Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/16d4b5-76bb-4324-9a86-705197507a59/1/_8hSLgr4JdqEI1Dpn8hoZhNP1qQ.roa
File:                     _8hSLgr4JdqEI1Dpn8hoZhNP1qQ.roa (raw, json)
Hash identifier:          GqMn4/1oRrYEDz1sgi+iXh7bgMGiwNGyyfe2qMxH+7A=
Subject key identifier:   FF:C8:52:2E:0A:F8:25:DA:84:23:50:E9:9F:C8:68:66:13:4F:D6:A4
Certificate issuer:       /CN=24b660a611980c68273139e32affb74b454a9d32
Certificate serial:       0194228DF5372BA7E7C09E7EF2D87EC0FF50
Authority key identifier: 24:B6:60:A6:11:98:0C:68:27:31:39:E3:2A:FF:B7:4B:45:4A:9D:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JLZgphGYDGgnMTnjKv-3S0VKnTI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/16d4b5-76bb-4324-9a86-705197507a59/1/_8hSLgr4JdqEI1Dpn8hoZhNP1qQ.roa
Signing time:             Wed 01 Jan 2025 15:48:36 +0000
ROA not before:           Wed 01 Jan 2025 15:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        2001:678:d10::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/16d4b5-76bb-4324-9a86-705197507a59/1/JLZgphGYDGgnMTnjKv-3S0VKnTI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/16d4b5-76bb-4324-9a86-705197507a59/1/JLZgphGYDGgnMTnjKv-3S0VKnTI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JLZgphGYDGgnMTnjKv-3S0VKnTI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:f5:37:2b:a7:e7:c0:9e:7e:f2:d8:7e:c0:ff:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24b660a611980c68273139e32affb74b454a9d32
        Validity
            Not Before: Jan  1 15:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ffc8522e0af825da842350e99fc86866134fd6a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8b:44:c6:d3:97:56:17:5a:58:16:e3:1c:6f:
                    55:26:58:31:84:f7:c1:50:87:30:1c:b3:7f:4f:c3:
                    a0:74:57:63:92:87:71:4d:00:0a:88:40:24:d8:f4:
                    e0:ca:ea:3d:85:60:b8:7e:96:88:63:2d:09:bf:0e:
                    9e:95:27:a5:9f:64:ad:75:3c:57:9a:a6:e7:78:1d:
                    3f:36:e2:8c:8f:4c:34:f2:df:73:73:3a:fa:7b:c9:
                    9e:69:0a:9f:b1:21:77:1a:57:e9:cd:f8:53:b5:69:
                    11:80:54:cb:a4:a3:f4:84:4f:e5:ad:02:24:8a:50:
                    a3:d0:1d:bf:04:11:75:b5:4f:14:eb:b0:c6:d1:4e:
                    26:b3:c3:f2:c1:ec:44:cc:af:7f:ab:14:5a:88:15:
                    f1:b9:62:2b:fd:7e:b3:d3:27:02:d7:67:3f:88:af:
                    a7:d4:64:50:c7:4a:1d:62:c1:df:76:d6:09:d4:ad:
                    fc:cc:54:71:b8:c2:44:2f:79:a1:51:a0:fc:a7:59:
                    aa:2b:c3:d5:f6:9b:ac:44:b2:0c:20:f3:c0:c4:45:
                    2b:6e:9e:7c:f9:30:00:d2:a4:48:06:d0:c7:bd:e8:
                    f1:f3:ad:f9:28:51:1a:67:3d:fa:8c:50:ee:84:02:
                    24:75:c1:f4:ab:3c:0f:92:a2:ee:2d:6b:83:ec:69:
                    b3:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:C8:52:2E:0A:F8:25:DA:84:23:50:E9:9F:C8:68:66:13:4F:D6:A4
            X509v3 Authority Key Identifier:
