Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/2160f4-7d57-4c7c-89af-98f1a2dfc39c/1/TOnoVfX8Ap4KHroZhyTiZTPqFbo.roa
File:                     TOnoVfX8Ap4KHroZhyTiZTPqFbo.roa (raw, json)
Hash identifier:          h8XoURF67JqruQUoq14dZxGEi4Cnu4hmR974XbY5rg8=
Subject key identifier:   4C:E9:E8:55:F5:FC:02:9E:0A:1E:BA:19:87:24:E2:65:33:EA:15:BA
Certificate issuer:       /CN=a41f7bb7bea1581624fcb6503ab5a70f420c9b3e
Certificate serial:       0196F2C58A52E82028F3C6AA9FB854449A82
Authority key identifier: A4:1F:7B:B7:BE:A1:58:16:24:FC:B6:50:3A:B5:A7:0F:42:0C:9B:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pB97t76hWBYk_LZQOrWnD0IMmz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/2160f4-7d57-4c7c-89af-98f1a2dfc39c/1/TOnoVfX8Ap4KHroZhyTiZTPqFbo.roa
Signing time:             Wed 21 May 2025 12:15:54 +0000
ROA not before:           Wed 21 May 2025 12:15:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        2001:678:105c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/2160f4-7d57-4c7c-89af-98f1a2dfc39c/1/pB97t76hWBYk_LZQOrWnD0IMmz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/2160f4-7d57-4c7c-89af-98f1a2dfc39c/1/pB97t76hWBYk_LZQOrWnD0IMmz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pB97t76hWBYk_LZQOrWnD0IMmz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f2:c5:8a:52:e8:20:28:f3:c6:aa:9f:b8:54:44:9a:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a41f7bb7bea1581624fcb6503ab5a70f420c9b3e
        Validity
            Not Before: May 21 12:15:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ce9e855f5fc029e0a1eba198724e26533ea15ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:bf:37:f4:43:07:0a:ca:88:74:73:39:85:3a:
                    35:6f:bf:3c:42:31:de:9d:f1:65:8e:73:3b:ac:ed:
                    cc:ba:01:23:f8:11:f3:0e:ba:ca:09:ce:e7:4f:52:
                    8e:18:63:1c:4c:db:0f:0c:49:8d:f4:0b:24:bb:1d:
                    7f:fb:7a:e8:f5:95:6b:60:20:11:5f:0c:68:71:59:
                    97:ea:ac:52:81:b1:76:61:10:66:4c:94:5b:fa:23:
                    b4:64:3e:ae:e6:33:8b:26:ff:c4:93:c9:fc:4a:89:
                    31:3b:a9:7f:ae:df:13:b9:ad:c4:78:de:a7:64:a2:
                    82:2a:8f:d9:78:66:19:d7:ba:33:ab:64:fa:f9:85:
                    60:22:89:e6:f6:c2:c9:78:70:b0:9d:ad:3c:f9:24:
                    2e:fd:e4:37:66:d9:72:8d:7c:0b:10:6d:2d:b7:bc:
                    7a:54:44:61:2d:17:73:56:75:e8:43:c8:0c:3c:21:
                    3b:b1:8d:4a:6d:a6:a5:30:d0:9b:f2:ad:dd:7c:69:
                    64:97:b2:0c:66:bc:73:0b:5e:00:f1:ea:67:e0:15:
                    99:e7:c9:38:6f:e4:1e:8a:f5:5c:5e:ec:45:8b:03:
                    a8:ee:88:0b:b8:ad:87:51:a6:31:5b:ac:e5:11:a7:
                    20:32:95:bd:65:4d:ff:e5:d2:c3:ab:f5:46:6f:bc:
                    08:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:E9:E8:55:F5:FC:02:9E:0A:1E:BA:19:87:24:E2:65:33:EA:15:BA
            X509v3 Authority Key Identifier:
                keyid:A4:1F:7B:B7:BE:A1:58:16:24:FC:B6:50:3A:B5:A7:0F:42:0C:9B:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pB97t76hWBYk_LZQOrWnD0IMmz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/2160f4-7d57-4c7c-89af-98f1a2dfc39c/1/TOnoVfX8Ap4KHroZhyTiZTPqFbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/2160f4-7d57-4c7c-89af-98f1a2dfc39c/1/pB97t76hWBYk_LZQOrWnD0IMmz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:105c::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:83:c5:07:63:b1:df:f3:7e:77:77:76:e9:93:bc:89:9c:06:
         f5:22:64:61:5c:b8:7c:35:9f:fa:95:9f:42:88:9b:a3:ec:f8:
         b4:b0:9c:0e:df:4f:84:f2:32:7f:36:05:69:35:e8:c5:c4:74:
         97:95:d1:b8:18:2d:e4:f6:2c:cf:16:cb:01:8f:6c:85:83:74:
         b3:5a:39:53:2d:f0:90:fd:78:64:86:29:fa:c9:f8:18:c8:ce:
         61:42:b3:db:0a:fc:ce:ec:3f:dd:23:6b:a7:26:71:90:96:58:
         67:6f:a7:e9:2e:82:36:fd:ae:80:49:b2:ca:eb:15:36:25:a4:
         ee:78:7e:81:96:ef:ba:5e:4b:b1:28:7f:a0:b9:65:9c:a0:3c:
         0a:77:12:ea:7a:65:2d:67:77:de:57:9a:79:44:a9:f1:25:32:
         6d:44:ab:b2:ee:62:c6:33:82:2a:1b:15:90:4a:80:3d:17:d7:
         4f:d6:31:09:ce:52:be:0d:4d:3b:ab:0b:76:8c:b0:2f:59:b9:
         73:ea:30:5c:3c:17:fe:9c:b6:0a:24:70:90:5c:a9:d4:70:eb:
         18:79:34:b0:66:90:68:86:f5:40:45:51:3e:2e:e6:ad:7d:59:
         12:eb:59:56:65:82:0b:a4:5e:ed:78:a5:2a:a5:b4:38:a0:ce:
         cc:83:90:a1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZbyxYpS6CAo88aqn7hURJqCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MWY3YmI3YmVhMTU4MTYyNGZjYjY1MDNhYjVhNzBmNDIw
YzliM2UwHhcNMjUwNTIxMTIxNTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2U5ZTg1NWY1ZmMwMjllMGExZWJhMTk4NzI0ZTI2NTMzZWExNWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7839EMHCsqIdHM5hTo1b788QjHe
nfFljnM7rO3MugEj+BHzDrrKCc7nT1KOGGMcTNsPDEmN9Askux1/+3ro9ZVrYCAR
XwxocVmX6qxSgbF2YRBmTJRb+iO0ZD6u5jOLJv/Ek8n8SokxO6l/rt8Tua3EeN6n
ZKKCKo/ZeGYZ17ozq2T6+YVgIonm9sLJeHCwna08+SQu/eQ3ZtlyjXwLEG0tt7x6
VERhLRdzVnXoQ8gMPCE7sY1KbaalMNCb8q3dfGlkl7IMZrxzC14A8epn4BWZ58k4
b+QeivVcXuxFiwOo7ogLuK2HUaYxW6zlEacgMpW9ZU3/5dLDq/VGb7wIVwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEzp6FX1/AKeCh66GYck4mUz6hW6MB8GA1UdIwQY
MBaAFKQfe7e+oVgWJPy2UDq1pw9CDJs+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEI5N3Q3NmhXQllrX0xaUU9yV25EMElNbXo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8yMTYwZjQtN2Q1Ny00YzdjLTg5YWYt
OThmMWEyZGZjMzljLzEvVE9ub1ZmWDhBcDRLSHJvWmh5VGlaVFBxRmJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8yMTYwZjQtN2Q1Ny00YzdjLTg5YWYtOThmMWEyZGZjMzlj
LzEvcEI5N3Q3NmhXQllrX0xaUU9yV25EMElNbXo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBBc
MA0GCSqGSIb3DQEBCwUAA4IBAQCgg8UHY7Hf8353d3bpk7yJnAb1ImRhXLh8NZ/6
lZ9CiJuj7Pi0sJwO30+E8jJ/NgVpNejFxHSXldG4GC3k9izPFssBj2yFg3SzWjlT
LfCQ/Xhkhin6yfgYyM5hQrPbCvzO7D/dI2unJnGQllhnb6fpLoI2/a6ASbLK6xU2
JaTueH6Blu+6XkuxKH+guWWcoDwKdxLqemUtZ3feV5p5RKnxJTJtRKuy7mLGM4Iq
GxWQSoA9F9dP1jEJzlK+DU07qwt2jLAvWblz6jBcPBf+nLYKJHCQXKnUcOsYeTSw
ZpBohvVARVE+LuatfVkS61lWZYILpF7teKUqpbQ4oM7Mg5Ch
-----END CERTIFICATE-----