Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/662fbf-5576-4595-892b-b5b3aeae98ea/1/A454pJNoUsORGbO3OAfK7YV_Whc.roa
File:                     A454pJNoUsORGbO3OAfK7YV_Whc.roa (raw, json)
Hash identifier:          ktLhYNOBSpXYd1+zR/ovh2Wfy7oD07XxrxHk2YHvGTs=
Subject key identifier:   03:8E:78:A4:93:68:52:C3:91:19:B3:B7:38:07:CA:ED:85:7F:5A:17
Certificate issuer:       /CN=322639b35e5d9d0fb3696fe2fd61cb6f4c3fa504
Certificate serial:       019676F725F0FAD383623A3F5A122E57838D
Authority key identifier: 32:26:39:B3:5E:5D:9D:0F:B3:69:6F:E2:FD:61:CB:6F:4C:3F:A5:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MiY5s15dnQ-zaW_i_WHLb0w_pQQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/662fbf-5576-4595-892b-b5b3aeae98ea/1/A454pJNoUsORGbO3OAfK7YV_Whc.roa
Signing time:             Sun 27 Apr 2025 11:17:10 +0000
ROA not before:           Sun 27 Apr 2025 11:17:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54994
IP address blocks:        2a05:27c0:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/662fbf-5576-4595-892b-b5b3aeae98ea/1/MiY5s15dnQ-zaW_i_WHLb0w_pQQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/662fbf-5576-4595-892b-b5b3aeae98ea/1/MiY5s15dnQ-zaW_i_WHLb0w_pQQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MiY5s15dnQ-zaW_i_WHLb0w_pQQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:76:f7:25:f0:fa:d3:83:62:3a:3f:5a:12:2e:57:83:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=322639b35e5d9d0fb3696fe2fd61cb6f4c3fa504
        Validity
            Not Before: Apr 27 11:17:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=038e78a4936852c39119b3b73807caed857f5a17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:3a:9a:a3:f9:7f:b2:e2:e6:48:9d:fd:c3:f2:
                    c5:a3:1a:5e:46:e4:3a:f2:5f:2f:a1:9d:38:0a:1d:
                    63:bc:20:f1:ca:29:89:58:26:36:be:fb:56:6e:ae:
                    89:90:4b:2c:30:91:34:71:2f:69:c1:4e:d4:12:c6:
                    d4:ed:8a:8d:80:b1:d5:97:e2:94:16:a7:f0:ab:82:
                    78:a1:da:45:ed:6b:0b:79:6d:35:10:a2:c5:e1:14:
                    22:91:04:d6:42:3c:dd:67:78:a2:d4:1d:45:2e:b1:
                    cb:05:a3:55:c1:89:72:91:fa:aa:92:71:79:53:44:
                    33:53:47:b4:81:66:dc:df:24:15:e5:51:42:55:c3:
                    db:78:33:6b:42:3c:0d:b2:c0:e0:98:61:5d:1a:c5:
                    c6:97:6e:1e:e1:59:8b:83:8d:c2:96:3b:09:64:bd:
                    ec:cb:cf:cf:0e:4c:b0:bc:83:38:21:ca:b0:f7:22:
                    73:af:4e:53:e2:c5:48:85:bd:61:81:88:47:a5:04:
                    e1:d7:d2:aa:c3:40:38:0a:6d:c8:92:23:49:6e:0c:
                    cf:a9:79:50:54:a8:90:1d:4d:39:f7:6f:30:5d:4c:
                    32:7e:d4:f5:32:fa:d5:9f:9f:5d:d0:eb:04:64:55:
                    74:3f:89:c5:1e:65:65:3e:1e:27:e8:1a:6f:b6:06:
                    cb:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:8E:78:A4:93:68:52:C3:91:19:B3:B7:38:07:CA:ED:85:7F:5A:17
            X509v3 Authority Key Identifier:
