Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/139d23-802d-4224-832e-1f8581421760/1/eO8gPZF0Xg3a6oErz3xsis78_yg.roa
File:                     eO8gPZF0Xg3a6oErz3xsis78_yg.roa (raw, json)
Hash identifier:          ARYdnlTRJg0XCA/7uUE4AwiYMl9F7vHnb8qFPrerwpk=
Subject key identifier:   78:EF:20:3D:91:74:5E:0D:DA:EA:81:2B:CF:7C:6C:8A:CE:FC:FF:28
Certificate issuer:       /CN=0a108a28c707b0e5c2c2e6c2137d45879114bb92
Certificate serial:       0194266C2B4EF32F9B494BBFA48B3E61C8AE
Authority key identifier: 0A:10:8A:28:C7:07:B0:E5:C2:C2:E6:C2:13:7D:45:87:91:14:BB:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ChCKKMcHsOXCwubCE31Fh5EUu5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/139d23-802d-4224-832e-1f8581421760/1/eO8gPZF0Xg3a6oErz3xsis78_yg.roa
Signing time:             Thu 02 Jan 2025 09:50:10 +0000
ROA not before:           Thu 02 Jan 2025 09:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204946
IP address blocks:        2001:678:b0c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/139d23-802d-4224-832e-1f8581421760/1/ChCKKMcHsOXCwubCE31Fh5EUu5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/139d23-802d-4224-832e-1f8581421760/1/ChCKKMcHsOXCwubCE31Fh5EUu5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ChCKKMcHsOXCwubCE31Fh5EUu5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:2b:4e:f3:2f:9b:49:4b:bf:a4:8b:3e:61:c8:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a108a28c707b0e5c2c2e6c2137d45879114bb92
        Validity
            Not Before: Jan  2 09:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78ef203d91745e0ddaea812bcf7c6c8acefcff28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:32:55:bb:aa:a6:32:43:48:30:64:14:75:dc:
                    7f:98:ba:08:44:cf:d6:70:ad:c7:b7:e8:96:d2:7c:
                    6e:c2:75:5d:ec:2a:f4:82:10:d4:eb:5f:cb:a4:9a:
                    e9:65:cc:cb:92:e8:9f:05:ab:1a:f8:28:f0:38:4c:
                    e1:72:e4:83:5a:1e:0d:07:bf:03:d3:75:ab:8e:b6:
                    e7:62:98:f2:37:be:8b:f8:6f:9e:be:f4:46:d6:ff:
                    c9:e1:01:ce:9c:f2:08:ab:37:fa:05:50:0b:40:b8:
                    f8:02:8a:f2:ed:60:54:ef:56:22:77:18:fc:28:e6:
                    23:b4:22:3e:ce:34:c2:1e:ba:a1:7e:cc:82:66:b2:
                    13:cf:8f:16:9d:39:55:79:20:9d:df:33:db:93:62:
                    c4:7b:13:40:e1:20:12:4f:bb:6b:ff:83:62:e0:01:
                    52:50:d3:c8:20:16:7e:e9:fd:29:55:ec:d7:65:3a:
                    72:64:88:3d:fe:24:c0:16:93:03:c9:e1:3f:c7:e5:
                    b2:19:57:c8:da:e4:85:77:f2:0a:ec:af:45:e9:5b:
                    6b:d7:8d:1e:83:93:b7:4d:30:6a:e2:c9:c7:3e:32:
                    b7:f8:1e:20:8b:09:38:56:27:81:5a:79:2e:20:f7:
                    e5:9f:38:c1:df:cb:16:7a:35:28:e9:4b:ee:4f:11:
                    25:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:EF:20:3D:91:74:5E:0D:DA:EA:81:2B:CF:7C:6C:8A:CE:FC:FF:28
            X509v3 Authority Key Identifier:
