Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/ef2216-7c1f-4f6d-85c5-f53ad46caf3c/1/TKiREDJTGPj3WpBolc7Oy8AF7q0.roa
File:                     TKiREDJTGPj3WpBolc7Oy8AF7q0.roa (raw, json)
Hash identifier:          k04RJ7uOA9TiG+X5oZxMBH/TR5NHsqtpGCxguuIKEm0=
Subject key identifier:   4C:A8:91:10:32:53:18:F8:F7:5A:90:68:95:CE:CE:CB:C0:05:EE:AD
Certificate issuer:       /CN=ec3ce4e2b1ad290867ddc77f31e5f153e9b20887
Certificate serial:       019329FAE9E2DF8D57F61F776F34C2B87717
Authority key identifier: EC:3C:E4:E2:B1:AD:29:08:67:DD:C7:7F:31:E5:F1:53:E9:B2:08:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7Dzk4rGtKQhn3cd_MeXxU-myCIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/ef2216-7c1f-4f6d-85c5-f53ad46caf3c/1/TKiREDJTGPj3WpBolc7Oy8AF7q0.roa
Signing time:             Thu 14 Nov 2024 09:22:09 +0000
ROA not before:           Thu 14 Nov 2024 09:22:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203055
IP address blocks:        2001:678:25c::/48 maxlen: 48
                          2001:67c:1998::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/ef2216-7c1f-4f6d-85c5-f53ad46caf3c/1/7Dzk4rGtKQhn3cd_MeXxU-myCIc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/ef2216-7c1f-4f6d-85c5-f53ad46caf3c/1/7Dzk4rGtKQhn3cd_MeXxU-myCIc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7Dzk4rGtKQhn3cd_MeXxU-myCIc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:29:fa:e9:e2:df:8d:57:f6:1f:77:6f:34:c2:b8:77:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec3ce4e2b1ad290867ddc77f31e5f153e9b20887
        Validity
            Not Before: Nov 14 09:22:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ca89110325318f8f75a906895cececbc005eead
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:8c:a4:3b:00:d2:78:95:e7:21:ca:ca:dc:44:
                    b5:3d:bf:9a:13:f0:7d:f3:29:79:7a:e5:2e:55:80:
                    ce:d8:e8:3e:21:55:d8:de:cc:8c:24:e7:70:d7:64:
                    3a:76:20:de:96:f3:3d:3e:a7:34:e6:71:b3:a4:d8:
                    12:d7:8b:9b:23:47:f6:2e:26:31:5e:86:42:05:9e:
                    e9:67:c1:1f:d8:d8:8b:e9:4a:bd:36:ff:52:5f:1c:
                    98:11:01:54:94:1b:3c:a9:75:f1:ac:e1:c1:72:d1:
                    e9:8d:35:bb:a4:6c:f9:1d:94:dc:cb:20:9e:4e:97:
                    1f:e6:7e:d1:b9:7a:7a:57:30:8d:bc:f5:83:4c:0d:
                    85:a3:3f:63:cb:26:98:04:fb:68:52:ba:7a:78:9a:
                    22:ae:6c:fe:9e:26:30:c5:b5:30:48:a1:e8:93:13:
                    30:2c:1d:69:6d:b9:0b:e2:bc:f7:38:97:f3:28:09:
                    06:70:dc:22:9f:c6:87:ad:2b:ee:44:7d:3f:23:aa:
                    05:97:64:21:51:11:74:af:42:32:e4:1c:eb:16:b5:
                    65:2b:81:fa:7c:ee:03:3e:a9:4b:37:02:24:6b:86:
                    22:5a:25:ce:0d:b2:c8:da:e5:de:4a:d3:9d:fc:3f:
                    41:d9:90:c4:3e:cb:21:54:b4:a9:d7:01:6e:aa:12:
                    ae:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:A8:91:10:32:53:18:F8:F7:5A:90:68:95:CE:CE:CB:C0:05:EE:AD
            X509v3 Authority Key Identifier:
