Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/d29730-515a-4bfb-ad55-e038d81b3f97/1/j2dUbB-NK5CfnidiqDMKydgI8YE.roa
File:                     j2dUbB-NK5CfnidiqDMKydgI8YE.roa (raw, json)
Hash identifier:          ZUxAxryB168omhb8dlNaslAttNVaqi4+cbp8ns+rOL0=
Subject key identifier:   8F:67:54:6C:1F:8D:2B:90:9F:9E:27:62:A8:33:0A:C9:D8:08:F1:81
Certificate issuer:       /CN=493469544203082d2c3c1ddf0f0bbd90bdc56941
Certificate serial:       0194266C3FC98E651E66D7675651D7903C29
Authority key identifier: 49:34:69:54:42:03:08:2D:2C:3C:1D:DF:0F:0B:BD:90:BD:C5:69:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/STRpVEIDCC0sPB3fDwu9kL3FaUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/d29730-515a-4bfb-ad55-e038d81b3f97/1/j2dUbB-NK5CfnidiqDMKydgI8YE.roa
Signing time:             Thu 02 Jan 2025 09:50:15 +0000
ROA not before:           Thu 02 Jan 2025 09:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206884
IP address blocks:        2001:678:8f8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/d29730-515a-4bfb-ad55-e038d81b3f97/1/STRpVEIDCC0sPB3fDwu9kL3FaUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/d29730-515a-4bfb-ad55-e038d81b3f97/1/STRpVEIDCC0sPB3fDwu9kL3FaUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/STRpVEIDCC0sPB3fDwu9kL3FaUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 21:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:3f:c9:8e:65:1e:66:d7:67:56:51:d7:90:3c:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=493469544203082d2c3c1ddf0f0bbd90bdc56941
        Validity
            Not Before: Jan  2 09:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f67546c1f8d2b909f9e2762a8330ac9d808f181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:fb:2d:50:4c:b2:b4:72:9e:5f:ea:67:97:05:
                    7d:12:c2:7e:00:a8:c9:62:b1:77:6a:9f:6f:5a:68:
                    e8:2e:0e:34:99:a7:3f:f5:96:82:90:9c:d4:c3:12:
                    f8:3e:09:95:a9:20:94:5e:e5:1b:24:98:33:d2:f7:
                    3e:56:b0:34:c7:a3:de:d2:eb:db:54:16:57:68:42:
                    66:4d:08:32:1d:0e:b5:07:dc:a2:d4:68:92:34:b0:
                    56:bb:fd:c1:ce:62:ee:5d:95:90:46:e3:9b:09:20:
                    6f:4c:e8:7c:7c:30:dc:a8:f3:5b:17:56:67:95:f6:
                    e0:2e:1e:8c:cf:c7:5b:20:b6:c9:db:1d:76:4e:db:
                    a9:03:73:35:5a:14:ab:68:0a:a7:a8:06:18:f6:37:
                    e1:43:b7:e7:16:9f:24:ba:ae:6f:49:60:83:a9:7a:
                    43:df:8d:c5:9f:d5:84:80:da:38:01:2a:6d:1c:db:
                    60:10:ca:d2:93:6d:d9:67:f5:98:67:a2:61:ef:22:
                    6e:78:1b:5c:05:90:86:a9:1f:99:04:54:97:9e:a9:
                    2d:d3:a1:75:a1:a8:78:0c:cb:d7:3f:94:37:57:1d:
                    70:0b:34:e4:62:96:e7:b7:fb:aa:ad:ce:8d:db:d8:
                    de:56:7e:7a:7c:59:9d:6c:bf:95:89:1f:a2:28:43:
                    65:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:67:54:6C:1F:8D:2B:90:9F:9E:27:62:A8:33:0A:C9:D8:08:F1:81
            X509v3 Authority Key Identifier:
                keyid:49:34:69:54:42:03:08:2D:2C:3C:1D:DF:0F:0B:BD:90:BD:C5:69:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/STRpVEIDCC0sPB3fDwu9kL3FaUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/d29730-515a-4bfb-ad55-e038d81b3f97/1/j2dUbB-NK5CfnidiqDMKydgI8YE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/d29730-515a-4bfb-ad55-e038d81b3f97/1/STRpVEIDCC0sPB3fDwu9kL3FaUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:8f8::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:01:89:ec:3a:d3:c5:46:d7:3f:54:ff:56:8b:2f:93:3e:03:
         b0:d0:8b:41:25:93:bd:ab:6c:48:48:df:7b:f1:37:07:ca:bc:
         62:2c:ca:eb:aa:7b:b0:a4:97:2b:98:e5:f2:a6:6e:cd:84:2a:
         95:0f:04:28:83:62:02:58:35:9b:eb:a7:3f:12:6b:0b:b8:f1:
         ed:39:ac:a1:b4:c9:64:ce:60:1f:2e:b4:af:a8:e0:93:76:58:
         ce:b3:a3:38:d3:f0:06:df:5c:67:92:7c:5f:63:c1:29:b0:02:
         25:25:7f:c5:8d:a1:5f:b4:02:10:30:de:d6:aa:97:33:63:39:
         44:db:c1:2f:92:f5:17:5c:56:3e:17:e5:2c:ba:a5:d9:68:8d:
         4d:81:c0:9d:68:fc:fa:30:3f:47:26:72:14:53:ec:db:03:27:
         10:c0:34:a1:ee:e6:98:01:42:1e:95:e3:3b:f8:c8:ea:94:30:
         bd:a9:6d:a2:db:6b:cd:57:6d:67:ce:eb:55:86:6c:fa:6b:28:
         9c:29:89:2f:e5:67:23:c1:ae:77:83:8f:43:9a:70:2b:45:9c:
         44:29:e7:5c:e5:0a:c7:09:1c:e9:aa:1b:28:2e:de:06:d6:66:
         49:79:48:9a:fb:0c:9f:93:54:fe:70:92:63:9a:f9:e7:e2:ab:
         9b:31:39:67
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQmbD/JjmUeZtdnVlHXkDwpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MzQ2OTU0NDIwMzA4MmQyYzNjMWRkZjBmMGJiZDkwYmRj
NTY5NDEwHhcNMjUwMTAyMDk1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjY3NTQ2YzFmOGQyYjkwOWY5ZTI3NjJhODMzMGFjOWQ4MDhmMTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvstUEyytHKeX+pnlwV9EsJ+AKjJ
YrF3ap9vWmjoLg40mac/9ZaCkJzUwxL4PgmVqSCUXuUbJJgz0vc+VrA0x6Pe0uvb
VBZXaEJmTQgyHQ61B9yi1GiSNLBWu/3BzmLuXZWQRuObCSBvTOh8fDDcqPNbF1Zn
lfbgLh6Mz8dbILbJ2x12TtupA3M1WhSraAqnqAYY9jfhQ7fnFp8kuq5vSWCDqXpD
343Fn9WEgNo4ASptHNtgEMrSk23ZZ/WYZ6Jh7yJueBtcBZCGqR+ZBFSXnqkt06F1
oah4DMvXP5Q3Vx1wCzTkYpbnt/uqrc6N29jeVn56fFmdbL+ViR+iKENlEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI9nVGwfjSuQn54nYqgzCsnYCPGBMB8GA1UdIwQY
MBaAFEk0aVRCAwgtLDwd3w8LvZC9xWlBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1RScFZFSURDQzBzUEIzZkR3dTlrTDNGYVVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9kMjk3MzAtNTE1YS00YmZiLWFkNTUt
ZTAzOGQ4MWIzZjk3LzEvajJkVWJCLU5LNUNmbmlkaXFETUt5ZGdJOFlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9kMjk3MzAtNTE1YS00YmZiLWFkNTUtZTAzOGQ4MWIzZjk3
LzEvU1RScFZFSURDQzBzUEIzZkR3dTlrTDNGYVVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAj4
MA0GCSqGSIb3DQEBCwUAA4IBAQCYAYnsOtPFRtc/VP9Wiy+TPgOw0ItBJZO9q2xI
SN978TcHyrxiLMrrqnuwpJcrmOXypm7NhCqVDwQog2ICWDWb66c/EmsLuPHtOayh
tMlkzmAfLrSvqOCTdljOs6M40/AG31xnknxfY8EpsAIlJX/FjaFftAIQMN7Wqpcz
YzlE28EvkvUXXFY+F+UsuqXZaI1NgcCdaPz6MD9HJnIUU+zbAycQwDSh7uaYAUIe
leM7+MjqlDC9qW2i22vNV21nzutVhmz6ayicKYkv5Wcjwa53g49DmnArRZxEKedc
5QrHCRzpqhsoLt4G1mZJeUia+wyfk1T+cJJjmvnn4qubMTln
-----END CERTIFICATE-----