                keyid:0A:10:8A:28:C7:07:B0:E5:C2:C2:E6:C2:13:7D:45:87:91:14:BB:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ChCKKMcHsOXCwubCE31Fh5EUu5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/139d23-802d-4224-832e-1f8581421760/1/eO8gPZF0Xg3a6oErz3xsis78_yg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/139d23-802d-4224-832e-1f8581421760/1/ChCKKMcHsOXCwubCE31Fh5EUu5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:b0c::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:09:81:50:bd:11:33:bd:ea:36:5b:c0:cd:8d:1d:78:37:7d:
         95:48:45:f8:ce:a5:87:1e:b0:10:1e:71:86:9c:c4:85:47:62:
         90:9f:fe:30:48:e7:8b:00:4d:50:cd:73:5d:c1:d7:47:af:ea:
         10:c5:ca:5d:5e:d8:ae:83:bd:52:db:88:96:23:9c:ea:aa:f2:
         0d:29:88:b0:c6:d7:38:e0:6b:d2:29:78:dd:39:c7:81:79:b6:
         c9:e3:54:77:6d:80:93:36:08:cc:3c:0b:02:b0:1b:20:e8:de:
         ea:a7:1c:0a:99:7c:6d:d7:74:16:eb:66:3d:a6:b5:c3:20:23:
         d2:0b:02:83:1a:b4:77:8d:10:2b:63:63:99:05:65:f1:b4:8c:
         00:41:3a:30:a8:3a:d1:29:c0:73:9b:cf:db:8f:53:7b:0c:d6:
         eb:ce:92:95:98:8b:9c:8d:16:d9:e1:ca:98:60:9a:41:a5:6c:
         9a:50:5f:88:66:10:81:48:75:4f:50:ef:21:0f:4e:3f:32:c3:
         79:91:4f:98:dd:9e:9a:e0:7c:a4:73:27:7a:95:0d:04:63:a3:
         86:7c:87:69:40:c0:05:5b:99:66:b7:d3:ea:d0:53:3c:fb:fc:
         48:2d:15:2d:a8:08:eb:cf:32:6b:9c:5c:71:f6:1a:14:28:77:
         27:8a:f1:73
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQmbCtO8y+bSUu/pIs+YciuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMTA4YTI4YzcwN2IwZTVjMmMyZTZjMjEzN2Q0NTg3OTEx
NGJiOTIwHhcNMjUwMTAyMDk1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGVmMjAzZDkxNzQ1ZTBkZGFlYTgxMmJjZjdjNmM4YWNlZmNmZjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDJVu6qmMkNIMGQUddx/mLoIRM/W
cK3Ht+iW0nxuwnVd7Cr0ghDU61/LpJrpZczLkuifBasa+CjwOEzhcuSDWh4NB78D
03WrjrbnYpjyN76L+G+evvRG1v/J4QHOnPIIqzf6BVALQLj4Aory7WBU71Yidxj8
KOYjtCI+zjTCHrqhfsyCZrITz48WnTlVeSCd3zPbk2LEexNA4SAST7tr/4Ni4AFS
UNPIIBZ+6f0pVezXZTpyZIg9/iTAFpMDyeE/x+WyGVfI2uSFd/IK7K9F6Vtr140e
g5O3TTBq4snHPjK3+B4giwk4VieBWnkuIPflnzjB38sWejUo6UvuTxElcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHjvID2RdF4N2uqBK898bIrO/P8oMB8GA1UdIwQY
MBaAFAoQiijHB7DlwsLmwhN9RYeRFLuSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2hDS0tNY0hzT1hDd3ViQ0UzMUZoNUVVdTVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xMzlkMjMtODAyZC00MjI0LTgzMmUt
MWY4NTgxNDIxNzYwLzEvZU84Z1BaRjBYZzNhNm9FcnozeHNpczc4X3lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xMzlkMjMtODAyZC00MjI0LTgzMmUtMWY4NTgxNDIxNzYw
LzEvQ2hDS0tNY0hzT1hDd3ViQ0UzMUZoNUVVdTVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAsM
MA0GCSqGSIb3DQEBCwUAA4IBAQAhCYFQvREzveo2W8DNjR14N32VSEX4zqWHHrAQ
HnGGnMSFR2KQn/4wSOeLAE1QzXNdwddHr+oQxcpdXtiug71S24iWI5zqqvINKYiw
xtc44GvSKXjdOceBebbJ41R3bYCTNgjMPAsCsBsg6N7qpxwKmXxt13QW62Y9prXD
ICPSCwKDGrR3jRArY2OZBWXxtIwAQTowqDrRKcBzm8/bj1N7DNbrzpKVmIucjRbZ
4cqYYJpBpWyaUF+IZhCBSHVPUO8hD04/MsN5kU+Y3Z6a4Hykcyd6lQ0EY6OGfIdp
QMAFW5lmt9Pq0FM8+/xILRUtqAjrzzJrnFxx9hoUKHcnivFz
-----END CERTIFICATE-----