Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/01c7c0-e700-418e-9207-91160bb4c659/1/LOaUW2EiiQcwyCw-rJigudzub6k.roa
File:                     LOaUW2EiiQcwyCw-rJigudzub6k.roa (raw, json)
Hash identifier:          RdbP2I4p2rkiwtFqPpCMDtwplJx26+Pix0+Jf5B+brg=
Subject key identifier:   2C:E6:94:5B:61:22:89:07:30:C8:2C:3E:AC:98:A0:B9:DC:EE:6F:A9
Certificate issuer:       /CN=8e7aee3559fcc31bfed77eece8b7479c8e856a5b
Certificate serial:       0194266C327DB12DB553FF7B22F37DFBE052
Authority key identifier: 8E:7A:EE:35:59:FC:C3:1B:FE:D7:7E:EC:E8:B7:47:9C:8E:85:6A:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jnruNVn8wxv-137s6LdHnI6Fals.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/01c7c0-e700-418e-9207-91160bb4c659/1/LOaUW2EiiQcwyCw-rJigudzub6k.roa
Signing time:             Thu 02 Jan 2025 09:50:12 +0000
ROA not before:           Thu 02 Jan 2025 09:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57166
IP address blocks:        2001:678:918::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/01c7c0-e700-418e-9207-91160bb4c659/1/jnruNVn8wxv-137s6LdHnI6Fals.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/01c7c0-e700-418e-9207-91160bb4c659/1/jnruNVn8wxv-137s6LdHnI6Fals.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jnruNVn8wxv-137s6LdHnI6Fals.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 15:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:32:7d:b1:2d:b5:53:ff:7b:22:f3:7d:fb:e0:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e7aee3559fcc31bfed77eece8b7479c8e856a5b
        Validity
            Not Before: Jan  2 09:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ce6945b6122890730c82c3eac98a0b9dcee6fa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:f1:52:2a:d5:09:08:e9:e2:93:2d:76:16:06:
                    81:34:22:b8:50:06:8a:bd:fb:af:c9:fb:c9:6e:5f:
                    19:3f:40:1e:9f:9a:d3:16:4d:48:2c:5a:1c:d4:2e:
                    80:c5:ad:af:bc:71:f9:d9:9e:eb:e4:dc:cd:aa:84:
                    4b:a1:97:da:6a:31:06:52:5b:d0:d8:0c:93:c7:94:
                    7d:99:23:e3:2a:83:6b:2a:1c:8f:62:bb:4c:bb:06:
                    d4:6b:85:eb:99:c9:76:ee:3f:3e:f7:c6:29:8f:3a:
                    de:bc:fa:5a:d8:d8:6a:be:a8:59:16:0a:d3:e5:2a:
                    34:af:2d:de:e5:41:63:a0:8e:be:00:8c:bb:57:33:
                    48:7b:88:34:af:84:5f:7b:dd:a1:d2:a4:b8:19:f8:
                    24:6e:04:1b:67:4b:54:13:62:5e:79:f1:0b:9f:c2:
                    5b:f6:2a:25:43:ec:ee:fb:bb:63:46:d6:dc:15:7b:
                    b6:84:9f:f9:c5:79:85:f0:05:d1:79:ca:28:2f:05:
                    3f:d1:66:f8:58:21:18:66:50:fd:98:3a:73:7c:b6:
                    f8:67:55:26:e0:d0:93:22:85:88:40:b5:66:f1:d7:
                    01:ba:14:b3:c5:f2:f2:d6:78:41:f0:02:a1:ad:7a:
                    c5:1d:9c:65:fb:3f:e1:69:96:4e:be:b7:2d:4e:c6:
                    16:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:E6:94:5B:61:22:89:07:30:C8:2C:3E:AC:98:A0:B9:DC:EE:6F:A9
            X509v3 Authority Key Identifier:
