Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/ac8fdc-9d55-45db-a243-f16697d72a71/1/ZsJ1p0f-2YgNmBDafzu2GWckT34.roa
File:                     ZsJ1p0f-2YgNmBDafzu2GWckT34.roa (raw, json)
Hash identifier:          kKQedLsISeBKSivLfM6tlDNDN9VJMt9n4EQssMfjNOQ=
Subject key identifier:   66:C2:75:A7:47:FE:D9:88:0D:98:10:DA:7F:3B:B6:19:67:24:4F:7E
Certificate issuer:       /CN=b2749bc9cd2cf8dffcf2ffed7884fbc13cb3e45d
Certificate serial:       019425FC8B1D91DC846B94E79787FD900BFD
Authority key identifier: B2:74:9B:C9:CD:2C:F8:DF:FC:F2:FF:ED:78:84:FB:C1:3C:B3:E4:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/snSbyc0s-N_88v_teIT7wTyz5F0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/ac8fdc-9d55-45db-a243-f16697d72a71/1/ZsJ1p0f-2YgNmBDafzu2GWckT34.roa
Signing time:             Thu 02 Jan 2025 07:48:15 +0000
ROA not before:           Thu 02 Jan 2025 07:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50873
IP address blocks:        2001:678:580::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/ac8fdc-9d55-45db-a243-f16697d72a71/1/snSbyc0s-N_88v_teIT7wTyz5F0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/ac8fdc-9d55-45db-a243-f16697d72a71/1/snSbyc0s-N_88v_teIT7wTyz5F0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/snSbyc0s-N_88v_teIT7wTyz5F0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:8b:1d:91:dc:84:6b:94:e7:97:87:fd:90:0b:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2749bc9cd2cf8dffcf2ffed7884fbc13cb3e45d
        Validity
            Not Before: Jan  2 07:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66c275a747fed9880d9810da7f3bb61967244f7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:98:e3:24:de:e7:96:ca:76:d7:da:19:bf:f2:
                    d8:5b:2b:3c:33:84:8a:97:bf:e5:0e:20:8d:6c:e3:
                    01:9d:4d:86:d4:b0:d8:de:db:5c:b4:7c:46:7f:6f:
                    78:9d:1d:9a:29:a9:7f:51:25:38:3a:11:8c:ee:f6:
                    71:66:2b:75:21:85:06:65:98:e2:b3:ad:76:33:24:
                    e8:fe:33:be:14:b9:19:da:9e:b2:f6:30:65:e2:81:
                    23:11:b2:f2:62:b6:26:72:fc:a6:e7:95:9b:3e:0c:
                    3e:ae:28:58:46:b2:ab:08:85:94:c1:54:2d:19:b8:
                    cd:b1:09:29:be:b8:9d:36:82:8f:24:ab:c3:0d:9f:
                    4e:5c:7f:fe:11:61:95:54:46:53:8d:20:c3:52:8b:
                    8f:54:80:7b:3c:55:2d:d8:0a:64:d2:50:96:3d:c1:
                    5f:9c:c6:96:18:82:b5:15:b5:3a:75:4c:13:ec:f2:
                    99:2c:5b:74:4d:4a:2a:1c:fc:e3:c3:d3:f0:e8:51:
                    91:e0:f4:4c:85:35:31:d4:b7:8c:b5:e1:d3:4f:0d:
                    ba:12:3a:0a:c3:ea:4a:5a:4d:8b:1b:3d:b1:5e:dd:
                    ef:f7:9c:cc:d3:13:9f:7f:5e:dd:38:67:d3:4b:19:
                    c0:aa:63:11:aa:d0:a1:5a:df:0c:20:d0:22:91:c9:
                    4a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:C2:75:A7:47:FE:D9:88:0D:98:10:DA:7F:3B:B6:19:67:24:4F:7E
            X509v3 Authority Key Identifier:
                keyid:B2:74:9B:C9:CD:2C:F8:DF:FC:F2:FF:ED:78:84:FB:C1:3C:B3:E4:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/snSbyc0s-N_88v_teIT7wTyz5F0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ac8fdc-9d55-45db-a243-f16697d72a71/1/ZsJ1p0f-2YgNmBDafzu2GWckT34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ac8fdc-9d55-45db-a243-f16697d72a71/1/snSbyc0s-N_88v_teIT7wTyz5F0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:580::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:e1:c6:2e:36:d0:9a:a0:5d:3c:c9:aa:21:1c:1b:65:2b:b6:
         e2:bb:a6:a9:34:39:41:b1:cf:b3:1b:b2:5f:4d:17:77:90:d7:
         07:a3:95:13:c5:6d:e9:11:7b:59:21:20:97:56:40:62:3c:46:
         e2:2a:0d:02:d9:01:5a:bd:a6:d6:89:3c:e9:9c:ad:5f:1f:1b:
         8c:5c:0a:15:e3:c4:e7:17:e6:d7:f6:04:de:3d:04:3a:dd:fa:
         b9:1b:aa:0f:21:a1:cc:3f:a5:07:a7:72:04:cc:be:c2:5f:8b:
         3c:91:13:0b:14:ad:db:a9:5e:3e:ea:fa:03:c6:e9:e1:75:31:
         28:5a:ab:c6:d0:21:ff:cb:ff:c2:9b:ea:44:c9:06:05:bd:f9:
         61:e5:f2:29:84:38:56:94:00:65:f3:4a:fe:b9:81:24:2f:f1:
         e5:94:6b:31:ec:35:d1:db:90:a7:b4:38:31:56:d1:cc:a1:4b:
         f3:15:56:2a:47:30:91:f1:10:9b:89:01:86:54:8d:88:f1:47:
         bc:76:e9:bd:f5:61:8d:a8:61:97:c9:b5:01:2b:34:c9:fb:59:
         c3:cf:fb:a8:ba:f7:64:c8:b8:0d:a5:37:7e:57:c2:3e:02:e9:
         4b:0d:48:b9:9e:b6:5b:25:5f:b1:a5:2e:65:33:a6:83:98:18:
         18:6b:dd:69
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/IsdkdyEa5Tnl4f9kAv9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNzQ5YmM5Y2QyY2Y4ZGZmY2YyZmZlZDc4ODRmYmMxM2Ni
M2U0NWQwHhcNMjUwMTAyMDc0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmMyNzVhNzQ3ZmVkOTg4MGQ5ODEwZGE3ZjNiYjYxOTY3MjQ0ZjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5jjJN7nlsp219oZv/LYWys8M4SK
l7/lDiCNbOMBnU2G1LDY3ttctHxGf294nR2aKal/USU4OhGM7vZxZit1IYUGZZji
s612MyTo/jO+FLkZ2p6y9jBl4oEjEbLyYrYmcvym55WbPgw+rihYRrKrCIWUwVQt
GbjNsQkpvridNoKPJKvDDZ9OXH/+EWGVVEZTjSDDUouPVIB7PFUt2Apk0lCWPcFf
nMaWGIK1FbU6dUwT7PKZLFt0TUoqHPzjw9Pw6FGR4PRMhTUx1LeMteHTTw26EjoK
w+pKWk2LGz2xXt3v95zM0xOff17dOGfTSxnAqmMRqtChWt8MINAikclKCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGbCdadH/tmIDZgQ2n87thlnJE9+MB8GA1UdIwQY
MBaAFLJ0m8nNLPjf/PL/7XiE+8E8s+RdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc25TYnljMHMtTl84OHZfdGVJVDd3VHl6NUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9hYzhmZGMtOWQ1NS00NWRiLWEyNDMt
ZjE2Njk3ZDcyYTcxLzEvWnNKMXAwZi0yWWdObUJEYWZ6dTJHV2NrVDM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9hYzhmZGMtOWQ1NS00NWRiLWEyNDMtZjE2Njk3ZDcyYTcx
LzEvc25TYnljMHMtTl84OHZfdGVJVDd3VHl6NUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAWA
MA0GCSqGSIb3DQEBCwUAA4IBAQCA4cYuNtCaoF08yaohHBtlK7biu6apNDlBsc+z
G7JfTRd3kNcHo5UTxW3pEXtZISCXVkBiPEbiKg0C2QFavabWiTzpnK1fHxuMXAoV
48TnF+bX9gTePQQ63fq5G6oPIaHMP6UHp3IEzL7CX4s8kRMLFK3bqV4+6voDxunh
dTEoWqvG0CH/y//Cm+pEyQYFvflh5fIphDhWlABl80r+uYEkL/HllGsx7DXR25Cn
tDgxVtHMoUvzFVYqRzCR8RCbiQGGVI2I8Ue8dum99WGNqGGXybUBKzTJ+1nDz/uo
uvdkyLgNpTd+V8I+AulLDUi5nrZbJV+xpS5lM6aDmBgYa91p
-----END CERTIFICATE-----