Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/01b5af-b777-4b59-a5b2-5e97f4a512e5/1/u73MqPatc0TpxI-ub7E_BjZdR0A.roa
File:                     u73MqPatc0TpxI-ub7E_BjZdR0A.roa (raw, json)
Hash identifier:          Va28jPu1gwk8ly85dp8PE1WNkUFlIH8BlQN3xkzDe74=
Subject key identifier:   BB:BD:CC:A8:F6:AD:73:44:E9:C4:8F:AE:6F:B1:3F:06:36:5D:47:40
Certificate issuer:       /CN=d23708099f7a205564b5f8e05d217bd2fae4de88
Certificate serial:       01942825F0034AD453BCCFD9B113ADF00FEC
Authority key identifier: D2:37:08:09:9F:7A:20:55:64:B5:F8:E0:5D:21:7B:D2:FA:E4:DE:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0jcICZ96IFVktfjgXSF70vrk3og.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/01b5af-b777-4b59-a5b2-5e97f4a512e5/1/u73MqPatc0TpxI-ub7E_BjZdR0A.roa
Signing time:             Thu 02 Jan 2025 17:52:42 +0000
ROA not before:           Thu 02 Jan 2025 17:52:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58132
IP address blocks:        2001:678:594::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/01b5af-b777-4b59-a5b2-5e97f4a512e5/1/0jcICZ96IFVktfjgXSF70vrk3og.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/01b5af-b777-4b59-a5b2-5e97f4a512e5/1/0jcICZ96IFVktfjgXSF70vrk3og.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0jcICZ96IFVktfjgXSF70vrk3og.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 11:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:f0:03:4a:d4:53:bc:cf:d9:b1:13:ad:f0:0f:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d23708099f7a205564b5f8e05d217bd2fae4de88
        Validity
            Not Before: Jan  2 17:52:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bbbdcca8f6ad7344e9c48fae6fb13f06365d4740
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:31:7d:97:2e:a6:f0:77:a2:a7:12:0c:a8:f2:
                    6f:09:02:1e:46:22:09:ae:2e:f4:6c:25:2a:92:13:
                    0a:31:6b:0b:24:1c:c0:5b:63:f5:6a:8c:bb:e0:61:
                    26:bf:71:b3:9b:14:ea:77:2d:41:1d:65:c7:ff:ca:
                    52:2a:20:08:52:75:f6:a1:df:99:6d:a7:81:e1:0f:
                    ef:e5:4c:7f:e3:8d:72:a7:87:75:fb:92:8e:3a:d3:
                    03:34:c8:57:c9:ca:d1:8d:de:68:56:fc:44:97:d6:
                    44:51:d5:75:a5:a7:b5:1e:6e:bd:3a:39:1e:9c:d4:
                    7f:69:01:f6:75:0d:d7:86:c5:0b:14:40:6c:c9:7d:
                    8d:ca:d8:28:1c:89:0a:fb:de:3d:63:76:86:46:f3:
                    20:2e:e6:92:37:47:24:0b:42:d3:08:cc:30:93:2c:
                    59:03:11:8a:30:e2:9f:4d:60:a8:25:44:43:9d:db:
                    21:36:86:1a:57:d1:45:a1:52:c1:e9:26:67:cc:b2:
                    ed:37:b5:2e:6a:c2:3e:66:33:1b:15:5b:c9:83:a9:
                    a3:ba:ab:7f:b6:40:15:9c:26:5f:a9:8e:82:20:0a:
                    5f:4c:ff:06:f7:14:95:24:e3:bc:15:19:9f:2c:17:
                    b2:2e:53:8a:7f:7c:a0:f6:97:98:63:51:66:09:51:
                    a0:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:BD:CC:A8:F6:AD:73:44:E9:C4:8F:AE:6F:B1:3F:06:36:5D:47:40
            X509v3 Authority Key Identifier:
                keyid:D2:37:08:09:9F:7A:20:55:64:B5:F8:E0:5D:21:7B:D2:FA:E4:DE:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0jcICZ96IFVktfjgXSF70vrk3og.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/01b5af-b777-4b59-a5b2-5e97f4a512e5/1/u73MqPatc0TpxI-ub7E_BjZdR0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/01b5af-b777-4b59-a5b2-5e97f4a512e5/1/0jcICZ96IFVktfjgXSF70vrk3og.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:594::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:6b:a9:d8:36:fa:04:df:7f:f1:99:a9:3d:56:cd:36:22:02:
         e6:5e:dc:ab:6c:24:4d:1e:1f:c0:a6:96:b9:d7:84:c1:89:71:
         32:a0:da:64:8a:a9:68:41:8b:e1:0e:ac:c2:7a:e3:16:37:10:
         5f:c0:18:9c:e8:7e:1c:23:70:90:5e:e1:59:d8:33:94:86:7e:
         3e:b3:e8:f1:0a:8a:36:83:8f:7b:82:4a:0f:25:bb:74:41:8f:
         3e:a9:4d:0a:a6:3f:4c:95:f5:dc:31:e0:e2:bd:5f:24:09:28:
         1c:78:c2:ea:8d:10:fd:58:b9:52:99:e0:65:e1:6f:bc:4e:d6:
         4b:bc:7b:b9:f0:26:18:13:cb:d3:4d:51:22:e8:d3:aa:eb:74:
         50:34:dd:10:b3:6c:a0:64:da:f1:56:7b:0e:04:74:d4:24:6f:
         fc:1e:4d:43:9f:20:42:99:07:d5:e5:9f:b6:1d:5e:f3:48:d2:
         3e:3b:f2:ac:68:ad:d8:23:33:10:1a:a7:d3:b8:b0:0d:5a:2d:
         10:af:9b:58:6b:df:6a:f8:c1:fc:6d:a0:b1:91:0d:54:33:b1:
         04:52:7f:d7:5e:fc:3e:96:0d:b4:36:3d:1c:5b:52:fa:c6:3b:
         12:56:7b:9b:75:17:9d:0e:2a:11:ff:02:c8:1b:d3:e5:6f:9f:
         24:05:19:f4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQoJfADStRTvM/ZsROt8A/sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMzcwODA5OWY3YTIwNTU2NGI1ZjhlMDVkMjE3YmQyZmFl
NGRlODgwHhcNMjUwMTAyMTc1MjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmJkY2NhOGY2YWQ3MzQ0ZTljNDhmYWU2ZmIxM2YwNjM2NWQ0NzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjF9ly6m8HeipxIMqPJvCQIeRiIJ
ri70bCUqkhMKMWsLJBzAW2P1aoy74GEmv3GzmxTqdy1BHWXH/8pSKiAIUnX2od+Z
baeB4Q/v5Ux/441yp4d1+5KOOtMDNMhXycrRjd5oVvxEl9ZEUdV1pae1Hm69Ojke
nNR/aQH2dQ3XhsULFEBsyX2NytgoHIkK+949Y3aGRvMgLuaSN0ckC0LTCMwwkyxZ
AxGKMOKfTWCoJURDndshNoYaV9FFoVLB6SZnzLLtN7UuasI+ZjMbFVvJg6mjuqt/
tkAVnCZfqY6CIApfTP8G9xSVJOO8FRmfLBeyLlOKf3yg9peYY1FmCVGgRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLu9zKj2rXNE6cSPrm+xPwY2XUdAMB8GA1UdIwQY
MBaAFNI3CAmfeiBVZLX44F0he9L65N6IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGpjSUNaOTZJRlZrdGZqZ1hTRjcwdnJrM29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8wMWI1YWYtYjc3Ny00YjU5LWE1YjIt
NWU5N2Y0YTUxMmU1LzEvdTczTXFQYXRjMFRweEktdWI3RV9CalpkUjBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8wMWI1YWYtYjc3Ny00YjU5LWE1YjItNWU5N2Y0YTUxMmU1
LzEvMGpjSUNaOTZJRlZrdGZqZ1hTRjcwdnJrM29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAWU
MA0GCSqGSIb3DQEBCwUAA4IBAQB6a6nYNvoE33/xmak9Vs02IgLmXtyrbCRNHh/A
ppa514TBiXEyoNpkiqloQYvhDqzCeuMWNxBfwBic6H4cI3CQXuFZ2DOUhn4+s+jx
Coo2g497gkoPJbt0QY8+qU0Kpj9MlfXcMeDivV8kCSgceMLqjRD9WLlSmeBl4W+8
TtZLvHu58CYYE8vTTVEi6NOq63RQNN0Qs2ygZNrxVnsOBHTUJG/8Hk1DnyBCmQfV
5Z+2HV7zSNI+O/KsaK3YIzMQGqfTuLANWi0Qr5tYa99q+MH8baCxkQ1UM7EEUn/X
Xvw+lg20Nj0cW1L6xjsSVnubdRedDioR/wLIG9Plb58kBRn0
-----END CERTIFICATE-----