Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/0dcd96-0ae3-4f5c-8d21-a902b0096b99/1/m7fQ-cMMDdeyLl0RJP3A0VDHgVE.roa
File:                     m7fQ-cMMDdeyLl0RJP3A0VDHgVE.roa (raw, json)
Hash identifier:          rB/+iXy3MWnMmudzmSTexHxDroAo7zhjaO5iq26LcWQ=
Subject key identifier:   9B:B7:D0:F9:C3:0C:0D:D7:B2:2E:5D:11:24:FD:C0:D1:50:C7:81:51
Certificate issuer:       /CN=f28c69da94c85edd48d9c1fd8e332ae3bee66004
Certificate serial:       019422202BC7C4EA0B94507F6D2A29C1F7A6
Authority key identifier: F2:8C:69:DA:94:C8:5E:DD:48:D9:C1:FD:8E:33:2A:E3:BE:E6:60:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8oxp2pTIXt1I2cH9jjMq477mYAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/0dcd96-0ae3-4f5c-8d21-a902b0096b99/1/m7fQ-cMMDdeyLl0RJP3A0VDHgVE.roa
Signing time:             Wed 01 Jan 2025 13:48:41 +0000
ROA not before:           Wed 01 Jan 2025 13:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211523
IP address blocks:        2001:678:f28::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/0dcd96-0ae3-4f5c-8d21-a902b0096b99/1/8oxp2pTIXt1I2cH9jjMq477mYAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/0dcd96-0ae3-4f5c-8d21-a902b0096b99/1/8oxp2pTIXt1I2cH9jjMq477mYAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8oxp2pTIXt1I2cH9jjMq477mYAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:2b:c7:c4:ea:0b:94:50:7f:6d:2a:29:c1:f7:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f28c69da94c85edd48d9c1fd8e332ae3bee66004
        Validity
            Not Before: Jan  1 13:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9bb7d0f9c30c0dd7b22e5d1124fdc0d150c78151
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9d:f3:2c:58:21:ae:c1:de:20:9c:e9:a5:72:
                    c5:1d:1e:42:8b:dc:fb:2e:ef:f1:72:5e:a9:cf:bf:
                    91:fe:19:18:d0:3a:6f:ae:7b:84:b6:47:86:77:ea:
                    c3:78:bb:e8:e7:88:67:6e:98:07:6d:82:bb:66:d2:
                    13:3d:34:a3:25:25:6c:c6:cb:31:b3:22:2f:f6:47:
                    1c:49:ce:dc:f8:0d:93:43:83:ec:09:a5:22:67:15:
                    7d:66:19:8a:6c:a0:af:89:5c:ef:e1:ee:0e:d3:07:
                    18:e0:df:62:7f:8d:20:76:2d:63:af:cf:49:d9:58:
                    e1:cb:34:ef:82:84:0a:c5:df:36:3b:40:c4:00:0c:
                    e8:e8:23:b4:d4:cf:bf:27:54:72:d8:ef:86:81:32:
                    18:24:89:ca:44:3a:d8:6d:e9:1d:6e:ee:cf:48:58:
                    22:8b:2b:c5:84:33:f6:6b:e6:09:25:62:65:59:59:
                    22:3a:8b:df:bd:26:c3:9d:38:fa:b2:79:39:d1:90:
                    98:3c:17:ce:15:5c:6c:fe:90:5a:15:51:00:d2:71:
                    96:1e:d6:ef:bf:5b:e1:f8:eb:62:e8:ce:d4:09:2b:
                    e0:34:99:ee:50:08:f2:c8:7b:43:c4:5f:ce:43:e9:
                    48:91:f0:c5:b6:ec:40:18:d9:ca:7a:67:4e:b5:bf:
                    ad:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:B7:D0:F9:C3:0C:0D:D7:B2:2E:5D:11:24:FD:C0:D1:50:C7:81:51
            X509v3 Authority Key Identifier:
                keyid:F2:8C:69:DA:94:C8:5E:DD:48:D9:C1:FD:8E:33:2A:E3:BE:E6:60:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8oxp2pTIXt1I2cH9jjMq477mYAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/0dcd96-0ae3-4f5c-8d21-a902b0096b99/1/m7fQ-cMMDdeyLl0RJP3A0VDHgVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/0dcd96-0ae3-4f5c-8d21-a902b0096b99/1/8oxp2pTIXt1I2cH9jjMq477mYAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f28::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:fd:06:54:a1:85:e6:42:96:f4:48:cf:1e:88:a7:69:f9:e4:
         f0:a5:bc:bd:02:bd:7a:73:f1:88:4c:08:c6:e5:8e:9b:86:d8:
         d1:f4:ae:43:4a:e8:7b:a8:0b:03:e4:1d:1c:5e:f0:fe:24:1d:
         ef:06:4c:8b:e6:0f:81:9f:92:3a:94:ca:b9:42:48:99:68:94:
         42:28:ac:0e:99:a3:82:c5:dc:36:d0:f2:6d:a9:e0:26:cd:99:
         58:9a:6a:57:37:4d:83:5b:ae:5a:73:5f:32:6b:3f:0e:23:47:
         93:f3:6b:8a:8b:8e:e9:67:f6:af:df:a6:c5:f3:fe:f0:91:e5:
         ac:26:2f:65:2e:41:cb:da:7e:59:7e:96:b5:76:26:77:fa:36:
         dd:d4:82:3c:32:63:58:b9:2f:02:c7:f5:59:aa:2d:15:e7:99:
         2c:00:44:c9:4b:81:dd:11:92:e9:93:ae:c5:d4:1c:2b:17:8a:
         8e:ce:51:2a:a5:9b:f7:ac:7b:17:7a:aa:3a:4e:5c:9f:c1:12:
         79:40:d7:24:7e:eb:ef:07:e6:fb:56:4f:df:66:8b:94:35:17:
         af:65:19:70:c8:9d:fe:9a:3a:de:98:e7:d1:bc:b0:3d:19:9f:
         b0:31:c6:cf:5f:a8:04:53:0b:65:91:00:f5:f7:96:b9:66:c6:
         0a:75:ea:2f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiICvHxOoLlFB/bSopwfemMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyOGM2OWRhOTRjODVlZGQ0OGQ5YzFmZDhlMzMyYWUzYmVl
NjYwMDQwHhcNMjUwMTAxMTM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmI3ZDBmOWMzMGMwZGQ3YjIyZTVkMTEyNGZkYzBkMTUwYzc4MTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZ3zLFghrsHeIJzppXLFHR5Ci9z7
Lu/xcl6pz7+R/hkY0DpvrnuEtkeGd+rDeLvo54hnbpgHbYK7ZtITPTSjJSVsxssx
syIv9kccSc7c+A2TQ4PsCaUiZxV9ZhmKbKCviVzv4e4O0wcY4N9if40gdi1jr89J
2VjhyzTvgoQKxd82O0DEAAzo6CO01M+/J1Ry2O+GgTIYJInKRDrYbekdbu7PSFgi
iyvFhDP2a+YJJWJlWVkiOovfvSbDnTj6snk50ZCYPBfOFVxs/pBaFVEA0nGWHtbv
v1vh+Oti6M7UCSvgNJnuUAjyyHtDxF/OQ+lIkfDFtuxAGNnKemdOtb+tzwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJu30PnDDA3Xsi5dEST9wNFQx4FRMB8GA1UdIwQY
MBaAFPKMadqUyF7dSNnB/Y4zKuO+5mAEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOG94cDJwVElYdDFJMmNIOWpqTXE0NzdtWUFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi8wZGNkOTYtMGFlMy00ZjVjLThkMjEt
YTkwMmIwMDk2Yjk5LzEvbTdmUS1jTU1EZGV5TGwwUkpQM0EwVkRIZ1ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi8wZGNkOTYtMGFlMy00ZjVjLThkMjEtYTkwMmIwMDk2Yjk5
LzEvOG94cDJwVElYdDFJMmNIOWpqTXE0NzdtWUFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA8o
MA0GCSqGSIb3DQEBCwUAA4IBAQA6/QZUoYXmQpb0SM8eiKdp+eTwpby9Ar16c/GI
TAjG5Y6bhtjR9K5DSuh7qAsD5B0cXvD+JB3vBkyL5g+Bn5I6lMq5QkiZaJRCKKwO
maOCxdw20PJtqeAmzZlYmmpXN02DW65ac18yaz8OI0eT82uKi47pZ/av36bF8/7w
keWsJi9lLkHL2n5Zfpa1diZ3+jbd1II8MmNYuS8Cx/VZqi0V55ksAETJS4HdEZLp
k67F1BwrF4qOzlEqpZv3rHsXeqo6TlyfwRJ5QNckfuvvB+b7Vk/fZouUNRevZRlw
yJ3+mjremOfRvLA9GZ+wMcbPX6gEUwtlkQD195a5ZsYKdeov
-----END CERTIFICATE-----