Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0ec2dd-a971-49d6-b68a-de7a967be810/1/Mto4d4IFbeBIsa6qUyocr2jWWK8.roa
File:                     Mto4d4IFbeBIsa6qUyocr2jWWK8.roa (raw, json)
Hash identifier:          hLmX3yT44hxgxojTu+MlPrp+Zl/FamUEdVMXkmwsOEc=
Subject key identifier:   32:DA:38:77:82:05:6D:E0:48:B1:AE:AA:53:2A:1C:AF:68:D6:58:AF
Certificate issuer:       /CN=4be372f98d766586c118b796b742ee575297c839
Certificate serial:       019702A59328F64F596F02A8CB64D94A1554
Authority key identifier: 4B:E3:72:F9:8D:76:65:86:C1:18:B7:96:B7:42:EE:57:52:97:C8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S-Ny-Y12ZYbBGLeWt0LuV1KXyDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0ec2dd-a971-49d6-b68a-de7a967be810/1/Mto4d4IFbeBIsa6qUyocr2jWWK8.roa
Signing time:             Sat 24 May 2025 14:14:54 +0000
ROA not before:           Sat 24 May 2025 14:14:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208915
IP address blocks:        2001:678:e10::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0ec2dd-a971-49d6-b68a-de7a967be810/1/S-Ny-Y12ZYbBGLeWt0LuV1KXyDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0ec2dd-a971-49d6-b68a-de7a967be810/1/S-Ny-Y12ZYbBGLeWt0LuV1KXyDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S-Ny-Y12ZYbBGLeWt0LuV1KXyDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:02:a5:93:28:f6:4f:59:6f:02:a8:cb:64:d9:4a:15:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4be372f98d766586c118b796b742ee575297c839
        Validity
            Not Before: May 24 14:14:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32da387782056de048b1aeaa532a1caf68d658af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:e1:5c:21:d4:bc:e4:30:41:cb:03:e9:e3:b3:
                    b7:0f:ad:4b:65:8d:87:b2:65:55:09:2a:2a:14:20:
                    46:a2:0c:ba:0c:38:88:dc:ea:b1:b4:be:17:02:1a:
                    fe:5d:ef:54:75:03:e5:d6:d8:16:28:e5:3f:2f:65:
                    4c:1a:aa:24:c1:40:0d:3d:89:e4:1b:db:39:1b:32:
                    35:7c:77:61:aa:44:1f:72:8c:ea:1f:97:48:3f:8a:
                    d5:e6:80:56:99:d2:75:58:86:e0:f4:ec:e4:fe:51:
                    77:d4:cb:5c:6c:43:46:91:2d:79:be:38:a4:7a:27:
                    17:e1:f0:79:99:26:5d:f6:96:6f:91:5b:46:62:ee:
                    28:27:bb:94:f6:b4:3c:24:fa:86:02:8d:2d:1e:dc:
                    03:54:f3:b2:a9:a0:df:1f:7c:c6:97:0e:22:74:69:
                    44:66:8c:87:09:fb:59:0f:cc:5e:8e:8d:a0:06:31:
                    73:55:f7:fd:06:10:04:33:5a:82:e7:ab:d1:27:f3:
                    ed:0a:ea:a7:c0:11:38:a9:c2:15:14:fd:fc:22:d2:
                    a0:e8:41:e4:71:4f:ae:c6:96:c9:1e:7e:15:f6:bf:
                    ba:df:cd:0a:15:e1:45:05:12:00:59:cf:9b:70:38:
                    84:64:7d:18:34:98:94:53:be:f2:d2:30:cb:2a:92:
                    9e:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:DA:38:77:82:05:6D:E0:48:B1:AE:AA:53:2A:1C:AF:68:D6:58:AF
            X509v3 Authority Key Identifier:
                keyid:4B:E3:72:F9:8D:76:65:86:C1:18:B7:96:B7:42:EE:57:52:97:C8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-Ny-Y12ZYbBGLeWt0LuV1KXyDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0ec2dd-a971-49d6-b68a-de7a967be810/1/Mto4d4IFbeBIsa6qUyocr2jWWK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0ec2dd-a971-49d6-b68a-de7a967be810/1/S-Ny-Y12ZYbBGLeWt0LuV1KXyDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:e10::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:7e:d1:8f:71:c8:45:f7:45:14:a7:93:bd:92:9f:b3:d3:77:
         05:3c:9e:08:5c:14:99:84:cf:2a:c4:b5:74:61:43:72:10:89:
         4c:c0:d0:1e:c3:7f:d3:7f:ac:75:8e:c7:b9:51:a7:2a:95:be:
         ef:56:9e:df:de:2f:b7:d4:67:19:0f:59:a4:39:a3:89:49:26:
         ea:18:40:2c:b7:5b:6d:9d:b3:ee:7b:b4:75:9f:95:c4:fd:5a:
         0f:43:ae:58:6f:ee:1e:9e:1b:88:98:0f:dd:b5:11:f9:37:d8:
         31:6c:25:5b:54:2d:ec:c6:41:97:dd:cb:a9:ec:3a:9a:f6:a8:
         6d:83:65:07:c1:10:49:b9:40:7e:00:c9:33:72:f2:d9:7e:7d:
         15:33:07:01:4e:fa:66:d5:d0:2c:6e:88:c2:53:50:7f:92:e1:
         66:58:26:76:98:59:fa:70:66:4c:6d:f2:8b:d9:ef:45:bf:48:
         a1:00:69:d3:70:83:f9:0f:18:8b:dc:86:23:92:2a:f6:1e:14:
         90:53:a0:19:42:ba:35:ff:b1:44:a2:10:a9:80:06:91:3a:f7:
         77:a6:92:a7:74:69:c2:4c:22:d6:ea:fb:72:07:92:61:6f:69:
         5a:72:c4:fe:98:48:d9:9d:12:80:0a:d0:ae:86:da:87:70:20:
         22:99:91:e1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZcCpZMo9k9ZbwKoy2TZShVUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZTM3MmY5OGQ3NjY1ODZjMTE4Yjc5NmI3NDJlZTU3NTI5
N2M4MzkwHhcNMjUwNTI0MTQxNDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmRhMzg3NzgyMDU2ZGUwNDhiMWFlYWE1MzJhMWNhZjY4ZDY1OGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjuFcIdS85DBBywPp47O3D61LZY2H
smVVCSoqFCBGogy6DDiI3OqxtL4XAhr+Xe9UdQPl1tgWKOU/L2VMGqokwUANPYnk
G9s5GzI1fHdhqkQfcozqH5dIP4rV5oBWmdJ1WIbg9Ozk/lF31MtcbENGkS15vjik
eicX4fB5mSZd9pZvkVtGYu4oJ7uU9rQ8JPqGAo0tHtwDVPOyqaDfH3zGlw4idGlE
ZoyHCftZD8xejo2gBjFzVff9BhAEM1qC56vRJ/PtCuqnwBE4qcIVFP38ItKg6EHk
cU+uxpbJHn4V9r+6380KFeFFBRIAWc+bcDiEZH0YNJiUU77y0jDLKpKeowIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDLaOHeCBW3gSLGuqlMqHK9o1livMB8GA1UdIwQY
MBaAFEvjcvmNdmWGwRi3lrdC7ldSl8g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy1OeS1ZMTJaWWJCR0xlV3QwTHVWMUtYeURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wZWMyZGQtYTk3MS00OWQ2LWI2OGEt
ZGU3YTk2N2JlODEwLzEvTXRvNGQ0SUZiZUJJc2E2cVV5b2NyMmpXV0s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wZWMyZGQtYTk3MS00OWQ2LWI2OGEtZGU3YTk2N2JlODEw
LzEvUy1OeS1ZMTJaWWJCR0xlV3QwTHVWMUtYeURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA4Q
MA0GCSqGSIb3DQEBCwUAA4IBAQAoftGPcchF90UUp5O9kp+z03cFPJ4IXBSZhM8q
xLV0YUNyEIlMwNAew3/Tf6x1jse5Uacqlb7vVp7f3i+31GcZD1mkOaOJSSbqGEAs
t1ttnbPue7R1n5XE/VoPQ65Yb+4enhuImA/dtRH5N9gxbCVbVC3sxkGX3cup7Dqa
9qhtg2UHwRBJuUB+AMkzcvLZfn0VMwcBTvpm1dAsbojCU1B/kuFmWCZ2mFn6cGZM
bfKL2e9Fv0ihAGnTcIP5DxiL3IYjkir2HhSQU6AZQro1/7FEohCpgAaROvd3ppKn
dGnCTCLW6vtyB5Jhb2lacsT+mEjZnRKACtCuhtqHcCAimZHh
-----END CERTIFICATE-----