Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/688da5-d238-47ce-b2e8-890ffea8d0bc/1/WReM2adAhR_LtpNyhGqyNjE1Y4M.roa
File:                     WReM2adAhR_LtpNyhGqyNjE1Y4M.roa (raw, json)
Hash identifier:          CfgqMj+xDVkXamVtZy6LM6aMe3AmsivTTFfgXAb+rPQ=
Subject key identifier:   59:17:8C:D9:A7:40:85:1F:CB:B6:93:72:84:6A:B2:36:31:35:63:83
Certificate issuer:       /CN=9209b8dd5ea7258908378661f2ba9ef89ad3a0b1
Certificate serial:       01957F297B64B7EE5277DA464D065220E221
Authority key identifier: 92:09:B8:DD:5E:A7:25:89:08:37:86:61:F2:BA:9E:F8:9A:D3:A0:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kgm43V6nJYkIN4Zh8rqe-JrToLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/688da5-d238-47ce-b2e8-890ffea8d0bc/1/WReM2adAhR_LtpNyhGqyNjE1Y4M.roa
Signing time:             Mon 10 Mar 2025 08:26:19 +0000
ROA not before:           Mon 10 Mar 2025 08:26:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211939
IP address blocks:        2001:678:1050::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/688da5-d238-47ce-b2e8-890ffea8d0bc/1/kgm43V6nJYkIN4Zh8rqe-JrToLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/688da5-d238-47ce-b2e8-890ffea8d0bc/1/kgm43V6nJYkIN4Zh8rqe-JrToLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kgm43V6nJYkIN4Zh8rqe-JrToLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:7f:29:7b:64:b7:ee:52:77:da:46:4d:06:52:20:e2:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9209b8dd5ea7258908378661f2ba9ef89ad3a0b1
        Validity
            Not Before: Mar 10 08:26:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59178cd9a740851fcbb69372846ab23631356383
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:9b:67:0b:23:48:09:22:f2:a7:7e:12:0e:db:
                    a1:7e:92:d4:f5:ae:df:0f:b8:a5:29:bc:ef:b5:df:
                    d9:bf:68:67:0e:e8:a7:61:72:5a:54:a3:8f:1e:25:
                    63:00:d6:f8:df:51:54:cc:86:e9:19:7d:3f:c8:9c:
                    bb:99:bd:bb:49:33:bc:5e:ae:ae:35:28:75:ea:5c:
                    84:56:2f:e8:35:8a:62:f8:04:21:88:c5:f7:28:0b:
                    0e:51:75:58:ce:a5:f1:fc:0b:7a:69:86:02:7c:0e:
                    ca:62:1a:68:bb:02:7f:7f:c1:65:a3:44:70:5b:62:
                    be:b8:42:f0:cc:fb:7b:f9:6e:ee:26:3c:38:f5:01:
                    25:e8:e0:35:6d:a5:7c:4b:ec:5b:5c:f0:9a:0d:e0:
                    31:ac:6f:0b:f2:c7:c4:92:54:f1:1e:c4:b7:be:f5:
                    1f:8a:97:ec:f1:1c:3e:0d:04:e4:5e:31:90:27:b6:
                    8b:45:86:ee:26:bf:8b:c3:af:da:67:88:18:11:da:
                    0e:80:5b:8a:94:85:fc:84:6b:61:d1:fc:af:27:28:
                    07:98:59:f1:9d:df:16:eb:b1:f8:e0:48:e6:06:4d:
                    d5:d8:77:c3:60:7f:7e:9a:ae:85:4c:35:8b:83:bf:
                    c1:dc:a3:e1:1b:24:20:14:f4:fb:d6:60:d4:82:7a:
                    23:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:17:8C:D9:A7:40:85:1F:CB:B6:93:72:84:6A:B2:36:31:35:63:83
            X509v3 Authority Key Identifier:
