Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/fc18f3-c0db-4cd2-a083-426d9ff207d1/1/xCvl2MPRqLFevw92K1xWqEyP8xM.roa
File:                     xCvl2MPRqLFevw92K1xWqEyP8xM.roa (raw, json)
Hash identifier:          x5lJC5gSbKWJztGnWxiyT9yj/ffbvJ91buVaYTLqpME=
Subject key identifier:   C4:2B:E5:D8:C3:D1:A8:B1:5E:BF:0F:76:2B:5C:56:A8:4C:8F:F3:13
Certificate issuer:       /CN=27358d6d33e26d2af843d581dcf69c0d110a9de8
Certificate serial:       019499B50BE4F4A9A0927C275AA74ED88758
Authority key identifier: 27:35:8D:6D:33:E2:6D:2A:F8:43:D5:81:DC:F6:9C:0D:11:0A:9D:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JzWNbTPibSr4Q9WB3PacDREKneg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/fc18f3-c0db-4cd2-a083-426d9ff207d1/1/xCvl2MPRqLFevw92K1xWqEyP8xM.roa
Signing time:             Fri 24 Jan 2025 19:06:06 +0000
ROA not before:           Fri 24 Jan 2025 19:06:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213626
IP address blocks:        2001:678:100c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/fc18f3-c0db-4cd2-a083-426d9ff207d1/1/JzWNbTPibSr4Q9WB3PacDREKneg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/fc18f3-c0db-4cd2-a083-426d9ff207d1/1/JzWNbTPibSr4Q9WB3PacDREKneg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JzWNbTPibSr4Q9WB3PacDREKneg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:99:b5:0b:e4:f4:a9:a0:92:7c:27:5a:a7:4e:d8:87:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27358d6d33e26d2af843d581dcf69c0d110a9de8
        Validity
            Not Before: Jan 24 19:06:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c42be5d8c3d1a8b15ebf0f762b5c56a84c8ff313
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a3:be:2f:cd:1b:2b:7c:f0:be:66:5f:ac:f5:
                    15:85:8c:81:9b:24:13:20:51:5f:93:ab:d3:fd:ec:
                    37:49:2d:63:21:94:6a:2d:ff:9f:3f:db:da:aa:67:
                    8b:fb:88:ba:11:71:db:0e:aa:e4:50:52:2d:68:2f:
                    e1:b1:72:2b:16:42:67:9f:70:a1:4b:17:fa:04:91:
                    38:b1:db:83:65:53:17:86:2c:8f:34:58:19:55:b9:
                    c5:66:07:0d:ab:8a:b4:f0:54:a4:21:c0:ed:0d:b7:
                    db:4a:97:84:fa:2f:5b:0b:c6:9f:58:ce:f3:42:00:
                    6f:cd:a8:76:b1:33:f9:0e:50:5e:5b:13:23:01:71:
                    82:1a:f1:76:0e:c4:b3:46:3a:4c:c3:58:2a:7d:7a:
                    d4:49:00:0a:ea:4e:05:7b:72:6a:41:f9:17:71:ba:
                    f0:91:98:69:6e:ba:08:15:42:72:4d:8b:10:24:d6:
                    f4:83:f0:af:a2:67:a2:48:1f:d2:43:fc:fd:4c:d4:
                    e8:33:39:7f:15:69:32:08:f3:8a:2f:74:5a:e5:2c:
                    3e:ce:18:38:75:b1:ef:d0:ba:83:e3:33:c5:a4:c7:
                    f8:8f:bf:88:21:0b:e9:f6:d2:de:d7:9f:f3:9d:9f:
                    06:fe:38:f5:f8:52:80:b7:71:c2:6d:6c:9e:90:41:
                    2c:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:2B:E5:D8:C3:D1:A8:B1:5E:BF:0F:76:2B:5C:56:A8:4C:8F:F3:13
            X509v3 Authority Key Identifier:
                keyid:27:35:8D:6D:33:E2:6D:2A:F8:43:D5:81:DC:F6:9C:0D:11:0A:9D:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JzWNbTPibSr4Q9WB3PacDREKneg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/fc18f3-c0db-4cd2-a083-426d9ff207d1/1/xCvl2MPRqLFevw92K1xWqEyP8xM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/fc18f3-c0db-4cd2-a083-426d9ff207d1/1/JzWNbTPibSr4Q9WB3PacDREKneg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:100c::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:2a:e2:e8:f3:8b:8d:59:23:ad:5a:3b:10:29:d5:a2:38:d3:
         ab:74:cd:07:18:0d:63:e5:65:ac:bc:a9:a8:d7:ea:f5:51:53:
         58:ce:e2:2d:ba:02:8d:7b:cc:00:6c:1e:0e:bd:3d:b7:df:49:
         94:5d:aa:b8:83:66:ae:b5:4a:66:be:2c:70:63:7f:47:22:fc:
         1b:95:14:67:31:93:bd:fb:58:3a:d1:ed:1d:40:8e:0f:7c:75:
         a7:ad:0b:80:62:5a:78:f8:3d:c1:32:b0:27:49:ce:05:15:46:
         ba:32:e4:5e:a1:0d:7e:86:69:24:07:59:60:79:7f:f3:2b:f3:
         e3:9c:b9:4e:d2:2c:e6:48:e4:4c:6c:d5:31:f8:6c:4d:ea:b5:
         06:76:72:5a:dc:88:2e:36:8f:23:26:23:8f:12:e9:20:ac:5a:
         84:df:69:50:53:0b:42:2a:4a:2a:5f:7b:b9:62:a7:7d:53:1b:
         08:70:aa:d1:70:5e:bf:dd:1f:a5:a9:51:fb:c2:d6:bf:6c:7e:
         41:07:46:b7:6b:c4:ab:72:a2:23:4d:58:05:b8:93:cf:9f:a9:
         fb:e6:79:a0:a8:2b:64:d1:36:05:46:25:a0:ec:10:ed:a1:f5:
         79:40:5a:f1:e5:d7:17:e1:91:68:88:7e:52:6c:fd:f4:a7:9d:
         57:44:8a:fd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZSZtQvk9KmgknwnWqdO2IdYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MzU4ZDZkMzNlMjZkMmFmODQzZDU4MWRjZjY5YzBkMTEw
YTlkZTgwHhcNMjUwMTI0MTkwNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDJiZTVkOGMzZDFhOGIxNWViZjBmNzYyYjVjNTZhODRjOGZmMzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraO+L80bK3zwvmZfrPUVhYyBmyQT
IFFfk6vT/ew3SS1jIZRqLf+fP9vaqmeL+4i6EXHbDqrkUFItaC/hsXIrFkJnn3Ch
Sxf6BJE4sduDZVMXhiyPNFgZVbnFZgcNq4q08FSkIcDtDbfbSpeE+i9bC8afWM7z
QgBvzah2sTP5DlBeWxMjAXGCGvF2DsSzRjpMw1gqfXrUSQAK6k4Fe3JqQfkXcbrw
kZhpbroIFUJyTYsQJNb0g/CvomeiSB/SQ/z9TNToMzl/FWkyCPOKL3Ra5Sw+zhg4
dbHv0LqD4zPFpMf4j7+IIQvp9tLe15/znZ8G/jj1+FKAt3HCbWyekEEsEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMQr5djD0aixXr8PditcVqhMj/MTMB8GA1UdIwQY
MBaAFCc1jW0z4m0q+EPVgdz2nA0RCp3oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnpXTmJUUGliU3I0UTlXQjNQYWNEUkVLbmVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9mYzE4ZjMtYzBkYi00Y2QyLWEwODMt
NDI2ZDlmZjIwN2QxLzEveEN2bDJNUFJxTEZldnc5MksxeFdxRXlQOHhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9mYzE4ZjMtYzBkYi00Y2QyLWEwODMtNDI2ZDlmZjIwN2Qx
LzEvSnpXTmJUUGliU3I0UTlXQjNQYWNEUkVLbmVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBAM
MA0GCSqGSIb3DQEBCwUAA4IBAQBCKuLo84uNWSOtWjsQKdWiONOrdM0HGA1j5WWs
vKmo1+r1UVNYzuItugKNe8wAbB4OvT2330mUXaq4g2autUpmvixwY39HIvwblRRn
MZO9+1g60e0dQI4PfHWnrQuAYlp4+D3BMrAnSc4FFUa6MuReoQ1+hmkkB1lgeX/z
K/PjnLlO0izmSORMbNUx+GxN6rUGdnJa3IguNo8jJiOPEukgrFqE32lQUwtCKkoq
X3u5Yqd9UxsIcKrRcF6/3R+lqVH7wta/bH5BB0a3a8SrcqIjTVgFuJPPn6n75nmg
qCtk0TYFRiWg7BDtofV5QFrx5dcX4ZFoiH5SbP30p51XRIr9
-----END CERTIFICATE-----