Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/f507cb-7371-4ad1-b7e3-16a7d60d5bea/1/Ve2RrvNi_87VDfl21Lq8fKe-sYc.roa
File:                     Ve2RrvNi_87VDfl21Lq8fKe-sYc.roa (raw, json)
Hash identifier:          Bwg7wRCqbsHk5Pn4Ah5pnRiyg8rpwcrSFyOQ2YGllyY=
Subject key identifier:   55:ED:91:AE:F3:62:FF:CE:D5:0D:F9:76:D4:BA:BC:7C:A7:BE:B1:87
Certificate issuer:       /CN=d116835d037786620a9e9f7a0e360498bb654127
Certificate serial:       01942521BA1536C043B52D0BF91C03C17840
Authority key identifier: D1:16:83:5D:03:77:86:62:0A:9E:9F:7A:0E:36:04:98:BB:65:41:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0RaDXQN3hmIKnp96DjYEmLtlQSc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/f507cb-7371-4ad1-b7e3-16a7d60d5bea/1/Ve2RrvNi_87VDfl21Lq8fKe-sYc.roa
Signing time:             Thu 02 Jan 2025 03:49:14 +0000
ROA not before:           Thu 02 Jan 2025 03:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15404
IP address blocks:        2001:678:274::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/f507cb-7371-4ad1-b7e3-16a7d60d5bea/1/0RaDXQN3hmIKnp96DjYEmLtlQSc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/f507cb-7371-4ad1-b7e3-16a7d60d5bea/1/0RaDXQN3hmIKnp96DjYEmLtlQSc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0RaDXQN3hmIKnp96DjYEmLtlQSc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 15:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ba:15:36:c0:43:b5:2d:0b:f9:1c:03:c1:78:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d116835d037786620a9e9f7a0e360498bb654127
        Validity
            Not Before: Jan  2 03:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55ed91aef362ffced50df976d4babc7ca7beb187
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:07:e2:df:7f:11:3c:aa:21:60:71:cf:f6:5b:
                    e9:36:8b:6f:94:f5:6e:73:9e:6d:df:07:43:fa:5e:
                    87:3c:a5:a4:49:cd:6c:6e:b9:c9:8b:c8:50:f1:48:
                    6a:bf:b2:e9:3d:a1:eb:89:a1:73:e9:a7:36:14:97:
                    a8:bf:87:ff:0e:2e:85:e8:3d:11:27:d8:7e:6a:21:
                    63:3e:ec:94:4f:0c:f0:aa:52:13:c2:9f:52:27:0b:
                    f5:45:4c:31:d8:82:6e:f8:74:51:d1:c2:ff:d1:08:
                    08:b8:4d:57:22:d7:2e:f4:a7:ca:3f:70:b4:62:63:
                    7a:39:91:5c:c0:92:ec:84:2f:73:ce:1c:08:15:b4:
                    cb:a3:34:b2:0d:2c:c5:af:f5:54:98:44:28:44:4c:
                    7c:84:c7:25:a0:9d:58:b6:45:36:7e:89:c8:be:94:
                    cf:ec:e4:af:ca:6b:1b:16:3b:72:cf:c7:13:5a:36:
                    47:8c:9b:fe:db:0e:ee:43:75:84:21:88:ea:32:11:
                    04:9e:0c:e5:3d:1b:84:24:d6:56:93:e6:bd:d1:14:
                    d3:36:39:b0:12:a6:13:54:d3:a4:1b:96:9a:02:d8:
                    b0:46:8d:7f:b3:bc:98:fc:ea:62:ad:6f:87:79:64:
                    54:4d:ae:09:2d:5d:c5:b9:b6:e5:ab:84:cb:54:10:
                    e8:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:ED:91:AE:F3:62:FF:CE:D5:0D:F9:76:D4:BA:BC:7C:A7:BE:B1:87
            X509v3 Authority Key Identifier:
                keyid:D1:16:83:5D:03:77:86:62:0A:9E:9F:7A:0E:36:04:98:BB:65:41:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0RaDXQN3hmIKnp96DjYEmLtlQSc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/f507cb-7371-4ad1-b7e3-16a7d60d5bea/1/Ve2RrvNi_87VDfl21Lq8fKe-sYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/f507cb-7371-4ad1-b7e3-16a7d60d5bea/1/0RaDXQN3hmIKnp96DjYEmLtlQSc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:274::/48

    Signature Algorithm: sha256WithRSAEncryption
         ad:20:87:78:26:b3:e3:3a:7e:46:70:b4:09:ab:b5:a4:53:a6:
         3c:80:0d:ef:32:45:c9:74:4b:e0:7f:60:c6:fb:88:6f:c3:11:
         68:a4:70:1a:96:b5:d3:0d:53:4d:8b:9c:6b:da:c7:76:9f:90:
         ff:4e:55:ff:f8:dc:bf:c1:08:90:b4:2f:18:e4:e5:66:a6:e4:
         20:f6:5f:64:f2:0f:80:96:c3:9a:af:4c:b4:3f:d4:8b:c3:0b:
         f9:82:01:9b:98:9d:ba:80:d6:6b:51:f3:71:22:d9:f5:a4:4a:
         92:8d:c4:a9:81:1b:a9:9a:13:ba:1c:bc:e5:09:32:50:12:5b:
         5c:4e:02:67:3a:58:54:9d:dd:48:30:0e:50:75:00:2b:a1:1e:
         3e:51:3e:12:c0:d1:13:60:d1:83:ea:15:05:55:f3:fd:2d:15:
         59:e7:6f:5f:f3:84:d1:0b:a2:2b:1a:4b:a9:e1:37:08:52:1d:
         21:6f:82:51:00:72:ab:e6:d1:56:b2:d2:57:73:9e:8b:e3:6d:
         3f:f6:a1:ee:c4:53:8b:a9:f6:74:f9:7a:28:0d:ec:4d:9f:b4:
         19:ed:d5:a5:23:8f:77:f5:77:f0:b2:4e:a5:77:9a:12:a5:64:
         bc:4f:b5:55:10:3e:8f:37:39:10:d3:75:6d:63:99:0e:22:1b:
         1d:a0:ac:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIboVNsBDtS0L+RwDwXhAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxMTY4MzVkMDM3Nzg2NjIwYTllOWY3YTBlMzYwNDk4YmI2
NTQxMjcwHhcNMjUwMTAyMDM0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWVkOTFhZWYzNjJmZmNlZDUwZGY5NzZkNGJhYmM3Y2E3YmViMTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgfi338RPKohYHHP9lvpNotvlPVu
c55t3wdD+l6HPKWkSc1sbrnJi8hQ8Uhqv7LpPaHriaFz6ac2FJeov4f/Di6F6D0R
J9h+aiFjPuyUTwzwqlITwp9SJwv1RUwx2IJu+HRR0cL/0QgIuE1XItcu9KfKP3C0
YmN6OZFcwJLshC9zzhwIFbTLozSyDSzFr/VUmEQoREx8hMcloJ1YtkU2fonIvpTP
7OSvymsbFjtyz8cTWjZHjJv+2w7uQ3WEIYjqMhEEngzlPRuEJNZWk+a90RTTNjmw
EqYTVNOkG5aaAtiwRo1/s7yY/OpirW+HeWRUTa4JLV3Fubblq4TLVBDo+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFXtka7zYv/O1Q35dtS6vHynvrGHMB8GA1UdIwQY
MBaAFNEWg10Dd4ZiCp6feg42BJi7ZUEnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFJhRFhRTjNobUlLbnA5NkRqWUVtTHRsUVNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9mNTA3Y2ItNzM3MS00YWQxLWI3ZTMt
MTZhN2Q2MGQ1YmVhLzEvVmUyUnJ2TmlfODdWRGZsMjFMcThmS2Utc1ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9mNTA3Y2ItNzM3MS00YWQxLWI3ZTMtMTZhN2Q2MGQ1YmVh
LzEvMFJhRFhRTjNobUlLbnA5NkRqWUVtTHRsUVNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAJ0
MA0GCSqGSIb3DQEBCwUAA4IBAQCtIId4JrPjOn5GcLQJq7WkU6Y8gA3vMkXJdEvg
f2DG+4hvwxFopHAalrXTDVNNi5xr2sd2n5D/TlX/+Ny/wQiQtC8Y5OVmpuQg9l9k
8g+AlsOar0y0P9SLwwv5ggGbmJ26gNZrUfNxItn1pEqSjcSpgRupmhO6HLzlCTJQ
EltcTgJnOlhUnd1IMA5QdQAroR4+UT4SwNETYNGD6hUFVfP9LRVZ529f84TRC6Ir
Gkup4TcIUh0hb4JRAHKr5tFWstJXc56L420/9qHuxFOLqfZ0+XooDexNn7QZ7dWl
I4939Xfwsk6ld5oSpWS8T7VVED6PNzkQ03VtY5kOIhsdoKwN
-----END CERTIFICATE-----