Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9daf2f-46d2-4d05-926b-a8bf214ed166/1/7qFS32WykIo9De6woWK_a4zI6AE.roa
File:                     7qFS32WykIo9De6woWK_a4zI6AE.roa (raw, json)
Hash identifier:          2dnjawr1HUy6D3OjqGMisdNqLiSRoZxYXLiFU07VYtM=
Subject key identifier:   EE:A1:52:DF:65:B2:90:8A:3D:0D:EE:B0:A1:62:BF:6B:8C:C8:E8:01
Certificate issuer:       /CN=fe340911274377a89ca1f9c15f180da986d744b7
Certificate serial:       019428238B1CAD2510C8CB88FA71F16E567D
Authority key identifier: FE:34:09:11:27:43:77:A8:9C:A1:F9:C1:5F:18:0D:A9:86:D7:44:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_jQJESdDd6icofnBXxgNqYbXRLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9daf2f-46d2-4d05-926b-a8bf214ed166/1/7qFS32WykIo9De6woWK_a4zI6AE.roa
Signing time:             Thu 02 Jan 2025 17:50:05 +0000
ROA not before:           Thu 02 Jan 2025 17:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197942
IP address blocks:        2001:678:f84::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9daf2f-46d2-4d05-926b-a8bf214ed166/1/_jQJESdDd6icofnBXxgNqYbXRLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9daf2f-46d2-4d05-926b-a8bf214ed166/1/_jQJESdDd6icofnBXxgNqYbXRLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_jQJESdDd6icofnBXxgNqYbXRLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:8b:1c:ad:25:10:c8:cb:88:fa:71:f1:6e:56:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe340911274377a89ca1f9c15f180da986d744b7
        Validity
            Not Before: Jan  2 17:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eea152df65b2908a3d0deeb0a162bf6b8cc8e801
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:2d:a7:81:6e:57:9d:94:2d:76:72:9d:2b:60:
                    1a:e6:46:f5:d8:d5:a3:bd:8a:37:66:f7:6e:59:68:
                    45:52:d6:8f:96:03:c0:4e:5c:74:3a:b3:8e:c9:c6:
                    f1:01:e0:f6:04:b6:ac:33:e1:16:89:1f:48:0b:0d:
                    1d:37:8b:3a:a9:fb:44:79:2a:30:60:c0:8d:39:fe:
                    84:a0:05:2a:fb:34:50:17:44:f3:ca:84:6b:ac:f5:
                    3a:69:05:f2:4d:c1:b7:f3:66:eb:dd:f1:ac:6d:cb:
                    0f:55:d9:63:00:ea:12:7e:6b:02:88:fc:24:ed:a8:
                    74:1e:94:ef:fd:20:78:af:0f:0a:9e:bc:57:60:3e:
                    00:5f:53:32:94:b9:09:14:b2:e0:18:bf:b2:91:4e:
                    db:df:c0:34:cf:aa:01:19:89:c3:e0:8f:fa:75:70:
                    68:14:8d:47:ce:c7:19:d1:72:1b:05:4a:38:29:c9:
                    8d:fd:fb:cf:d7:82:6b:98:eb:c9:4e:cf:0f:ec:5f:
                    72:4a:c9:c4:b9:92:0a:55:c1:a1:c6:09:6e:b2:09:
                    a1:09:04:12:f1:10:ad:59:18:cb:79:6a:5f:6a:a5:
                    3a:02:b5:d1:d7:45:a3:1e:42:50:2b:aa:19:d6:e5:
                    c6:f6:1a:12:30:3a:d4:13:ea:22:65:a0:75:5a:ab:
                    4d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:A1:52:DF:65:B2:90:8A:3D:0D:EE:B0:A1:62:BF:6B:8C:C8:E8:01
            X509v3 Authority Key Identifier:
                keyid:FE:34:09:11:27:43:77:A8:9C:A1:F9:C1:5F:18:0D:A9:86:D7:44:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_jQJESdDd6icofnBXxgNqYbXRLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9daf2f-46d2-4d05-926b-a8bf214ed166/1/7qFS32WykIo9De6woWK_a4zI6AE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9daf2f-46d2-4d05-926b-a8bf214ed166/1/_jQJESdDd6icofnBXxgNqYbXRLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f84::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:5a:0b:cb:c1:d2:b6:bd:3e:d7:10:8b:2f:80:c3:99:88:cb:
         bf:a1:df:8e:33:8a:dd:d8:ae:f1:cd:41:f7:3a:68:e6:8d:12:
         5e:0c:94:ee:e1:5a:56:5a:08:de:5d:78:d2:b8:45:bc:14:fd:
         42:ef:ed:38:2d:8d:ec:1f:1a:0d:d2:49:eb:00:e2:ae:68:81:
         b9:62:7e:1d:6d:78:de:56:98:cf:a4:82:e4:98:47:39:3c:b9:
         1a:42:02:06:55:06:89:26:ab:6d:52:4d:f7:49:b2:cb:4d:01:
         19:68:33:4b:5f:e5:88:a0:bf:e3:0a:cc:53:9b:ee:cb:99:24:
         25:03:c5:87:76:92:ea:90:c4:f3:ae:74:70:1a:eb:d5:b9:a8:
         c4:05:0d:12:c9:bb:4c:ea:b1:96:25:25:d6:61:49:41:74:88:
         19:35:c5:5f:30:b5:c4:c1:5f:fa:8d:52:dc:8b:04:e9:fc:99:
         a8:d9:8c:65:a2:d1:02:ba:9a:fc:56:c7:d8:30:5c:76:7f:f2:
         71:24:b3:ed:5c:ac:10:6f:1c:bc:87:89:35:df:74:12:86:de:
         bd:6d:eb:6e:e9:0f:be:ab:0e:4b:f9:94:df:21:3f:16:8d:1e:
         aa:e3:d9:3f:b5:34:4a:38:35:ca:8e:b3:12:af:f9:09:53:14:
         b7:c8:a6:f8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQoI4scrSUQyMuI+nHxblZ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlMzQwOTExMjc0Mzc3YTg5Y2ExZjljMTVmMTgwZGE5ODZk
NzQ0YjcwHhcNMjUwMTAyMTc1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWExNTJkZjY1YjI5MDhhM2QwZGVlYjBhMTYyYmY2YjhjYzhlODAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0S2ngW5XnZQtdnKdK2Aa5kb12NWj
vYo3ZvduWWhFUtaPlgPATlx0OrOOycbxAeD2BLasM+EWiR9ICw0dN4s6qftEeSow
YMCNOf6EoAUq+zRQF0TzyoRrrPU6aQXyTcG382br3fGsbcsPVdljAOoSfmsCiPwk
7ah0HpTv/SB4rw8KnrxXYD4AX1MylLkJFLLgGL+ykU7b38A0z6oBGYnD4I/6dXBo
FI1HzscZ0XIbBUo4KcmN/fvP14JrmOvJTs8P7F9ySsnEuZIKVcGhxglusgmhCQQS
8RCtWRjLeWpfaqU6ArXR10WjHkJQK6oZ1uXG9hoSMDrUE+oiZaB1WqtNswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO6hUt9lspCKPQ3usKFiv2uMyOgBMB8GA1UdIwQY
MBaAFP40CREnQ3eonKH5wV8YDamG10S3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2pRSkVTZERkNmljb2ZuQlh4Z05xWWJYUkxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85ZGFmMmYtNDZkMi00ZDA1LTkyNmIt
YThiZjIxNGVkMTY2LzEvN3FGUzMyV3lrSW85RGU2d29XS19hNHpJNkFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85ZGFmMmYtNDZkMi00ZDA1LTkyNmItYThiZjIxNGVkMTY2
LzEvX2pRSkVTZERkNmljb2ZuQlh4Z05xWWJYUkxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA+E
MA0GCSqGSIb3DQEBCwUAA4IBAQAwWgvLwdK2vT7XEIsvgMOZiMu/od+OM4rd2K7x
zUH3OmjmjRJeDJTu4VpWWgjeXXjSuEW8FP1C7+04LY3sHxoN0knrAOKuaIG5Yn4d
bXjeVpjPpILkmEc5PLkaQgIGVQaJJqttUk33SbLLTQEZaDNLX+WIoL/jCsxTm+7L
mSQlA8WHdpLqkMTzrnRwGuvVuajEBQ0SybtM6rGWJSXWYUlBdIgZNcVfMLXEwV/6
jVLciwTp/Jmo2YxlotECupr8VsfYMFx2f/JxJLPtXKwQbxy8h4k133QSht69betu
6Q++qw5L+ZTfIT8WjR6q49k/tTRKODXKjrMSr/kJUxS3yKb4
-----END CERTIFICATE-----