Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/8XGnOFo1FHSecbZbo8eEhjcVsfE.roa
File:                     8XGnOFo1FHSecbZbo8eEhjcVsfE.roa (raw, json)
Hash identifier:          andmj5YDiGTGVfrRQg/eep/3FAAkG8C2BqXOT6WzLpo=
Subject key identifier:   F1:71:A7:38:5A:35:14:74:9E:71:B6:5B:A3:C7:84:86:37:15:B1:F1
Certificate issuer:       /CN=d301991fc343f358c0f2eebae55cf2da34521c7a
Certificate serial:       019420D650D1A43576C94A7F61FE94EF599B
Authority key identifier: D3:01:99:1F:C3:43:F3:58:C0:F2:EE:BA:E5:5C:F2:DA:34:52:1C:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0wGZH8ND81jA8u665Vzy2jRSHHo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/8XGnOFo1FHSecbZbo8eEhjcVsfE.roa
Signing time:             Wed 01 Jan 2025 07:48:23 +0000
ROA not before:           Wed 01 Jan 2025 07:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211005
IP address blocks:        2001:678:fe0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/0wGZH8ND81jA8u665Vzy2jRSHHo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/0wGZH8ND81jA8u665Vzy2jRSHHo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0wGZH8ND81jA8u665Vzy2jRSHHo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:50:d1:a4:35:76:c9:4a:7f:61:fe:94:ef:59:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d301991fc343f358c0f2eebae55cf2da34521c7a
        Validity
            Not Before: Jan  1 07:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f171a7385a3514749e71b65ba3c784863715b1f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:34:80:21:b8:73:dd:02:a9:c6:f0:cb:4e:7e:
                    e5:b1:ae:72:3f:fe:0d:0c:f2:c4:8b:1d:bb:ce:83:
                    92:18:59:f2:90:f2:b2:c9:60:b2:6c:0e:b6:fa:04:
                    98:4c:94:b3:10:9c:94:04:43:9a:39:32:35:bb:94:
                    24:dd:eb:f8:ef:66:49:66:4e:c7:a3:f2:4b:0a:f2:
                    b5:b0:36:01:1e:b1:7b:a2:99:cc:ad:87:58:01:ca:
                    53:b4:72:1b:18:2f:fa:f9:e0:d8:df:13:8e:27:36:
                    4e:4a:a5:2c:14:44:a4:e7:ae:7b:37:2c:68:31:59:
                    d5:31:f8:0d:05:30:cb:b9:5e:c0:13:47:04:02:59:
                    80:5e:04:e5:06:25:05:e4:c8:20:3a:a8:dd:6f:b5:
                    5f:a0:a8:df:a6:07:9c:87:38:b0:6f:fe:0c:19:f9:
                    a9:d5:9d:c9:a4:2d:ce:54:88:4b:1d:00:a3:d9:a5:
                    b1:3d:1f:eb:51:cc:85:41:49:a6:21:3a:3f:6a:a6:
                    37:ae:56:17:94:df:18:d3:ff:ed:79:2c:4d:16:10:
                    c7:01:8b:98:a4:c7:07:90:ba:8b:52:12:58:6a:f2:
                    ec:b7:b2:7e:41:fe:20:54:d7:22:17:30:8c:42:04:
                    f0:90:4a:ec:ab:8d:a2:a0:e0:f6:bd:3f:9a:26:24:
                    2e:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:71:A7:38:5A:35:14:74:9E:71:B6:5B:A3:C7:84:86:37:15:B1:F1
            X509v3 Authority Key Identifier:
                keyid:D3:01:99:1F:C3:43:F3:58:C0:F2:EE:BA:E5:5C:F2:DA:34:52:1C:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0wGZH8ND81jA8u665Vzy2jRSHHo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/8XGnOFo1FHSecbZbo8eEhjcVsfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/0wGZH8ND81jA8u665Vzy2jRSHHo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:fe0::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:82:c3:1f:8c:eb:c0:aa:d2:6b:fa:64:27:88:f1:43:cc:71:
         7b:6b:69:7d:eb:45:bf:2e:f8:82:bc:f7:89:6c:d0:5d:76:b1:
         44:2e:e9:dc:f3:bf:ee:48:6b:0c:e1:95:40:37:11:f8:0e:d3:
         65:df:e7:55:d0:c8:d3:6d:4e:63:a2:20:ba:80:5e:ce:dd:05:
         41:82:9b:22:f2:15:3c:c0:55:f5:9e:c1:e4:70:1b:1f:ad:1e:
         ca:3b:86:49:01:da:77:57:d3:f0:87:d4:40:58:8a:39:e9:7b:
         7a:0f:cb:e2:1a:b0:e1:3b:00:4d:1f:b5:72:d2:7f:63:36:6c:
         51:48:27:67:66:b7:24:6c:61:83:d6:02:07:0f:47:54:06:a7:
         c1:2c:db:6f:42:83:d9:f7:35:90:a8:ce:81:cc:45:dc:55:a6:
         73:01:c0:08:e8:9e:fb:82:ac:cc:81:5c:cc:ec:32:0c:31:5e:
         4c:9c:d1:25:6d:d0:4b:13:b9:4b:38:8c:5c:9f:d8:5c:e4:d4:
         36:4d:f5:a8:a1:03:91:aa:e2:c3:88:f5:f3:d0:fd:9a:f4:06:
         0c:af:de:86:24:d9:ff:6b:72:2c:42:89:95:b7:c1:88:e0:66:
         73:12:12:0c:9f:40:6d:8d:11:87:b0:b0:3c:af:6c:fd:b2:ae:
         31:ae:fb:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1lDRpDV2yUp/Yf6U71mbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMDE5OTFmYzM0M2YzNThjMGYyZWViYWU1NWNmMmRhMzQ1
MjFjN2EwHhcNMjUwMTAxMDc0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTcxYTczODVhMzUxNDc0OWU3MWI2NWJhM2M3ODQ4NjM3MTViMWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDSAIbhz3QKpxvDLTn7lsa5yP/4N
DPLEix27zoOSGFnykPKyyWCybA62+gSYTJSzEJyUBEOaOTI1u5Qk3ev472ZJZk7H
o/JLCvK1sDYBHrF7opnMrYdYAcpTtHIbGC/6+eDY3xOOJzZOSqUsFESk5657Nyxo
MVnVMfgNBTDLuV7AE0cEAlmAXgTlBiUF5MggOqjdb7VfoKjfpgechziwb/4MGfmp
1Z3JpC3OVIhLHQCj2aWxPR/rUcyFQUmmITo/aqY3rlYXlN8Y0//teSxNFhDHAYuY
pMcHkLqLUhJYavLst7J+Qf4gVNciFzCMQgTwkErsq42ioOD2vT+aJiQuMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPFxpzhaNRR0nnG2W6PHhIY3FbHxMB8GA1UdIwQY
MBaAFNMBmR/DQ/NYwPLuuuVc8to0Uhx6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHdHWkg4TkQ4MWpBOHU2NjVWenkyalJTSEhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9jMzZmODMtOGIzNS00ZDA1LWEzMzQt
Zjk4YzQ4MzAxNWQ3LzEvOFhHbk9GbzFGSFNlY2JaYm84ZUVoamNWc2ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9jMzZmODMtOGIzNS00ZDA1LWEzMzQtZjk4YzQ4MzAxNWQ3
LzEvMHdHWkg4TkQ4MWpBOHU2NjVWenkyalJTSEhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA/g
MA0GCSqGSIb3DQEBCwUAA4IBAQCMgsMfjOvAqtJr+mQniPFDzHF7a2l960W/LviC
vPeJbNBddrFELunc87/uSGsM4ZVANxH4DtNl3+dV0MjTbU5joiC6gF7O3QVBgpsi
8hU8wFX1nsHkcBsfrR7KO4ZJAdp3V9Pwh9RAWIo56Xt6D8viGrDhOwBNH7Vy0n9j
NmxRSCdnZrckbGGD1gIHD0dUBqfBLNtvQoPZ9zWQqM6BzEXcVaZzAcAI6J77gqzM
gVzM7DIMMV5MnNElbdBLE7lLOIxcn9hc5NQ2TfWooQORquLDiPXz0P2a9AYMr96G
JNn/a3IsQomVt8GI4GZzEhIMn0BtjRGHsLA8r2z9sq4xrvse
-----END CERTIFICATE-----