Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/daa03d-d74b-4cfc-a23b-5a14372457f5/1/VjoP5kM-KwhZcj01jM3hl-6r6UA.roa
File:                     VjoP5kM-KwhZcj01jM3hl-6r6UA.roa (raw, json)
Hash identifier:          vqqeCugYqbCnSBb7Wp1fy/fzybkRWWHMWjjnU8HbuEA=
Subject key identifier:   56:3A:0F:E6:43:3E:2B:08:59:72:3D:35:8C:CD:E1:97:EE:AB:E9:40
Certificate issuer:       /CN=16af8ffa644e4041fdad0fc96d6272cb4017a8b0
Certificate serial:       019512FB6ED1634A11212DC53A2AA8C1777B
Authority key identifier: 16:AF:8F:FA:64:4E:40:41:FD:AD:0F:C9:6D:62:72:CB:40:17:A8:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fq-P-mROQEH9rQ_JbWJyy0AXqLA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/daa03d-d74b-4cfc-a23b-5a14372457f5/1/VjoP5kM-KwhZcj01jM3hl-6r6UA.roa
Signing time:             Mon 17 Feb 2025 08:17:02 +0000
ROA not before:           Mon 17 Feb 2025 08:17:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34927
IP address blocks:        2001:678:1030::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/daa03d-d74b-4cfc-a23b-5a14372457f5/1/Fq-P-mROQEH9rQ_JbWJyy0AXqLA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/daa03d-d74b-4cfc-a23b-5a14372457f5/1/Fq-P-mROQEH9rQ_JbWJyy0AXqLA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fq-P-mROQEH9rQ_JbWJyy0AXqLA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:12:fb:6e:d1:63:4a:11:21:2d:c5:3a:2a:a8:c1:77:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16af8ffa644e4041fdad0fc96d6272cb4017a8b0
        Validity
            Not Before: Feb 17 08:17:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=563a0fe6433e2b0859723d358ccde197eeabe940
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c1:6d:a1:13:48:6c:7c:2d:bb:3f:a4:fa:32:
                    88:9b:62:b0:5f:85:38:5d:77:f9:59:c8:89:1c:22:
                    b4:8b:38:17:16:8f:01:d8:cb:05:c3:a7:b8:ff:97:
                    2a:97:23:d5:b1:e9:df:74:ed:1b:b6:d2:32:88:d1:
                    03:6d:72:99:50:c0:28:f0:23:c6:5a:2d:cf:92:ab:
                    ce:94:36:ef:3c:ec:e5:29:29:f5:b9:ca:dc:d6:ac:
                    8e:86:56:ae:1a:8e:6c:e7:cd:6f:8b:af:3a:32:97:
                    1e:41:d1:3f:93:34:e5:37:97:70:32:da:84:9c:0d:
                    33:c4:69:1c:04:f9:d1:5d:26:c6:36:33:8f:36:f2:
                    86:c7:8c:19:40:37:5c:41:39:01:c2:49:60:74:ac:
                    87:c9:6a:1a:3d:57:f6:18:96:69:a7:17:3c:65:40:
                    03:b2:0f:11:ed:d7:1d:e1:8a:ab:44:87:45:58:71:
                    36:a9:8b:31:84:7a:72:db:34:14:91:98:a2:59:1a:
                    82:98:a6:8b:cf:cb:a6:4c:f9:11:1f:c8:a0:44:da:
                    29:b0:50:5d:45:44:5d:76:20:20:9c:aa:41:b5:68:
                    b3:b4:1b:27:be:2e:3f:2c:c3:99:63:b7:a7:06:e9:
                    3e:22:d2:10:ba:27:04:5f:e2:d4:a6:f2:d2:75:ce:
                    9d:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:3A:0F:E6:43:3E:2B:08:59:72:3D:35:8C:CD:E1:97:EE:AB:E9:40
            X509v3 Authority Key Identifier:
