Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/32bfe3-901c-4685-be0a-afac204d990f/1/0yoRjSV7Roa_6RLApu60JbNvhn0.roa
File:                     0yoRjSV7Roa_6RLApu60JbNvhn0.roa (raw, json)
Hash identifier:          zY5w8MSwqL9WHbjRx7fb+VonzMqXyw8rTcBHB5IjZKc=
Subject key identifier:   D3:2A:11:8D:25:7B:46:86:BF:E9:12:C0:A6:EE:B4:25:B3:6F:86:7D
Certificate issuer:       /CN=18f27c0c0b35ddd42bb892c16845a63b0027a1c7
Certificate serial:       019662D5A387D4B194A3874146E72CC8B472
Authority key identifier: 18:F2:7C:0C:0B:35:DD:D4:2B:B8:92:C1:68:45:A6:3B:00:27:A1:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GPJ8DAs13dQruJLBaEWmOwAnocc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/32bfe3-901c-4685-be0a-afac204d990f/1/0yoRjSV7Roa_6RLApu60JbNvhn0.roa
Signing time:             Wed 23 Apr 2025 13:28:10 +0000
ROA not before:           Wed 23 Apr 2025 13:28:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2001:7f8:149::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/32bfe3-901c-4685-be0a-afac204d990f/1/GPJ8DAs13dQruJLBaEWmOwAnocc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/32bfe3-901c-4685-be0a-afac204d990f/1/GPJ8DAs13dQruJLBaEWmOwAnocc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GPJ8DAs13dQruJLBaEWmOwAnocc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:62:d5:a3:87:d4:b1:94:a3:87:41:46:e7:2c:c8:b4:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18f27c0c0b35ddd42bb892c16845a63b0027a1c7
        Validity
            Not Before: Apr 23 13:28:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d32a118d257b4686bfe912c0a6eeb425b36f867d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2f:66:c3:81:0d:e9:07:89:ee:14:b5:95:5f:
                    26:3d:02:57:0f:57:4b:01:17:59:17:b5:cc:50:b4:
                    b6:6e:dc:94:44:ca:f2:fa:1d:6f:8c:53:65:72:1a:
                    0b:b6:00:11:de:76:8a:bc:fd:01:dc:cd:51:77:75:
                    af:2e:c8:fe:98:59:4f:67:c9:1b:c4:f9:41:91:40:
                    d3:c5:41:bc:3f:19:28:8b:b1:56:b8:37:56:34:a2:
                    b1:98:d0:e0:a5:fb:ab:8b:f7:d1:ba:64:77:26:8b:
                    b9:95:61:dd:6a:d6:49:0b:b4:43:96:61:ad:79:79:
                    af:ad:bb:f4:69:22:32:02:f4:01:b3:0e:b4:54:74:
                    0e:93:97:99:f6:70:14:69:82:15:83:a4:44:d2:e6:
                    2e:1b:9c:4a:a9:03:12:6e:fe:4d:63:ec:c0:b7:ee:
                    ea:25:34:50:71:04:32:19:97:ac:79:3b:01:4c:90:
                    45:f5:43:82:cc:04:eb:2d:03:ff:1c:b1:28:a5:6d:
                    a8:59:ce:a5:5f:cb:64:39:ba:85:db:64:06:b2:29:
                    91:7b:5b:27:06:7d:df:c0:8f:9a:7f:9b:5c:39:a5:
                    00:4c:f7:f7:0e:c5:7e:9d:f4:1e:fc:7d:b6:05:83:
                    4a:96:b8:c3:2d:f5:87:8b:45:4a:03:58:c1:15:6c:
                    92:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:2A:11:8D:25:7B:46:86:BF:E9:12:C0:A6:EE:B4:25:B3:6F:86:7D
            X509v3 Authority Key Identifier:
                keyid:18:F2:7C:0C:0B:35:DD:D4:2B:B8:92:C1:68:45:A6:3B:00:27:A1:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GPJ8DAs13dQruJLBaEWmOwAnocc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/32bfe3-901c-4685-be0a-afac204d990f/1/0yoRjSV7Roa_6RLApu60JbNvhn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/32bfe3-901c-4685-be0a-afac204d990f/1/GPJ8DAs13dQruJLBaEWmOwAnocc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:7f8:149::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:61:22:11:76:e8:76:e2:54:8e:21:58:b4:9c:a3:0f:c3:5f:
         f1:d9:ba:fa:92:90:55:18:b9:5d:24:b3:c2:6b:db:60:2e:4d:
         b2:62:05:14:5e:d7:44:ad:fe:22:a9:2a:d5:53:47:17:c8:0e:
         5b:31:40:2a:c8:b7:58:e9:3c:32:c5:a0:95:4b:f7:91:d0:20:
         bd:54:9f:7b:5a:95:36:e5:93:ec:73:16:b6:84:33:41:c2:ec:
         ce:a3:d1:b5:b4:fd:4f:40:ba:df:32:23:2d:7a:f0:20:c1:a3:
         0a:2d:dc:a1:e1:08:9a:6f:b3:4c:e0:41:34:47:39:37:63:15:
         6d:9e:9b:f4:d4:2d:d7:0f:01:57:b2:94:2b:24:b9:58:06:6a:
         97:6d:65:7a:a4:4c:f3:be:df:9b:2c:85:8d:c6:b8:9b:c9:4c:
         8e:b6:98:90:65:c7:d4:b1:e2:b2:27:57:fb:6a:91:4a:01:54:
         c4:57:56:0c:48:d6:15:13:28:6f:66:bb:99:08:51:a7:13:dc:
         ff:e9:f6:18:7d:9d:54:4f:e4:51:3c:95:c1:9a:28:3f:ea:e4:
         25:75:26:60:09:df:64:5f:70:ff:75:da:e6:9e:5e:f5:1b:5d:
         86:00:62:44:77:ea:05:82:cc:b0:23:eb:82:b2:62:c3:88:05:
         1f:0c:d5:a1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZZi1aOH1LGUo4dBRucsyLRyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ZjI3YzBjMGIzNWRkZDQyYmI4OTJjMTY4NDVhNjNiMDAy
N2ExYzcwHhcNMjUwNDIzMTMyODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzJhMTE4ZDI1N2I0Njg2YmZlOTEyYzBhNmVlYjQyNWIzNmY4NjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzi9mw4EN6QeJ7hS1lV8mPQJXD1dL
ARdZF7XMULS2btyURMry+h1vjFNlchoLtgAR3naKvP0B3M1Rd3WvLsj+mFlPZ8kb
xPlBkUDTxUG8Pxkoi7FWuDdWNKKxmNDgpfuri/fRumR3Jou5lWHdatZJC7RDlmGt
eXmvrbv0aSIyAvQBsw60VHQOk5eZ9nAUaYIVg6RE0uYuG5xKqQMSbv5NY+zAt+7q
JTRQcQQyGZeseTsBTJBF9UOCzATrLQP/HLEopW2oWc6lX8tkObqF22QGsimRe1sn
Bn3fwI+af5tcOaUATPf3DsV+nfQe/H22BYNKlrjDLfWHi0VKA1jBFWySMQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNMqEY0le0aGv+kSwKbutCWzb4Z9MB8GA1UdIwQY
MBaAFBjyfAwLNd3UK7iSwWhFpjsAJ6HHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1BKOERBczEzZFFydUpMQmFFV21Pd0Fub2NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zMmJmZTMtOTAxYy00Njg1LWJlMGEt
YWZhYzIwNGQ5OTBmLzEvMHlvUmpTVjdSb2FfNlJMQXB1NjBKYk52aG4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zMmJmZTMtOTAxYy00Njg1LWJlMGEtYWZhYzIwNGQ5OTBm
LzEvR1BKOERBczEzZFFydUpMQmFFV21Pd0Fub2NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEH+AFJ
MA0GCSqGSIb3DQEBCwUAA4IBAQANYSIRduh24lSOIVi0nKMPw1/x2br6kpBVGLld
JLPCa9tgLk2yYgUUXtdErf4iqSrVU0cXyA5bMUAqyLdY6TwyxaCVS/eR0CC9VJ97
WpU25ZPscxa2hDNBwuzOo9G1tP1PQLrfMiMtevAgwaMKLdyh4Qiab7NM4EE0Rzk3
YxVtnpv01C3XDwFXspQrJLlYBmqXbWV6pEzzvt+bLIWNxribyUyOtpiQZcfUseKy
J1f7apFKAVTEV1YMSNYVEyhvZruZCFGnE9z/6fYYfZ1UT+RRPJXBmig/6uQldSZg
Cd9kX3D/ddrmnl71G12GAGJEd+oFgsywI+uCsmLDiAUfDNWh
-----END CERTIFICATE-----