Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/sUWUQ7xVOWG88c1zTJfQJSXfUGM.roa
File:                     sUWUQ7xVOWG88c1zTJfQJSXfUGM.roa (raw, json)
Hash identifier:          VIZMGPKQd062ThwggTDHc4EOlVHSYbX0SY8qNlvlezs=
Subject key identifier:   B1:45:94:43:BC:55:39:61:BC:F1:CD:73:4C:97:D0:25:25:DF:50:63
Certificate issuer:       /CN=8f8685dbadffb01ddcce6c4d82a97f33c040ed2d
Certificate serial:       0194258FBE4006D1AC072884735A0294AB43
Authority key identifier: 8F:86:85:DB:AD:FF:B0:1D:DC:CE:6C:4D:82:A9:7F:33:C0:40:ED:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j4aF263_sB3czmxNgql_M8BA7S0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/sUWUQ7xVOWG88c1zTJfQJSXfUGM.roa
Signing time:             Thu 02 Jan 2025 05:49:24 +0000
ROA not before:           Thu 02 Jan 2025 05:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41948
IP address blocks:        2001:678:4c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/j4aF263_sB3czmxNgql_M8BA7S0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/j4aF263_sB3czmxNgql_M8BA7S0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j4aF263_sB3czmxNgql_M8BA7S0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:be:40:06:d1:ac:07:28:84:73:5a:02:94:ab:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f8685dbadffb01ddcce6c4d82a97f33c040ed2d
        Validity
            Not Before: Jan  2 05:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1459443bc553961bcf1cd734c97d02525df5063
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:36:49:c0:7a:57:42:c8:f8:a3:20:be:0b:2f:
                    80:68:96:4b:c1:14:ff:0c:3c:5e:55:a8:7f:80:e3:
                    49:85:97:b4:fd:4c:44:9d:78:6f:f1:9f:72:59:67:
                    a8:8f:5f:9f:32:a8:b6:b0:39:dc:49:24:27:3a:4a:
                    41:53:de:90:61:2d:5f:d4:93:15:ab:c4:9b:68:b7:
                    0d:61:96:37:3c:95:89:3b:22:fc:3a:7b:ba:33:9a:
                    5c:c8:50:86:1c:1c:7a:e5:aa:30:2b:70:d2:8e:58:
                    f5:a1:0a:7c:df:6f:b6:a3:57:5c:99:14:57:c1:b2:
                    e5:bd:9e:bd:26:8f:3f:7e:77:5f:4e:cf:e4:15:9e:
                    53:cb:e8:91:16:47:70:4d:24:91:f1:75:86:ad:b0:
                    5a:a1:3c:ab:67:71:1b:df:93:ed:5b:92:d0:6d:63:
                    7e:18:2c:f7:9d:1a:5a:e8:27:1c:ff:cd:b9:b2:91:
                    a8:48:56:1a:49:1f:9b:ff:7a:e8:a6:2b:ff:a0:e5:
                    7a:86:d2:f2:cb:d3:8c:1c:01:a2:7f:2c:67:d6:8d:
                    3a:f6:c1:35:b1:43:59:88:cb:48:90:18:4f:1b:94:
                    d2:f0:2c:75:0a:c7:86:b3:f8:a2:89:b2:2f:9e:27:
                    56:fe:08:91:b5:f6:c5:84:51:b5:7f:92:fc:12:0d:
                    57:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:45:94:43:BC:55:39:61:BC:F1:CD:73:4C:97:D0:25:25:DF:50:63
            X509v3 Authority Key Identifier:
                keyid:8F:86:85:DB:AD:FF:B0:1D:DC:CE:6C:4D:82:A9:7F:33:C0:40:ED:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j4aF263_sB3czmxNgql_M8BA7S0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/sUWUQ7xVOWG88c1zTJfQJSXfUGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/j4aF263_sB3czmxNgql_M8BA7S0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:4c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:7b:5d:26:dc:e9:c9:74:96:41:cd:80:f4:be:4f:ce:61:4f:
         6d:e9:17:04:bf:7c:28:f5:0a:cd:93:67:e0:c2:28:97:54:26:
         15:e3:ae:a5:fe:06:0e:99:3c:99:25:1e:f1:32:86:5e:29:d5:
         36:e6:6b:d8:32:19:73:ab:18:02:17:ee:e6:3d:79:37:0e:43:
         ec:0b:1e:70:0a:7f:52:46:f6:7a:4a:8a:8b:38:a5:55:b2:a0:
         31:7f:f0:ab:69:da:3b:fe:a6:58:b0:9f:1f:ed:01:43:8a:29:
         6d:ee:b5:b1:8b:19:8f:26:05:b9:2b:0c:6f:70:05:91:e8:7c:
         a2:fb:83:bb:96:ee:21:69:3b:e5:c8:e3:19:e3:b5:84:c8:13:
         42:6d:e6:04:74:aa:1e:68:6b:66:27:4d:db:5c:36:d5:ec:cd:
         18:48:24:65:7b:22:0f:2c:af:52:8c:03:69:f1:7f:99:ec:08:
         58:a7:56:46:23:14:15:1c:81:ed:ea:50:dd:0b:77:26:39:87:
         f3:ab:b3:7b:54:f5:2c:45:8c:15:9d:c5:3f:c8:b6:60:5e:e3:
         0a:52:b0:7d:ba:31:84:39:82:2a:4d:88:4f:fc:3c:3c:0d:56:
         1d:85:ee:97:f6:2e:66:d4:6c:29:ea:5d:0a:a2:9d:f9:f9:db:
         b1:e1:58:02
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlj75ABtGsByiEc1oClKtDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmODY4NWRiYWRmZmIwMWRkY2NlNmM0ZDgyYTk3ZjMzYzA0
MGVkMmQwHhcNMjUwMTAyMDU0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTQ1OTQ0M2JjNTUzOTYxYmNmMWNkNzM0Yzk3ZDAyNTI1ZGY1MDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujZJwHpXQsj4oyC+Cy+AaJZLwRT/
DDxeVah/gONJhZe0/UxEnXhv8Z9yWWeoj1+fMqi2sDncSSQnOkpBU96QYS1f1JMV
q8SbaLcNYZY3PJWJOyL8Onu6M5pcyFCGHBx65aowK3DSjlj1oQp832+2o1dcmRRX
wbLlvZ69Jo8/fndfTs/kFZ5Ty+iRFkdwTSSR8XWGrbBaoTyrZ3Eb35PtW5LQbWN+
GCz3nRpa6Ccc/825spGoSFYaSR+b/3ropiv/oOV6htLyy9OMHAGifyxn1o069sE1
sUNZiMtIkBhPG5TS8Cx1CseGs/iiibIvnidW/giRtfbFhFG1f5L8Eg1XJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLFFlEO8VTlhvPHNc0yX0CUl31BjMB8GA1UdIwQY
MBaAFI+Ghdut/7Ad3M5sTYKpfzPAQO0tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajRhRjI2M19zQjNjem14TmdxbF9NOEJBN1MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS83MTJmMDMtYWZlOS00ZjY1LWFjZWMt
NjdjZmUzMDY3YjJhLzEvc1VXVVE3eFZPV0c4OGMxelRKZlFKU1hmVUdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS83MTJmMDMtYWZlOS00ZjY1LWFjZWMtNjdjZmUzMDY3YjJh
LzEvajRhRjI2M19zQjNjem14TmdxbF9NOEJBN1MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeATA
MA0GCSqGSIb3DQEBCwUAA4IBAQAMe10m3OnJdJZBzYD0vk/OYU9t6RcEv3wo9QrN
k2fgwiiXVCYV466l/gYOmTyZJR7xMoZeKdU25mvYMhlzqxgCF+7mPXk3DkPsCx5w
Cn9SRvZ6SoqLOKVVsqAxf/Crado7/qZYsJ8f7QFDiilt7rWxixmPJgW5KwxvcAWR
6Hyi+4O7lu4haTvlyOMZ47WEyBNCbeYEdKoeaGtmJ03bXDbV7M0YSCRleyIPLK9S
jANp8X+Z7AhYp1ZGIxQVHIHt6lDdC3cmOYfzq7N7VPUsRYwVncU/yLZgXuMKUrB9
ujGEOYIqTYhP/Dw8DVYdhe6X9i5m1Gwp6l0Kop35+dux4VgC
-----END CERTIFICATE-----