                keyid:EC:3C:E4:E2:B1:AD:29:08:67:DD:C7:7F:31:E5:F1:53:E9:B2:08:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7Dzk4rGtKQhn3cd_MeXxU-myCIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ef2216-7c1f-4f6d-85c5-f53ad46caf3c/1/TKiREDJTGPj3WpBolc7Oy8AF7q0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ef2216-7c1f-4f6d-85c5-f53ad46caf3c/1/7Dzk4rGtKQhn3cd_MeXxU-myCIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:25c::/48
                  2001:67c:1998::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:a8:8d:bc:b5:d7:17:ee:69:1c:35:9a:8e:17:1b:1e:e8:7d:
         33:1f:cc:97:f6:9b:c7:0a:b4:9a:f7:8b:91:a6:9c:76:a8:85:
         f7:53:08:2e:34:7f:51:50:bb:22:9a:1e:dc:3d:68:95:e4:dd:
         a7:99:29:1b:b0:38:80:1b:1f:53:38:a3:67:07:37:c6:b4:77:
         10:d9:03:a0:33:e5:93:4e:6f:91:c6:16:fd:53:3f:1c:9b:d5:
         91:1f:76:f4:21:75:ed:c6:69:66:62:d1:7a:4b:ad:71:13:9c:
         01:ee:9b:9d:69:05:b7:f4:7f:cf:f4:2b:87:ef:03:6f:00:ec:
         85:62:32:42:46:24:68:49:d2:4a:a1:23:57:72:0e:b0:ea:cd:
         96:57:ed:06:0e:ce:e0:43:e5:d7:a1:c9:e0:c4:48:da:ed:b6:
         64:fc:77:82:2d:56:15:55:52:40:15:c2:02:95:f9:d8:a4:1d:
         9c:53:47:ef:f5:80:bc:2c:9e:a6:4e:cb:68:97:5a:e1:20:86:
         49:04:1c:19:c6:35:30:14:0f:8f:da:75:b7:63:fd:11:d2:b6:
         f2:3a:b2:59:43:9a:90:16:e6:21:dc:97:78:fb:2c:eb:b5:95:
         c3:9b:0f:c4:98:ec:a1:38:cc:90:9d:4c:ae:08:5f:d0:e5:f1:
         5b:fc:eb:d7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZMp+uni341X9h93bzTCuHcXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjM2NlNGUyYjFhZDI5MDg2N2RkYzc3ZjMxZTVmMTUzZTli
MjA4ODcwHhcNMjQxMTE0MDkyMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2E4OTExMDMyNTMxOGY4Zjc1YTkwNjg5NWNlY2VjYmMwMDVlZWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1oykOwDSeJXnIcrK3ES1Pb+aE/B9
8yl5euUuVYDO2Og+IVXY3syMJOdw12Q6diDelvM9Pqc05nGzpNgS14ubI0f2LiYx
XoZCBZ7pZ8Ef2NiL6Uq9Nv9SXxyYEQFUlBs8qXXxrOHBctHpjTW7pGz5HZTcyyCe
Tpcf5n7RuXp6VzCNvPWDTA2Foz9jyyaYBPtoUrp6eJoirmz+niYwxbUwSKHokxMw
LB1pbbkL4rz3OJfzKAkGcNwin8aHrSvuRH0/I6oFl2QhURF0r0Iy5BzrFrVlK4H6
fO4DPqlLNwIka4YiWiXODbLI2uXeStOd/D9B2ZDEPsshVLSp1wFuqhKuOwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEyokRAyUxj491qQaJXOzsvABe6tMB8GA1UdIwQY
MBaAFOw85OKxrSkIZ93HfzHl8VPpsgiHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0R6azRyR3RLUWhuM2NkX01lWHhVLW15Q0ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9lZjIyMTYtN2MxZi00ZjZkLTg1YzUt
ZjUzYWQ0NmNhZjNjLzEvVEtpUkVESlRHUGozV3BCb2xjN095OEFGN3EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9lZjIyMTYtN2MxZi00ZjZkLTg1YzUtZjUzYWQ0NmNhZjNj
LzEvN0R6azRyR3RLUWhuM2NkX01lWHhVLW15Q0ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGeAJc
AwcAIAEGfBmYMA0GCSqGSIb3DQEBCwUAA4IBAQB+qI28tdcX7mkcNZqOFxse6H0z
H8yX9pvHCrSa94uRppx2qIX3UwguNH9RULsimh7cPWiV5N2nmSkbsDiAGx9TOKNn
BzfGtHcQ2QOgM+WTTm+Rxhb9Uz8cm9WRH3b0IXXtxmlmYtF6S61xE5wB7pudaQW3
9H/P9CuH7wNvAOyFYjJCRiRoSdJKoSNXcg6w6s2WV+0GDs7gQ+XXocngxEja7bZk
/HeCLVYVVVJAFcIClfnYpB2cU0fv9YC8LJ6mTstol1rhIIZJBBwZxjUwFA+P2nW3
Y/0R0rbyOrJZQ5qQFuYh3Jd4+yzrtZXDmw/EmOyhOMyQnUyuCF/Q5fFb/OvX
-----END CERTIFICATE-----