Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/EjhHxmUhTpI_yi1jYptWWVsle0k.roa
File:                     EjhHxmUhTpI_yi1jYptWWVsle0k.roa (raw, json)
Hash identifier:          Eisn/B+33eIZDNWVZUSS6g6De7shzryfH75XScwtDR4=
Subject key identifier:   12:38:47:C6:65:21:4E:92:3F:CA:2D:63:62:9B:56:59:5B:25:7B:49
Certificate issuer:       /CN=40f75d327761b90c0899638f430eb614c87c3106
Certificate serial:       01942823751855B4885A4E4A0E5E6731641F
Authority key identifier: 40:F7:5D:32:77:61:B9:0C:08:99:63:8F:43:0E:B6:14:C8:7C:31:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QPddMndhuQwImWOPQw62FMh8MQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/EjhHxmUhTpI_yi1jYptWWVsle0k.roa
Signing time:             Thu 02 Jan 2025 17:49:59 +0000
ROA not before:           Thu 02 Jan 2025 17:49:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        2001:678:2cc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/QPddMndhuQwImWOPQw62FMh8MQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/QPddMndhuQwImWOPQw62FMh8MQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QPddMndhuQwImWOPQw62FMh8MQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 05:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:75:18:55:b4:88:5a:4e:4a:0e:5e:67:31:64:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40f75d327761b90c0899638f430eb614c87c3106
        Validity
            Not Before: Jan  2 17:49:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=123847c665214e923fca2d63629b56595b257b49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:b3:df:87:ae:d9:57:4b:c8:30:89:82:e6:8f:
                    84:03:a1:f7:99:de:33:6b:62:3a:f0:40:33:12:89:
                    df:e2:49:e1:7b:dd:f8:8b:1a:2f:3a:3a:eb:46:94:
                    75:5c:34:a3:51:88:6b:db:54:5c:80:e0:70:9a:0e:
                    d9:5e:89:7b:47:1f:a9:01:5f:f1:20:a5:ef:cc:f1:
                    1c:b3:20:b2:3f:de:14:87:0c:30:59:43:6a:67:6d:
                    01:8a:e4:d0:8e:9c:05:ce:f1:ca:75:36:2d:b5:3c:
                    a8:bb:fd:df:22:e3:18:26:3b:dd:63:56:d9:04:87:
                    ed:27:ab:ad:1d:f4:af:59:25:09:32:c8:54:48:bb:
                    61:51:b2:bf:1a:81:f4:10:6b:65:b5:60:ea:1a:00:
                    03:c9:02:1b:e0:4d:9f:ff:a0:d5:3c:0f:19:a8:57:
                    c6:27:c3:a2:3e:0e:e3:33:30:4d:df:d2:7a:8a:56:
                    fc:aa:b5:00:cc:37:7d:40:16:90:57:34:3f:76:c6:
                    0c:fe:5a:13:98:84:ab:be:48:e9:ba:74:eb:b7:4d:
                    59:b5:de:a4:08:42:33:ab:dd:9e:db:3e:1e:e3:11:
                    5c:32:ad:66:ac:7e:41:5c:b3:d8:50:5d:49:ef:11:
                    0a:e4:e0:de:ae:f5:41:d6:b1:ea:04:9a:2f:87:a0:
                    e9:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:38:47:C6:65:21:4E:92:3F:CA:2D:63:62:9B:56:59:5B:25:7B:49
            X509v3 Authority Key Identifier:
