Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/4c4ff2-c7eb-4fde-ad45-33dd70210ff5/1/YCOzpt6m55VdUCTyaUiIpHbbaAw.roa
File:                     YCOzpt6m55VdUCTyaUiIpHbbaAw.roa (raw, json)
Hash identifier:          8KEhXczZ5fk5hHX3jazf7zw7DRdBM2iZ9Jxn8A/DTF0=
Subject key identifier:   60:23:B3:A6:DE:A6:E7:95:5D:50:24:F2:69:48:88:A4:76:DB:68:0C
Certificate issuer:       /CN=332aecd243bef587c879bbfe1fe4c5a5beb33455
Certificate serial:       0198F2960B742A61046C0813A618DA59BB39
Authority key identifier: 33:2A:EC:D2:43:BE:F5:87:C8:79:BB:FE:1F:E4:C5:A5:BE:B3:34:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Myrs0kO-9YfIebv-H-TFpb6zNFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/4c4ff2-c7eb-4fde-ad45-33dd70210ff5/1/YCOzpt6m55VdUCTyaUiIpHbbaAw.roa
Signing time:             Thu 28 Aug 2025 21:29:36 +0000
ROA not before:           Thu 28 Aug 2025 21:29:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214347
IP address blocks:        2001:678:7b4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/4c4ff2-c7eb-4fde-ad45-33dd70210ff5/1/Myrs0kO-9YfIebv-H-TFpb6zNFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/4c4ff2-c7eb-4fde-ad45-33dd70210ff5/1/Myrs0kO-9YfIebv-H-TFpb6zNFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Myrs0kO-9YfIebv-H-TFpb6zNFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 00:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f2:96:0b:74:2a:61:04:6c:08:13:a6:18:da:59:bb:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=332aecd243bef587c879bbfe1fe4c5a5beb33455
        Validity
            Not Before: Aug 28 21:29:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6023b3a6dea6e7955d5024f2694888a476db680c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:39:d4:76:66:be:47:7e:30:84:52:b5:31:8f:
                    64:50:3e:1a:11:ea:f5:61:5f:38:6d:6f:5b:b6:1a:
                    dc:5f:c2:b4:63:dd:cc:df:af:d8:43:4d:b9:78:5e:
                    a9:9b:29:5e:50:21:85:8f:9e:81:e2:b5:9e:fa:89:
                    23:dd:79:69:8d:85:f5:34:68:8b:ae:ba:13:fe:a1:
                    9e:e3:4e:99:d1:f5:c8:ed:2f:94:4a:b0:a7:66:5d:
                    7e:5e:11:60:4e:05:32:ce:45:c9:f6:2e:3a:18:32:
                    30:a8:ee:0e:85:31:13:00:d0:de:ed:cf:4d:a3:00:
                    a9:91:27:9a:0b:e1:d2:69:80:8f:15:99:39:47:71:
                    ba:29:71:45:fc:0f:61:40:ec:1c:4e:39:ae:fa:31:
                    75:63:75:d5:9a:53:39:94:93:d6:e3:05:fb:9f:1a:
                    a3:95:7c:1d:a2:75:b2:07:e0:2c:dc:03:4a:19:f9:
                    32:7a:ac:ca:4a:4b:7c:8e:6f:03:82:1a:2b:d5:60:
                    2e:04:62:5f:40:2d:2f:6d:b1:73:a3:cc:5b:74:98:
                    a0:54:fd:2d:61:c6:a0:f5:69:1c:ff:33:87:7e:7f:
                    4c:9a:c7:b1:50:6b:be:f5:34:56:82:69:77:bb:c7:
                    a3:89:0b:a6:e3:c6:18:b2:65:1a:be:5d:33:6b:bd:
                    1b:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:23:B3:A6:DE:A6:E7:95:5D:50:24:F2:69:48:88:A4:76:DB:68:0C
            X509v3 Authority Key Identifier:
                keyid:33:2A:EC:D2:43:BE:F5:87:C8:79:BB:FE:1F:E4:C5:A5:BE:B3:34:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Myrs0kO-9YfIebv-H-TFpb6zNFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/4c4ff2-c7eb-4fde-ad45-33dd70210ff5/1/YCOzpt6m55VdUCTyaUiIpHbbaAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/4c4ff2-c7eb-4fde-ad45-33dd70210ff5/1/Myrs0kO-9YfIebv-H-TFpb6zNFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:7b4::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:de:a5:19:5d:17:92:7d:cc:9a:9a:24:d0:50:92:88:a7:31:
         57:8c:0b:66:d9:69:cf:45:07:78:d0:ca:f7:97:62:4b:c8:9c:
         c5:d5:50:62:0d:3f:e9:80:ed:a0:8c:d6:f9:23:14:8e:52:2c:
         a4:52:ec:11:68:0d:43:46:e1:df:ca:ec:54:51:e7:43:39:70:
         7c:23:d1:a5:b2:9f:dd:75:03:d3:ac:a0:03:6c:a2:e4:cf:e8:
         31:a9:e8:a7:22:c4:c9:56:21:29:0f:ed:c4:db:e7:e8:22:e1:
         55:d5:d0:a6:2b:af:8e:9b:18:cf:e4:6e:03:68:37:ab:de:f7:
         83:12:23:ab:2a:81:c1:04:75:79:a8:84:a4:1b:7a:42:34:de:
         b7:16:19:a7:13:43:8c:41:e7:41:51:73:d4:11:d9:0a:c5:64:
         8a:c0:f0:fa:ba:e4:31:b0:5a:ca:93:a1:f2:e1:60:5d:d9:c5:
         3d:9d:17:8b:3d:b9:9c:87:e2:68:53:99:dc:54:77:1a:88:cd:
         56:3e:2d:ea:d5:8c:d6:25:34:73:28:61:f1:ed:a9:0a:9f:a4:
         42:93:9f:e8:26:75:fc:88:d9:aa:c4:17:a4:1e:0d:28:94:b8:
         b1:c3:5a:62:61:f6:27:48:be:aa:d4:7a:d4:ad:12:8b:5d:25:
         1d:34:3f:68
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZjylgt0KmEEbAgTphjaWbs5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMmFlY2QyNDNiZWY1ODdjODc5YmJmZTFmZTRjNWE1YmVi
MzM0NTUwHhcNMjUwODI4MjEyOTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDIzYjNhNmRlYTZlNzk1NWQ1MDI0ZjI2OTQ4ODhhNDc2ZGI2ODBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjnUdma+R34whFK1MY9kUD4aEer1
YV84bW9bthrcX8K0Y93M36/YQ025eF6pmyleUCGFj56B4rWe+okj3XlpjYX1NGiL
rroT/qGe406Z0fXI7S+USrCnZl1+XhFgTgUyzkXJ9i46GDIwqO4OhTETANDe7c9N
owCpkSeaC+HSaYCPFZk5R3G6KXFF/A9hQOwcTjmu+jF1Y3XVmlM5lJPW4wX7nxqj
lXwdonWyB+As3ANKGfkyeqzKSkt8jm8Dghor1WAuBGJfQC0vbbFzo8xbdJigVP0t
Ycag9Wkc/zOHfn9MmsexUGu+9TRWgml3u8ejiQum48YYsmUavl0za70buwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGAjs6bepueVXVAk8mlIiKR222gMMB8GA1UdIwQY
MBaAFDMq7NJDvvWHyHm7/h/kxaW+szRVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXlyczBrTy05WWZJZWJ2LUgtVEZwYjZ6TkZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi80YzRmZjItYzdlYi00ZmRlLWFkNDUt
MzNkZDcwMjEwZmY1LzEvWUNPenB0Nm01NVZkVUNUeWFVaUlwSGJiYUF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi80YzRmZjItYzdlYi00ZmRlLWFkNDUtMzNkZDcwMjEwZmY1
LzEvTXlyczBrTy05WWZJZWJ2LUgtVEZwYjZ6TkZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAe0
MA0GCSqGSIb3DQEBCwUAA4IBAQCX3qUZXReSfcyamiTQUJKIpzFXjAtm2WnPRQd4
0Mr3l2JLyJzF1VBiDT/pgO2gjNb5IxSOUiykUuwRaA1DRuHfyuxUUedDOXB8I9Gl
sp/ddQPTrKADbKLkz+gxqeinIsTJViEpD+3E2+foIuFV1dCmK6+OmxjP5G4DaDer
3veDEiOrKoHBBHV5qISkG3pCNN63FhmnE0OMQedBUXPUEdkKxWSKwPD6uuQxsFrK
k6Hy4WBd2cU9nReLPbmch+JoU5ncVHcaiM1WPi3q1YzWJTRzKGHx7akKn6RCk5/o
JnX8iNmqxBekHg0olLixw1piYfYnSL6q1HrUrRKLXSUdND9o
-----END CERTIFICATE-----