Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/c35a99-f87a-4211-af7a-81e2106a5857/1/IUu38IEhp9FcGXHXO7VwuMNYV6E.roa
File:                     IUu38IEhp9FcGXHXO7VwuMNYV6E.roa (raw, json)
Hash identifier:          0chzG77l4zUiIxP7svJWJ4YTzi1qnItTODpt8dd9BKQ=
Subject key identifier:   21:4B:B7:F0:81:21:A7:D1:5C:19:71:D7:3B:B5:70:B8:C3:58:57:A1
Certificate issuer:       /CN=c8091492d2ce8a80c087b876f91d6a3c29be7a25
Certificate serial:       019427B5BCB1EE8BBEBA3DEABD3BB07927A5
Authority key identifier: C8:09:14:92:D2:CE:8A:80:C0:87:B8:76:F9:1D:6A:3C:29:BE:7A:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yAkUktLOioDAh7h2-R1qPCm-eiU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/c35a99-f87a-4211-af7a-81e2106a5857/1/IUu38IEhp9FcGXHXO7VwuMNYV6E.roa
Signing time:             Thu 02 Jan 2025 15:50:09 +0000
ROA not before:           Thu 02 Jan 2025 15:50:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60149
IP address blocks:        2001:678:928::/48 maxlen: 48
                          2001:67c:10::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/c35a99-f87a-4211-af7a-81e2106a5857/1/yAkUktLOioDAh7h2-R1qPCm-eiU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/c35a99-f87a-4211-af7a-81e2106a5857/1/yAkUktLOioDAh7h2-R1qPCm-eiU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yAkUktLOioDAh7h2-R1qPCm-eiU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:bc:b1:ee:8b:be:ba:3d:ea:bd:3b:b0:79:27:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8091492d2ce8a80c087b876f91d6a3c29be7a25
        Validity
            Not Before: Jan  2 15:50:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=214bb7f08121a7d15c1971d73bb570b8c35857a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:6a:8a:31:c3:9a:7a:a4:d2:95:b2:56:c3:92:
                    25:93:2d:a1:1f:8a:d0:18:fd:09:f7:bb:2d:aa:c9:
                    2c:f5:71:1f:7a:e7:d7:01:e6:ae:95:8b:0a:ea:30:
                    ea:ac:77:34:b4:da:4d:25:d8:bd:f1:16:a9:87:ed:
                    bd:c8:cd:ae:f5:03:30:3a:d4:a3:ca:e8:fe:ca:f2:
                    90:59:a9:3b:0a:1c:52:e8:19:36:25:20:5a:ba:93:
                    f5:01:28:7b:1b:d5:44:14:64:98:c6:4f:48:aa:14:
                    a6:49:a9:0c:48:6c:a7:85:89:5f:f7:b5:9c:9f:2d:
                    49:6e:89:7f:ec:86:e9:de:90:9d:a2:0c:48:c4:84:
                    86:d7:9e:fa:8f:ee:f7:db:9b:d2:43:68:8b:08:f5:
                    ed:f2:f2:a6:f9:45:b8:ba:d7:f0:17:9b:41:8c:1e:
                    89:78:f7:07:81:d7:5d:7c:73:0e:da:bb:d4:18:01:
                    db:53:d8:28:a7:9f:ba:9b:80:5f:85:b5:ee:4b:e5:
                    5b:f5:a9:bc:ba:bc:f5:26:9e:45:76:d2:13:b9:87:
                    62:a6:d3:f4:86:d2:03:82:38:7c:59:d6:83:a9:1a:
                    e0:ef:dc:51:9f:03:6c:5b:1d:30:3c:c7:04:70:83:
                    7b:ac:36:6c:93:07:08:98:a4:b3:02:24:71:70:68:
                    15:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:4B:B7:F0:81:21:A7:D1:5C:19:71:D7:3B:B5:70:B8:C3:58:57:A1
            X509v3 Authority Key Identifier:
                keyid:C8:09:14:92:D2:CE:8A:80:C0:87:B8:76:F9:1D:6A:3C:29:BE:7A:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yAkUktLOioDAh7h2-R1qPCm-eiU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/c35a99-f87a-4211-af7a-81e2106a5857/1/IUu38IEhp9FcGXHXO7VwuMNYV6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/c35a99-f87a-4211-af7a-81e2106a5857/1/yAkUktLOioDAh7h2-R1qPCm-eiU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:928::/48
                  2001:67c:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:f5:9d:74:c4:e3:bb:84:fd:3c:f5:eb:59:67:66:82:62:86:
         f3:a5:d9:92:33:45:98:0c:5c:01:ba:57:eb:51:a0:24:76:bf:
         04:59:eb:27:b1:69:0b:f3:08:d0:70:a9:aa:73:11:7f:16:10:
         f3:46:b0:7e:0d:97:dc:e2:5b:02:1a:70:5c:f7:8a:ad:5a:1a:
         7c:94:51:1d:0a:d3:4d:9a:ac:68:cc:83:f1:dc:39:4d:28:d9:
         4f:67:0f:cb:57:d8:0f:31:9b:0a:20:9e:eb:aa:50:fc:8f:df:
         dd:88:7c:07:05:6b:a8:69:5b:f3:f8:6e:63:8f:a6:31:ac:d1:
         07:77:d0:90:67:28:9e:e8:73:be:95:97:c7:9b:5b:d1:a7:c3:
         e2:1f:02:5c:98:0f:30:45:79:90:77:6c:af:a6:49:e5:b9:5e:
         47:d2:02:cb:1e:c7:f1:7c:3c:8e:86:17:d0:e5:f3:43:14:51:
         11:9e:9e:70:91:26:1d:34:e0:22:ec:d9:a8:33:6d:0f:a6:36:
         c2:e3:e4:05:9d:c0:64:56:a2:6a:c7:90:57:70:ad:9b:bc:f3:
         7d:48:3f:9c:29:28:33:ab:1f:54:3d:33:4a:93:b7:03:91:91:
         06:ac:fd:9c:ea:3a:30:6e:5e:1b:28:fc:8a:d9:93:28:cc:87:
         a3:84:88:f7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQntbyx7ou+uj3qvTuweSelMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4MDkxNDkyZDJjZThhODBjMDg3Yjg3NmY5MWQ2YTNjMjli
ZTdhMjUwHhcNMjUwMTAyMTU1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTRiYjdmMDgxMjFhN2QxNWMxOTcxZDczYmI1NzBiOGMzNTg1N2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2qKMcOaeqTSlbJWw5Ilky2hH4rQ
GP0J97stqsks9XEfeufXAeaulYsK6jDqrHc0tNpNJdi98Raph+29yM2u9QMwOtSj
yuj+yvKQWak7ChxS6Bk2JSBaupP1ASh7G9VEFGSYxk9IqhSmSakMSGynhYlf97Wc
ny1Jbol/7Ibp3pCdogxIxISG1576j+7325vSQ2iLCPXt8vKm+UW4utfwF5tBjB6J
ePcHgdddfHMO2rvUGAHbU9gop5+6m4BfhbXuS+Vb9am8urz1Jp5FdtITuYdiptP0
htIDgjh8WdaDqRrg79xRnwNsWx0wPMcEcIN7rDZskwcImKSzAiRxcGgVYQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCFLt/CBIafRXBlx1zu1cLjDWFehMB8GA1UdIwQY
MBaAFMgJFJLSzoqAwIe4dvkdajwpvnolMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUFrVWt0TE9pb0RBaDdoMi1SMXFQQ20tZWlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9jMzVhOTktZjg3YS00MjExLWFmN2Et
ODFlMjEwNmE1ODU3LzEvSVV1MzhJRWhwOUZjR1hIWE83Vnd1TU5ZVjZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9jMzVhOTktZjg3YS00MjExLWFmN2EtODFlMjEwNmE1ODU3
LzEveUFrVWt0TE9pb0RBaDdoMi1SMXFQQ20tZWlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGeAko
AwcAIAEGfAAQMA0GCSqGSIb3DQEBCwUAA4IBAQBp9Z10xOO7hP089etZZ2aCYobz
pdmSM0WYDFwBulfrUaAkdr8EWesnsWkL8wjQcKmqcxF/FhDzRrB+DZfc4lsCGnBc
94qtWhp8lFEdCtNNmqxozIPx3DlNKNlPZw/LV9gPMZsKIJ7rqlD8j9/diHwHBWuo
aVvz+G5jj6YxrNEHd9CQZyie6HO+lZfHm1vRp8PiHwJcmA8wRXmQd2yvpknluV5H
0gLLHsfxfDyOhhfQ5fNDFFERnp5wkSYdNOAi7NmoM20PpjbC4+QFncBkVqJqx5BX
cK2bvPN9SD+cKSgzqx9UPTNKk7cDkZEGrP2c6jowbl4bKPyK2ZMozIejhIj3
-----END CERTIFICATE-----