Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/f4ff52-64ba-420b-bff4-f07dd2606267/1/0CjJkWjNBNTUeoDrNQPuYSnwMLQ.roa
File:                     0CjJkWjNBNTUeoDrNQPuYSnwMLQ.roa (raw, json)
Hash identifier:          rMAMLQ6zW01Wu80wVa2CdSK+UNAIR1vD+Et52F6+MjE=
Subject key identifier:   D0:28:C9:91:68:CD:04:D4:D4:7A:80:EB:35:03:EE:61:29:F0:30:B4
Certificate issuer:       /CN=27032f79023052100c4393c9e690f97d7896926f
Certificate serial:       01941F8C0FC6405009C6C023BE212CA9A193
Authority key identifier: 27:03:2F:79:02:30:52:10:0C:43:93:C9:E6:90:F9:7D:78:96:92:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JwMveQIwUhAMQ5PJ5pD5fXiWkm8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/f4ff52-64ba-420b-bff4-f07dd2606267/1/0CjJkWjNBNTUeoDrNQPuYSnwMLQ.roa
Signing time:             Wed 01 Jan 2025 01:47:40 +0000
ROA not before:           Wed 01 Jan 2025 01:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206161
IP address blocks:        2001:678:c88::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/f4ff52-64ba-420b-bff4-f07dd2606267/1/JwMveQIwUhAMQ5PJ5pD5fXiWkm8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/f4ff52-64ba-420b-bff4-f07dd2606267/1/JwMveQIwUhAMQ5PJ5pD5fXiWkm8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JwMveQIwUhAMQ5PJ5pD5fXiWkm8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:0f:c6:40:50:09:c6:c0:23:be:21:2c:a9:a1:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27032f79023052100c4393c9e690f97d7896926f
        Validity
            Not Before: Jan  1 01:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d028c99168cd04d4d47a80eb3503ee6129f030b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c2:9b:1f:42:5b:2d:c5:01:c4:6f:f5:20:9f:
                    86:c8:73:ef:d3:cd:56:17:08:df:84:37:64:c1:71:
                    64:58:e9:21:fb:f9:f3:63:60:5c:ed:02:8b:40:bd:
                    a4:99:97:5f:86:96:62:a3:55:e0:ea:4a:9c:c6:e7:
                    61:74:ab:7a:62:84:00:97:a7:3a:fb:b4:9e:76:d6:
                    a5:cc:de:2c:be:b4:b7:83:7a:88:00:26:06:49:23:
                    56:be:70:f6:21:76:fb:98:34:da:13:3a:a0:21:21:
                    26:3d:ef:c3:e0:03:d9:ad:6b:98:c9:07:01:9a:53:
                    1e:9a:dc:0f:80:d6:3f:a8:ba:e0:ee:c2:38:df:4d:
                    26:52:eb:c3:6a:d7:b9:06:bf:5e:43:2d:97:0e:15:
                    e8:d4:6d:f2:b5:79:bb:f0:59:dd:cf:e9:d2:15:c2:
                    49:e8:a4:46:dd:e5:ce:bd:a3:51:f8:88:7d:56:79:
                    43:63:ad:ad:92:89:98:e4:45:0c:25:9e:00:4a:14:
                    dc:b7:26:0f:f6:57:ed:2e:06:10:b3:27:46:29:8d:
                    71:cc:61:16:06:42:07:2f:25:b8:e0:87:97:d3:0f:
                    1e:81:8e:8b:6c:77:5a:5c:59:b8:1f:d5:96:df:5e:
                    61:cf:09:34:39:ee:e9:fa:d4:80:8c:9f:c8:d8:d9:
                    23:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:28:C9:91:68:CD:04:D4:D4:7A:80:EB:35:03:EE:61:29:F0:30:B4
            X509v3 Authority Key Identifier:
