Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/d2548c-bd6a-4395-95fb-12e20c875c53/1/yEdA_N7rWdELvU2ot9EEaCyQPBo.roa
File:                     yEdA_N7rWdELvU2ot9EEaCyQPBo.roa (raw, json)
Hash identifier:          8ht/7rJO+ixz8Sl+2g/oVNj6ivGQ0TQ42doSDeerWxI=
Subject key identifier:   C8:47:40:FC:DE:EB:59:D1:0B:BD:4D:A8:B7:D1:04:68:2C:90:3C:1A
Certificate issuer:       /CN=1e3ba4dbba523d5b0dc989203bfd69648d1d4e66
Certificate serial:       0194258FCA367B081C895BF61EF5EE89588C
Authority key identifier: 1E:3B:A4:DB:BA:52:3D:5B:0D:C9:89:20:3B:FD:69:64:8D:1D:4E:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hjuk27pSPVsNyYkgO_1pZI0dTmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/d2548c-bd6a-4395-95fb-12e20c875c53/1/yEdA_N7rWdELvU2ot9EEaCyQPBo.roa
Signing time:             Thu 02 Jan 2025 05:49:27 +0000
ROA not before:           Thu 02 Jan 2025 05:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13101
IP address blocks:        2001:678:a14::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/d2548c-bd6a-4395-95fb-12e20c875c53/1/Hjuk27pSPVsNyYkgO_1pZI0dTmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/d2548c-bd6a-4395-95fb-12e20c875c53/1/Hjuk27pSPVsNyYkgO_1pZI0dTmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hjuk27pSPVsNyYkgO_1pZI0dTmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:ca:36:7b:08:1c:89:5b:f6:1e:f5:ee:89:58:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e3ba4dbba523d5b0dc989203bfd69648d1d4e66
        Validity
            Not Before: Jan  2 05:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c84740fcdeeb59d10bbd4da8b7d104682c903c1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:23:76:05:d2:d3:51:23:2f:e0:cf:ce:0f:20:
                    23:93:ce:ea:5d:3e:fb:d8:11:f0:26:d3:b0:53:60:
                    75:b7:b3:12:7b:40:4f:32:fc:42:ea:15:11:51:23:
                    9e:71:74:bc:09:f6:b4:7d:d4:99:f1:67:cd:95:cc:
                    ae:ed:a6:d8:27:9f:10:e7:51:f5:f2:d7:f0:58:de:
                    d3:8f:61:57:e8:b2:e4:10:dd:41:11:88:93:cb:de:
                    26:98:09:de:23:47:19:5f:aa:85:36:8f:7d:12:1c:
                    d8:d4:0d:42:4a:2d:2c:e9:78:4a:32:47:ca:28:5b:
                    91:7c:c5:28:b8:1c:98:65:55:12:b0:c5:dc:62:22:
                    73:b7:22:e6:25:c2:9f:cf:eb:0b:cb:fa:62:c1:4f:
                    78:27:5c:5d:46:88:79:65:8a:9f:10:25:c7:6d:c0:
                    47:7d:f6:61:0b:f4:bd:0e:ec:ca:39:42:15:91:10:
                    06:f7:8b:81:f9:48:36:99:c8:96:84:a3:99:1c:55:
                    b9:61:09:1e:1e:f9:d7:d6:15:35:ef:db:fc:cb:fc:
                    22:bd:04:67:db:30:bf:14:d6:ae:aa:07:a4:21:7d:
                    f0:f0:63:a8:38:9a:cd:8c:f3:4a:04:a4:97:8b:5e:
                    c6:2c:47:24:62:83:8e:27:70:e6:1f:2c:2c:29:8e:
                    61:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:47:40:FC:DE:EB:59:D1:0B:BD:4D:A8:B7:D1:04:68:2C:90:3C:1A
            X509v3 Authority Key Identifier:
                keyid:1E:3B:A4:DB:BA:52:3D:5B:0D:C9:89:20:3B:FD:69:64:8D:1D:4E:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hjuk27pSPVsNyYkgO_1pZI0dTmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/d2548c-bd6a-4395-95fb-12e20c875c53/1/yEdA_N7rWdELvU2ot9EEaCyQPBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/d2548c-bd6a-4395-95fb-12e20c875c53/1/Hjuk27pSPVsNyYkgO_1pZI0dTmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:a14::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:0a:94:4f:52:db:c8:0e:d9:83:c8:ca:8c:d2:87:9c:c8:d3:
         66:4e:6c:6a:04:57:90:13:be:9c:30:35:cb:23:fb:1d:df:ae:
         ea:59:b4:21:1d:29:f3:5e:0d:21:c2:1e:b5:f7:bd:1b:ad:1b:
         62:1d:83:ec:54:02:8c:91:76:50:bf:d9:85:a1:5e:da:6b:67:
         92:f6:ce:7b:ef:4f:a4:27:1d:25:3a:7a:21:25:aa:5b:70:89:
         a5:aa:c6:db:06:f2:28:1e:41:4f:63:8d:ab:db:5a:13:2b:31:
         56:40:d9:8f:9c:d1:e8:67:b6:ad:31:fb:94:e4:90:d7:79:65:
         40:86:b0:fe:bf:60:e1:f3:3c:c1:7d:aa:a8:c9:f4:e9:b8:cb:
         13:32:8f:ab:2f:75:c0:47:15:91:62:33:44:03:17:a5:15:18:
         bd:8a:33:60:2f:2c:37:cb:b8:0c:4a:7c:47:1e:48:3f:93:6b:
         da:6f:64:81:3d:d9:58:e6:5f:49:fd:21:de:b6:53:43:33:ce:
         79:ff:c7:f4:dc:34:81:f3:66:73:29:89:62:53:ef:17:29:e0:
         36:e6:89:c8:c8:69:7f:11:c9:78:0c:34:a5:f3:f3:1a:32:c9:
         4f:d3:2e:2d:8e:c9:c5:ca:44:c9:b2:2f:5e:1c:6f:fb:75:90:
         e0:10:5e:33
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlj8o2ewgciVv2HvXuiViMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlM2JhNGRiYmE1MjNkNWIwZGM5ODkyMDNiZmQ2OTY0OGQx
ZDRlNjYwHhcNMjUwMTAyMDU0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODQ3NDBmY2RlZWI1OWQxMGJiZDRkYThiN2QxMDQ2ODJjOTAzYzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyN2BdLTUSMv4M/ODyAjk87qXT77
2BHwJtOwU2B1t7MSe0BPMvxC6hURUSOecXS8Cfa0fdSZ8WfNlcyu7abYJ58Q51H1
8tfwWN7Tj2FX6LLkEN1BEYiTy94mmAneI0cZX6qFNo99EhzY1A1CSi0s6XhKMkfK
KFuRfMUouByYZVUSsMXcYiJztyLmJcKfz+sLy/piwU94J1xdRoh5ZYqfECXHbcBH
ffZhC/S9DuzKOUIVkRAG94uB+Ug2mciWhKOZHFW5YQkeHvnX1hU179v8y/wivQRn
2zC/FNauqgekIX3w8GOoOJrNjPNKBKSXi17GLEckYoOOJ3DmHywsKY5h8wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMhHQPze61nRC71NqLfRBGgskDwaMB8GA1UdIwQY
MBaAFB47pNu6Uj1bDcmJIDv9aWSNHU5mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGp1azI3cFNQVnNOeVlrZ09fMXBaSTBkVG1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9kMjU0OGMtYmQ2YS00Mzk1LTk1ZmIt
MTJlMjBjODc1YzUzLzEveUVkQV9ON3JXZEVMdlUyb3Q5RUVhQ3lRUEJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9kMjU0OGMtYmQ2YS00Mzk1LTk1ZmItMTJlMjBjODc1YzUz
LzEvSGp1azI3cFNQVnNOeVlrZ09fMXBaSTBkVG1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAoU
MA0GCSqGSIb3DQEBCwUAA4IBAQCmCpRPUtvIDtmDyMqM0oecyNNmTmxqBFeQE76c
MDXLI/sd367qWbQhHSnzXg0hwh61970brRtiHYPsVAKMkXZQv9mFoV7aa2eS9s57
70+kJx0lOnohJapbcImlqsbbBvIoHkFPY42r21oTKzFWQNmPnNHoZ7atMfuU5JDX
eWVAhrD+v2Dh8zzBfaqoyfTpuMsTMo+rL3XARxWRYjNEAxelFRi9ijNgLyw3y7gM
SnxHHkg/k2vab2SBPdlY5l9J/SHetlNDM855/8f03DSB82ZzKYliU+8XKeA25onI
yGl/Ecl4DDSl8/MaMslP0y4tjsnFykTJsi9eHG/7dZDgEF4z
-----END CERTIFICATE-----