Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/d48090-2dbf-4b84-8596-98ce146f1824/1/bce9mz0b3BUGOMHAJWY8rMCRxek.roa
File:                     bce9mz0b3BUGOMHAJWY8rMCRxek.roa (raw, json)
Hash identifier:          IEeWzdb92Rel/sak0WfNMG3iDCwAJHBVrKmaRSr9eNE=
Subject key identifier:   6D:C7:BD:9B:3D:1B:DC:15:06:38:C1:C0:25:66:3C:AC:C0:91:C5:E9
Certificate issuer:       /CN=1e4c32086e1e984505691b01f5985df7a36b24ae
Certificate serial:       019422FBE5FA53E490560C5C333374D5B635
Authority key identifier: 1E:4C:32:08:6E:1E:98:45:05:69:1B:01:F5:98:5D:F7:A3:6B:24:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HkwyCG4emEUFaRsB9Zhd96NrJK4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/d48090-2dbf-4b84-8596-98ce146f1824/1/bce9mz0b3BUGOMHAJWY8rMCRxek.roa
Signing time:             Wed 01 Jan 2025 17:48:41 +0000
ROA not before:           Wed 01 Jan 2025 17:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48586
IP address blocks:        2001:678:74c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/d48090-2dbf-4b84-8596-98ce146f1824/1/HkwyCG4emEUFaRsB9Zhd96NrJK4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/d48090-2dbf-4b84-8596-98ce146f1824/1/HkwyCG4emEUFaRsB9Zhd96NrJK4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HkwyCG4emEUFaRsB9Zhd96NrJK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:e5:fa:53:e4:90:56:0c:5c:33:33:74:d5:b6:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e4c32086e1e984505691b01f5985df7a36b24ae
        Validity
            Not Before: Jan  1 17:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6dc7bd9b3d1bdc150638c1c025663cacc091c5e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:29:b6:cc:1f:06:8a:98:c9:af:8b:ab:ee:52:
                    a3:10:9e:e1:d1:fe:e9:23:91:81:56:ba:f6:c0:f7:
                    78:ff:5d:d4:c8:df:b4:5d:a4:0c:b8:4b:d4:70:89:
                    6b:12:b5:5d:58:76:d9:ec:73:74:6c:37:2a:4a:f2:
                    f1:3b:ba:d3:97:c7:0f:f0:42:62:81:fd:f8:72:69:
                    67:4e:2f:29:83:07:d2:a5:5e:2e:ba:97:bf:0a:4f:
                    f9:76:c8:46:8d:78:96:bc:90:fa:08:c2:d0:ad:f7:
                    bd:98:eb:f5:2b:1a:8d:28:f7:15:d3:42:71:7a:e9:
                    6f:d4:ad:20:98:93:ab:6a:a5:f4:83:ec:29:ae:71:
                    78:76:fe:04:e1:11:1f:ef:81:48:6f:e8:a8:7a:6d:
                    fe:d9:ed:4c:57:16:b6:d5:42:d3:32:8c:78:e5:e5:
                    61:3f:cf:aa:66:b1:e2:75:45:b8:af:43:a8:9d:85:
                    fd:f1:86:70:09:62:4c:00:43:1e:7f:3e:61:43:ce:
                    b9:74:c4:37:8e:f5:fa:11:9d:b3:2e:ee:3d:bb:33:
                    cb:e5:99:7e:b0:eb:86:56:08:69:49:8b:94:4c:4b:
                    34:97:6a:c6:d9:60:27:2a:9a:0f:70:ca:77:d5:9b:
                    2c:e9:72:03:1c:02:7f:5b:96:3e:1c:16:c5:f1:b2:
                    4c:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:C7:BD:9B:3D:1B:DC:15:06:38:C1:C0:25:66:3C:AC:C0:91:C5:E9
            X509v3 Authority Key Identifier:
                keyid:1E:4C:32:08:6E:1E:98:45:05:69:1B:01:F5:98:5D:F7:A3:6B:24:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HkwyCG4emEUFaRsB9Zhd96NrJK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/d48090-2dbf-4b84-8596-98ce146f1824/1/bce9mz0b3BUGOMHAJWY8rMCRxek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/d48090-2dbf-4b84-8596-98ce146f1824/1/HkwyCG4emEUFaRsB9Zhd96NrJK4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:74c::/48

    Signature Algorithm: sha256WithRSAEncryption
         ad:bf:82:8b:99:56:eb:38:4a:89:2c:1a:2e:28:71:7f:5d:69:
         ad:9a:18:f8:70:92:60:c1:b0:d8:93:4b:f4:d6:e7:d4:63:91:
         fe:6a:cd:5b:0a:07:74:e7:b8:1c:82:e0:c6:e6:74:11:86:4a:
         f0:37:ca:48:f4:a3:af:da:15:05:ea:8f:ce:69:ac:a4:d2:7e:
         0b:ad:b9:85:d3:c7:e5:ee:06:32:7d:24:81:50:c9:c6:43:4c:
         13:52:13:44:3f:df:46:01:7b:dc:3d:69:d0:0d:74:31:10:1a:
         53:94:23:67:f5:2b:2c:ab:b2:63:d5:51:c5:6b:2c:bc:ba:18:
         ac:ae:db:30:53:f9:47:75:f0:6b:62:6d:d7:5b:9d:fa:ba:41:
         26:58:fc:e0:6f:1f:86:1b:d1:da:c0:70:e1:e5:4c:84:b2:59:
         80:f3:c5:09:41:b6:a4:c6:2b:6f:f9:66:2f:46:b5:d5:a0:31:
         18:1d:f7:18:98:d7:96:20:14:32:04:8e:24:bc:c8:c3:f1:9c:
         a2:31:dd:5a:77:7f:56:32:55:f1:ff:ad:81:a9:f1:bd:e0:9d:
         d5:0d:1b:8d:32:76:e1:b6:e1:af:67:d1:c1:e1:0e:b6:ef:bf:
         fb:36:06:46:68:4f:b5:8e:c1:68:a7:4c:92:7d:cb:69:46:5e:
         76:b2:a7:60
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi++X6U+SQVgxcMzN01bY1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNGMzMjA4NmUxZTk4NDUwNTY5MWIwMWY1OTg1ZGY3YTM2
YjI0YWUwHhcNMjUwMTAxMTc0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGM3YmQ5YjNkMWJkYzE1MDYzOGMxYzAyNTY2M2NhY2MwOTFjNWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCm2zB8GipjJr4ur7lKjEJ7h0f7p
I5GBVrr2wPd4/13UyN+0XaQMuEvUcIlrErVdWHbZ7HN0bDcqSvLxO7rTl8cP8EJi
gf34cmlnTi8pgwfSpV4uupe/Ck/5dshGjXiWvJD6CMLQrfe9mOv1KxqNKPcV00Jx
eulv1K0gmJOraqX0g+wprnF4dv4E4REf74FIb+ioem3+2e1MVxa21ULTMox45eVh
P8+qZrHidUW4r0OonYX98YZwCWJMAEMefz5hQ865dMQ3jvX6EZ2zLu49uzPL5Zl+
sOuGVghpSYuUTEs0l2rG2WAnKpoPcMp31Zss6XIDHAJ/W5Y+HBbF8bJMcQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG3HvZs9G9wVBjjBwCVmPKzAkcXpMB8GA1UdIwQY
MBaAFB5MMghuHphFBWkbAfWYXfejaySuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGt3eUNHNGVtRVVGYVJzQjlaaGQ5Nk5ySks0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9kNDgwOTAtMmRiZi00Yjg0LTg1OTYt
OThjZTE0NmYxODI0LzEvYmNlOW16MGIzQlVHT01IQUpXWThyTUNSeGVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9kNDgwOTAtMmRiZi00Yjg0LTg1OTYtOThjZTE0NmYxODI0
LzEvSGt3eUNHNGVtRVVGYVJzQjlaaGQ5Nk5ySks0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAdM
MA0GCSqGSIb3DQEBCwUAA4IBAQCtv4KLmVbrOEqJLBouKHF/XWmtmhj4cJJgwbDY
k0v01ufUY5H+as1bCgd057gcguDG5nQRhkrwN8pI9KOv2hUF6o/Oaayk0n4LrbmF
08fl7gYyfSSBUMnGQ0wTUhNEP99GAXvcPWnQDXQxEBpTlCNn9Sssq7Jj1VHFayy8
uhisrtswU/lHdfBrYm3XW536ukEmWPzgbx+GG9HawHDh5UyEslmA88UJQbakxitv
+WYvRrXVoDEYHfcYmNeWIBQyBI4kvMjD8ZyiMd1ad39WMlXx/62BqfG94J3VDRuN
MnbhtuGvZ9HB4Q6277/7NgZGaE+1jsFop0ySfctpRl52sqdg
-----END CERTIFICATE-----