                keyid:27:03:2F:79:02:30:52:10:0C:43:93:C9:E6:90:F9:7D:78:96:92:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JwMveQIwUhAMQ5PJ5pD5fXiWkm8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/f4ff52-64ba-420b-bff4-f07dd2606267/1/0CjJkWjNBNTUeoDrNQPuYSnwMLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/f4ff52-64ba-420b-bff4-f07dd2606267/1/JwMveQIwUhAMQ5PJ5pD5fXiWkm8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:c88::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:72:8a:13:06:fa:24:6b:95:31:51:79:1a:b8:f4:b2:2f:ce:
         0f:30:c7:01:77:d1:71:ae:40:92:41:28:67:30:55:50:83:70:
         3e:c2:35:a2:a2:18:2e:ee:d6:4c:ec:55:a0:bb:7b:0d:e1:70:
         0e:07:10:0f:78:93:14:00:0e:96:10:70:5b:61:5d:28:da:1a:
         11:8c:5e:11:54:08:50:c3:6b:4f:10:52:69:47:da:3d:c1:2a:
         b2:03:f1:bd:15:78:3d:96:fb:97:5f:ed:ea:a3:4a:90:79:ad:
         d6:63:7e:07:af:c6:00:c6:07:6a:57:81:dd:88:f5:92:03:8f:
         b1:ae:ef:65:54:f5:d8:fe:32:a6:9e:bc:26:70:90:80:ee:b6:
         31:92:c7:85:c6:43:95:86:19:a6:03:e9:61:f2:97:92:b4:14:
         00:91:3d:be:04:02:58:2c:78:65:70:d1:37:92:cd:3d:a3:bd:
         f3:80:3c:6f:16:90:8e:53:df:94:cf:4d:c2:82:a1:7d:98:a6:
         a7:52:80:f6:71:60:1c:6b:e0:88:90:73:93:a9:36:07:f8:5f:
         b8:04:f7:05:1b:43:f7:2c:b5:5f:5d:df:8f:bf:cd:c7:89:09:
         c9:f4:6d:4b:ae:d6:0d:1e:2f:41:98:38:f7:c7:0c:1b:6c:52:
         9c:2f:54:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjA/GQFAJxsAjviEsqaGTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MDMyZjc5MDIzMDUyMTAwYzQzOTNjOWU2OTBmOTdkNzg5
NjkyNmYwHhcNMjUwMTAxMDE0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDI4Yzk5MTY4Y2QwNGQ0ZDQ3YTgwZWIzNTAzZWU2MTI5ZjAzMGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsKbH0JbLcUBxG/1IJ+GyHPv081W
FwjfhDdkwXFkWOkh+/nzY2Bc7QKLQL2kmZdfhpZio1Xg6kqcxudhdKt6YoQAl6c6
+7SedtalzN4svrS3g3qIACYGSSNWvnD2IXb7mDTaEzqgISEmPe/D4APZrWuYyQcB
mlMemtwPgNY/qLrg7sI4300mUuvDate5Br9eQy2XDhXo1G3ytXm78Fndz+nSFcJJ
6KRG3eXOvaNR+Ih9VnlDY62tkomY5EUMJZ4AShTctyYP9lftLgYQsydGKY1xzGEW
BkIHLyW44IeX0w8egY6LbHdaXFm4H9WW315hzwk0Oe7p+tSAjJ/I2Nkj2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNAoyZFozQTU1HqA6zUD7mEp8DC0MB8GA1UdIwQY
MBaAFCcDL3kCMFIQDEOTyeaQ+X14lpJvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSndNdmVRSXdVaEFNUTVQSjVwRDVmWGlXa204LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9mNGZmNTItNjRiYS00MjBiLWJmZjQt
ZjA3ZGQyNjA2MjY3LzEvMENqSmtXak5CTlRVZW9Eck5RUHVZU253TUxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9mNGZmNTItNjRiYS00MjBiLWJmZjQtZjA3ZGQyNjA2MjY3
LzEvSndNdmVRSXdVaEFNUTVQSjVwRDVmWGlXa204LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAyI
MA0GCSqGSIb3DQEBCwUAA4IBAQB+cooTBvoka5UxUXkauPSyL84PMMcBd9FxrkCS
QShnMFVQg3A+wjWiohgu7tZM7FWgu3sN4XAOBxAPeJMUAA6WEHBbYV0o2hoRjF4R
VAhQw2tPEFJpR9o9wSqyA/G9FXg9lvuXX+3qo0qQea3WY34Hr8YAxgdqV4HdiPWS
A4+xru9lVPXY/jKmnrwmcJCA7rYxkseFxkOVhhmmA+lh8peStBQAkT2+BAJYLHhl
cNE3ks09o73zgDxvFpCOU9+Uz03CgqF9mKanUoD2cWAca+CIkHOTqTYH+F+4BPcF
G0P3LLVfXd+Pv83HiQnJ9G1LrtYNHi9BmDj3xwwbbFKcL1S6
-----END CERTIFICATE-----