Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/05f238-bb62-455d-9921-3a2722507ee5/1/vZG9jNJvpP2dQTHDHjZo_HSuUlM.roa
File:                     vZG9jNJvpP2dQTHDHjZo_HSuUlM.roa (raw, json)
Hash identifier:          l7IzR2g9EaxDuqo4eOsNuovFYqnZrK9ipQBej6WUnUM=
Subject key identifier:   BD:91:BD:8C:D2:6F:A4:FD:9D:41:31:C3:1E:36:68:FC:74:AE:52:53
Certificate issuer:       /CN=ea5187cbf738c0e9d7a3ed9bfcb2c4a677226483
Certificate serial:       0194266B376EC1D7FC862784FF43837992E8
Authority key identifier: EA:51:87:CB:F7:38:C0:E9:D7:A3:ED:9B:FC:B2:C4:A6:77:22:64:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6lGHy_c4wOnXo-2b_LLEpnciZIM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/05f238-bb62-455d-9921-3a2722507ee5/1/vZG9jNJvpP2dQTHDHjZo_HSuUlM.roa
Signing time:             Thu 02 Jan 2025 09:49:08 +0000
ROA not before:           Thu 02 Jan 2025 09:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200306
IP address blocks:        2001:678:7e0::/48 maxlen: 48
                          2001:67c:2c40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/05f238-bb62-455d-9921-3a2722507ee5/1/6lGHy_c4wOnXo-2b_LLEpnciZIM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/05f238-bb62-455d-9921-3a2722507ee5/1/6lGHy_c4wOnXo-2b_LLEpnciZIM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6lGHy_c4wOnXo-2b_LLEpnciZIM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:37:6e:c1:d7:fc:86:27:84:ff:43:83:79:92:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea5187cbf738c0e9d7a3ed9bfcb2c4a677226483
        Validity
            Not Before: Jan  2 09:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd91bd8cd26fa4fd9d4131c31e3668fc74ae5253
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:6f:4b:a3:57:c8:a0:25:40:6b:84:9e:2e:cf:
                    d8:ec:5a:53:6a:2f:db:6d:88:47:5e:79:df:af:86:
                    fc:ba:71:f2:fc:41:6b:63:da:cc:a3:35:b0:d5:81:
                    9a:67:05:d8:12:fb:a4:c5:67:2a:70:af:de:1b:0d:
                    b2:ce:00:01:a7:0e:0b:3e:46:b5:fc:93:08:0a:dd:
                    2e:cc:cb:70:47:13:42:82:f3:47:9a:7b:d8:13:4d:
                    43:48:b6:72:f0:0b:3d:af:25:38:7f:89:c0:be:9a:
                    f4:15:5f:7f:39:82:7f:9f:69:8f:d7:7d:63:ac:8b:
                    0b:5d:64:fe:f9:0e:07:69:0e:5c:30:53:54:29:71:
                    36:de:0c:67:a8:13:35:04:41:d2:62:e9:02:6b:f1:
                    54:5d:ed:90:ba:39:81:52:4a:7a:d7:ae:3a:a1:3c:
                    5b:78:c9:7c:c3:23:94:d9:2a:c8:c4:6f:1f:6d:7c:
                    07:fa:da:b2:3e:2c:26:fa:a5:9e:ee:92:9d:50:39:
                    9e:57:31:06:6f:46:1f:10:c1:cc:ae:60:cc:15:4f:
                    a0:a2:13:ec:da:74:df:10:32:b7:89:a2:9b:70:34:
                    2b:cf:96:cf:8f:54:25:23:46:d7:c4:df:03:6e:6c:
                    33:d1:d2:1b:04:5d:77:11:cb:39:67:ca:0d:e9:6e:
                    71:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:91:BD:8C:D2:6F:A4:FD:9D:41:31:C3:1E:36:68:FC:74:AE:52:53
            X509v3 Authority Key Identifier:
                keyid:EA:51:87:CB:F7:38:C0:E9:D7:A3:ED:9B:FC:B2:C4:A6:77:22:64:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6lGHy_c4wOnXo-2b_LLEpnciZIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/05f238-bb62-455d-9921-3a2722507ee5/1/vZG9jNJvpP2dQTHDHjZo_HSuUlM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/05f238-bb62-455d-9921-3a2722507ee5/1/6lGHy_c4wOnXo-2b_LLEpnciZIM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:7e0::/48
                  2001:67c:2c40::/48

    Signature Algorithm: sha256WithRSAEncryption
         da:7a:f9:a2:df:8f:0b:5b:bf:b3:ef:1e:5a:a6:db:3c:6f:1e:
         73:97:0e:7e:14:42:62:81:c5:1d:ad:01:fe:48:9c:cc:45:8d:
         85:d5:1a:ae:06:c0:8e:8c:7c:88:08:84:58:a5:7e:50:4f:9b:
         6e:49:75:34:28:72:f0:a0:82:21:df:cd:c3:77:a8:3b:a4:41:
         23:a1:df:11:62:33:96:17:0f:99:50:3e:ed:28:67:a0:cd:d2:
         ef:bc:87:36:3c:e9:57:61:05:a4:96:6a:d5:24:0d:7c:15:22:
         9b:55:48:34:49:f0:b7:92:59:81:d0:9e:e0:1c:f5:67:3b:c6:
         b1:3f:28:dc:64:b0:b2:25:39:f6:28:01:58:20:00:b7:25:92:
         52:d9:13:9a:b9:4a:e3:59:13:72:22:55:29:02:cc:6e:44:69:
         e6:8a:b9:4d:06:b2:ed:f4:5d:61:83:e9:32:7e:35:d5:1b:d4:
         00:35:02:aa:24:a6:c5:20:49:72:5b:74:35:ea:a7:e1:81:e1:
         28:c4:ef:36:90:54:42:cd:df:ba:74:e9:ef:99:7b:af:5d:a7:
         96:e0:99:2f:e2:f6:ea:1d:2d:a8:3a:6b:b5:75:8f:cb:e0:60:
         f1:81:39:de:45:48:72:b7:de:a6:1b:76:41:aa:3d:33:c9:46:
         20:1b:18:36
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQmazduwdf8hieE/0ODeZLoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhNTE4N2NiZjczOGMwZTlkN2EzZWQ5YmZjYjJjNGE2Nzcy
MjY0ODMwHhcNMjUwMTAyMDk0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDkxYmQ4Y2QyNmZhNGZkOWQ0MTMxYzMxZTM2NjhmYzc0YWU1MjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG9Lo1fIoCVAa4SeLs/Y7FpTai/b
bYhHXnnfr4b8unHy/EFrY9rMozWw1YGaZwXYEvukxWcqcK/eGw2yzgABpw4LPka1
/JMICt0uzMtwRxNCgvNHmnvYE01DSLZy8As9ryU4f4nAvpr0FV9/OYJ/n2mP131j
rIsLXWT++Q4HaQ5cMFNUKXE23gxnqBM1BEHSYukCa/FUXe2QujmBUkp61646oTxb
eMl8wyOU2SrIxG8fbXwH+tqyPiwm+qWe7pKdUDmeVzEGb0YfEMHMrmDMFU+gohPs
2nTfEDK3iaKbcDQrz5bPj1QlI0bXxN8Dbmwz0dIbBF13Ecs5Z8oN6W5xpwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL2RvYzSb6T9nUExwx42aPx0rlJTMB8GA1UdIwQY
MBaAFOpRh8v3OMDp16Ptm/yyxKZ3ImSDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmxHSHlfYzR3T25Yby0yYl9MTEVwbmNpWklNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8wNWYyMzgtYmI2Mi00NTVkLTk5MjEt
M2EyNzIyNTA3ZWU1LzEvdlpHOWpOSnZwUDJkUVRIREhqWm9fSFN1VWxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8wNWYyMzgtYmI2Mi00NTVkLTk5MjEtM2EyNzIyNTA3ZWU1
LzEvNmxHSHlfYzR3T25Yby0yYl9MTEVwbmNpWklNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGeAfg
AwcAIAEGfCxAMA0GCSqGSIb3DQEBCwUAA4IBAQDaevmi348LW7+z7x5apts8bx5z
lw5+FEJigcUdrQH+SJzMRY2F1RquBsCOjHyICIRYpX5QT5tuSXU0KHLwoIIh383D
d6g7pEEjod8RYjOWFw+ZUD7tKGegzdLvvIc2POlXYQWklmrVJA18FSKbVUg0SfC3
klmB0J7gHPVnO8axPyjcZLCyJTn2KAFYIAC3JZJS2ROauUrjWRNyIlUpAsxuRGnm
irlNBrLt9F1hg+kyfjXVG9QANQKqJKbFIElyW3Q16qfhgeEoxO82kFRCzd+6dOnv
mXuvXaeW4Jkv4vbqHS2oOmu1dY/L4GDxgTneRUhyt96mG3ZBqj0zyUYgGxg2
-----END CERTIFICATE-----