                keyid:8E:7A:EE:35:59:FC:C3:1B:FE:D7:7E:EC:E8:B7:47:9C:8E:85:6A:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jnruNVn8wxv-137s6LdHnI6Fals.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/01c7c0-e700-418e-9207-91160bb4c659/1/LOaUW2EiiQcwyCw-rJigudzub6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/01c7c0-e700-418e-9207-91160bb4c659/1/jnruNVn8wxv-137s6LdHnI6Fals.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:918::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:bf:f2:c2:26:80:92:8b:27:f1:5d:24:c7:af:2d:fa:70:69:
         70:b9:bd:2c:87:25:7f:2a:42:5a:7e:85:8c:15:26:cc:e3:24:
         0a:e6:47:2a:36:6a:37:c4:63:7f:ae:c7:12:cf:d8:fd:5d:e4:
         b4:19:7f:ff:bf:9a:60:aa:fa:88:68:12:0d:64:2e:ae:bd:05:
         63:7e:99:59:eb:a4:04:ba:bc:52:a4:ac:8b:b5:40:12:23:a9:
         51:ef:b2:ce:73:92:c5:35:44:f9:fe:83:74:04:32:a2:e1:88:
         24:75:36:96:be:b8:78:6c:c8:14:cc:45:a3:40:de:00:df:16:
         a1:86:df:4f:4b:bf:03:60:38:f2:d8:71:03:c3:f2:e4:19:26:
         86:dd:e3:68:45:1f:c7:a6:3a:f9:7b:a9:9f:00:c8:aa:1c:72:
         bf:41:da:ea:21:b8:ed:ab:15:93:8c:c7:74:64:57:e3:1b:8c:
         d0:d9:83:b4:f3:ea:41:ba:e1:98:9a:1d:4a:a2:73:7f:b4:8b:
         76:6c:ce:2c:b5:65:5d:b5:04:ce:60:94:6d:82:1a:68:c2:46:
         74:dd:a6:7c:41:89:6d:5f:0a:8a:0b:2b:d2:3f:9a:97:27:77:
         a5:e6:74:fc:78:f2:d6:48:f6:8b:aa:f9:f6:ff:28:16:99:e1:
         6b:7b:77:e7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQmbDJ9sS21U/97IvN9++BSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlN2FlZTM1NTlmY2MzMWJmZWQ3N2VlY2U4Yjc0NzljOGU4
NTZhNWIwHhcNMjUwMTAyMDk1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2U2OTQ1YjYxMjI4OTA3MzBjODJjM2VhYzk4YTBiOWRjZWU2ZmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PFSKtUJCOniky12FgaBNCK4UAaK
vfuvyfvJbl8ZP0Aen5rTFk1ILFoc1C6Axa2vvHH52Z7r5NzNqoRLoZfaajEGUlvQ
2AyTx5R9mSPjKoNrKhyPYrtMuwbUa4Xrmcl27j8+98YpjzrevPpa2NhqvqhZFgrT
5So0ry3e5UFjoI6+AIy7VzNIe4g0r4Rfe92h0qS4GfgkbgQbZ0tUE2JeefELn8Jb
9iolQ+zu+7tjRtbcFXu2hJ/5xXmF8AXRecooLwU/0Wb4WCEYZlD9mDpzfLb4Z1Um
4NCTIoWIQLVm8dcBuhSzxfLy1nhB8AKhrXrFHZxl+z/haZZOvrctTsYW5QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCzmlFthIokHMMgsPqyYoLnc7m+pMB8GA1UdIwQY
MBaAFI567jVZ/MMb/td+7Oi3R5yOhWpbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam5ydU5Wbjh3eHYtMTM3czZMZEhuSTZGYWxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8wMWM3YzAtZTcwMC00MThlLTkyMDct
OTExNjBiYjRjNjU5LzEvTE9hVVcyRWlpUWN3eUN3LXJKaWd1ZHp1YjZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8wMWM3YzAtZTcwMC00MThlLTkyMDctOTExNjBiYjRjNjU5
LzEvam5ydU5Wbjh3eHYtMTM3czZMZEhuSTZGYWxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAkY
MA0GCSqGSIb3DQEBCwUAA4IBAQBWv/LCJoCSiyfxXSTHry36cGlwub0shyV/KkJa
foWMFSbM4yQK5kcqNmo3xGN/rscSz9j9XeS0GX//v5pgqvqIaBINZC6uvQVjfplZ
66QEurxSpKyLtUASI6lR77LOc5LFNUT5/oN0BDKi4YgkdTaWvrh4bMgUzEWjQN4A
3xahht9PS78DYDjy2HEDw/LkGSaG3eNoRR/Hpjr5e6mfAMiqHHK/QdrqIbjtqxWT
jMd0ZFfjG4zQ2YO08+pBuuGYmh1KonN/tIt2bM4stWVdtQTOYJRtghpowkZ03aZ8
QYltXwqKCyvSP5qXJ3el5nT8ePLWSPaLqvn2/ygWmeFre3fn
-----END CERTIFICATE-----