Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/66ec43-0a49-43ab-ad9d-2f32816e7760/1/8SfnLpxahyM_TZGKRfeujFGkQNY.roa
File:                     8SfnLpxahyM_TZGKRfeujFGkQNY.roa (raw, json)
Hash identifier:          zVQn+K4617kuXuHkzJX83DEyIcjMwX/AUNAvCx8sfgw=
Subject key identifier:   F1:27:E7:2E:9C:5A:87:23:3F:4D:91:8A:45:F7:AE:8C:51:A4:40:D6
Certificate issuer:       /CN=ee3967ad0a458b82829ee9e2ccd6ae9631d54212
Certificate serial:       019353C32A006657D37DFB7E89814EEDA455
Authority key identifier: EE:39:67:AD:0A:45:8B:82:82:9E:E9:E2:CC:D6:AE:96:31:D5:42:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7jlnrQpFi4KCnunizNauljHVQhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/66ec43-0a49-43ab-ad9d-2f32816e7760/1/8SfnLpxahyM_TZGKRfeujFGkQNY.roa
Signing time:             Fri 22 Nov 2024 12:05:19 +0000
ROA not before:           Fri 22 Nov 2024 12:05:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197942
IP address blocks:        2001:678:538::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/66ec43-0a49-43ab-ad9d-2f32816e7760/1/7jlnrQpFi4KCnunizNauljHVQhI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/66ec43-0a49-43ab-ad9d-2f32816e7760/1/7jlnrQpFi4KCnunizNauljHVQhI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7jlnrQpFi4KCnunizNauljHVQhI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:53:c3:2a:00:66:57:d3:7d:fb:7e:89:81:4e:ed:a4:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee3967ad0a458b82829ee9e2ccd6ae9631d54212
        Validity
            Not Before: Nov 22 12:05:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f127e72e9c5a87233f4d918a45f7ae8c51a440d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b9:91:98:a1:1e:d2:7f:64:5e:8b:48:bc:89:
                    f7:34:75:0f:8f:a2:27:76:d1:00:9f:0b:68:2a:7c:
                    49:32:04:8a:f3:4d:c3:cc:5d:a0:8b:21:e3:c0:7f:
                    4b:f7:74:f8:58:1a:25:c2:f7:d1:df:2b:6b:c3:5d:
                    43:67:9d:7b:65:9d:41:02:5e:61:d8:a1:0e:71:2b:
                    36:3b:93:b1:c9:a2:00:75:8d:c3:d5:fd:41:07:ca:
                    81:eb:12:02:df:7a:e6:73:87:65:df:4a:46:13:73:
                    5e:8a:c9:60:58:67:a0:ba:9b:d1:ad:cf:ef:d2:d6:
                    76:93:35:2b:4e:f9:21:a2:14:ff:2e:41:44:a2:94:
                    b6:56:cb:e6:11:72:5b:b6:6c:ce:f8:3a:27:2b:d9:
                    8a:76:a0:6c:cf:3a:0b:7f:7f:b0:b4:27:ce:01:ef:
                    ec:37:1e:41:fb:c9:7b:e7:a5:55:31:a5:03:ba:ef:
                    01:aa:26:75:96:9a:29:89:99:82:40:6e:43:c8:1a:
                    d6:bf:26:15:ea:1d:42:5f:14:f8:94:47:4c:49:b8:
                    e3:b1:33:17:a4:ef:e0:33:65:37:b3:a4:5d:f3:ac:
                    61:d7:9d:82:90:93:ec:3b:5e:ff:23:9e:67:61:cd:
                    4e:a0:b1:5f:1e:a0:29:d5:0a:34:4b:43:23:26:45:
                    28:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:27:E7:2E:9C:5A:87:23:3F:4D:91:8A:45:F7:AE:8C:51:A4:40:D6
            X509v3 Authority Key Identifier:
                keyid:EE:39:67:AD:0A:45:8B:82:82:9E:E9:E2:CC:D6:AE:96:31:D5:42:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7jlnrQpFi4KCnunizNauljHVQhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/66ec43-0a49-43ab-ad9d-2f32816e7760/1/8SfnLpxahyM_TZGKRfeujFGkQNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/66ec43-0a49-43ab-ad9d-2f32816e7760/1/7jlnrQpFi4KCnunizNauljHVQhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:538::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:2a:dc:39:bb:b9:19:fb:52:e5:a5:b6:3a:b3:4d:ac:10:7d:
         32:50:d4:98:86:b3:b1:b8:3e:ce:a8:0d:6e:b7:89:92:09:fc:
         a0:8a:8c:01:1a:8f:c2:af:21:17:0a:b7:d1:34:00:a1:b4:4e:
         a4:41:df:bb:80:e6:01:7f:32:21:1d:27:c5:31:31:dc:dd:62:
         01:92:9a:fb:56:24:10:62:3d:d0:7c:0e:43:3b:62:b7:33:7e:
         82:72:e3:32:15:d0:79:42:8e:d0:9d:cf:40:25:78:f1:07:c2:
         cc:59:12:79:ed:1d:4b:3a:9f:25:d0:37:32:42:9d:6c:85:ef:
         0f:52:40:e5:de:88:53:bf:6f:74:c8:94:77:bd:39:84:a3:0a:
         b9:60:19:8a:a0:44:c2:4a:59:8a:73:03:d2:7f:e5:82:c5:9e:
         a3:e8:05:12:8d:b7:25:9a:f1:bc:44:0e:cb:71:48:f0:92:68:
         6c:97:91:f5:a9:6e:2d:9b:ef:43:01:49:09:34:55:88:ac:6b:
         03:23:e4:29:33:a3:05:44:11:15:c4:c1:a8:1d:d3:71:dc:a3:
         77:bc:87:30:a0:6a:dd:a2:53:d2:6f:47:68:5b:b7:72:d7:5d:
         20:e1:cb:fb:bb:0e:63:b4:0a:02:a6:5c:72:bf:24:23:44:e6:
         04:53:00:cd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZNTwyoAZlfTfft+iYFO7aRVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMzk2N2FkMGE0NThiODI4MjllZTllMmNjZDZhZTk2MzFk
NTQyMTIwHhcNMjQxMTIyMTIwNTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTI3ZTcyZTljNWE4NzIzM2Y0ZDkxOGE0NWY3YWU4YzUxYTQ0MGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLmRmKEe0n9kXotIvIn3NHUPj6In
dtEAnwtoKnxJMgSK803DzF2giyHjwH9L93T4WBolwvfR3ytrw11DZ517ZZ1BAl5h
2KEOcSs2O5OxyaIAdY3D1f1BB8qB6xIC33rmc4dl30pGE3NeislgWGegupvRrc/v
0tZ2kzUrTvkhohT/LkFEopS2VsvmEXJbtmzO+DonK9mKdqBszzoLf3+wtCfOAe/s
Nx5B+8l756VVMaUDuu8BqiZ1lpopiZmCQG5DyBrWvyYV6h1CXxT4lEdMSbjjsTMX
pO/gM2U3s6Rd86xh152CkJPsO17/I55nYc1OoLFfHqAp1Qo0S0MjJkUoYQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPEn5y6cWocjP02RikX3roxRpEDWMB8GA1UdIwQY
MBaAFO45Z60KRYuCgp7p4szWrpYx1UISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2psbnJRcEZpNEtDbnVuaXpOYXVsakhWUWhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC82NmVjNDMtMGE0OS00M2FiLWFkOWQt
MmYzMjgxNmU3NzYwLzEvOFNmbkxweGFoeU1fVFpHS1JmZXVqRkdrUU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC82NmVjNDMtMGE0OS00M2FiLWFkOWQtMmYzMjgxNmU3NzYw
LzEvN2psbnJRcEZpNEtDbnVuaXpOYXVsakhWUWhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAU4
MA0GCSqGSIb3DQEBCwUAA4IBAQBeKtw5u7kZ+1LlpbY6s02sEH0yUNSYhrOxuD7O
qA1ut4mSCfygiowBGo/CryEXCrfRNAChtE6kQd+7gOYBfzIhHSfFMTHc3WIBkpr7
ViQQYj3QfA5DO2K3M36CcuMyFdB5Qo7Qnc9AJXjxB8LMWRJ57R1LOp8l0DcyQp1s
he8PUkDl3ohTv290yJR3vTmEowq5YBmKoETCSlmKcwPSf+WCxZ6j6AUSjbclmvG8
RA7LcUjwkmhsl5H1qW4tm+9DAUkJNFWIrGsDI+QpM6MFRBEVxMGoHdNx3KN3vIcw
oGrdolPSb0doW7dy110g4cv7uw5jtAoCplxyvyQjROYEUwDN
-----END CERTIFICATE-----