Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/a7cced-da54-4037-bc9a-2f906da2ef20/1/7k7oD7LKN8vmFjmpoHJyZ78ZDsM.roa
File:                     7k7oD7LKN8vmFjmpoHJyZ78ZDsM.roa (raw, json)
Hash identifier:          3i6TmeuMJzO7qcqrnXXMfF/eObFiTQ7d5LzNvTE3yPI=
Subject key identifier:   EE:4E:E8:0F:B2:CA:37:CB:E6:16:39:A9:A0:72:72:67:BF:19:0E:C3
Certificate issuer:       /CN=42e7fc6b74b2b8632811fdfd816d03e939afd712
Certificate serial:       01941FFA15AA651158299463EF2047107A02
Authority key identifier: 42:E7:FC:6B:74:B2:B8:63:28:11:FD:FD:81:6D:03:E9:39:AF:D7:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Quf8a3SyuGMoEf39gW0D6Tmv1xI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/a7cced-da54-4037-bc9a-2f906da2ef20/1/7k7oD7LKN8vmFjmpoHJyZ78ZDsM.roa
Signing time:             Wed 01 Jan 2025 03:47:50 +0000
ROA not before:           Wed 01 Jan 2025 03:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211509
IP address blocks:        2001:678:3f4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/a7cced-da54-4037-bc9a-2f906da2ef20/1/Quf8a3SyuGMoEf39gW0D6Tmv1xI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/a7cced-da54-4037-bc9a-2f906da2ef20/1/Quf8a3SyuGMoEf39gW0D6Tmv1xI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Quf8a3SyuGMoEf39gW0D6Tmv1xI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:15:aa:65:11:58:29:94:63:ef:20:47:10:7a:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42e7fc6b74b2b8632811fdfd816d03e939afd712
        Validity
            Not Before: Jan  1 03:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee4ee80fb2ca37cbe61639a9a0727267bf190ec3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:63:93:07:f0:98:5c:b4:79:d3:8b:d1:e5:d8:
                    10:01:a2:88:75:3d:6b:9d:24:f8:3f:3d:9b:3a:ee:
                    25:69:b7:bd:32:77:de:d8:98:a4:b6:7b:ca:ca:5d:
                    c3:c7:d3:ec:d8:17:52:df:f3:98:f4:1d:be:af:94:
                    e2:5f:3c:75:5a:e3:50:27:66:a0:5a:51:ac:3e:55:
                    d5:2e:f3:68:94:68:7f:b2:76:55:f4:98:34:f5:74:
                    fd:6c:c2:8a:c1:e7:57:11:c8:43:07:49:2e:a0:c2:
                    81:28:5b:d4:7b:1f:2f:31:73:87:20:00:38:65:d1:
                    5e:90:25:d3:c8:58:dc:57:f1:0a:f1:10:a9:fe:c9:
                    ce:7e:c4:e6:55:45:6f:e9:b1:c0:65:eb:ac:35:68:
                    e2:14:32:db:47:01:cf:3c:09:da:fd:5b:6e:42:e2:
                    81:6d:8a:cc:54:16:31:6d:0e:a6:01:9d:b0:dd:7a:
                    77:a6:4f:8f:64:78:2e:64:ae:74:b2:64:cb:bc:3e:
                    d4:8b:52:50:c8:3a:7a:0a:d7:d3:cf:d2:ec:9c:8d:
                    d3:ff:3d:6f:75:7d:34:a9:fe:28:1b:49:4d:e8:ae:
                    1e:a0:db:c0:2e:46:9f:0d:95:04:26:10:9b:d6:37:
                    5d:b2:d7:4d:e6:3d:d5:1a:6c:3f:a5:f9:fb:78:c8:
                    d3:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:4E:E8:0F:B2:CA:37:CB:E6:16:39:A9:A0:72:72:67:BF:19:0E:C3
            X509v3 Authority Key Identifier:
                keyid:42:E7:FC:6B:74:B2:B8:63:28:11:FD:FD:81:6D:03:E9:39:AF:D7:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Quf8a3SyuGMoEf39gW0D6Tmv1xI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/a7cced-da54-4037-bc9a-2f906da2ef20/1/7k7oD7LKN8vmFjmpoHJyZ78ZDsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/a7cced-da54-4037-bc9a-2f906da2ef20/1/Quf8a3SyuGMoEf39gW0D6Tmv1xI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:3f4::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:fa:7f:47:61:d5:50:26:4d:0e:e6:a0:15:8d:91:2d:3f:bc:
         cb:0c:0c:f0:17:73:1b:c2:78:a1:c0:3e:73:c6:da:3a:3e:df:
         a4:ad:40:18:8a:e5:90:53:3f:fa:23:c0:e5:eb:2f:cf:9c:5c:
         28:95:a2:10:a1:27:1e:ab:1b:ec:1d:0f:04:32:7e:05:95:39:
         aa:9c:5b:aa:06:f4:99:89:9a:00:22:e2:b9:ec:41:5b:8c:5e:
         22:b5:77:8f:4b:9e:fc:01:11:2e:15:e5:d3:93:c9:36:54:ed:
         e2:6f:9f:e2:20:ed:85:a9:40:0d:f2:58:08:0b:be:e7:cf:4a:
         d8:2e:13:bc:25:3f:bf:a8:79:2d:26:ba:46:48:04:16:fa:82:
         3f:7a:16:4a:df:5b:de:45:84:7d:9d:c5:4e:a7:89:d4:96:d3:
         6a:bc:3d:50:f4:75:f7:be:34:f5:8e:c6:67:91:66:5f:93:6c:
         47:15:22:3b:85:75:38:29:94:a9:e4:57:4e:6d:22:4c:20:06:
         68:3f:d4:78:03:dd:80:c6:b3:ea:c9:35:6b:c6:cd:10:24:b0:
         24:c0:e9:79:d3:ba:73:3d:82:68:e4:2d:27:27:05:d0:41:95:
         d5:42:4c:45:9c:65:05:3e:62:4e:80:31:0a:42:e3:ea:19:85:
         50:19:b6:bd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+hWqZRFYKZRj7yBHEHoCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZTdmYzZiNzRiMmI4NjMyODExZmRmZDgxNmQwM2U5Mzlh
ZmQ3MTIwHhcNMjUwMTAxMDM0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTRlZTgwZmIyY2EzN2NiZTYxNjM5YTlhMDcyNzI2N2JmMTkwZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGOTB/CYXLR504vR5dgQAaKIdT1r
nST4Pz2bOu4labe9Mnfe2JiktnvKyl3Dx9Ps2BdS3/OY9B2+r5TiXzx1WuNQJ2ag
WlGsPlXVLvNolGh/snZV9Jg09XT9bMKKwedXEchDB0kuoMKBKFvUex8vMXOHIAA4
ZdFekCXTyFjcV/EK8RCp/snOfsTmVUVv6bHAZeusNWjiFDLbRwHPPAna/VtuQuKB
bYrMVBYxbQ6mAZ2w3Xp3pk+PZHguZK50smTLvD7Ui1JQyDp6CtfTz9LsnI3T/z1v
dX00qf4oG0lN6K4eoNvALkafDZUEJhCb1jddstdN5j3VGmw/pfn7eMjTSwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO5O6A+yyjfL5hY5qaBycme/GQ7DMB8GA1UdIwQY
MBaAFELn/Gt0srhjKBH9/YFtA+k5r9cSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXVmOGEzU3l1R01vRWYzOWdXMEQ2VG12MXhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9hN2NjZWQtZGE1NC00MDM3LWJjOWEt
MmY5MDZkYTJlZjIwLzEvN2s3b0Q3TEtOOHZtRmptcG9ISnlaNzhaRHNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9hN2NjZWQtZGE1NC00MDM3LWJjOWEtMmY5MDZkYTJlZjIw
LzEvUXVmOGEzU3l1R01vRWYzOWdXMEQ2VG12MXhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAP0
MA0GCSqGSIb3DQEBCwUAA4IBAQB8+n9HYdVQJk0O5qAVjZEtP7zLDAzwF3Mbwnih
wD5zxto6Pt+krUAYiuWQUz/6I8Dl6y/PnFwolaIQoSceqxvsHQ8EMn4FlTmqnFuq
BvSZiZoAIuK57EFbjF4itXePS578AREuFeXTk8k2VO3ib5/iIO2FqUAN8lgIC77n
z0rYLhO8JT+/qHktJrpGSAQW+oI/ehZK31veRYR9ncVOp4nUltNqvD1Q9HX3vjT1
jsZnkWZfk2xHFSI7hXU4KZSp5FdObSJMIAZoP9R4A92AxrPqyTVrxs0QJLAkwOl5
07pzPYJo5C0nJwXQQZXVQkxFnGUFPmJOgDEKQuPqGYVQGba9
-----END CERTIFICATE-----