                keyid:40:F7:5D:32:77:61:B9:0C:08:99:63:8F:43:0E:B6:14:C8:7C:31:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QPddMndhuQwImWOPQw62FMh8MQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/EjhHxmUhTpI_yi1jYptWWVsle0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/QPddMndhuQwImWOPQw62FMh8MQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:2cc::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:e0:60:91:72:72:21:68:a6:b2:13:79:bf:ce:9c:ae:49:4e:
         9b:f3:7c:db:50:57:18:f7:22:10:18:97:de:f6:ea:e3:dd:fe:
         ce:b6:bb:ed:5e:66:ca:fa:26:ba:70:dd:8c:8c:b2:da:c0:8e:
         19:8c:ae:f1:f5:0d:1f:10:0b:ef:b4:e9:ca:9d:eb:23:40:91:
         75:ea:16:52:b4:9e:cc:fa:0f:17:ec:41:a1:8f:7d:7a:7c:3e:
         17:92:26:04:fe:93:ac:2f:47:58:dc:5a:c7:aa:76:41:52:1e:
         13:72:a0:3a:d3:9c:39:6c:03:6d:8e:b3:99:d2:58:16:2d:bf:
         7e:cd:9f:a5:2e:88:9b:1e:6d:f8:e5:7c:71:b4:f0:5d:b6:45:
         8d:c1:94:2b:ab:38:8e:da:e6:17:21:25:ce:4c:53:4e:1a:8f:
         2b:c1:0a:b4:ad:6c:80:1e:72:5d:f9:15:fd:09:fd:2c:9c:38:
         3d:d4:0b:5f:60:43:4b:2e:70:ca:f0:94:d3:81:a7:52:7f:44:
         f0:ee:ea:d7:ee:cd:c7:fe:3e:86:3f:cd:bc:38:b2:0e:34:ef:
         30:4a:19:51:83:14:8f:31:cc:2c:81:59:fe:15:54:a0:84:e3:
         76:78:28:15:69:56:b7:69:88:bf:57:b1:5a:d3:9c:04:00:6a:
         74:af:25:a0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQoI3UYVbSIWk5KDl5nMWQfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZjc1ZDMyNzc2MWI5MGMwODk5NjM4ZjQzMGViNjE0Yzg3
YzMxMDYwHhcNMjUwMTAyMTc0OTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjM4NDdjNjY1MjE0ZTkyM2ZjYTJkNjM2MjliNTY1OTViMjU3YjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0LPfh67ZV0vIMImC5o+EA6H3md4z
a2I68EAzEonf4knhe934ixovOjrrRpR1XDSjUYhr21RcgOBwmg7ZXol7Rx+pAV/x
IKXvzPEcsyCyP94UhwwwWUNqZ20BiuTQjpwFzvHKdTYttTyou/3fIuMYJjvdY1bZ
BIftJ6utHfSvWSUJMshUSLthUbK/GoH0EGtltWDqGgADyQIb4E2f/6DVPA8ZqFfG
J8OiPg7jMzBN39J6ilb8qrUAzDd9QBaQVzQ/dsYM/loTmISrvkjpunTrt01Ztd6k
CEIzq92e2z4e4xFcMq1mrH5BXLPYUF1J7xEK5ODervVB1rHqBJovh6Dp7QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBI4R8ZlIU6SP8otY2KbVllbJXtJMB8GA1UdIwQY
MBaAFED3XTJ3YbkMCJljj0MOthTIfDEGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVBkZE1uZGh1UXdJbVdPUFF3NjJGTWg4TVFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS82ZTVmNGMtMmVhZS00OGEwLTg1NTAt
MjlhYzQ1ZTJlY2ZmLzEvRWpoSHhtVWhUcElfeWkxallwdFdXVnNsZTBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS82ZTVmNGMtMmVhZS00OGEwLTg1NTAtMjlhYzQ1ZTJlY2Zm
LzEvUVBkZE1uZGh1UXdJbVdPUFF3NjJGTWg4TVFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeALM
MA0GCSqGSIb3DQEBCwUAA4IBAQAV4GCRcnIhaKayE3m/zpyuSU6b83zbUFcY9yIQ
GJfe9urj3f7OtrvtXmbK+ia6cN2MjLLawI4ZjK7x9Q0fEAvvtOnKnesjQJF16hZS
tJ7M+g8X7EGhj316fD4XkiYE/pOsL0dY3FrHqnZBUh4TcqA605w5bANtjrOZ0lgW
Lb9+zZ+lLoibHm345XxxtPBdtkWNwZQrqziO2uYXISXOTFNOGo8rwQq0rWyAHnJd
+RX9Cf0snDg91AtfYENLLnDK8JTTgadSf0Tw7urX7s3H/j6GP828OLIONO8wShlR
gxSPMcwsgVn+FVSghON2eCgVaVa3aYi/V7Fa05wEAGp0ryWg
-----END CERTIFICATE-----