Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/8b4b1a-ea4f-42e1-b942-b119c258cfad/1/trN1o901j4dwBUGmgorKM0dgbBc.roa
File:                     trN1o901j4dwBUGmgorKM0dgbBc.roa (raw, json)
Hash identifier:          OGHkh9XbmTbGJYHk7Ch716n4FnlQyUWpNyyXhbOOHGM=
Subject key identifier:   B6:B3:75:A3:DD:35:8F:87:70:05:41:A6:82:8A:CA:33:47:60:6C:17
Certificate issuer:       /CN=bbe2cc20d69b30dde18ec0d002ce2f9149bfb06d
Certificate serial:       019715EFEDD8C676F2493F29C29BC0CFC9BE
Authority key identifier: BB:E2:CC:20:D6:9B:30:DD:E1:8E:C0:D0:02:CE:2F:91:49:BF:B0:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u-LMINabMN3hjsDQAs4vkUm_sG0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/8b4b1a-ea4f-42e1-b942-b119c258cfad/1/trN1o901j4dwBUGmgorKM0dgbBc.roa
Signing time:             Wed 28 May 2025 08:08:54 +0000
ROA not before:           Wed 28 May 2025 08:08:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213701
IP address blocks:        2001:678:450::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/8b4b1a-ea4f-42e1-b942-b119c258cfad/1/u-LMINabMN3hjsDQAs4vkUm_sG0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/8b4b1a-ea4f-42e1-b942-b119c258cfad/1/u-LMINabMN3hjsDQAs4vkUm_sG0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u-LMINabMN3hjsDQAs4vkUm_sG0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:15:ef:ed:d8:c6:76:f2:49:3f:29:c2:9b:c0:cf:c9:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbe2cc20d69b30dde18ec0d002ce2f9149bfb06d
        Validity
            Not Before: May 28 08:08:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6b375a3dd358f87700541a6828aca3347606c17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:a3:7c:c6:a9:69:84:26:d1:eb:cc:72:d1:a9:
                    3c:c3:2e:f7:a3:72:c1:82:02:c8:1e:1a:23:a8:20:
                    a4:db:83:b5:64:2d:32:da:7f:94:9e:5c:cb:f0:bc:
                    f5:ce:6c:d8:ad:cf:df:3a:73:68:fe:f4:7b:9f:06:
                    80:c1:f8:43:dd:75:0a:b8:8a:e5:31:da:3c:80:1f:
                    a5:93:8c:4e:dc:d4:21:c0:a9:92:22:38:10:7e:1e:
                    b7:c5:95:99:3b:88:a9:92:0b:22:94:73:e5:61:18:
                    da:78:1d:0c:7c:84:41:03:10:6d:ab:33:e6:e4:04:
                    06:ba:dd:30:78:3d:0d:c6:2d:c3:39:4e:72:5c:14:
                    57:21:21:c2:df:6f:5d:d7:95:44:2c:ba:75:bd:0b:
                    8f:80:5d:08:86:b8:0e:eb:02:c0:a8:27:be:91:c9:
                    a6:e6:30:95:28:d9:ac:eb:a7:f6:2f:c0:e1:9c:99:
                    83:b1:86:b1:95:39:a4:9a:ac:d4:c4:72:bb:1c:78:
                    af:57:58:9a:d4:03:8d:23:8b:00:86:3e:19:03:cc:
                    9a:92:fd:ab:61:32:c5:0e:a2:ca:ff:30:a4:90:57:
                    46:e0:b5:0e:30:66:53:d2:07:59:20:da:e6:d3:5f:
                    bc:7c:98:d4:f7:cb:31:47:e3:60:98:a1:78:c1:4e:
                    6f:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:B3:75:A3:DD:35:8F:87:70:05:41:A6:82:8A:CA:33:47:60:6C:17
            X509v3 Authority Key Identifier:
                keyid:BB:E2:CC:20:D6:9B:30:DD:E1:8E:C0:D0:02:CE:2F:91:49:BF:B0:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u-LMINabMN3hjsDQAs4vkUm_sG0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/8b4b1a-ea4f-42e1-b942-b119c258cfad/1/trN1o901j4dwBUGmgorKM0dgbBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/8b4b1a-ea4f-42e1-b942-b119c258cfad/1/u-LMINabMN3hjsDQAs4vkUm_sG0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:450::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:ab:47:d1:cb:51:7d:3f:05:0e:b6:e1:95:34:99:c6:a9:ab:
         94:16:50:ef:87:eb:fd:9f:8d:3e:f6:34:93:d6:ba:ef:ad:df:
         73:c0:64:df:af:05:59:b8:b9:f6:05:ea:8b:73:be:aa:20:25:
         ae:d7:29:ca:48:15:aa:c6:02:06:cc:41:4c:18:ec:43:fc:50:
         2e:eb:9f:96:3a:d1:2a:d0:1b:84:24:5c:ff:c9:1d:da:0a:d8:
         85:23:84:60:65:4c:ec:18:de:e3:87:30:74:ca:61:50:04:03:
         2a:cb:e9:e1:8f:eb:fe:08:4c:ce:55:41:3b:3c:2e:fb:ab:a6:
         61:9c:97:8e:72:4b:f6:99:25:2a:0c:d2:f8:c0:49:73:46:5f:
         f0:66:1e:ea:49:2e:2e:12:e8:b5:4b:88:4a:69:b1:36:e1:25:
         50:50:27:eb:7b:eb:7c:cd:16:ab:10:18:d6:de:d2:9a:88:ad:
         1e:89:9b:2e:e0:9f:ce:28:0e:a7:d8:c5:df:4b:80:54:16:6f:
         0c:84:d6:1f:cd:ce:7d:2c:a8:80:5e:92:e6:21:b0:ae:e9:95:
         5e:4e:7e:dd:71:7b:0e:19:f6:31:94:a3:a1:3e:11:26:25:25:
         4a:81:38:9b:69:d3:a1:78:71:65:aa:2a:5c:0f:40:ba:41:4b:
         06:20:b8:e5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZcV7+3YxnbyST8pwpvAz8m+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZTJjYzIwZDY5YjMwZGRlMThlYzBkMDAyY2UyZjkxNDli
ZmIwNmQwHhcNMjUwNTI4MDgwODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmIzNzVhM2RkMzU4Zjg3NzAwNTQxYTY4MjhhY2EzMzQ3NjA2YzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKN8xqlphCbR68xy0ak8wy73o3LB
ggLIHhojqCCk24O1ZC0y2n+UnlzL8Lz1zmzYrc/fOnNo/vR7nwaAwfhD3XUKuIrl
Mdo8gB+lk4xO3NQhwKmSIjgQfh63xZWZO4ipkgsilHPlYRjaeB0MfIRBAxBtqzPm
5AQGut0weD0Nxi3DOU5yXBRXISHC329d15VELLp1vQuPgF0IhrgO6wLAqCe+kcmm
5jCVKNms66f2L8DhnJmDsYaxlTmkmqzUxHK7HHivV1ia1AONI4sAhj4ZA8yakv2r
YTLFDqLK/zCkkFdG4LUOMGZT0gdZINrm01+8fJjU98sxR+NgmKF4wU5v4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLazdaPdNY+HcAVBpoKKyjNHYGwXMB8GA1UdIwQY
MBaAFLvizCDWmzDd4Y7A0ALOL5FJv7BtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdS1MTUlOYWJNTjNoanNEUUFzNHZrVW1fc0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84YjRiMWEtZWE0Zi00MmUxLWI5NDIt
YjExOWMyNThjZmFkLzEvdHJOMW85MDFqNGR3QlVHbWdvcktNMGRnYkJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84YjRiMWEtZWE0Zi00MmUxLWI5NDItYjExOWMyNThjZmFk
LzEvdS1MTUlOYWJNTjNoanNEUUFzNHZrVW1fc0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeARQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBeq0fRy1F9PwUOtuGVNJnGqauUFlDvh+v9n40+
9jST1rrvrd9zwGTfrwVZuLn2BeqLc76qICWu1ynKSBWqxgIGzEFMGOxD/FAu65+W
OtEq0BuEJFz/yR3aCtiFI4RgZUzsGN7jhzB0ymFQBAMqy+nhj+v+CEzOVUE7PC77
q6ZhnJeOckv2mSUqDNL4wElzRl/wZh7qSS4uEui1S4hKabE24SVQUCfre+t8zRar
EBjW3tKaiK0eiZsu4J/OKA6n2MXfS4BUFm8MhNYfzc59LKiAXpLmIbCu6ZVeTn7d
cXsOGfYxlKOhPhEmJSVKgTibadOheHFlqipcD0C6QUsGILjl
-----END CERTIFICATE-----