Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/lkCjPKHQ8Kw51UGG5Fx-gWmfZeo.roa
File:                     lkCjPKHQ8Kw51UGG5Fx-gWmfZeo.roa (raw, json)
Hash identifier:          IrYEpIdSCLf/ZAAdJvK3O7zC/ibmRmQLp4sdzgkQJvg=
Subject key identifier:   96:40:A3:3C:A1:D0:F0:AC:39:D5:41:86:E4:5C:7E:81:69:9F:65:EA
Certificate issuer:       /CN=8050504f4b1776e80b8ad9f8b356e613b585b35a
Certificate serial:       019425216F318B38C3EAA996ACC8616BC620
Authority key identifier: 80:50:50:4F:4B:17:76:E8:0B:8A:D9:F8:B3:56:E6:13:B5:85:B3:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gFBQT0sXdugLitn4s1bmE7WFs1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/lkCjPKHQ8Kw51UGG5Fx-gWmfZeo.roa
Signing time:             Thu 02 Jan 2025 03:48:55 +0000
ROA not before:           Thu 02 Jan 2025 03:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61232
IP address blocks:        2001:678:e44::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/gFBQT0sXdugLitn4s1bmE7WFs1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/gFBQT0sXdugLitn4s1bmE7WFs1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gFBQT0sXdugLitn4s1bmE7WFs1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:6f:31:8b:38:c3:ea:a9:96:ac:c8:61:6b:c6:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8050504f4b1776e80b8ad9f8b356e613b585b35a
        Validity
            Not Before: Jan  2 03:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9640a33ca1d0f0ac39d54186e45c7e81699f65ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d6:5f:4e:50:0f:be:82:1b:b3:8d:c6:fc:cf:
                    b6:95:cd:7e:a1:10:4e:d1:77:8e:63:7f:0d:55:70:
                    39:8e:ab:34:d7:3c:f8:67:0f:b8:1f:19:ee:5c:e1:
                    6f:a2:c1:f3:b8:bb:f2:3e:db:5b:bf:f4:ac:91:20:
                    23:c8:c7:c6:b1:39:ac:60:1e:ba:ab:59:c9:77:2a:
                    04:b0:e1:9b:61:56:fe:5f:e9:e9:b3:e3:95:63:44:
                    9b:a8:8e:1b:bf:35:57:81:5a:fb:21:dd:39:72:fb:
                    06:b3:ed:4f:d1:62:ed:e0:f0:63:cf:24:74:54:84:
                    eb:e4:e2:7c:f0:c4:f9:80:0d:bc:b0:93:0c:96:b3:
                    38:13:42:a2:38:21:d6:89:3a:a5:05:8a:5e:e1:8d:
                    35:d4:fa:44:ee:7d:4b:15:03:a6:b1:ef:99:69:63:
                    b2:5b:8d:2c:ea:66:95:27:4f:c1:5d:82:4f:49:61:
                    17:8f:75:e6:c6:e2:90:bd:4a:bb:2e:10:b9:f7:b9:
                    a2:b2:5a:6c:ea:68:12:5f:0e:6a:dc:8f:d7:e1:da:
                    13:ae:b3:90:27:bc:31:7d:20:a3:2b:86:c6:56:df:
                    b8:68:fc:d6:db:48:cd:ac:48:e1:c1:2a:3f:0f:83:
                    6e:f8:e7:a8:e3:0e:df:a0:86:06:57:0d:9c:28:cc:
                    08:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:40:A3:3C:A1:D0:F0:AC:39:D5:41:86:E4:5C:7E:81:69:9F:65:EA
            X509v3 Authority Key Identifier:
                keyid:80:50:50:4F:4B:17:76:E8:0B:8A:D9:F8:B3:56:E6:13:B5:85:B3:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gFBQT0sXdugLitn4s1bmE7WFs1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/lkCjPKHQ8Kw51UGG5Fx-gWmfZeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/gFBQT0sXdugLitn4s1bmE7WFs1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:e44::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:8d:08:45:e7:c4:8c:76:62:d6:e4:43:34:70:b7:eb:c2:c5:
         62:d4:39:b0:ba:90:cb:07:4c:b8:b2:76:0f:e1:89:98:da:98:
         d3:09:05:84:f4:10:79:27:b8:c0:d8:62:dc:36:9b:d5:bd:91:
         a4:5d:86:ea:eb:01:1f:d3:fd:35:70:4d:fb:df:78:84:fa:81:
         f3:a3:38:db:f8:c5:fb:4f:2d:2f:2a:24:5d:4b:9d:ce:a2:63:
         02:cc:58:24:90:47:b0:19:cf:4a:cd:ad:ff:22:d8:35:57:94:
         c2:f1:ef:ee:bb:28:32:3c:d4:f2:d7:89:5c:82:a7:e3:c9:22:
         f7:15:3c:b7:30:8e:a0:67:56:82:6f:e3:d3:d7:0c:08:7c:49:
         1f:30:aa:53:49:d4:1c:f9:66:a6:cf:75:14:08:45:c6:13:21:
         eb:e7:b0:48:93:0d:27:22:bd:47:44:b6:fc:b8:b9:71:d1:da:
         1a:f8:c0:b1:db:a7:af:19:b0:e5:01:5b:6c:ae:23:91:85:32:
         76:3d:43:fc:14:70:5b:c6:41:e4:3c:50:06:1e:36:89:87:3c:
         b7:a6:48:2e:f8:8a:15:2c:69:a2:ac:61:85:52:96:a9:9d:fe:
         22:89:46:62:8a:d7:f9:63:87:27:43:c5:81:3a:d0:cb:07:37:
         89:45:cd:c7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIW8xizjD6qmWrMhha8YgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNTA1MDRmNGIxNzc2ZTgwYjhhZDlmOGIzNTZlNjEzYjU4
NWIzNWEwHhcNMjUwMTAyMDM0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjQwYTMzY2ExZDBmMGFjMzlkNTQxODZlNDVjN2U4MTY5OWY2NWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstZfTlAPvoIbs43G/M+2lc1+oRBO
0XeOY38NVXA5jqs01zz4Zw+4HxnuXOFvosHzuLvyPttbv/SskSAjyMfGsTmsYB66
q1nJdyoEsOGbYVb+X+nps+OVY0SbqI4bvzVXgVr7Id05cvsGs+1P0WLt4PBjzyR0
VITr5OJ88MT5gA28sJMMlrM4E0KiOCHWiTqlBYpe4Y011PpE7n1LFQOmse+ZaWOy
W40s6maVJ0/BXYJPSWEXj3XmxuKQvUq7LhC597mislps6mgSXw5q3I/X4doTrrOQ
J7wxfSCjK4bGVt+4aPzW20jNrEjhwSo/D4Nu+Oeo4w7foIYGVw2cKMwIDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJZAozyh0PCsOdVBhuRcfoFpn2XqMB8GA1UdIwQY
MBaAFIBQUE9LF3boC4rZ+LNW5hO1hbNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0ZCUVQwc1hkdWdMaXRuNHMxYm1FN1dGczFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9iNTk3MTUtYjA1YS00YjRhLWE5MjIt
MDE0NGEzMjgyYTJlLzEvbGtDalBLSFE4S3c1MVVHRzVGeC1nV21mWmVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9iNTk3MTUtYjA1YS00YjRhLWE5MjItMDE0NGEzMjgyYTJl
LzEvZ0ZCUVQwc1hkdWdMaXRuNHMxYm1FN1dGczFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA5E
MA0GCSqGSIb3DQEBCwUAA4IBAQCmjQhF58SMdmLW5EM0cLfrwsVi1DmwupDLB0y4
snYP4YmY2pjTCQWE9BB5J7jA2GLcNpvVvZGkXYbq6wEf0/01cE3733iE+oHzozjb
+MX7Ty0vKiRdS53OomMCzFgkkEewGc9Kza3/Itg1V5TC8e/uuygyPNTy14lcgqfj
ySL3FTy3MI6gZ1aCb+PT1wwIfEkfMKpTSdQc+Wamz3UUCEXGEyHr57BIkw0nIr1H
RLb8uLlx0doa+MCx26evGbDlAVtsriORhTJ2PUP8FHBbxkHkPFAGHjaJhzy3pkgu
+IoVLGmirGGFUpapnf4iiUZiitf5Y4cnQ8WBOtDLBzeJRc3H
-----END CERTIFICATE-----