Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/309980-afd7-4569-a25b-e909e41a07e5/1/gq0u0nuGqZ56yv0huU0NYxq2Tuw.roa
File:                     gq0u0nuGqZ56yv0huU0NYxq2Tuw.roa (raw, json)
Hash identifier:          BWs37rngd3jbS0e8ne6CGjqZDK9zmWcTutRQQlknGKk=
Subject key identifier:   82:AD:2E:D2:7B:86:A9:9E:7A:CA:FD:21:B9:4D:0D:63:1A:B6:4E:EC
Certificate issuer:       /CN=1e398285e227827d8f2c51f1ea997357554be612
Certificate serial:       019716A8DD23777E33E655920667BF9842D6
Authority key identifier: 1E:39:82:85:E2:27:82:7D:8F:2C:51:F1:EA:99:73:57:55:4B:E6:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HjmCheIngn2PLFHx6plzV1VL5hI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/309980-afd7-4569-a25b-e909e41a07e5/1/gq0u0nuGqZ56yv0huU0NYxq2Tuw.roa
Signing time:             Wed 28 May 2025 11:30:54 +0000
ROA not before:           Wed 28 May 2025 11:30:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39420
IP address blocks:        2001:678:898::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/309980-afd7-4569-a25b-e909e41a07e5/1/HjmCheIngn2PLFHx6plzV1VL5hI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/309980-afd7-4569-a25b-e909e41a07e5/1/HjmCheIngn2PLFHx6plzV1VL5hI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HjmCheIngn2PLFHx6plzV1VL5hI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:16:a8:dd:23:77:7e:33:e6:55:92:06:67:bf:98:42:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e398285e227827d8f2c51f1ea997357554be612
        Validity
            Not Before: May 28 11:30:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82ad2ed27b86a99e7acafd21b94d0d631ab64eec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:1f:7f:a9:94:72:e2:4d:17:9d:e3:06:58:bd:
                    05:e0:cd:56:21:d0:e2:5b:76:ca:6c:29:c2:7f:48:
                    48:fe:90:04:09:94:33:12:68:e3:58:72:99:bb:fa:
                    28:02:78:52:d9:df:85:57:c9:14:64:21:4f:bd:cf:
                    7d:9d:c4:29:ca:87:e4:39:e7:6a:a1:97:4a:37:6e:
                    e6:57:20:81:12:70:d0:f3:b4:fa:42:f2:ba:89:45:
                    63:df:62:bd:3c:e6:da:0e:5d:8b:f4:b5:f9:6c:16:
                    af:6a:0d:d3:29:b6:fa:ff:f8:89:51:61:c0:2b:0c:
                    3c:d3:0e:fa:73:85:84:a7:2d:10:ca:94:65:f7:59:
                    ed:b9:24:b0:d0:d3:76:43:a7:52:fe:3f:b0:7a:c8:
                    e7:1c:9e:79:7d:5d:64:00:41:a9:88:53:0a:1f:47:
                    27:9b:36:62:d6:a7:4a:e1:b1:0e:65:88:80:0b:bb:
                    38:72:38:0d:83:90:0b:7b:a2:1e:ba:38:61:8d:11:
                    5f:4e:54:c7:4b:4c:c9:a3:a8:09:a0:23:ab:23:60:
                    06:d7:e0:df:ce:45:1b:b2:fd:60:82:c3:92:76:8d:
                    ef:27:96:ae:2a:93:1e:67:ce:d1:b3:df:69:2e:0f:
                    ac:02:07:bb:c5:56:c4:37:4d:c2:d4:31:4b:66:3a:
                    ea:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:AD:2E:D2:7B:86:A9:9E:7A:CA:FD:21:B9:4D:0D:63:1A:B6:4E:EC
            X509v3 Authority Key Identifier:
                keyid:1E:39:82:85:E2:27:82:7D:8F:2C:51:F1:EA:99:73:57:55:4B:E6:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HjmCheIngn2PLFHx6plzV1VL5hI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/309980-afd7-4569-a25b-e909e41a07e5/1/gq0u0nuGqZ56yv0huU0NYxq2Tuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/309980-afd7-4569-a25b-e909e41a07e5/1/HjmCheIngn2PLFHx6plzV1VL5hI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:898::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:f2:af:cc:92:54:05:7d:b3:f4:2c:8e:30:bb:47:f9:e5:75:
         22:be:ca:bd:b3:08:86:3d:a8:76:7d:ac:ba:ac:d2:e3:32:0b:
         ce:b0:1c:13:7e:05:6c:4f:2d:de:c6:ad:33:e6:da:80:f8:d1:
         1c:0f:15:6b:f4:ad:e6:4c:24:4f:36:61:68:64:57:e2:4d:8d:
         68:b5:ac:bf:2e:3e:46:ab:8b:66:22:d0:0b:47:09:60:ba:6f:
         24:de:6e:0d:4f:cc:9b:4b:1b:42:c3:13:c1:3d:15:03:06:13:
         39:b6:46:4f:28:00:8f:44:55:71:a0:76:2a:5f:d8:69:d7:78:
         05:96:9d:4c:a5:9b:e6:33:60:3f:ff:a6:82:71:45:25:76:41:
         6e:2b:0e:31:b9:df:09:d5:82:46:22:47:14:44:b7:84:d8:3e:
         81:d9:34:9b:26:2b:c8:37:12:cd:d2:91:00:7c:95:c6:6b:9a:
         f4:a9:a2:ef:d9:31:48:64:ad:1e:27:f3:e6:2b:23:10:4d:84:
         71:2a:2f:ac:4d:86:cd:98:95:a0:81:50:ca:b4:fa:13:50:2e:
         3c:72:64:5e:c6:47:ba:b6:3c:66:be:cb:b2:54:2c:37:e8:3e:
         6e:9b:a4:63:5b:86:f1:1d:30:89:ca:5c:e8:6f:51:90:09:18:
         31:ca:b4:5d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZcWqN0jd34z5lWSBme/mELWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMzk4Mjg1ZTIyNzgyN2Q4ZjJjNTFmMWVhOTk3MzU3NTU0
YmU2MTIwHhcNMjUwNTI4MTEzMDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmFkMmVkMjdiODZhOTllN2FjYWZkMjFiOTRkMGQ2MzFhYjY0ZWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1h9/qZRy4k0XneMGWL0F4M1WIdDi
W3bKbCnCf0hI/pAECZQzEmjjWHKZu/ooAnhS2d+FV8kUZCFPvc99ncQpyofkOedq
oZdKN27mVyCBEnDQ87T6QvK6iUVj32K9PObaDl2L9LX5bBavag3TKbb6//iJUWHA
Kww80w76c4WEpy0QypRl91ntuSSw0NN2Q6dS/j+wesjnHJ55fV1kAEGpiFMKH0cn
mzZi1qdK4bEOZYiAC7s4cjgNg5ALe6IeujhhjRFfTlTHS0zJo6gJoCOrI2AG1+Df
zkUbsv1ggsOSdo3vJ5auKpMeZ87Rs99pLg+sAge7xVbEN03C1DFLZjrqKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIKtLtJ7hqmeesr9IblNDWMatk7sMB8GA1UdIwQY
MBaAFB45goXiJ4J9jyxR8eqZc1dVS+YSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGptQ2hlSW5nbjJQTEZIeDZwbHpWMVZMNWhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8zMDk5ODAtYWZkNy00NTY5LWEyNWIt
ZTkwOWU0MWEwN2U1LzEvZ3EwdTBudUdxWjU2eXYwaHVVME5ZeHEyVHV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8zMDk5ODAtYWZkNy00NTY5LWEyNWItZTkwOWU0MWEwN2U1
LzEvSGptQ2hlSW5nbjJQTEZIeDZwbHpWMVZMNWhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAiY
MA0GCSqGSIb3DQEBCwUAA4IBAQB08q/MklQFfbP0LI4wu0f55XUivsq9swiGPah2
fay6rNLjMgvOsBwTfgVsTy3exq0z5tqA+NEcDxVr9K3mTCRPNmFoZFfiTY1otay/
Lj5Gq4tmItALRwlgum8k3m4NT8ybSxtCwxPBPRUDBhM5tkZPKACPRFVxoHYqX9hp
13gFlp1MpZvmM2A//6aCcUUldkFuKw4xud8J1YJGIkcURLeE2D6B2TSbJivINxLN
0pEAfJXGa5r0qaLv2TFIZK0eJ/PmKyMQTYRxKi+sTYbNmJWggVDKtPoTUC48cmRe
xke6tjxmvsuyVCw36D5um6RjW4bxHTCJylzob1GQCRgxyrRd
-----END CERTIFICATE-----