Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/7da79d-60f4-47a8-813a-99957df4997e/1/xiqfg-sD-JA_U5POqcioMLPnSTo.roa
File:                     xiqfg-sD-JA_U5POqcioMLPnSTo.roa (raw, json)
Hash identifier:          JD/nDI8VlQSh0memjTUGDYmELCHkrFvR/ey5KgQYfKk=
Subject key identifier:   C6:2A:9F:83:EB:03:F8:90:3F:53:93:CE:A9:C8:A8:30:B3:E7:49:3A
Certificate issuer:       /CN=1e8c77336d66f7b0238e6c184c64fa4f24d09f01
Certificate serial:       019423D71D9FDCFFA8FE1121F679C94CD17A
Authority key identifier: 1E:8C:77:33:6D:66:F7:B0:23:8E:6C:18:4C:64:FA:4F:24:D0:9F:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hox3M21m97AjjmwYTGT6TyTQnwE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/7da79d-60f4-47a8-813a-99957df4997e/1/xiqfg-sD-JA_U5POqcioMLPnSTo.roa
Signing time:             Wed 01 Jan 2025 21:48:07 +0000
ROA not before:           Wed 01 Jan 2025 21:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44973
IP address blocks:        2001:678:59c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/7da79d-60f4-47a8-813a-99957df4997e/1/Hox3M21m97AjjmwYTGT6TyTQnwE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/7da79d-60f4-47a8-813a-99957df4997e/1/Hox3M21m97AjjmwYTGT6TyTQnwE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hox3M21m97AjjmwYTGT6TyTQnwE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:1d:9f:dc:ff:a8:fe:11:21:f6:79:c9:4c:d1:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e8c77336d66f7b0238e6c184c64fa4f24d09f01
        Validity
            Not Before: Jan  1 21:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c62a9f83eb03f8903f5393cea9c8a830b3e7493a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:8e:86:b8:de:79:ce:ee:0a:98:95:63:71:67:
                    33:eb:f3:0e:f8:42:a3:82:84:18:8c:84:e1:55:9a:
                    e2:2f:f9:40:d7:7e:16:66:2c:09:73:c5:06:ec:bc:
                    3a:a9:85:c2:d6:66:2d:11:e3:cd:06:64:e5:55:be:
                    a9:fb:00:0f:b1:b7:9c:61:d4:eb:8b:d5:bf:34:b4:
                    74:6b:dd:b0:3a:e3:c4:51:60:73:57:1f:9f:18:84:
                    01:2d:e7:fb:97:90:ca:f4:ee:7f:fe:54:8b:cb:46:
                    62:eb:b5:7c:43:1d:37:d2:cf:1a:a6:52:5d:69:b8:
                    e4:0b:39:ea:4e:1f:93:ac:b3:a2:fa:aa:0e:69:ec:
                    72:ca:d9:64:a7:e4:b2:14:1b:de:98:74:2b:da:85:
                    7d:06:90:22:43:cd:d0:a2:34:bc:e7:e4:a6:c6:9f:
                    fe:0f:be:f7:e3:ba:61:7b:b6:ed:f7:3d:40:bc:02:
                    cc:90:ee:34:6a:74:d3:a3:1c:89:77:30:f5:da:f6:
                    30:31:2a:a2:d6:58:fa:f0:a1:53:0b:1f:05:37:1f:
                    9e:ae:45:de:91:17:7a:dd:16:58:f2:02:b5:90:80:
                    2d:f4:c5:39:46:c3:9a:c4:da:4e:8f:7a:6d:96:e7:
                    68:d1:2f:ab:c3:fc:d8:bb:33:1f:03:1f:98:31:30:
                    5b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:2A:9F:83:EB:03:F8:90:3F:53:93:CE:A9:C8:A8:30:B3:E7:49:3A
            X509v3 Authority Key Identifier:
                keyid:1E:8C:77:33:6D:66:F7:B0:23:8E:6C:18:4C:64:FA:4F:24:D0:9F:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hox3M21m97AjjmwYTGT6TyTQnwE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/7da79d-60f4-47a8-813a-99957df4997e/1/xiqfg-sD-JA_U5POqcioMLPnSTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/7da79d-60f4-47a8-813a-99957df4997e/1/Hox3M21m97AjjmwYTGT6TyTQnwE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:59c::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:9c:ca:ba:c1:58:5b:b7:4b:bd:1a:78:0d:ca:cb:60:c6:f0:
         0d:44:12:1c:0e:a6:4a:2c:65:6f:b4:a9:93:b7:66:f9:c8:ec:
         97:f4:23:e8:f2:75:ee:aa:a9:d2:6b:68:26:61:89:65:a9:02:
         ae:e2:88:79:d7:60:4f:13:ed:f9:8d:99:6b:c2:f7:b2:4c:53:
         50:d9:b9:aa:6d:3e:02:4e:fe:7d:f6:41:ec:de:0c:a6:2f:8f:
         00:a4:6f:c5:68:69:f3:11:8e:52:90:33:ca:05:26:85:f2:33:
         3f:3b:e5:ee:f4:99:67:ae:46:a3:39:c0:c8:0a:c9:90:ca:c5:
         06:d2:f8:1c:07:70:90:7e:59:0d:2f:d7:bc:af:a5:45:db:34:
         01:a9:4b:d2:12:ae:6e:44:96:b2:4b:3b:b7:bb:26:3c:b0:8f:
         ae:6b:c6:a3:6e:fb:e4:d4:c3:c5:48:3e:7e:52:95:eb:a6:cd:
         c1:60:9d:fa:53:35:11:bc:f5:a2:c5:e2:e8:3b:1b:58:ac:f2:
         0f:93:7a:8b:51:38:be:d3:15:56:e4:a9:d3:4c:f7:2a:b0:96:
         80:2d:65:d9:3e:0d:f2:57:d8:2e:60:74:1f:5a:21:90:72:5f:
         4c:0d:6c:40:77:13:71:96:4e:dd:5d:49:92:b0:ce:ba:a7:89:
         56:2a:16:7c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQj1x2f3P+o/hEh9nnJTNF6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOGM3NzMzNmQ2NmY3YjAyMzhlNmMxODRjNjRmYTRmMjRk
MDlmMDEwHhcNMjUwMTAxMjE0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjJhOWY4M2ViMDNmODkwM2Y1MzkzY2VhOWM4YTgzMGIzZTc0OTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx46GuN55zu4KmJVjcWcz6/MO+EKj
goQYjIThVZriL/lA134WZiwJc8UG7Lw6qYXC1mYtEePNBmTlVb6p+wAPsbecYdTr
i9W/NLR0a92wOuPEUWBzVx+fGIQBLef7l5DK9O5//lSLy0Zi67V8Qx030s8aplJd
abjkCznqTh+TrLOi+qoOaexyytlkp+SyFBvemHQr2oV9BpAiQ83QojS85+Smxp/+
D77347phe7bt9z1AvALMkO40anTToxyJdzD12vYwMSqi1lj68KFTCx8FNx+erkXe
kRd63RZY8gK1kIAt9MU5RsOaxNpOj3ptludo0S+rw/zYuzMfAx+YMTBb/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMYqn4PrA/iQP1OTzqnIqDCz50k6MB8GA1UdIwQY
MBaAFB6MdzNtZvewI45sGExk+k8k0J8BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG94M00yMW05N0Fqam13WVRHVDZUeVRRbndFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC83ZGE3OWQtNjBmNC00N2E4LTgxM2Et
OTk5NTdkZjQ5OTdlLzEveGlxZmctc0QtSkFfVTVQT3FjaW9NTFBuU1RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC83ZGE3OWQtNjBmNC00N2E4LTgxM2EtOTk5NTdkZjQ5OTdl
LzEvSG94M00yMW05N0Fqam13WVRHVDZUeVRRbndFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAWc
MA0GCSqGSIb3DQEBCwUAA4IBAQAdnMq6wVhbt0u9GngNystgxvANRBIcDqZKLGVv
tKmTt2b5yOyX9CPo8nXuqqnSa2gmYYllqQKu4oh512BPE+35jZlrwveyTFNQ2bmq
bT4CTv599kHs3gymL48ApG/FaGnzEY5SkDPKBSaF8jM/O+Xu9JlnrkajOcDICsmQ
ysUG0vgcB3CQflkNL9e8r6VF2zQBqUvSEq5uRJaySzu3uyY8sI+ua8ajbvvk1MPF
SD5+UpXrps3BYJ36UzURvPWixeLoOxtYrPIPk3qLUTi+0xVW5KnTTPcqsJaALWXZ
Pg3yV9guYHQfWiGQcl9MDWxAdxNxlk7dXUmSsM66p4lWKhZ8
-----END CERTIFICATE-----