                keyid:92:09:B8:DD:5E:A7:25:89:08:37:86:61:F2:BA:9E:F8:9A:D3:A0:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kgm43V6nJYkIN4Zh8rqe-JrToLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/688da5-d238-47ce-b2e8-890ffea8d0bc/1/WReM2adAhR_LtpNyhGqyNjE1Y4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/688da5-d238-47ce-b2e8-890ffea8d0bc/1/kgm43V6nJYkIN4Zh8rqe-JrToLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1050::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:9d:13:09:78:27:e5:c7:fd:69:6c:8d:ba:d0:a2:90:53:fa:
         56:ff:51:54:4f:c7:b4:e8:6f:9d:ff:31:b8:40:fe:d9:c4:d3:
         be:c9:42:a4:b0:a8:bc:71:86:b5:7b:e0:ea:c2:ed:6b:b0:b0:
         35:8c:b9:0d:79:3b:6f:fe:95:b2:c6:4e:8a:0b:3c:d8:ef:75:
         d5:f9:ec:5f:87:3a:de:27:55:18:5e:da:3c:c4:63:85:7a:b9:
         c6:4e:36:f8:b8:cb:9c:cd:29:8c:08:97:00:ee:8a:65:9b:c1:
         ff:df:89:a6:b9:05:d0:f6:55:45:f7:58:e2:75:ae:2f:90:69:
         da:b7:56:27:d7:9f:05:b6:0f:72:df:59:d7:1a:41:49:fd:7e:
         11:9a:62:bf:fa:bd:1e:e2:1f:05:f0:f5:04:f8:48:64:f1:fa:
         9d:f0:ac:11:e7:60:57:c2:f1:ed:70:c7:47:26:0d:f3:d1:65:
         09:9c:13:2f:ea:d1:da:63:b3:0d:82:7a:6d:7e:1b:68:d7:1d:
         3a:c9:d6:0c:17:3b:79:75:cf:70:96:b1:f3:8c:18:82:64:8a:
         08:8e:fe:56:8e:34:8b:e2:ad:b5:91:07:e8:f0:74:b7:48:b1:
         1f:e4:10:e7:a6:c9:d6:36:cf:e8:c3:bf:aa:94:5b:c7:99:de:
         2f:c8:3b:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZV/KXtkt+5Sd9pGTQZSIOIhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMDliOGRkNWVhNzI1ODkwODM3ODY2MWYyYmE5ZWY4OWFk
M2EwYjEwHhcNMjUwMzEwMDgyNjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTE3OGNkOWE3NDA4NTFmY2JiNjkzNzI4NDZhYjIzNjMxMzU2MzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JtnCyNICSLyp34SDtuhfpLU9a7f
D7ilKbzvtd/Zv2hnDuinYXJaVKOPHiVjANb431FUzIbpGX0/yJy7mb27STO8Xq6u
NSh16lyEVi/oNYpi+AQhiMX3KAsOUXVYzqXx/At6aYYCfA7KYhpouwJ/f8Flo0Rw
W2K+uELwzPt7+W7uJjw49QEl6OA1baV8S+xbXPCaDeAxrG8L8sfEklTxHsS3vvUf
ipfs8Rw+DQTkXjGQJ7aLRYbuJr+Lw6/aZ4gYEdoOgFuKlIX8hGth0fyvJygHmFnx
nd8W67H44EjmBk3V2HfDYH9+mq6FTDWLg7/B3KPhGyQgFPT71mDUgnojZQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFkXjNmnQIUfy7aTcoRqsjYxNWODMB8GA1UdIwQY
MBaAFJIJuN1epyWJCDeGYfK6nvia06CxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2dtNDNWNm5KWWtJTjRaaDhycWUtSnJUb0xFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy82ODhkYTUtZDIzOC00N2NlLWIyZTgt
ODkwZmZlYThkMGJjLzEvV1JlTTJhZEFoUl9MdHBOeWhHcXlOakUxWTRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy82ODhkYTUtZDIzOC00N2NlLWIyZTgtODkwZmZlYThkMGJj
LzEva2dtNDNWNm5KWWtJTjRaaDhycWUtSnJUb0xFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBBQ
MA0GCSqGSIb3DQEBCwUAA4IBAQARnRMJeCflx/1pbI260KKQU/pW/1FUT8e06G+d
/zG4QP7ZxNO+yUKksKi8cYa1e+Dqwu1rsLA1jLkNeTtv/pWyxk6KCzzY73XV+exf
hzreJ1UYXto8xGOFernGTjb4uMuczSmMCJcA7oplm8H/34mmuQXQ9lVF91jida4v
kGnat1Yn158Ftg9y31nXGkFJ/X4RmmK/+r0e4h8F8PUE+Ehk8fqd8KwR52BXwvHt
cMdHJg3z0WUJnBMv6tHaY7MNgnptfhto1x06ydYMFzt5dc9wlrHzjBiCZIoIjv5W
jjSL4q21kQfo8HS3SLEf5BDnpsnWNs/ow7+qlFvHmd4vyDty
-----END CERTIFICATE-----