Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/01f997-f027-4a3a-8552-e6dfba1df230/1/cyFUaiualt3wMiC5gtz5aMOvlGc.roa
File:                     cyFUaiualt3wMiC5gtz5aMOvlGc.roa (raw, json)
Hash identifier:          RoAUS0DbrFV1sDA69agJ/hjEE06MIOfXgztHL0bgXao=
Subject key identifier:   73:21:54:6A:2B:9A:96:DD:F0:32:20:B9:82:DC:F9:68:C3:AF:94:67
Certificate issuer:       /CN=ab7773aa1c71a02265146ba336ccc2e58deadb88
Certificate serial:       019424B3C718D7A2081510C6BF40817425AE
Authority key identifier: AB:77:73:AA:1C:71:A0:22:65:14:6B:A3:36:CC:C2:E5:8D:EA:DB:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q3dzqhxxoCJlFGujNszC5Y3q24g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/01f997-f027-4a3a-8552-e6dfba1df230/1/cyFUaiualt3wMiC5gtz5aMOvlGc.roa
Signing time:             Thu 02 Jan 2025 01:49:09 +0000
ROA not before:           Thu 02 Jan 2025 01:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202928
IP address blocks:        2001:678:18c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/01f997-f027-4a3a-8552-e6dfba1df230/1/q3dzqhxxoCJlFGujNszC5Y3q24g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/01f997-f027-4a3a-8552-e6dfba1df230/1/q3dzqhxxoCJlFGujNszC5Y3q24g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q3dzqhxxoCJlFGujNszC5Y3q24g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 22:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c7:18:d7:a2:08:15:10:c6:bf:40:81:74:25:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab7773aa1c71a02265146ba336ccc2e58deadb88
        Validity
            Not Before: Jan  2 01:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7321546a2b9a96ddf03220b982dcf968c3af9467
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:59:a0:b6:fb:41:a2:b7:1f:10:97:35:f2:05:
                    87:d3:5a:dd:f4:b2:cf:6f:15:ce:fc:69:f1:0f:a1:
                    f3:bd:c4:dd:10:60:30:09:1b:15:e2:d7:4a:f2:3b:
                    f3:af:44:4d:fe:74:78:f3:a0:4e:5c:55:05:fd:5e:
                    79:95:a0:5b:7c:c4:e3:da:cc:92:8e:ee:4f:2d:e9:
                    4c:a5:7b:79:90:e6:04:1b:20:3e:39:99:f0:f7:67:
                    bc:85:22:8b:6b:0f:23:d7:08:04:3d:fb:dd:57:57:
                    c2:e5:2b:f9:83:3c:cf:7c:58:e9:7c:56:bf:fc:aa:
                    60:65:30:ff:54:59:f5:3b:c9:cf:22:b5:43:48:8e:
                    7f:93:92:a9:10:c5:7d:15:97:fa:f3:b8:42:5d:22:
                    79:85:b0:88:29:e2:0d:f3:3c:ba:33:4e:48:da:5a:
                    2d:b9:a6:f0:87:a9:17:c4:75:33:ed:c7:ec:c1:f7:
                    f9:94:cb:d3:15:60:df:c9:7b:e6:0d:7f:dc:29:cb:
                    7c:cb:6e:a3:1b:6f:5b:37:13:ae:43:a2:01:de:40:
                    0c:17:2e:94:95:44:d9:ff:c3:cd:51:3e:b5:b5:ef:
                    ab:93:fd:73:11:fc:f8:b9:75:84:89:d2:aa:0e:05:
                    94:ec:27:cf:ba:ef:ef:1c:6a:70:24:34:6f:98:28:
                    e1:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:21:54:6A:2B:9A:96:DD:F0:32:20:B9:82:DC:F9:68:C3:AF:94:67
            X509v3 Authority Key Identifier:
                keyid:AB:77:73:AA:1C:71:A0:22:65:14:6B:A3:36:CC:C2:E5:8D:EA:DB:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3dzqhxxoCJlFGujNszC5Y3q24g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/01f997-f027-4a3a-8552-e6dfba1df230/1/cyFUaiualt3wMiC5gtz5aMOvlGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/01f997-f027-4a3a-8552-e6dfba1df230/1/q3dzqhxxoCJlFGujNszC5Y3q24g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:18c::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:1b:7d:0c:90:b9:ef:0d:88:2b:41:16:ed:1e:c4:20:40:47:
         f7:b5:85:a2:a7:25:ae:94:9d:8d:4f:c5:00:88:38:ce:fb:f7:
         c2:27:8a:46:e8:75:bf:d0:8c:c3:e7:27:24:6c:72:b8:85:a7:
         84:87:76:e5:20:6d:a6:da:eb:e0:d2:ee:19:e6:32:67:aa:8b:
         58:b9:b7:5e:e7:b2:1a:92:f9:32:68:4e:6e:f3:bd:7d:5d:7e:
         1c:83:80:6a:cd:82:f3:68:c2:66:29:69:9a:67:c0:41:a1:bd:
         b0:6e:62:9e:52:22:23:40:c4:32:08:b9:02:4a:48:ce:f8:39:
         65:da:5d:8c:72:8b:d0:c2:0a:90:c7:8d:c9:22:43:0f:e2:9a:
         03:79:50:3b:88:a4:e5:88:15:2f:87:b4:e3:d1:ad:65:b4:36:
         08:5b:ca:65:0a:31:37:94:35:ef:16:aa:32:23:67:91:a7:47:
         b9:91:f6:5d:a2:4c:17:8a:bb:45:3e:07:01:60:9f:47:94:0e:
         cc:cd:1c:58:66:d3:cc:71:d7:2e:b4:6e:40:dd:92:3c:9f:22:
         7e:5d:54:89:44:23:32:a2:bb:2d:50:81:8e:84:18:74:c4:6a:
         68:cb:bd:28:76:bc:5c:48:7c:51:c3:81:7d:00:d2:e9:7c:8f:
         46:44:ef:80
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQks8cY16IIFRDGv0CBdCWuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzc3M2FhMWM3MWEwMjI2NTE0NmJhMzM2Y2NjMmU1OGRl
YWRiODgwHhcNMjUwMTAyMDE0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzIxNTQ2YTJiOWE5NmRkZjAzMjIwYjk4MmRjZjk2OGMzYWY5NDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1mgtvtBorcfEJc18gWH01rd9LLP
bxXO/GnxD6HzvcTdEGAwCRsV4tdK8jvzr0RN/nR486BOXFUF/V55laBbfMTj2syS
ju5PLelMpXt5kOYEGyA+OZnw92e8hSKLaw8j1wgEPfvdV1fC5Sv5gzzPfFjpfFa/
/KpgZTD/VFn1O8nPIrVDSI5/k5KpEMV9FZf687hCXSJ5hbCIKeIN8zy6M05I2lot
uabwh6kXxHUz7cfswff5lMvTFWDfyXvmDX/cKct8y26jG29bNxOuQ6IB3kAMFy6U
lUTZ/8PNUT61te+rk/1zEfz4uXWEidKqDgWU7CfPuu/vHGpwJDRvmCjhYQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHMhVGormpbd8DIguYLc+WjDr5RnMB8GA1UdIwQY
MBaAFKt3c6occaAiZRRrozbMwuWN6tuIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNkenFoeHhvQ0psRkd1ak5zekM1WTNxMjRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8wMWY5OTctZjAyNy00YTNhLTg1NTIt
ZTZkZmJhMWRmMjMwLzEvY3lGVWFpdWFsdDN3TWlDNWd0ejVhTU92bEdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8wMWY5OTctZjAyNy00YTNhLTg1NTItZTZkZmJhMWRmMjMw
LzEvcTNkenFoeHhvQ0psRkd1ak5zekM1WTNxMjRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAGM
MA0GCSqGSIb3DQEBCwUAA4IBAQCFG30MkLnvDYgrQRbtHsQgQEf3tYWipyWulJ2N
T8UAiDjO+/fCJ4pG6HW/0IzD5yckbHK4haeEh3blIG2m2uvg0u4Z5jJnqotYubde
57IakvkyaE5u8719XX4cg4BqzYLzaMJmKWmaZ8BBob2wbmKeUiIjQMQyCLkCSkjO
+Dll2l2McovQwgqQx43JIkMP4poDeVA7iKTliBUvh7Tj0a1ltDYIW8plCjE3lDXv
FqoyI2eRp0e5kfZdokwXirtFPgcBYJ9HlA7MzRxYZtPMcdcutG5A3ZI8nyJ+XVSJ
RCMyorstUIGOhBh0xGpoy70odrxcSHxRw4F9ANLpfI9GRO+A
-----END CERTIFICATE-----