Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/66ec43-0a49-43ab-ad9d-2f32816e7760/1/gylVxgv2wVCzGr0PfDa1DOljS0w.roa
File:                     gylVxgv2wVCzGr0PfDa1DOljS0w.roa (raw, json)
Hash identifier:          LJzn39XG+RijMzRlRM7pRtoqSA79D4mMA2x3jy4QHzs=
Subject key identifier:   83:29:55:C6:0B:F6:C1:50:B3:1A:BD:0F:7C:36:B5:0C:E9:63:4B:4C
Certificate issuer:       /CN=ee3967ad0a458b82829ee9e2ccd6ae9631d54212
Certificate serial:       0194221FB03354AA1998199668069BFD3D51
Authority key identifier: EE:39:67:AD:0A:45:8B:82:82:9E:E9:E2:CC:D6:AE:96:31:D5:42:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7jlnrQpFi4KCnunizNauljHVQhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/66ec43-0a49-43ab-ad9d-2f32816e7760/1/gylVxgv2wVCzGr0PfDa1DOljS0w.roa
Signing time:             Wed 01 Jan 2025 13:48:09 +0000
ROA not before:           Wed 01 Jan 2025 13:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197942
IP address blocks:        2001:678:538::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/66ec43-0a49-43ab-ad9d-2f32816e7760/1/7jlnrQpFi4KCnunizNauljHVQhI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/66ec43-0a49-43ab-ad9d-2f32816e7760/1/7jlnrQpFi4KCnunizNauljHVQhI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7jlnrQpFi4KCnunizNauljHVQhI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Mar 2025 13:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:b0:33:54:aa:19:98:19:96:68:06:9b:fd:3d:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee3967ad0a458b82829ee9e2ccd6ae9631d54212
        Validity
            Not Before: Jan  1 13:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=832955c60bf6c150b31abd0f7c36b50ce9634b4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:74:83:e0:30:9d:74:1e:eb:e5:69:14:42:4e:
                    05:5b:19:d4:79:06:6d:ae:06:2e:30:4e:2e:7f:45:
                    c2:4b:12:b1:a5:21:ba:9e:0c:91:bd:43:61:ca:8f:
                    92:74:8b:d0:00:07:f6:91:d9:e0:56:ae:46:75:43:
                    8a:03:af:5b:f5:ef:0a:91:43:8b:24:19:81:01:3f:
                    ea:ba:e2:a2:ef:c0:a0:ee:cb:23:50:6f:91:23:d0:
                    9b:77:b1:1c:37:e9:74:19:99:67:7d:b9:75:77:ae:
                    ae:aa:e6:0f:34:c4:e2:2e:1f:31:63:d7:a3:ac:85:
                    1c:7c:dd:c9:6b:1c:2f:ca:3e:92:4e:69:e3:7b:a8:
                    2c:6c:d0:c0:06:c3:31:a4:b4:98:cf:54:d3:0c:fe:
                    27:20:b9:1f:c6:71:e7:92:49:cf:ff:b8:b9:06:88:
                    50:c9:35:9b:3d:3e:51:ff:e6:6b:9e:f1:2a:ef:67:
                    39:9b:61:1d:19:59:1b:dd:14:4c:2b:13:60:8b:56:
                    a2:6c:81:b8:9f:ca:22:85:4e:35:26:7e:64:c0:03:
                    ee:fd:13:85:64:b9:f9:4e:3f:a7:12:1f:b2:6c:9a:
                    84:a6:9c:10:11:f4:ea:1b:22:18:ab:56:a6:1c:da:
                    35:50:bb:5d:d5:be:6f:b1:d1:6b:65:8c:11:a0:cb:
                    99:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:29:55:C6:0B:F6:C1:50:B3:1A:BD:0F:7C:36:B5:0C:E9:63:4B:4C
            X509v3 Authority Key Identifier:
                keyid:EE:39:67:AD:0A:45:8B:82:82:9E:E9:E2:CC:D6:AE:96:31:D5:42:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7jlnrQpFi4KCnunizNauljHVQhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/66ec43-0a49-43ab-ad9d-2f32816e7760/1/gylVxgv2wVCzGr0PfDa1DOljS0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/66ec43-0a49-43ab-ad9d-2f32816e7760/1/7jlnrQpFi4KCnunizNauljHVQhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:538::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:7d:86:4b:68:d2:a8:b0:26:09:02:27:d8:0c:35:04:9f:b4:
         b4:b7:8a:ca:5a:cc:0f:0d:4e:80:40:8d:8f:17:49:21:cc:63:
         5b:78:58:27:c4:f6:26:f3:fe:16:c7:4c:96:2e:10:d4:50:0d:
         4f:49:38:2b:eb:35:6c:d3:2a:a4:f9:eb:97:7e:c7:92:86:4a:
         04:c6:64:da:6e:ce:42:a8:88:d9:25:ea:ff:39:ab:25:3f:78:
         0f:bf:19:fe:61:00:72:ad:3e:ee:cc:5a:8c:8b:4b:3d:be:25:
         e9:73:44:dc:41:de:d5:31:f6:73:87:e2:5c:c2:df:53:ef:14:
         e0:d9:02:71:6f:f4:e9:bb:5c:be:92:1e:e2:a0:a7:04:2d:3d:
         17:11:17:d7:8d:6a:37:5e:d3:cb:a9:50:9e:ca:5a:f6:b2:d3:
         7c:c8:74:e9:e7:d3:0a:60:c9:de:94:40:6c:12:ca:a9:6a:52:
         00:1b:bc:cf:60:87:6b:97:a4:8d:af:17:49:88:bc:f6:ca:01:
         07:72:3d:dd:e8:28:12:ae:31:de:f1:04:f8:67:68:7f:af:3f:
         05:1a:87:fd:72:8b:6b:00:1a:16:ff:0c:41:b1:15:8e:e0:d5:
         1d:d8:98:d6:c6:44:b1:d0:57:43:48:8c:3d:fd:aa:53:5c:e0:
         c4:7d:ed:b5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH7AzVKoZmBmWaAab/T1RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMzk2N2FkMGE0NThiODI4MjllZTllMmNjZDZhZTk2MzFk
NTQyMTIwHhcNMjUwMTAxMTM0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzI5NTVjNjBiZjZjMTUwYjMxYWJkMGY3YzM2YjUwY2U5NjM0YjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXSD4DCddB7r5WkUQk4FWxnUeQZt
rgYuME4uf0XCSxKxpSG6ngyRvUNhyo+SdIvQAAf2kdngVq5GdUOKA69b9e8KkUOL
JBmBAT/quuKi78Cg7ssjUG+RI9Cbd7EcN+l0GZlnfbl1d66uquYPNMTiLh8xY9ej
rIUcfN3Jaxwvyj6STmnje6gsbNDABsMxpLSYz1TTDP4nILkfxnHnkknP/7i5BohQ
yTWbPT5R/+ZrnvEq72c5m2EdGVkb3RRMKxNgi1aibIG4n8oihU41Jn5kwAPu/ROF
ZLn5Tj+nEh+ybJqEppwQEfTqGyIYq1amHNo1ULtd1b5vsdFrZYwRoMuZ1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIMpVcYL9sFQsxq9D3w2tQzpY0tMMB8GA1UdIwQY
MBaAFO45Z60KRYuCgp7p4szWrpYx1UISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2psbnJRcEZpNEtDbnVuaXpOYXVsakhWUWhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC82NmVjNDMtMGE0OS00M2FiLWFkOWQt
MmYzMjgxNmU3NzYwLzEvZ3lsVnhndjJ3VkN6R3IwUGZEYTFET2xqUzB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC82NmVjNDMtMGE0OS00M2FiLWFkOWQtMmYzMjgxNmU3NzYw
LzEvN2psbnJRcEZpNEtDbnVuaXpOYXVsakhWUWhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAU4
MA0GCSqGSIb3DQEBCwUAA4IBAQCefYZLaNKosCYJAifYDDUEn7S0t4rKWswPDU6A
QI2PF0khzGNbeFgnxPYm8/4Wx0yWLhDUUA1PSTgr6zVs0yqk+euXfseShkoExmTa
bs5CqIjZJer/OaslP3gPvxn+YQByrT7uzFqMi0s9viXpc0TcQd7VMfZzh+Jcwt9T
7xTg2QJxb/Tpu1y+kh7ioKcELT0XERfXjWo3XtPLqVCeylr2stN8yHTp59MKYMne
lEBsEsqpalIAG7zPYIdrl6SNrxdJiLz2ygEHcj3d6CgSrjHe8QT4Z2h/rz8FGof9
cotrABoW/wxBsRWO4NUd2JjWxkSx0FdDSIw9/apTXODEfe21
-----END CERTIFICATE-----