Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/4883d4-8479-4447-af67-1e6ca2f0d155/1/rsGdnGFpgH2iITobH0zZzM2Hibw.roa
File:                     rsGdnGFpgH2iITobH0zZzM2Hibw.roa (raw, json)
Hash identifier:          pbnlIU03Otl/z/Rf4EwmC3o03jvLSqloWpA+ITG+uik=
Subject key identifier:   AE:C1:9D:9C:61:69:80:7D:A2:21:3A:1B:1F:4C:D9:CC:CD:87:89:BC
Certificate issuer:       /CN=cc9fa0b30d5455ad67fb07e099f0fa95f8b6c19e
Certificate serial:       01941FFA52113C37BCFBED4FED34E2D335CC
Authority key identifier: CC:9F:A0:B3:0D:54:55:AD:67:FB:07:E0:99:F0:FA:95:F8:B6:C1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zJ-gsw1UVa1n-wfgmfD6lfi2wZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/4883d4-8479-4447-af67-1e6ca2f0d155/1/rsGdnGFpgH2iITobH0zZzM2Hibw.roa
Signing time:             Wed 01 Jan 2025 03:48:06 +0000
ROA not before:           Wed 01 Jan 2025 03:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206253
IP address blocks:        2001:678:968::/48 maxlen: 48
                          2001:678:968::/64 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/4883d4-8479-4447-af67-1e6ca2f0d155/1/zJ-gsw1UVa1n-wfgmfD6lfi2wZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/4883d4-8479-4447-af67-1e6ca2f0d155/1/zJ-gsw1UVa1n-wfgmfD6lfi2wZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zJ-gsw1UVa1n-wfgmfD6lfi2wZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:52:11:3c:37:bc:fb:ed:4f:ed:34:e2:d3:35:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc9fa0b30d5455ad67fb07e099f0fa95f8b6c19e
        Validity
            Not Before: Jan  1 03:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aec19d9c6169807da2213a1b1f4cd9cccd8789bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:58:e1:c1:90:5e:70:9f:11:b4:38:82:a2:08:
                    79:ee:aa:6c:b7:c9:e1:04:0e:bf:dd:26:27:3c:65:
                    b5:04:4f:3e:62:b9:28:c3:d3:ea:30:23:44:2c:60:
                    84:c1:87:40:97:6a:10:35:d9:96:73:f4:30:80:61:
                    91:bb:27:4c:35:8d:2a:30:e3:f9:3d:0e:74:5a:ff:
                    f5:bb:16:05:c5:27:13:1f:f5:99:97:16:b0:ac:97:
                    44:6b:61:70:af:52:f4:4a:19:15:5a:16:26:1d:3f:
                    02:a9:f3:94:db:5b:4b:26:98:c6:19:44:14:e7:2d:
                    c9:36:10:18:0a:a9:c6:e1:5a:03:1c:8e:69:9e:e4:
                    73:2f:6f:a6:3b:92:db:20:d3:04:15:66:56:ea:71:
                    fc:e1:e9:68:08:cc:13:36:b3:30:7a:93:ec:2c:76:
                    42:d6:b3:b6:18:92:12:f0:fa:c7:4b:c7:a9:45:4c:
                    26:2f:9a:3a:8b:49:0b:63:58:89:b4:81:96:0a:94:
                    85:85:16:94:11:64:be:a2:f2:65:65:4c:8f:45:f5:
                    d0:6d:f6:fd:52:a5:67:3f:ae:3b:86:8c:23:d0:74:
                    0e:df:f1:14:8f:a8:47:11:ca:88:91:ca:0b:40:e9:
                    f2:2c:05:b4:d1:ab:b4:2f:c9:13:31:24:c0:1e:4b:
                    30:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:C1:9D:9C:61:69:80:7D:A2:21:3A:1B:1F:4C:D9:CC:CD:87:89:BC
            X509v3 Authority Key Identifier:
                keyid:CC:9F:A0:B3:0D:54:55:AD:67:FB:07:E0:99:F0:FA:95:F8:B6:C1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zJ-gsw1UVa1n-wfgmfD6lfi2wZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/4883d4-8479-4447-af67-1e6ca2f0d155/1/rsGdnGFpgH2iITobH0zZzM2Hibw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/4883d4-8479-4447-af67-1e6ca2f0d155/1/zJ-gsw1UVa1n-wfgmfD6lfi2wZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:968::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:91:4b:b6:7d:c0:99:fa:5c:ce:06:56:13:01:6b:ee:23:0d:
         dd:4d:f2:f0:fa:d7:e2:b6:7d:35:af:69:d5:32:c2:20:47:c4:
         94:e8:93:9e:32:50:5b:f3:9b:e3:34:67:9c:ec:eb:e2:d1:64:
         1e:e4:8c:22:6c:d8:2b:0c:f7:0b:3d:92:17:00:6c:2f:b1:8c:
         2e:fb:1d:f2:9a:31:73:99:70:a8:9c:c6:a5:41:23:da:85:f4:
         ed:49:9a:5d:23:d5:5b:2d:fc:5e:53:de:da:39:1a:fe:cb:ff:
         91:86:dd:04:08:66:9e:91:17:ea:06:ac:b8:0b:a7:89:1d:6b:
         be:f9:08:8e:0d:71:51:42:3f:f5:f4:0b:a3:f7:bf:71:97:e5:
         53:81:9a:d8:cf:82:d4:53:ab:08:bc:18:21:39:92:3c:45:2b:
         0a:b6:50:db:84:2b:80:b7:c2:40:a5:66:e4:0f:09:99:79:f1:
         48:a5:07:d6:ff:c6:73:3c:cb:0a:5b:a9:92:da:50:8e:bd:48:
         2f:6a:5a:22:4c:e1:ef:21:51:88:8b:7b:22:8c:0b:c2:5c:74:
         ca:be:52:ae:1d:27:ee:4e:be:52:10:b6:3e:3b:5d:f4:b5:2b:
         41:dc:28:42:d4:64:1c:12:17:ec:bd:e7:18:a5:cc:f0:f2:4a:
         7a:c4:7d:d4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+lIRPDe8++1P7TTi0zXMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjOWZhMGIzMGQ1NDU1YWQ2N2ZiMDdlMDk5ZjBmYTk1Zjhi
NmMxOWUwHhcNMjUwMTAxMDM0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWMxOWQ5YzYxNjk4MDdkYTIyMTNhMWIxZjRjZDljY2NkODc4OWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVjhwZBecJ8RtDiCogh57qpst8nh
BA6/3SYnPGW1BE8+Yrkow9PqMCNELGCEwYdAl2oQNdmWc/QwgGGRuydMNY0qMOP5
PQ50Wv/1uxYFxScTH/WZlxawrJdEa2Fwr1L0ShkVWhYmHT8CqfOU21tLJpjGGUQU
5y3JNhAYCqnG4VoDHI5pnuRzL2+mO5LbINMEFWZW6nH84eloCMwTNrMwepPsLHZC
1rO2GJIS8PrHS8epRUwmL5o6i0kLY1iJtIGWCpSFhRaUEWS+ovJlZUyPRfXQbfb9
UqVnP647howj0HQO3/EUj6hHEcqIkcoLQOnyLAW00au0L8kTMSTAHkswpQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK7BnZxhaYB9oiE6Gx9M2czNh4m8MB8GA1UdIwQY
MBaAFMyfoLMNVFWtZ/sH4Jnw+pX4tsGeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekotZ3N3MVVWYTFuLXdmZ21mRDZsZmkyd1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC80ODgzZDQtODQ3OS00NDQ3LWFmNjct
MWU2Y2EyZjBkMTU1LzEvcnNHZG5HRnBnSDJpSVRvYkgwelp6TTJIaWJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC80ODgzZDQtODQ3OS00NDQ3LWFmNjctMWU2Y2EyZjBkMTU1
LzEvekotZ3N3MVVWYTFuLXdmZ21mRDZsZmkyd1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAlo
MA0GCSqGSIb3DQEBCwUAA4IBAQAOkUu2fcCZ+lzOBlYTAWvuIw3dTfLw+tfitn01
r2nVMsIgR8SU6JOeMlBb85vjNGec7Ovi0WQe5IwibNgrDPcLPZIXAGwvsYwu+x3y
mjFzmXConMalQSPahfTtSZpdI9VbLfxeU97aORr+y/+Rht0ECGaekRfqBqy4C6eJ
HWu++QiODXFRQj/19Auj979xl+VTgZrYz4LUU6sIvBghOZI8RSsKtlDbhCuAt8JA
pWbkDwmZefFIpQfW/8ZzPMsKW6mS2lCOvUgvaloiTOHvIVGIi3sijAvCXHTKvlKu
HSfuTr5SELY+O130tStB3ChC1GQcEhfsvecYpczw8kp6xH3U
-----END CERTIFICATE-----