                keyid:24:B6:60:A6:11:98:0C:68:27:31:39:E3:2A:FF:B7:4B:45:4A:9D:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JLZgphGYDGgnMTnjKv-3S0VKnTI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/16d4b5-76bb-4324-9a86-705197507a59/1/_8hSLgr4JdqEI1Dpn8hoZhNP1qQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/16d4b5-76bb-4324-9a86-705197507a59/1/JLZgphGYDGgnMTnjKv-3S0VKnTI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d10::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:e2:98:85:09:bd:0c:51:d8:87:c6:d3:2d:a3:69:03:e2:6b:
         9a:08:25:3c:e9:d8:9b:8e:76:a1:d5:b2:e5:0b:3a:20:b7:64:
         ef:d4:49:d9:64:59:83:13:78:d4:6f:96:9d:72:d5:f0:f2:e1:
         2b:45:34:d4:1d:ad:e2:30:df:58:ca:89:3d:6d:c1:d7:8d:fd:
         a8:83:87:34:98:7c:51:89:24:e2:84:91:19:a1:eb:fa:f1:8d:
         04:49:b1:40:ee:52:cb:91:4a:90:cc:3c:b3:22:91:a0:cd:59:
         1e:c1:f1:14:5b:13:8d:93:15:c6:b8:49:14:25:30:47:33:9f:
         5b:ae:7b:11:7e:f6:f2:fc:b5:5c:2a:5e:7c:fd:2a:41:aa:84:
         f9:6f:9e:0c:4d:15:8a:71:49:32:cd:dc:3d:a0:1e:81:53:cb:
         97:c5:31:ae:81:a0:ec:92:33:21:23:f8:5f:97:4b:d0:61:e6:
         48:02:73:cc:c5:90:ab:e2:78:bc:b3:4f:df:59:c2:f1:c3:d1:
         c9:16:f2:52:a0:d6:bc:21:18:f0:fe:28:c0:8b:ff:f8:24:e4:
         2a:25:fd:d2:d2:2b:6d:4d:af:dd:8e:49:f7:dd:86:43:a8:90:
         78:c7:ec:e0:3b:93:f2:ba:5d:9e:5a:b4:a8:e6:94:25:44:c3:
         69:94:cb:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijfU3K6fnwJ5+8th+wP9QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0YjY2MGE2MTE5ODBjNjgyNzMxMzllMzJhZmZiNzRiNDU0
YTlkMzIwHhcNMjUwMTAxMTU0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmM4NTIyZTBhZjgyNWRhODQyMzUwZTk5ZmM4Njg2NjEzNGZkNmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYtExtOXVhdaWBbjHG9VJlgxhPfB
UIcwHLN/T8OgdFdjkodxTQAKiEAk2PTgyuo9hWC4fpaIYy0Jvw6elSeln2StdTxX
mqbneB0/NuKMj0w08t9zczr6e8meaQqfsSF3GlfpzfhTtWkRgFTLpKP0hE/lrQIk
ilCj0B2/BBF1tU8U67DG0U4ms8PywexEzK9/qxRaiBXxuWIr/X6z0ycC12c/iK+n
1GRQx0odYsHfdtYJ1K38zFRxuMJEL3mhUaD8p1mqK8PV9pusRLIMIPPAxEUrbp58
+TAA0qRIBtDHvejx8635KFEaZz36jFDuhAIkdcH0qzwPkqLuLWuD7GmzuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP/IUi4K+CXahCNQ6Z/IaGYTT9akMB8GA1UdIwQY
MBaAFCS2YKYRmAxoJzE54yr/t0tFSp0yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkxaZ3BoR1lER2duTVRuakt2LTNTMFZLblRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNmQ0YjUtNzZiYi00MzI0LTlhODYt
NzA1MTk3NTA3YTU5LzEvXzhoU0xncjRKZHFFSTFEcG44aG9aaE5QMXFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNmQ0YjUtNzZiYi00MzI0LTlhODYtNzA1MTk3NTA3YTU5
LzEvSkxaZ3BoR1lER2duTVRuakt2LTNTMFZLblRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA0Q
MA0GCSqGSIb3DQEBCwUAA4IBAQAP4piFCb0MUdiHxtMto2kD4muaCCU86dibjnah
1bLlCzogt2Tv1EnZZFmDE3jUb5adctXw8uErRTTUHa3iMN9Yyok9bcHXjf2og4c0
mHxRiSTihJEZoev68Y0ESbFA7lLLkUqQzDyzIpGgzVkewfEUWxONkxXGuEkUJTBH
M59brnsRfvby/LVcKl58/SpBqoT5b54MTRWKcUkyzdw9oB6BU8uXxTGugaDskjMh
I/hfl0vQYeZIAnPMxZCr4ni8s0/fWcLxw9HJFvJSoNa8IRjw/ijAi//4JOQqJf3S
0ittTa/djkn33YZDqJB4x+zgO5Pyul2eWrSo5pQlRMNplMtL
-----END CERTIFICATE-----