Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/dd1ea6-ccbf-4df1-92ef-d61df33c431b/1/wFRK2gFO2y-GioRIpDn5lp85ecQ.roa
File:                     wFRK2gFO2y-GioRIpDn5lp85ecQ.roa (raw, json)
Hash identifier:          A8Q7B434lxyY0QPj8csraRvBG53nBnhwRwO+e87bSWA=
Subject key identifier:   C0:54:4A:DA:01:4E:DB:2F:86:8A:84:48:A4:39:F9:96:9F:39:79:C4
Certificate issuer:       /CN=544194f8249773d3cd6fb654b239de769c42e864
Certificate serial:       019420D64A112B1DE2EF8F0BA4CA539ADAF4
Authority key identifier: 54:41:94:F8:24:97:73:D3:CD:6F:B6:54:B2:39:DE:76:9C:42:E8:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VEGU-CSXc9PNb7ZUsjnedpxC6GQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/dd1ea6-ccbf-4df1-92ef-d61df33c431b/1/wFRK2gFO2y-GioRIpDn5lp85ecQ.roa
Signing time:             Wed 01 Jan 2025 07:48:22 +0000
ROA not before:           Wed 01 Jan 2025 07:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6206
IP address blocks:        2001:678:730::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/dd1ea6-ccbf-4df1-92ef-d61df33c431b/1/VEGU-CSXc9PNb7ZUsjnedpxC6GQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/dd1ea6-ccbf-4df1-92ef-d61df33c431b/1/VEGU-CSXc9PNb7ZUsjnedpxC6GQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VEGU-CSXc9PNb7ZUsjnedpxC6GQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:4a:11:2b:1d:e2:ef:8f:0b:a4:ca:53:9a:da:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=544194f8249773d3cd6fb654b239de769c42e864
        Validity
            Not Before: Jan  1 07:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0544ada014edb2f868a8448a439f9969f3979c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:de:d7:cc:60:28:2a:23:cc:df:3a:c0:db:03:
                    29:f4:3b:bb:37:a2:26:83:e9:59:de:50:04:46:21:
                    77:3e:bd:a8:c3:fe:bd:5f:56:04:a4:c3:9f:4d:ac:
                    6f:de:d8:c4:9b:12:76:34:54:23:26:d9:3a:23:09:
                    48:59:56:71:ca:1d:c0:51:0c:e1:40:cc:11:75:ff:
                    e2:41:de:65:71:18:a2:0e:38:fe:2b:5d:33:e8:2d:
                    61:a9:8a:05:7f:28:a5:ae:4a:01:8f:05:78:53:04:
                    98:00:f6:c1:56:c3:75:15:1f:87:c7:6e:c9:f6:ae:
                    d1:2f:9c:99:a5:6e:0d:02:3f:39:05:68:1e:a1:85:
                    2b:67:1b:72:82:bf:ca:f4:2a:80:28:f1:16:ab:e7:
                    d8:f8:31:15:92:82:90:98:ea:b4:ef:97:0c:7f:c4:
                    da:25:df:1f:15:0c:2d:0b:cd:82:52:2a:03:b7:ee:
                    0a:a0:3d:07:61:d9:93:5a:3a:24:49:ab:a8:3c:01:
                    0e:e6:f8:72:89:07:ce:c4:2f:83:0a:f6:eb:bd:05:
                    ee:4f:0f:b7:de:b6:1f:ab:fb:31:16:39:97:fc:61:
                    2f:56:f1:41:32:71:0b:c7:58:7f:62:8a:35:8a:17:
                    d7:2c:80:eb:c1:54:ab:1c:b2:b5:d5:69:ac:44:6d:
                    8d:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:54:4A:DA:01:4E:DB:2F:86:8A:84:48:A4:39:F9:96:9F:39:79:C4
            X509v3 Authority Key Identifier:
                keyid:54:41:94:F8:24:97:73:D3:CD:6F:B6:54:B2:39:DE:76:9C:42:E8:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VEGU-CSXc9PNb7ZUsjnedpxC6GQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/dd1ea6-ccbf-4df1-92ef-d61df33c431b/1/wFRK2gFO2y-GioRIpDn5lp85ecQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/dd1ea6-ccbf-4df1-92ef-d61df33c431b/1/VEGU-CSXc9PNb7ZUsjnedpxC6GQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:730::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:9b:9a:37:53:71:8d:b2:3a:67:55:b1:d3:2a:c0:19:a3:ce:
         4b:54:b5:c9:6e:1c:22:85:1c:16:8f:b9:ae:2e:98:b7:15:4c:
         b1:ae:4e:38:fc:a6:dc:1e:20:84:66:a1:54:ad:14:19:00:37:
         46:c5:1e:77:cb:af:3b:fb:80:86:2c:29:80:40:8a:d9:9d:99:
         57:e6:e0:e8:6a:62:34:63:a5:27:38:21:c3:0a:cd:cd:31:2a:
         aa:38:83:92:24:2c:6e:5c:55:ef:2f:cb:bc:b0:2b:8e:5e:71:
         66:32:0a:07:c3:c7:52:66:9e:3d:23:1d:02:74:3a:3c:8a:1a:
         90:ea:79:b4:17:f3:42:d8:4b:63:1f:ff:9d:8c:89:f1:65:a0:
         b4:46:f4:81:8b:4f:f6:b7:72:05:df:db:06:7e:43:ad:5c:48:
         a6:a2:18:7f:0e:96:33:7d:45:23:88:79:c5:51:b1:f5:f4:ee:
         03:c8:c7:39:e5:13:be:eb:8e:e4:c5:a5:d7:c2:4f:91:0d:d5:
         2d:b4:8e:02:52:b5:68:78:5b:9c:9b:7d:5c:52:0a:48:05:9f:
         86:15:c6:76:bd:25:9f:9b:8d:3a:b4:d4:90:94:68:44:fb:7d:
         16:0c:23:b5:8d:1a:93:9d:89:05:e7:34:86:66:aa:75:51:15:
         ff:a8:37:26
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1koRKx3i748LpMpTmtr0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NDE5NGY4MjQ5NzczZDNjZDZmYjY1NGIyMzlkZTc2OWM0
MmU4NjQwHhcNMjUwMTAxMDc0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDU0NGFkYTAxNGVkYjJmODY4YTg0NDhhNDM5Zjk5NjlmMzk3OWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvN7XzGAoKiPM3zrA2wMp9Du7N6Im
g+lZ3lAERiF3Pr2ow/69X1YEpMOfTaxv3tjEmxJ2NFQjJtk6IwlIWVZxyh3AUQzh
QMwRdf/iQd5lcRiiDjj+K10z6C1hqYoFfyilrkoBjwV4UwSYAPbBVsN1FR+Hx27J
9q7RL5yZpW4NAj85BWgeoYUrZxtygr/K9CqAKPEWq+fY+DEVkoKQmOq075cMf8Ta
Jd8fFQwtC82CUioDt+4KoD0HYdmTWjokSauoPAEO5vhyiQfOxC+DCvbrvQXuTw+3
3rYfq/sxFjmX/GEvVvFBMnELx1h/Yoo1ihfXLIDrwVSrHLK11WmsRG2N+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMBUStoBTtsvhoqESKQ5+ZafOXnEMB8GA1UdIwQY
MBaAFFRBlPgkl3PTzW+2VLI53nacQuhkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkVHVS1DU1hjOVBOYjdaVXNqbmVkcHhDNkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9kZDFlYTYtY2NiZi00ZGYxLTkyZWYt
ZDYxZGYzM2M0MzFiLzEvd0ZSSzJnRk8yeS1HaW9SSXBEbjVscDg1ZWNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9kZDFlYTYtY2NiZi00ZGYxLTkyZWYtZDYxZGYzM2M0MzFi
LzEvVkVHVS1DU1hjOVBOYjdaVXNqbmVkcHhDNkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAcw
MA0GCSqGSIb3DQEBCwUAA4IBAQBgm5o3U3GNsjpnVbHTKsAZo85LVLXJbhwihRwW
j7muLpi3FUyxrk44/KbcHiCEZqFUrRQZADdGxR53y687+4CGLCmAQIrZnZlX5uDo
amI0Y6UnOCHDCs3NMSqqOIOSJCxuXFXvL8u8sCuOXnFmMgoHw8dSZp49Ix0CdDo8
ihqQ6nm0F/NC2EtjH/+djInxZaC0RvSBi0/2t3IF39sGfkOtXEimohh/DpYzfUUj
iHnFUbH19O4DyMc55RO+647kxaXXwk+RDdUttI4CUrVoeFucm31cUgpIBZ+GFcZ2
vSWfm406tNSQlGhE+30WDCO1jRqTnYkF5zSGZqp1URX/qDcm
-----END CERTIFICATE-----