Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/5811c0-6dae-4dd4-987c-d46ffc501f36/1/dUzHcv1qzeux_y2IL7xdvYNLLOQ.roa
File:                     dUzHcv1qzeux_y2IL7xdvYNLLOQ.roa (raw, json)
Hash identifier:          nSNOUC9fK3tMm0ddVALi9dbfVwMcfIB34jQG6rm/2t0=
Subject key identifier:   75:4C:C7:72:FD:6A:CD:EB:B1:FF:2D:88:2F:BC:5D:BD:83:4B:2C:E4
Certificate issuer:       /CN=991b5422cd5578d4715ebe4c5097202523dd5658
Certificate serial:       01942143B5546A8BEB46FE37FC4749C28E0B
Authority key identifier: 99:1B:54:22:CD:55:78:D4:71:5E:BE:4C:50:97:20:25:23:DD:56:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mRtUIs1VeNRxXr5MUJcgJSPdVlg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/5811c0-6dae-4dd4-987c-d46ffc501f36/1/dUzHcv1qzeux_y2IL7xdvYNLLOQ.roa
Signing time:             Wed 01 Jan 2025 09:47:52 +0000
ROA not before:           Wed 01 Jan 2025 09:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     139321
IP address blocks:        2001:678:acc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/5811c0-6dae-4dd4-987c-d46ffc501f36/1/mRtUIs1VeNRxXr5MUJcgJSPdVlg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/5811c0-6dae-4dd4-987c-d46ffc501f36/1/mRtUIs1VeNRxXr5MUJcgJSPdVlg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mRtUIs1VeNRxXr5MUJcgJSPdVlg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:b5:54:6a:8b:eb:46:fe:37:fc:47:49:c2:8e:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=991b5422cd5578d4715ebe4c5097202523dd5658
        Validity
            Not Before: Jan  1 09:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=754cc772fd6acdebb1ff2d882fbc5dbd834b2ce4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:59:aa:c6:d1:f9:c3:46:35:1a:b5:60:76:a2:
                    35:49:a8:81:f6:59:cb:6f:d1:38:9b:14:1d:53:6d:
                    f8:c9:fb:5f:f6:81:22:5f:88:00:a2:63:e2:5a:e8:
                    0c:62:70:c3:da:16:9e:e9:93:86:42:d9:f5:8f:03:
                    95:2c:1c:1c:ea:4d:63:4b:22:5a:15:d5:85:05:79:
                    05:22:b7:8e:28:3c:bd:41:71:99:e5:de:f0:27:4f:
                    17:be:9d:e8:f8:a7:89:33:fe:bb:81:7e:a3:b8:83:
                    11:90:00:91:f5:81:14:2e:4a:92:68:70:07:89:73:
                    5e:c4:83:63:95:e9:ef:99:09:cb:f2:99:0f:39:2a:
                    7a:64:16:c5:9c:a2:58:ef:40:d7:68:67:ee:75:96:
                    71:b7:ab:7f:23:34:bf:0f:fc:e2:b9:ae:be:41:bc:
                    7e:49:4b:b7:24:bf:df:31:34:57:80:a8:b1:7d:d4:
                    06:dc:fa:7a:90:74:22:be:ed:67:f0:75:22:26:16:
                    9a:86:a6:09:cd:ef:a9:3c:e2:fc:5b:82:34:56:dd:
                    47:89:1e:c0:66:24:b4:65:ef:6a:fa:e3:d0:79:c0:
                    33:cc:d0:d2:17:fe:29:8e:e9:21:9b:f1:f7:02:01:
                    8a:f1:37:18:eb:af:b6:05:18:29:de:fa:51:52:e1:
                    12:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:4C:C7:72:FD:6A:CD:EB:B1:FF:2D:88:2F:BC:5D:BD:83:4B:2C:E4
            X509v3 Authority Key Identifier:
                keyid:99:1B:54:22:CD:55:78:D4:71:5E:BE:4C:50:97:20:25:23:DD:56:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mRtUIs1VeNRxXr5MUJcgJSPdVlg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/5811c0-6dae-4dd4-987c-d46ffc501f36/1/dUzHcv1qzeux_y2IL7xdvYNLLOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/5811c0-6dae-4dd4-987c-d46ffc501f36/1/mRtUIs1VeNRxXr5MUJcgJSPdVlg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:acc::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:f3:0c:13:10:ce:40:03:0b:3e:5b:5b:5f:5d:97:2f:cf:8c:
         95:4f:25:3f:40:f7:3a:75:4f:8a:53:06:d6:c0:36:dc:8f:44:
         f3:01:fd:ce:b2:1d:a7:97:0e:0a:6b:a1:d5:20:0d:1e:14:90:
         20:96:38:c6:ab:78:62:69:19:59:17:48:6e:e0:20:78:17:a0:
         5a:16:15:3d:98:7b:c7:b0:00:a2:17:64:77:da:9d:2b:bc:77:
         e8:27:27:ae:6f:2b:b6:44:71:40:a0:6a:a0:51:33:64:a6:10:
         ed:fe:26:49:4e:f2:28:6f:59:0e:c2:d5:69:66:c0:fc:23:13:
         0f:55:04:08:32:8e:30:01:79:02:20:60:a8:36:1b:0a:12:e5:
         3a:9d:a6:27:af:68:71:e5:b9:28:f7:e0:26:9d:64:86:af:08:
         3b:b6:cb:81:90:c5:4e:c8:71:81:aa:66:4a:3e:63:92:ae:0b:
         a7:51:00:de:46:31:df:b5:fd:5f:0c:ba:1a:cd:d2:69:0b:ef:
         12:9b:5f:31:97:07:cc:51:80:70:84:c5:8c:e6:5e:97:fb:21:
         24:39:08:2a:d5:42:69:26:a4:95:d2:78:2c:a8:1a:60:3c:06:
         a1:dd:ea:27:37:d6:82:ff:59:e9:e6:95:e8:db:e5:e3:e3:e2:
         6a:9d:36:b5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhQ7VUaovrRv43/EdJwo4LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MWI1NDIyY2Q1NTc4ZDQ3MTVlYmU0YzUwOTcyMDI1MjNk
ZDU2NTgwHhcNMjUwMTAxMDk0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTRjYzc3MmZkNmFjZGViYjFmZjJkODgyZmJjNWRiZDgzNGIyY2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA51mqxtH5w0Y1GrVgdqI1SaiB9lnL
b9E4mxQdU234yftf9oEiX4gAomPiWugMYnDD2hae6ZOGQtn1jwOVLBwc6k1jSyJa
FdWFBXkFIreOKDy9QXGZ5d7wJ08Xvp3o+KeJM/67gX6juIMRkACR9YEULkqSaHAH
iXNexINjlenvmQnL8pkPOSp6ZBbFnKJY70DXaGfudZZxt6t/IzS/D/ziua6+Qbx+
SUu3JL/fMTRXgKixfdQG3Pp6kHQivu1n8HUiJhaahqYJze+pPOL8W4I0Vt1HiR7A
ZiS0Ze9q+uPQecAzzNDSF/4pjukhm/H3AgGK8TcY66+2BRgp3vpRUuES2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHVMx3L9as3rsf8tiC+8Xb2DSyzkMB8GA1UdIwQY
MBaAFJkbVCLNVXjUcV6+TFCXICUj3VZYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVJ0VUlzMVZlTlJ4WHI1TVVKY2dKU1BkVmxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy81ODExYzAtNmRhZS00ZGQ0LTk4N2Mt
ZDQ2ZmZjNTAxZjM2LzEvZFV6SGN2MXF6ZXV4X3kySUw3eGR2WU5MTE9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy81ODExYzAtNmRhZS00ZGQ0LTk4N2MtZDQ2ZmZjNTAxZjM2
LzEvbVJ0VUlzMVZlTlJ4WHI1TVVKY2dKU1BkVmxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeArM
MA0GCSqGSIb3DQEBCwUAA4IBAQCN8wwTEM5AAws+W1tfXZcvz4yVTyU/QPc6dU+K
UwbWwDbcj0TzAf3Osh2nlw4Ka6HVIA0eFJAgljjGq3hiaRlZF0hu4CB4F6BaFhU9
mHvHsACiF2R32p0rvHfoJyeubyu2RHFAoGqgUTNkphDt/iZJTvIob1kOwtVpZsD8
IxMPVQQIMo4wAXkCIGCoNhsKEuU6naYnr2hx5bko9+AmnWSGrwg7tsuBkMVOyHGB
qmZKPmOSrgunUQDeRjHftf1fDLoazdJpC+8Sm18xlwfMUYBwhMWM5l6X+yEkOQgq
1UJpJqSV0ngsqBpgPAah3eonN9aC/1np5pXo2+Xj4+JqnTa1
-----END CERTIFICATE-----