Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/d4d12a-ab4e-4dba-95de-bc637130de6e/1/ZbCuBvhm3WPg8vIgNTz5bN7GnM0.roa
File:                     ZbCuBvhm3WPg8vIgNTz5bN7GnM0.roa (raw, json)
Hash identifier:          geQ1HtbnOZqLyTn8wKAlnJdK10ztk7Vg8HhapzU1X2M=
Subject key identifier:   65:B0:AE:06:F8:66:DD:63:E0:F2:F2:20:35:3C:F9:6C:DE:C6:9C:CD
Certificate issuer:       /CN=7fb43de237fd0b6a287389230921d25a2c2ed1a8
Certificate serial:       019426D93FC8E6DC69DDBE848A3ECB2A198A
Authority key identifier: 7F:B4:3D:E2:37:FD:0B:6A:28:73:89:23:09:21:D2:5A:2C:2E:D1:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f7Q94jf9C2ooc4kjCSHSWiwu0ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/d4d12a-ab4e-4dba-95de-bc637130de6e/1/ZbCuBvhm3WPg8vIgNTz5bN7GnM0.roa
Signing time:             Thu 02 Jan 2025 11:49:19 +0000
ROA not before:           Thu 02 Jan 2025 11:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200924
IP address blocks:        2001:678:66c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/d4d12a-ab4e-4dba-95de-bc637130de6e/1/f7Q94jf9C2ooc4kjCSHSWiwu0ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/d4d12a-ab4e-4dba-95de-bc637130de6e/1/f7Q94jf9C2ooc4kjCSHSWiwu0ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f7Q94jf9C2ooc4kjCSHSWiwu0ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:3f:c8:e6:dc:69:dd:be:84:8a:3e:cb:2a:19:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fb43de237fd0b6a287389230921d25a2c2ed1a8
        Validity
            Not Before: Jan  2 11:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65b0ae06f866dd63e0f2f220353cf96cdec69ccd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:ca:d2:26:de:1b:89:77:7f:94:d8:ae:0a:ab:
                    c2:a0:96:bc:86:1d:c4:d3:1a:bc:a7:85:5e:7d:94:
                    e0:d3:9a:4d:b3:1a:30:9b:cb:af:15:d1:b1:ee:46:
                    d0:9d:85:72:30:f7:70:0f:50:ff:c9:ba:ff:68:fd:
                    bf:69:e7:7d:02:3d:b8:4f:35:b7:5a:6d:9f:1d:87:
                    f6:c7:7c:eb:2b:f8:2d:60:0a:81:20:db:fa:08:13:
                    31:89:69:5e:97:09:43:88:83:e7:c7:4f:49:36:f2:
                    49:82:be:c9:65:d3:dd:9c:80:df:24:6b:14:f6:10:
                    be:75:e4:65:16:6a:0e:32:57:9f:43:fb:d5:27:f4:
                    f5:d6:d5:12:41:c0:f8:5c:61:b7:f5:97:1d:d4:52:
                    e0:8d:98:68:05:d7:f0:0e:08:95:22:c1:64:cb:0b:
                    e6:3d:52:32:be:9b:ae:f3:64:04:14:71:97:9d:56:
                    2e:03:44:f2:e9:ea:65:90:8a:52:19:76:72:3e:ab:
                    4e:a8:6c:dd:8a:94:3b:e4:f6:0b:51:be:d4:a6:14:
                    8c:60:ba:bf:9b:b5:45:1f:6e:f4:4a:02:6d:be:ae:
                    6e:35:0a:6c:01:6b:f0:8b:2d:58:28:32:2e:67:e4:
                    69:c4:19:f2:08:1e:be:7f:65:4d:7c:6a:e4:b2:52:
                    16:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:B0:AE:06:F8:66:DD:63:E0:F2:F2:20:35:3C:F9:6C:DE:C6:9C:CD
            X509v3 Authority Key Identifier:
                keyid:7F:B4:3D:E2:37:FD:0B:6A:28:73:89:23:09:21:D2:5A:2C:2E:D1:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7Q94jf9C2ooc4kjCSHSWiwu0ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/d4d12a-ab4e-4dba-95de-bc637130de6e/1/ZbCuBvhm3WPg8vIgNTz5bN7GnM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/d4d12a-ab4e-4dba-95de-bc637130de6e/1/f7Q94jf9C2ooc4kjCSHSWiwu0ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:66c::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:5d:95:ec:bf:0a:a8:80:31:cf:05:3d:31:f6:c8:9b:43:75:
         cc:8e:41:42:6b:95:88:be:03:e9:86:ff:44:82:11:70:dd:b9:
         d9:70:41:4d:ab:83:52:26:86:46:f4:f4:ca:ab:48:cb:86:41:
         01:88:34:88:f0:d2:77:ff:cc:86:d2:8d:2a:8f:a6:8b:0a:78:
         1d:5c:3d:94:e2:8d:21:07:76:fc:e5:7f:0e:3e:c4:75:bc:ec:
         28:4b:37:09:02:d3:f9:4d:a7:6c:b5:37:39:ce:54:6d:47:83:
         1a:8a:b0:51:1f:27:e9:cd:ba:15:df:f5:46:29:bc:7d:1f:1d:
         28:41:82:67:e1:95:50:46:ab:bd:bb:3a:71:81:c2:25:91:d9:
         54:a1:64:5a:dd:b0:a5:ec:69:57:bc:0f:1c:65:86:8b:8d:3f:
         55:6f:6a:4f:80:fc:d4:53:61:cf:fd:ca:37:86:90:f6:db:a1:
         5a:f5:75:2f:9e:79:2e:2d:17:99:11:e4:25:c3:22:6b:dd:09:
         ef:f3:37:a3:cd:b8:af:c9:59:c9:6c:45:4d:50:d4:7f:ff:58:
         9a:65:e0:ee:37:19:40:fd:99:e7:3a:49:65:6a:78:b6:17:1a:
         2e:c6:30:e5:81:36:38:d7:24:91:e4:02:49:fa:d3:e5:88:70:
         7f:0a:5f:f3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQm2T/I5txp3b6Eij7LKhmKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmYjQzZGUyMzdmZDBiNmEyODczODkyMzA5MjFkMjVhMmMy
ZWQxYTgwHhcNMjUwMTAyMTE0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWIwYWUwNmY4NjZkZDYzZTBmMmYyMjAzNTNjZjk2Y2RlYzY5Y2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA18rSJt4biXd/lNiuCqvCoJa8hh3E
0xq8p4VefZTg05pNsxowm8uvFdGx7kbQnYVyMPdwD1D/ybr/aP2/aed9Aj24TzW3
Wm2fHYf2x3zrK/gtYAqBINv6CBMxiWlelwlDiIPnx09JNvJJgr7JZdPdnIDfJGsU
9hC+deRlFmoOMlefQ/vVJ/T11tUSQcD4XGG39Zcd1FLgjZhoBdfwDgiVIsFkywvm
PVIyvpuu82QEFHGXnVYuA0Ty6eplkIpSGXZyPqtOqGzdipQ75PYLUb7UphSMYLq/
m7VFH270SgJtvq5uNQpsAWvwiy1YKDIuZ+RpxBnyCB6+f2VNfGrkslIWaQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGWwrgb4Zt1j4PLyIDU8+WzexpzNMB8GA1UdIwQY
MBaAFH+0PeI3/QtqKHOJIwkh0losLtGoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjdROTRqZjlDMm9vYzRrakNTSFNXaXd1MGFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kNGQxMmEtYWI0ZS00ZGJhLTk1ZGUt
YmM2MzcxMzBkZTZlLzEvWmJDdUJ2aG0zV1BnOHZJZ05UejViTjdHbk0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kNGQxMmEtYWI0ZS00ZGJhLTk1ZGUtYmM2MzcxMzBkZTZl
LzEvZjdROTRqZjlDMm9vYzRrakNTSFNXaXd1MGFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAZs
MA0GCSqGSIb3DQEBCwUAA4IBAQBBXZXsvwqogDHPBT0x9sibQ3XMjkFCa5WIvgPp
hv9EghFw3bnZcEFNq4NSJoZG9PTKq0jLhkEBiDSI8NJ3/8yG0o0qj6aLCngdXD2U
4o0hB3b85X8OPsR1vOwoSzcJAtP5TadstTc5zlRtR4MairBRHyfpzboV3/VGKbx9
Hx0oQYJn4ZVQRqu9uzpxgcIlkdlUoWRa3bCl7GlXvA8cZYaLjT9Vb2pPgPzUU2HP
/co3hpD226Fa9XUvnnkuLReZEeQlwyJr3Qnv8zejzbivyVnJbEVNUNR//1iaZeDu
NxlA/ZnnOkllani2FxouxjDlgTY41ySR5AJJ+tPliHB/Cl/z
-----END CERTIFICATE-----