Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/aiepDcInSC7XQM1NAo38Ltggcos.roa
File:                     aiepDcInSC7XQM1NAo38Ltggcos.roa (raw, json)
Hash identifier:          6COc/WNOkQasZPkjRm4nKC/vd3bNAbojTsGDQ+J1+tY=
Subject key identifier:   6A:27:A9:0D:C2:27:48:2E:D7:40:CD:4D:02:8D:FC:2E:D8:20:72:8B
Certificate issuer:       /CN=58a127453dfba17e10c347fa34bbebab14905a57
Certificate serial:       0194221FE1E14675D7EB429B64D5CF5AD037
Authority key identifier: 58:A1:27:45:3D:FB:A1:7E:10:C3:47:FA:34:BB:EB:AB:14:90:5A:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WKEnRT37oX4Qw0f6NLvrqxSQWlc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/aiepDcInSC7XQM1NAo38Ltggcos.roa
Signing time:             Wed 01 Jan 2025 13:48:22 +0000
ROA not before:           Wed 01 Jan 2025 13:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204723
IP address blocks:        2001:678:5d0::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/WKEnRT37oX4Qw0f6NLvrqxSQWlc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/WKEnRT37oX4Qw0f6NLvrqxSQWlc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WKEnRT37oX4Qw0f6NLvrqxSQWlc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:e1:e1:46:75:d7:eb:42:9b:64:d5:cf:5a:d0:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58a127453dfba17e10c347fa34bbebab14905a57
        Validity
            Not Before: Jan  1 13:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a27a90dc227482ed740cd4d028dfc2ed820728b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:4c:da:60:a8:5f:a3:15:aa:e8:cc:c9:1e:c2:
                    57:d2:30:e4:43:e1:08:a1:b0:4c:1a:82:03:96:5d:
                    55:5e:a8:b2:3e:c7:e7:b5:c2:b3:0b:64:d6:bc:e1:
                    55:b1:bf:68:a3:6b:f4:c8:fe:1d:12:b7:e9:fa:c8:
                    e2:69:13:28:21:81:1f:ef:05:4f:eb:98:8f:fa:ac:
                    4f:28:41:18:af:68:1d:fd:45:d8:35:84:35:ea:b8:
                    e2:68:7a:bd:05:72:40:88:e2:ef:47:38:75:ad:11:
                    d1:2e:1a:cd:ef:d9:d8:0b:4f:3f:40:30:80:9c:7f:
                    e1:7a:b8:01:71:27:14:25:14:a1:10:d6:85:82:95:
                    ca:79:39:4d:35:91:7f:81:6d:c2:0d:67:b2:59:ea:
                    9f:ec:6a:37:1e:fd:26:9a:85:53:e0:f9:1a:f2:f1:
                    b8:68:73:9b:a9:7d:c8:c4:b3:82:b6:f3:d0:9a:78:
                    9d:a8:46:30:c5:64:32:d4:c8:e5:59:78:55:ab:09:
                    f4:e2:b6:49:2b:1c:38:99:3e:ae:da:d0:65:2f:77:
                    a5:e3:5b:38:e5:00:3d:2e:af:f3:24:64:2f:63:74:
                    97:e4:8a:9f:e6:a7:61:e2:86:82:25:47:0d:7b:33:
                    d8:c3:31:33:09:b9:47:af:0e:e9:bd:f0:49:d4:75:
                    08:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:27:A9:0D:C2:27:48:2E:D7:40:CD:4D:02:8D:FC:2E:D8:20:72:8B
            X509v3 Authority Key Identifier:
                keyid:58:A1:27:45:3D:FB:A1:7E:10:C3:47:FA:34:BB:EB:AB:14:90:5A:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WKEnRT37oX4Qw0f6NLvrqxSQWlc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/aiepDcInSC7XQM1NAo38Ltggcos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/WKEnRT37oX4Qw0f6NLvrqxSQWlc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:5d0::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:e1:58:15:f4:78:85:0d:45:d6:38:95:56:df:a4:5e:64:ee:
         15:19:6e:62:92:1a:21:6f:9f:83:ee:3e:b0:5b:f0:f6:44:2e:
         60:ae:88:73:0f:e7:50:a6:46:d1:aa:4e:63:a6:72:8a:52:ed:
         74:ff:12:be:73:d8:97:f8:d1:53:2f:f6:6d:0b:1a:b6:80:7d:
         bb:86:50:05:41:91:14:0d:9f:f1:1d:30:39:29:56:cf:16:6e:
         e2:b2:68:ad:f9:f7:ac:b0:da:f2:73:90:43:85:43:0c:d1:7c:
         a8:69:d3:4a:f2:f4:9e:6c:a9:70:6c:30:49:1d:a5:10:ce:a2:
         a9:bd:ec:86:58:61:f7:42:7e:8e:49:51:22:e9:94:1c:58:2c:
         8d:8d:61:17:ea:5f:20:59:7f:6d:bd:30:50:7f:fe:17:e7:39:
         4f:aa:8f:b3:04:8a:b7:76:47:61:06:d7:47:7b:a4:42:c2:bd:
         16:25:de:79:61:6e:99:b9:a3:b4:e0:13:e4:d5:6a:a0:b5:aa:
         fd:41:66:ee:91:97:18:0f:4d:93:7d:10:23:8a:db:19:91:63:
         d1:39:79:2f:e5:8d:db:44:bb:93:32:4c:73:55:ec:4d:bc:f6:
         03:b4:2c:9e:6d:85:63:e7:6f:21:70:17:fb:dd:d7:b6:b6:09:
         41:2f:e2:cb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH+HhRnXX60KbZNXPWtA3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YTEyNzQ1M2RmYmExN2UxMGMzNDdmYTM0YmJlYmFiMTQ5
MDVhNTcwHhcNMjUwMTAxMTM0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTI3YTkwZGMyMjc0ODJlZDc0MGNkNGQwMjhkZmMyZWQ4MjA3MjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0zaYKhfoxWq6MzJHsJX0jDkQ+EI
obBMGoIDll1VXqiyPsfntcKzC2TWvOFVsb9oo2v0yP4dErfp+sjiaRMoIYEf7wVP
65iP+qxPKEEYr2gd/UXYNYQ16rjiaHq9BXJAiOLvRzh1rRHRLhrN79nYC08/QDCA
nH/hergBcScUJRShENaFgpXKeTlNNZF/gW3CDWeyWeqf7Go3Hv0mmoVT4Pka8vG4
aHObqX3IxLOCtvPQmnidqEYwxWQy1MjlWXhVqwn04rZJKxw4mT6u2tBlL3el41s4
5QA9Lq/zJGQvY3SX5Iqf5qdh4oaCJUcNezPYwzEzCblHrw7pvfBJ1HUI4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGonqQ3CJ0gu10DNTQKN/C7YIHKLMB8GA1UdIwQY
MBaAFFihJ0U9+6F+EMNH+jS766sUkFpXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0tFblJUMzdvWDRRdzBmNk5MdnJxeFNRV2xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9mMWRmZTMtMjYwOS00NmI4LWIwM2Yt
ZGE5NjAxOWQ0YzIwLzEvYWllcERjSW5TQzdYUU0xTkFvMzhMdGdnY29zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9mMWRmZTMtMjYwOS00NmI4LWIwM2YtZGE5NjAxOWQ0YzIw
LzEvV0tFblJUMzdvWDRRdzBmNk5MdnJxeFNRV2xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAXQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBh4VgV9HiFDUXWOJVW36ReZO4VGW5ikhohb5+D
7j6wW/D2RC5grohzD+dQpkbRqk5jpnKKUu10/xK+c9iX+NFTL/ZtCxq2gH27hlAF
QZEUDZ/xHTA5KVbPFm7ismit+fessNryc5BDhUMM0XyoadNK8vSebKlwbDBJHaUQ
zqKpveyGWGH3Qn6OSVEi6ZQcWCyNjWEX6l8gWX9tvTBQf/4X5zlPqo+zBIq3dkdh
BtdHe6RCwr0WJd55YW6ZuaO04BPk1Wqgtar9QWbukZcYD02TfRAjitsZkWPROXkv
5Y3bRLuTMkxzVexNvPYDtCyebYVj528hcBf73de2tglBL+LL
-----END CERTIFICATE-----