Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/a7538a-69be-4fbe-97e1-87d97e2aadc4/1/JyAstjJnRnfKpE7boFngTUQKsSI.roa
File:                     JyAstjJnRnfKpE7boFngTUQKsSI.roa (raw, json)
Hash identifier:          QeCPc7sTPqsvq1vdnmx1h5/hFMLBuSHfMUEgszAKgAc=
Subject key identifier:   27:20:2C:B6:32:67:46:77:CA:A4:4E:DB:A0:59:E0:4D:44:0A:B1:22
Certificate issuer:       /CN=7e6e2e6966e06ab25ca0e1da66e1e3d64248b3a1
Certificate serial:       01954BF7F0829A188E27836E4EF80EED3652
Authority key identifier: 7E:6E:2E:69:66:E0:6A:B2:5C:A0:E1:DA:66:E1:E3:D6:42:48:B3:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fm4uaWbgarJcoOHaZuHj1kJIs6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/a7538a-69be-4fbe-97e1-87d97e2aadc4/1/JyAstjJnRnfKpE7boFngTUQKsSI.roa
Signing time:             Fri 28 Feb 2025 09:51:34 +0000
ROA not before:           Fri 28 Feb 2025 09:51:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48635
IP address blocks:        2001:678:3a4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/a7538a-69be-4fbe-97e1-87d97e2aadc4/1/fm4uaWbgarJcoOHaZuHj1kJIs6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/a7538a-69be-4fbe-97e1-87d97e2aadc4/1/fm4uaWbgarJcoOHaZuHj1kJIs6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fm4uaWbgarJcoOHaZuHj1kJIs6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 03:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:4b:f7:f0:82:9a:18:8e:27:83:6e:4e:f8:0e:ed:36:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e6e2e6966e06ab25ca0e1da66e1e3d64248b3a1
        Validity
            Not Before: Feb 28 09:51:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27202cb632674677caa44edba059e04d440ab122
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e6:98:b2:a1:ca:47:e1:38:23:f4:c4:c7:b5:
                    6a:32:c5:e9:1f:93:23:f7:27:72:a9:20:d1:68:6a:
                    41:19:cd:15:3d:68:95:1f:23:3b:f8:6a:85:a0:ed:
                    c0:ee:99:bc:8b:36:60:92:84:de:3c:78:b5:5a:ee:
                    6e:ad:28:40:38:e9:c0:23:0c:ec:7c:30:f4:95:ee:
                    4e:b8:33:20:15:e6:ce:e9:49:d0:18:e5:50:7f:84:
                    17:48:1c:16:7d:3f:13:d4:10:79:01:ea:ca:70:44:
                    74:3a:fb:07:82:09:48:d8:7e:8d:d3:0d:1d:23:ec:
                    bb:dd:a6:ba:04:63:e4:60:31:28:ac:da:92:0b:9e:
                    bc:22:e7:37:36:23:cf:6d:f6:c5:60:24:85:7b:8d:
                    c3:9d:51:3f:6e:9a:a2:44:e7:0b:92:9b:54:3a:52:
                    41:9b:a6:43:3d:68:08:22:9d:83:b1:eb:5f:9e:0e:
                    fd:25:a7:a0:98:3e:06:2c:d3:27:5b:cf:43:d6:6f:
                    ff:c6:6a:a9:7c:6a:f0:a5:10:e2:08:5e:ca:11:e6:
                    55:88:cf:65:f3:7e:ee:9c:6c:4d:09:95:4e:dc:50:
                    55:93:ae:32:7a:59:4f:4e:dc:47:73:b8:13:44:3c:
                    45:ea:19:3b:6d:fc:9a:48:1f:95:9c:2e:10:00:33:
                    a4:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:20:2C:B6:32:67:46:77:CA:A4:4E:DB:A0:59:E0:4D:44:0A:B1:22
            X509v3 Authority Key Identifier:
                keyid:7E:6E:2E:69:66:E0:6A:B2:5C:A0:E1:DA:66:E1:E3:D6:42:48:B3:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fm4uaWbgarJcoOHaZuHj1kJIs6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/a7538a-69be-4fbe-97e1-87d97e2aadc4/1/JyAstjJnRnfKpE7boFngTUQKsSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/a7538a-69be-4fbe-97e1-87d97e2aadc4/1/fm4uaWbgarJcoOHaZuHj1kJIs6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:3a4::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:64:ca:76:67:03:be:51:58:aa:9b:09:72:30:4d:93:9c:c5:
         a1:f0:f4:97:6f:ef:bc:22:59:b7:a2:9e:e1:80:0e:7d:95:3c:
         26:6b:86:10:56:a9:16:b5:d6:0d:c6:48:41:08:a0:35:e7:59:
         5e:42:32:76:f1:07:9b:9c:59:02:bf:b3:8c:2b:d3:db:46:18:
         7c:78:a9:16:0e:d6:84:e8:df:07:e8:6f:65:14:21:6e:5b:c9:
         a7:47:20:8a:5d:59:30:8e:0b:83:b5:0e:a4:47:c9:b0:93:39:
         de:10:fc:24:68:9e:8e:7e:f3:c2:62:65:10:79:56:ec:8d:48:
         22:6e:56:2b:41:f6:af:7d:1c:b2:92:76:72:ff:22:e2:97:5d:
         6b:19:91:64:b8:d0:b4:f9:bd:89:a4:5f:c6:d2:5e:13:ee:06:
         75:a2:4a:d1:d5:e8:e9:d7:46:ec:64:bc:9c:8a:42:94:88:6d:
         c8:45:30:4a:09:53:18:04:2d:41:58:d0:83:e3:df:85:43:eb:
         5b:4c:ab:26:3c:57:ca:25:77:85:43:fb:fa:7a:d4:86:9e:89:
         f4:17:b4:f1:26:00:0f:15:94:50:09:5d:25:cc:54:07:54:ba:
         b1:e5:bf:2f:9d:d3:d5:5a:3e:9f:ee:01:ef:0c:79:24:bc:0a:
         88:5c:b0:b5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZVL9/CCmhiOJ4NuTvgO7TZSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNmUyZTY5NjZlMDZhYjI1Y2EwZTFkYTY2ZTFlM2Q2NDI0
OGIzYTEwHhcNMjUwMjI4MDk1MTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzIwMmNiNjMyNjc0Njc3Y2FhNDRlZGJhMDU5ZTA0ZDQ0MGFiMTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOaYsqHKR+E4I/TEx7VqMsXpH5Mj
9ydyqSDRaGpBGc0VPWiVHyM7+GqFoO3A7pm8izZgkoTePHi1Wu5urShAOOnAIwzs
fDD0le5OuDMgFebO6UnQGOVQf4QXSBwWfT8T1BB5AerKcER0OvsHgglI2H6N0w0d
I+y73aa6BGPkYDEorNqSC568Iuc3NiPPbfbFYCSFe43DnVE/bpqiROcLkptUOlJB
m6ZDPWgIIp2Dsetfng79JaegmD4GLNMnW89D1m//xmqpfGrwpRDiCF7KEeZViM9l
837unGxNCZVO3FBVk64yellPTtxHc7gTRDxF6hk7bfyaSB+VnC4QADOk+wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCcgLLYyZ0Z3yqRO26BZ4E1ECrEiMB8GA1UdIwQY
MBaAFH5uLmlm4GqyXKDh2mbh49ZCSLOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZm00dWFXYmdhckpjb09IYVp1SGoxa0pJczZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9hNzUzOGEtNjliZS00ZmJlLTk3ZTEt
ODdkOTdlMmFhZGM0LzEvSnlBc3RqSm5SbmZLcEU3Ym9GbmdUVVFLc1NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9hNzUzOGEtNjliZS00ZmJlLTk3ZTEtODdkOTdlMmFhZGM0
LzEvZm00dWFXYmdhckpjb09IYVp1SGoxa0pJczZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAOk
MA0GCSqGSIb3DQEBCwUAA4IBAQAnZMp2ZwO+UViqmwlyME2TnMWh8PSXb++8Ilm3
op7hgA59lTwma4YQVqkWtdYNxkhBCKA151leQjJ28QebnFkCv7OMK9PbRhh8eKkW
DtaE6N8H6G9lFCFuW8mnRyCKXVkwjguDtQ6kR8mwkzneEPwkaJ6OfvPCYmUQeVbs
jUgiblYrQfavfRyyknZy/yLil11rGZFkuNC0+b2JpF/G0l4T7gZ1okrR1ejp10bs
ZLycikKUiG3IRTBKCVMYBC1BWNCD49+FQ+tbTKsmPFfKJXeFQ/v6etSGnon0F7Tx
JgAPFZRQCV0lzFQHVLqx5b8vndPVWj6f7gHvDHkkvAqIXLC1
-----END CERTIFICATE-----