGXRhX1BvajzU.roa
File:                     1-3EfbNDzCPBhm-MGXRhX1BvajzU.roa (raw, json)
Hash identifier:          N4yj10cZc+R+7TueMdhublW6w9ad85suNg3KfBlUGDU=
Subject key identifier:   FB:71:1F:6C:D0:F3:08:F0:61:9B:E3:06:5D:18:57:D4:1B:DA:8F:35
Certificate issuer:       /CN=9dabc626ac264066b1c5c709a48477f3788361de
Certificate serial:       019420D597E3C392EDB0247E97BD936BEBC0
Authority key identifier: 9D:AB:C6:26:AC:26:40:66:B1:C5:C7:09:A4:84:77:F3:78:83:61:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/navGJqwmQGaxxccJpIR383iDYd4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/19b008-b6f9-4271-b130-0b7e38a122fe/1/1-3EfbNDzCPBhm-MGXRhX1BvajzU.roa
Signing time:             Wed 01 Jan 2025 07:47:36 +0000
ROA not before:           Wed 01 Jan 2025 07:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212746
IP address blocks:        2001:678:c2c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/19b008-b6f9-4271-b130-0b7e38a122fe/1/navGJqwmQGaxxccJpIR383iDYd4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/19b008-b6f9-4271-b130-0b7e38a122fe/1/navGJqwmQGaxxccJpIR383iDYd4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/navGJqwmQGaxxccJpIR383iDYd4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 01:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:97:e3:c3:92:ed:b0:24:7e:97:bd:93:6b:eb:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dabc626ac264066b1c5c709a48477f3788361de
        Validity
            Not Before: Jan  1 07:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb711f6cd0f308f0619be3065d1857d41bda8f35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:50:fd:64:1c:03:f7:fe:98:57:e3:58:18:30:
                    d4:3c:8b:4d:81:57:8d:06:93:03:9e:0b:a5:47:96:
                    d3:e1:b8:f6:c9:30:44:ca:c8:12:f2:e4:18:2a:d2:
                    b3:63:07:ae:36:6c:96:da:2a:e0:0f:79:4f:ce:68:
                    27:c8:1f:56:08:39:6d:cf:4b:8d:13:e1:81:bc:0a:
                    a3:4d:4c:36:4f:ef:a1:e1:74:9d:52:f6:8a:cc:1f:
                    67:84:20:53:e7:04:6f:ae:8b:e6:c2:c6:14:38:6b:
                    6f:f7:16:17:d5:45:fd:a8:ea:7d:f9:25:a5:60:b5:
                    3d:8c:1d:05:09:cc:b3:94:21:7a:42:15:12:97:d2:
                    e3:2e:ba:4a:a8:67:98:65:5b:c3:d3:2a:6d:08:ce:
                    69:7b:4c:11:a8:8b:c9:41:e3:27:f6:fd:b6:32:2d:
                    71:af:6e:0d:24:3e:98:b3:35:db:5c:f2:3b:0e:06:
                    f2:03:65:19:01:a7:91:67:08:f8:91:3f:6c:c9:6c:
                    cc:9c:79:44:a0:ad:84:0e:a4:35:20:9d:42:fc:5f:
                    c2:98:e2:77:97:8e:53:41:d6:92:d1:cf:4e:14:85:
                    b2:a0:a8:7b:f6:99:f2:e2:76:53:0a:d3:80:38:dc:
                    9f:86:32:ab:79:84:d0:a2:16:81:90:82:42:30:86:
                    25:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:71:1F:6C:D0:F3:08:F0:61:9B:E3:06:5D:18:57:D4:1B:DA:8F:35
            X509v3 Authority Key Identifier:
                keyid:9D:AB:C6:26:AC:26:40:66:B1:C5:C7:09:A4:84:77:F3:78:83:61:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/navGJqwmQGaxxccJpIR383iDYd4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/19b008-b6f9-4271-b130-0b7e38a122fe/1/1-3EfbNDzCPBhm-MGXRhX1BvajzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/19b008-b6f9-4271-b130-0b7e38a122fe/1/navGJqwmQGaxxccJpIR383iDYd4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:c2c::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:89:50:6c:6c:c2:18:4e:a9:43:ce:83:67:64:83:73:70:47:
         6e:9c:fc:8a:53:93:c9:8a:c3:56:1d:a0:27:c6:61:c1:b9:45:
         a8:a7:ba:03:91:db:ba:a9:c5:1a:97:1d:e4:0c:5f:69:05:b4:
         a5:27:09:fd:4d:31:08:2a:58:47:0a:91:37:0d:eb:c5:c0:04:
         71:0e:29:cf:1b:e4:9d:cd:61:d4:b5:c6:73:65:17:af:70:74:
         4f:dd:10:d0:1a:1f:f0:8d:2b:07:6c:29:de:9c:ce:21:8e:ae:
         2a:35:76:b2:12:71:80:5c:aa:d9:48:22:c4:10:34:64:d1:ba:
         49:e6:ab:9c:15:3f:a6:26:0a:ce:45:a7:86:02:d7:ac:1f:47:
         34:2d:a9:c8:db:ff:5d:c3:43:6c:2f:19:52:d7:13:1a:14:9c:
         f9:6b:00:e6:78:77:37:e1:f8:83:a0:41:93:ab:0b:fe:70:c2:
         8a:c0:20:ae:90:87:2f:9d:c2:d5:f5:df:f3:a5:3d:6d:ae:3b:
         53:00:04:38:7c:48:52:35:a3:d3:71:42:07:f4:8f:d3:19:23:
         38:63:b2:18:3f:c8:c5:e5:90:5d:39:ce:31:85:7a:9d:44:1b:
         89:ad:3c:4e:43:a5:ce:fa:79:b1:66:5d:0d:c7:37:ce:5b:ad:
         74:be:41:f0
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAZQg1Zfjw5LtsCR+l72Ta+vAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYWJjNjI2YWMyNjQwNjZiMWM1YzcwOWE0ODQ3N2YzNzg4
MzYxZGUwHhcNMjUwMTAxMDc0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjcxMWY2Y2QwZjMwOGYwNjE5YmUzMDY1ZDE4NTdkNDFiZGE4ZjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVD9ZBwD9/6YV+NYGDDUPItNgVeN
BpMDngulR5bT4bj2yTBEysgS8uQYKtKzYweuNmyW2irgD3lPzmgnyB9WCDltz0uN
E+GBvAqjTUw2T++h4XSdUvaKzB9nhCBT5wRvrovmwsYUOGtv9xYX1UX9qOp9+SWl
YLU9jB0FCcyzlCF6QhUSl9LjLrpKqGeYZVvD0yptCM5pe0wRqIvJQeMn9v22Mi1x
r24NJD6YszXbXPI7DgbyA2UZAaeRZwj4kT9syWzMnHlEoK2EDqQ1IJ1C/F/CmOJ3
l45TQdaS0c9OFIWyoKh79pny4nZTCtOAONyfhjKreYTQohaBkIJCMIYlzQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPtxH2zQ8wjwYZvjBl0YV9Qb2o81MB8GA1UdIwQY
MBaAFJ2rxiasJkBmscXHCaSEd/N4g2HeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmF2R0pxd21RR2F4eGNjSnBJUjM4M2lEWWQ0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8xOWIwMDgtYjZmOS00MjcxLWIxMzAt
MGI3ZTM4YTEyMmZlLzEvMS0zRWZiTkR6Q1BCaG0tTUdYUmhYMUJ2YWp6VS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDcvMTliMDA4LWI2ZjktNDI3MS1iMTMwLTBiN2UzOGExMjJm
ZS8xL25hdkdKcXdtUUdheHhjY0pwSVIzODNpRFlkNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBngM
LDANBgkqhkiG9w0BAQsFAAOCAQEAFYlQbGzCGE6pQ86DZ2SDc3BHbpz8ilOTyYrD
Vh2gJ8ZhwblFqKe6A5HbuqnFGpcd5AxfaQW0pScJ/U0xCCpYRwqRNw3rxcAEcQ4p
zxvknc1h1LXGc2UXr3B0T90Q0Bof8I0rB2wp3pzOIY6uKjV2shJxgFyq2UgixBA0
ZNG6SearnBU/piYKzkWnhgLXrB9HNC2pyNv/XcNDbC8ZUtcTGhSc+WsA5nh3N+H4
g6BBk6sL/nDCisAgrpCHL53C1fXf86U9ba47UwAEOHxIUjWj03FCB/SP0xkjOGOy
GD/IxeWQXTnOMYV6nUQbia08TkOlzvp5sWZdDcc3zlutdL5B8A==
-----END CERTIFICATE-----