Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/00b764-a1b9-4066-a653-7041e9585deb/1/qIUPy4cdUvLlkzoQnlnAftBERWE.roa
File:                     qIUPy4cdUvLlkzoQnlnAftBERWE.roa (raw, json)
Hash identifier:          RxmkMhssM20mKcFMZBMuGRX/MaB3HEhaS2Ptkpxt32k=
Subject key identifier:   A8:85:0F:CB:87:1D:52:F2:E5:93:3A:10:9E:59:C0:7E:D0:44:45:61
Certificate issuer:       /CN=7a4bff5cd2e11d04f753dda2b67b4d872f6c8441
Certificate serial:       0197594E10EB2E13715D2394FA680FD1621E
Authority key identifier: 7A:4B:FF:5C:D2:E1:1D:04:F7:53:DD:A2:B6:7B:4D:87:2F:6C:84:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ekv_XNLhHQT3U92itntNhy9shEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/00b764-a1b9-4066-a653-7041e9585deb/1/qIUPy4cdUvLlkzoQnlnAftBERWE.roa
Signing time:             Tue 10 Jun 2025 10:06:17 +0000
ROA not before:           Tue 10 Jun 2025 10:06:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207754
IP address blocks:        2001:678:1054::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/00b764-a1b9-4066-a653-7041e9585deb/1/ekv_XNLhHQT3U92itntNhy9shEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/00b764-a1b9-4066-a653-7041e9585deb/1/ekv_XNLhHQT3U92itntNhy9shEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ekv_XNLhHQT3U92itntNhy9shEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:59:4e:10:eb:2e:13:71:5d:23:94:fa:68:0f:d1:62:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a4bff5cd2e11d04f753dda2b67b4d872f6c8441
        Validity
            Not Before: Jun 10 10:06:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8850fcb871d52f2e5933a109e59c07ed0444561
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:5c:1d:3d:63:e6:f5:76:72:e3:24:a0:b4:66:
                    83:44:4a:9b:0d:61:fe:2e:d8:7b:fd:8a:6f:a9:6b:
                    97:28:49:21:2f:fe:1d:70:3a:38:59:e0:3e:7c:99:
                    70:fb:89:07:36:01:93:08:07:1d:12:91:8a:64:08:
                    01:a1:ce:79:b4:7a:84:b0:d8:1d:08:22:94:b0:6d:
                    1a:25:fa:0b:13:c3:04:1f:64:eb:77:2f:42:7f:90:
                    ff:7f:30:49:c2:2e:1f:cc:c0:04:0d:f5:e9:2d:8b:
                    9e:5c:e4:8c:65:a0:2a:28:f1:86:81:af:fe:dd:6c:
                    64:ad:22:7a:da:87:e3:75:12:e9:9e:ef:fa:a4:ae:
                    f9:92:70:76:38:00:d2:3f:e7:49:88:c1:d0:e4:2f:
                    a9:43:ee:30:da:33:85:a1:e6:40:14:6c:fb:27:09:
                    4f:c5:7c:57:c1:ec:05:01:3f:98:3c:8b:97:88:76:
                    c0:43:62:3b:18:38:d3:bf:e7:97:2e:b5:43:40:b7:
                    74:21:41:03:e4:14:50:8a:8f:46:62:5f:39:ae:7a:
                    5b:8c:22:21:75:35:4a:c1:85:34:ff:27:4d:a2:dd:
                    b4:fb:51:f8:ed:0f:22:b0:14:de:8d:7b:2b:74:fb:
                    25:76:de:e7:d1:b6:bc:22:07:a9:21:0e:1e:6b:dd:
                    fd:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:85:0F:CB:87:1D:52:F2:E5:93:3A:10:9E:59:C0:7E:D0:44:45:61
            X509v3 Authority Key Identifier:
                keyid:7A:4B:FF:5C:D2:E1:1D:04:F7:53:DD:A2:B6:7B:4D:87:2F:6C:84:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ekv_XNLhHQT3U92itntNhy9shEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/00b764-a1b9-4066-a653-7041e9585deb/1/qIUPy4cdUvLlkzoQnlnAftBERWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/00b764-a1b9-4066-a653-7041e9585deb/1/ekv_XNLhHQT3U92itntNhy9shEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1054::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:83:73:cb:e4:d1:9a:03:82:ed:15:a0:ee:47:3d:a6:19:86:
         32:04:d0:b5:16:86:9a:6c:7c:64:ad:ac:bf:29:cb:68:d8:6b:
         d2:a3:ab:71:ee:ed:ed:e6:74:6e:60:c0:da:f7:52:9c:4c:ee:
         6a:43:b7:56:0f:f5:4b:37:eb:3d:ac:de:c6:4d:50:ad:cb:54:
         46:57:21:59:e0:69:12:80:fb:7c:d9:6e:9a:00:03:62:fc:7d:
         06:ce:77:ab:4a:a7:0f:27:c4:d0:4f:3e:be:4c:c4:76:64:34:
         32:81:2d:b8:ec:b0:ad:53:71:14:b1:54:e0:6e:00:52:76:5a:
         a9:b5:18:3f:f6:08:fc:49:86:29:14:be:ce:1c:3c:fd:e8:9e:
         8c:50:ce:ab:5e:e6:bd:20:af:cc:99:a8:85:b3:4c:06:8b:dc:
         21:30:4d:48:2a:7a:90:9f:93:77:be:fb:4c:fe:f5:ac:07:0b:
         eb:74:34:c9:b4:fb:73:c6:34:ef:d7:5d:a9:94:af:2a:65:49:
         4f:53:0c:9f:66:83:d2:50:7c:23:13:84:09:96:d9:87:02:fc:
         53:94:a2:4f:32:0a:27:08:e9:d6:32:79:eb:df:93:57:eb:d3:
         9f:31:8f:5b:1c:20:3d:83:bd:d6:8a:6f:0b:df:25:8e:f7:77:
         82:0c:fc:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZdZThDrLhNxXSOU+mgP0WIeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhNGJmZjVjZDJlMTFkMDRmNzUzZGRhMmI2N2I0ZDg3MmY2
Yzg0NDEwHhcNMjUwNjEwMTAwNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODg1MGZjYjg3MWQ1MmYyZTU5MzNhMTA5ZTU5YzA3ZWQwNDQ0NTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFwdPWPm9XZy4ySgtGaDREqbDWH+
Lth7/YpvqWuXKEkhL/4dcDo4WeA+fJlw+4kHNgGTCAcdEpGKZAgBoc55tHqEsNgd
CCKUsG0aJfoLE8MEH2Trdy9Cf5D/fzBJwi4fzMAEDfXpLYueXOSMZaAqKPGGga/+
3WxkrSJ62ofjdRLpnu/6pK75knB2OADSP+dJiMHQ5C+pQ+4w2jOFoeZAFGz7JwlP
xXxXwewFAT+YPIuXiHbAQ2I7GDjTv+eXLrVDQLd0IUED5BRQio9GYl85rnpbjCIh
dTVKwYU0/ydNot20+1H47Q8isBTejXsrdPsldt7n0ba8IgepIQ4ea939ywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKiFD8uHHVLy5ZM6EJ5ZwH7QREVhMB8GA1UdIwQY
MBaAFHpL/1zS4R0E91PdorZ7TYcvbIRBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWt2X1hOTGhIUVQzVTkyaXRudE5oeTlzaEVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8wMGI3NjQtYTFiOS00MDY2LWE2NTMt
NzA0MWU5NTg1ZGViLzEvcUlVUHk0Y2RVdkxsa3pvUW5sbkFmdEJFUldFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8wMGI3NjQtYTFiOS00MDY2LWE2NTMtNzA0MWU5NTg1ZGVi
LzEvZWt2X1hOTGhIUVQzVTkyaXRudE5oeTlzaEVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBBU
MA0GCSqGSIb3DQEBCwUAA4IBAQBBg3PL5NGaA4LtFaDuRz2mGYYyBNC1FoaabHxk
ray/Kcto2GvSo6tx7u3t5nRuYMDa91KcTO5qQ7dWD/VLN+s9rN7GTVCty1RGVyFZ
4GkSgPt82W6aAANi/H0GznerSqcPJ8TQTz6+TMR2ZDQygS247LCtU3EUsVTgbgBS
dlqptRg/9gj8SYYpFL7OHDz96J6MUM6rXua9IK/MmaiFs0wGi9whME1IKnqQn5N3
vvtM/vWsBwvrdDTJtPtzxjTv112plK8qZUlPUwyfZoPSUHwjE4QJltmHAvxTlKJP
MgonCOnWMnnr35NX69OfMY9bHCA9g73Wim8L3yWO93eCDPwe
-----END CERTIFICATE-----