Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/_KM3VWtbdBYw-7ONqWep42LzJbM.roa
File:                     _KM3VWtbdBYw-7ONqWep42LzJbM.roa (raw, json)
Hash identifier:          e0kdHEeKs2calKvQRylwRCnRtRK5mFt57DwvVj7HLtU=
Subject key identifier:   FC:A3:37:55:6B:5B:74:16:30:FB:B3:8D:A9:67:A9:E3:62:F3:25:B3
Certificate issuer:       /CN=e58024b729d99f05133ec6d14390c73eb36db99e
Certificate serial:       0194228DF8BBF45157A9071DA1B54E487937
Authority key identifier: E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/_KM3VWtbdBYw-7ONqWep42LzJbM.roa
Signing time:             Wed 01 Jan 2025 15:48:36 +0000
ROA not before:           Wed 01 Jan 2025 15:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15461
IP address blocks:        2001:978:3a00::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:f8:bb:f4:51:57:a9:07:1d:a1:b5:4e:48:79:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58024b729d99f05133ec6d14390c73eb36db99e
        Validity
            Not Before: Jan  1 15:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fca337556b5b741630fbb38da967a9e362f325b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b7:07:fb:08:50:d0:31:3a:21:4d:7a:37:07:
                    0a:17:90:e1:3d:a0:2f:2c:9a:bd:40:3e:3f:ee:52:
                    36:84:1a:e2:48:62:f0:56:e1:de:25:13:26:b3:f2:
                    10:a2:c5:83:41:d0:92:74:7d:e1:6d:72:99:a2:17:
                    2b:03:51:db:a7:5a:02:ae:a8:60:af:8a:7e:86:f8:
                    72:87:92:9c:fa:93:24:47:6b:62:69:0d:50:6f:18:
                    41:b0:ce:9f:cd:99:39:8c:ac:da:5e:39:fe:d9:cf:
                    e2:24:f9:aa:d7:49:c6:af:86:b8:bf:7e:21:ba:92:
                    c3:13:6e:b5:b3:a7:1d:03:96:ac:41:ea:a7:58:61:
                    e2:2b:5c:47:05:e8:63:da:3f:89:d8:95:ff:6b:63:
                    db:64:dc:09:02:3b:f8:70:7d:c4:88:d2:5b:26:99:
                    83:09:ec:c2:f0:20:65:4d:a2:69:bb:c9:79:6a:56:
                    19:eb:5c:51:47:c2:6e:34:20:ae:21:cb:f4:d4:9a:
                    1a:0e:1c:28:34:31:7f:ba:b3:01:21:2b:35:d3:59:
                    d0:16:16:c6:01:d5:47:76:76:1e:1a:58:f0:41:f9:
                    e3:ab:23:9b:fb:c6:50:6c:bd:68:07:7b:4e:82:26:
                    1e:85:0b:c2:7d:d3:80:f0:71:ac:0f:8b:06:54:48:
                    fa:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:A3:37:55:6B:5B:74:16:30:FB:B3:8D:A9:67:A9:E3:62:F3:25:B3
            X509v3 Authority Key Identifier:
                keyid:E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/_KM3VWtbdBYw-7ONqWep42LzJbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:978:3a00::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:b8:ec:e4:e4:f2:ad:3c:06:d3:d8:db:a7:48:10:32:13:2f:
         ba:c2:da:0a:61:fa:c9:df:92:60:bf:79:86:75:29:04:a8:0f:
         d1:ab:87:08:5e:ad:05:e1:8a:a2:80:4b:86:d3:e0:f3:da:d2:
         b9:6e:e3:e6:f4:dc:51:94:5e:b3:55:ad:28:6e:0a:75:31:20:
         6b:df:45:a8:a5:09:c2:77:15:32:eb:d2:19:51:3e:07:e3:79:
         c2:19:20:05:1c:d4:da:09:72:fc:5d:c5:a3:71:57:18:20:10:
         a0:9e:6a:bc:de:5f:29:94:b6:b7:ae:6b:a6:56:57:62:e9:e3:
         30:40:dc:58:aa:15:2d:21:2c:18:12:8f:2d:9e:32:fb:14:88:
         f5:8b:40:ea:0f:7b:f9:eb:2b:bd:4d:15:7d:3d:4a:7b:4d:a7:
         07:7b:58:71:2e:42:79:90:6c:b5:3e:09:35:4b:62:71:d3:5d:
         d5:09:32:f6:ba:29:df:8d:ac:6e:68:9d:ee:e3:7b:74:ca:c4:
         d3:a6:26:3d:86:b5:9f:71:60:ea:a2:b9:d2:d0:45:1f:b5:16:
         13:bf:f6:20:2f:18:f4:71:0b:a1:18:b3:4b:18:0b:90:37:2e:
         f7:44:48:86:9b:60:90:db:aa:60:2c:8e:cd:74:b0:43:d9:a4:
         19:a7:5c:1d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijfi79FFXqQcdobVOSHk3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyNGI3MjlkOTlmMDUxMzNlYzZkMTQzOTBjNzNlYjM2
ZGI5OWUwHhcNMjUwMTAxMTU0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2EzMzc1NTZiNWI3NDE2MzBmYmIzOGRhOTY3YTllMzYyZjMyNWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrcH+whQ0DE6IU16NwcKF5DhPaAv
LJq9QD4/7lI2hBriSGLwVuHeJRMms/IQosWDQdCSdH3hbXKZohcrA1Hbp1oCrqhg
r4p+hvhyh5Kc+pMkR2tiaQ1QbxhBsM6fzZk5jKzaXjn+2c/iJPmq10nGr4a4v34h
upLDE261s6cdA5asQeqnWGHiK1xHBehj2j+J2JX/a2PbZNwJAjv4cH3EiNJbJpmD
CezC8CBlTaJpu8l5alYZ61xRR8JuNCCuIcv01JoaDhwoNDF/urMBISs101nQFhbG
AdVHdnYeGljwQfnjqyOb+8ZQbL1oB3tOgiYehQvCfdOA8HGsD4sGVEj6RwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPyjN1VrW3QWMPuzjalnqeNi8yWzMB8GA1UdIwQY
MBaAFOWAJLcp2Z8FEz7G0UOQxz6zbbmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQt
OTU2ZjZiNWM2MTcwLzEvX0tNM1ZXdGJkQll3LTdPTnFXZXA0Mkx6SmJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQtOTU2ZjZiNWM2MTcw
LzEvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEJeDoA
MA0GCSqGSIb3DQEBCwUAA4IBAQBnuOzk5PKtPAbT2NunSBAyEy+6wtoKYfrJ35Jg
v3mGdSkEqA/Rq4cIXq0F4YqigEuG0+Dz2tK5buPm9NxRlF6zVa0obgp1MSBr30Wo
pQnCdxUy69IZUT4H43nCGSAFHNTaCXL8XcWjcVcYIBCgnmq83l8plLa3rmumVldi
6eMwQNxYqhUtISwYEo8tnjL7FIj1i0DqD3v56yu9TRV9PUp7TacHe1hxLkJ5kGy1
Pgk1S2Jx013VCTL2uinfjaxuaJ3u43t0ysTTpiY9hrWfcWDqornS0EUftRYTv/Yg
Lxj0cQuhGLNLGAuQNy73REiGm2CQ26pgLI7NdLBD2aQZp1wd
-----END CERTIFICATE-----