                keyid:32:26:39:B3:5E:5D:9D:0F:B3:69:6F:E2:FD:61:CB:6F:4C:3F:A5:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MiY5s15dnQ-zaW_i_WHLb0w_pQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/662fbf-5576-4595-892b-b5b3aeae98ea/1/A454pJNoUsORGbO3OAfK7YV_Whc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/662fbf-5576-4595-892b-b5b3aeae98ea/1/MiY5s15dnQ-zaW_i_WHLb0w_pQQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:27c0:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:25:56:18:9d:c4:a0:c6:a8:c1:d1:c6:7a:1f:86:90:6d:e7:
         bb:6b:72:ef:7e:d8:06:d8:c6:34:4d:82:09:93:08:1c:04:bd:
         86:e4:58:a1:de:5b:8f:5f:72:1f:42:05:3c:43:bc:0e:43:bf:
         14:7c:c7:5d:31:cf:12:f6:4c:0d:8f:23:b9:13:6e:f4:7f:87:
         eb:e6:d4:29:99:af:17:d7:94:ae:29:78:48:70:fb:e7:0b:68:
         ba:c4:38:ab:64:72:0f:27:8d:e0:3a:d9:af:3d:08:a4:86:b9:
         94:e7:00:b2:15:17:f7:e5:cb:90:e8:0a:2c:02:c4:41:01:80:
         2a:62:a1:c8:77:2c:6e:d5:07:9d:76:89:58:2d:9a:61:17:6b:
         a4:a7:9a:cf:6d:28:ec:a7:0d:08:9c:76:1a:c6:11:49:25:57:
         9e:73:3d:02:05:53:42:25:98:48:7d:03:75:2e:f8:f0:da:34:
         42:49:26:98:bf:94:68:8a:ac:d1:cb:c3:92:6d:53:8f:8b:99:
         f8:53:e0:ce:de:a2:8d:15:df:4e:93:8b:e4:de:09:cc:a8:a2:
         2e:2f:42:42:7e:8a:af:2d:0d:04:b6:7f:bc:0e:7b:97:9e:6f:
         77:86:c1:11:ec:d6:14:b2:99:c6:2c:d4:b6:07:a7:38:0f:20:
         3b:36:b5:d5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZZ29yXw+tODYjo/WhIuV4ONMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMjYzOWIzNWU1ZDlkMGZiMzY5NmZlMmZkNjFjYjZmNGMz
ZmE1MDQwHhcNMjUwNDI3MTExNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzhlNzhhNDkzNjg1MmMzOTExOWIzYjczODA3Y2FlZDg1N2Y1YTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjqao/l/suLmSJ39w/LFoxpeRuQ6
8l8voZ04Ch1jvCDxyimJWCY2vvtWbq6JkEssMJE0cS9pwU7UEsbU7YqNgLHVl+KU
Fqfwq4J4odpF7WsLeW01EKLF4RQikQTWQjzdZ3ii1B1FLrHLBaNVwYlykfqqknF5
U0QzU0e0gWbc3yQV5VFCVcPbeDNrQjwNssDgmGFdGsXGl24e4VmLg43CljsJZL3s
y8/PDkywvIM4Icqw9yJzr05T4sVIhb1hgYhHpQTh19Kqw0A4Cm3IkiNJbgzPqXlQ
VKiQHU05928wXUwyftT1MvrVn59d0OsEZFV0P4nFHmVlPh4n6BpvtgbLnQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAOOeKSTaFLDkRmztzgHyu2Ff1oXMB8GA1UdIwQY
MBaAFDImObNeXZ0Ps2lv4v1hy29MP6UEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWlZNXMxNWRuUS16YVdfaV9XSExiMHdfcFFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82NjJmYmYtNTU3Ni00NTk1LTg5MmIt
YjViM2FlYWU5OGVhLzEvQTQ1NHBKTm9Vc09SR2JPM09BZks3WVZfV2hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82NjJmYmYtNTU3Ni00NTk1LTg5MmItYjViM2FlYWU5OGVh
LzEvTWlZNXMxNWRuUS16YVdfaV9XSExiMHdfcFFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgUnwAAD
MA0GCSqGSIb3DQEBCwUAA4IBAQBJJVYYncSgxqjB0cZ6H4aQbee7a3LvftgG2MY0
TYIJkwgcBL2G5Fih3luPX3IfQgU8Q7wOQ78UfMddMc8S9kwNjyO5E270f4fr5tQp
ma8X15SuKXhIcPvnC2i6xDirZHIPJ43gOtmvPQikhrmU5wCyFRf35cuQ6AosAsRB
AYAqYqHIdyxu1QeddolYLZphF2ukp5rPbSjspw0InHYaxhFJJVeecz0CBVNCJZhI
fQN1Lvjw2jRCSSaYv5RoiqzRy8OSbVOPi5n4U+DO3qKNFd9Ok4vk3gnMqKIuL0JC
foqvLQ0Etn+8DnuXnm93hsER7NYUspnGLNS2B6c4DyA7NrXV
-----END CERTIFICATE-----