                keyid:16:AF:8F:FA:64:4E:40:41:FD:AD:0F:C9:6D:62:72:CB:40:17:A8:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fq-P-mROQEH9rQ_JbWJyy0AXqLA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/daa03d-d74b-4cfc-a23b-5a14372457f5/1/VjoP5kM-KwhZcj01jM3hl-6r6UA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/daa03d-d74b-4cfc-a23b-5a14372457f5/1/Fq-P-mROQEH9rQ_JbWJyy0AXqLA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1030::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:4a:02:5b:89:06:cc:96:0c:49:2b:d8:84:13:48:da:92:7a:
         91:f8:fd:c4:7b:22:ed:37:df:ee:13:4d:cf:55:74:20:e5:66:
         62:6f:e3:82:27:3a:f8:bc:80:99:aa:7b:53:a9:3a:ce:97:6a:
         ec:bf:6c:f2:63:45:6e:b5:7c:aa:71:97:fb:b7:ca:d2:e4:f8:
         b5:4e:f1:17:f2:e4:4e:0f:fc:ef:9e:a6:8e:a4:0d:d1:e8:d4:
         bf:73:f7:5b:d3:25:9a:e7:8d:0d:91:5a:c2:36:f7:b5:fa:6d:
         a4:8d:3c:12:8e:6f:96:2d:fc:4b:a0:c9:b1:13:0a:22:5c:1c:
         36:56:3b:48:bc:e5:2e:bf:4e:18:63:0d:8b:b1:53:b1:8c:d8:
         8b:79:3a:b2:a5:d2:52:08:01:3a:8c:89:5d:f4:8f:0b:84:94:
         2b:fc:7d:d5:4a:b5:44:0d:12:5c:27:4a:4c:de:cf:52:cd:82:
         af:7a:eb:cb:a1:bf:a2:39:4b:95:20:15:a9:a3:6d:1c:c6:2b:
         5a:c9:20:17:4b:e2:3a:77:05:01:70:c4:36:da:29:33:a5:51:
         b9:51:75:29:eb:b8:67:b4:0b:bc:6f:1b:10:8e:6b:d8:a2:45:
         79:bc:77:9c:40:4e:de:a2:e0:16:89:58:17:28:21:33:eb:c7:
         14:d3:99:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZUS+27RY0oRIS3FOiqowXd7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2YWY4ZmZhNjQ0ZTQwNDFmZGFkMGZjOTZkNjI3MmNiNDAx
N2E4YjAwHhcNMjUwMjE3MDgxNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjNhMGZlNjQzM2UyYjA4NTk3MjNkMzU4Y2NkZTE5N2VlYWJlOTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscFtoRNIbHwtuz+k+jKIm2KwX4U4
XXf5WciJHCK0izgXFo8B2MsFw6e4/5cqlyPVsenfdO0bttIyiNEDbXKZUMAo8CPG
Wi3PkqvOlDbvPOzlKSn1ucrc1qyOhlauGo5s581vi686MpceQdE/kzTlN5dwMtqE
nA0zxGkcBPnRXSbGNjOPNvKGx4wZQDdcQTkBwklgdKyHyWoaPVf2GJZppxc8ZUAD
sg8R7dcd4YqrRIdFWHE2qYsxhHpy2zQUkZiiWRqCmKaLz8umTPkRH8igRNopsFBd
RURddiAgnKpBtWiztBsnvi4/LMOZY7enBuk+ItIQuicEX+LUpvLSdc6dMQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFY6D+ZDPisIWXI9NYzN4Zfuq+lAMB8GA1UdIwQY
MBaAFBavj/pkTkBB/a0PyW1icstAF6iwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnEtUC1tUk9RRUg5clFfSmJXSnl5MEFYcUxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9kYWEwM2QtZDc0Yi00Y2ZjLWEyM2It
NWExNDM3MjQ1N2Y1LzEvVmpvUDVrTS1Ld2haY2owMWpNM2hsLTZyNlVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9kYWEwM2QtZDc0Yi00Y2ZjLWEyM2ItNWExNDM3MjQ1N2Y1
LzEvRnEtUC1tUk9RRUg5clFfSmJXSnl5MEFYcUxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBAw
MA0GCSqGSIb3DQEBCwUAA4IBAQBtSgJbiQbMlgxJK9iEE0jaknqR+P3EeyLtN9/u
E03PVXQg5WZib+OCJzr4vICZqntTqTrOl2rsv2zyY0VutXyqcZf7t8rS5Pi1TvEX
8uROD/zvnqaOpA3R6NS/c/db0yWa540NkVrCNve1+m2kjTwSjm+WLfxLoMmxEwoi
XBw2VjtIvOUuv04YYw2LsVOxjNiLeTqypdJSCAE6jIld9I8LhJQr/H3VSrVEDRJc
J0pM3s9SzYKveuvLob+iOUuVIBWpo20cxitaySAXS+I6dwUBcMQ22ikzpVG5UXUp
67hntAu8bxsQjmvYokV5vHecQE7eouAWiVgXKCEz68cU05mM
-----END CERTIFICATE-----