Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/20e95b-af0c-4796-abe2-e7cc87023961/1/d4w4xxcWDAqyLqbgWT3EJnLoy6o.roa
File:                     d4w4xxcWDAqyLqbgWT3EJnLoy6o.roa (raw, json)
Hash identifier:          brOB9FNZkSJh8TLBEcKXXcmOw1w3mH+eTmmqITITff0=
Subject key identifier:   77:8C:38:C7:17:16:0C:0A:B2:2E:A6:E0:59:3D:C4:26:72:E8:CB:AA
Certificate issuer:       /CN=4f49fe0746351c87c3418acd3986e7628c458767
Certificate serial:       01975AAF75AA4596B14E0934AF2F4E359003
Authority key identifier: 4F:49:FE:07:46:35:1C:87:C3:41:8A:CD:39:86:E7:62:8C:45:87:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T0n-B0Y1HIfDQYrNOYbnYoxFh2c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/20e95b-af0c-4796-abe2-e7cc87023961/1/d4w4xxcWDAqyLqbgWT3EJnLoy6o.roa
Signing time:             Tue 10 Jun 2025 16:32:17 +0000
ROA not before:           Tue 10 Jun 2025 16:32:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207126
IP address blocks:        2001:678:10a8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/20e95b-af0c-4796-abe2-e7cc87023961/1/T0n-B0Y1HIfDQYrNOYbnYoxFh2c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/20e95b-af0c-4796-abe2-e7cc87023961/1/T0n-B0Y1HIfDQYrNOYbnYoxFh2c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T0n-B0Y1HIfDQYrNOYbnYoxFh2c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5a:af:75:aa:45:96:b1:4e:09:34:af:2f:4e:35:90:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f49fe0746351c87c3418acd3986e7628c458767
        Validity
            Not Before: Jun 10 16:32:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=778c38c717160c0ab22ea6e0593dc42672e8cbaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:1d:c3:a6:a6:aa:b8:61:f3:62:83:6b:51:bf:
                    c8:31:94:41:2c:89:bc:72:f4:99:9c:4e:04:5d:01:
                    92:14:ab:5c:bf:77:1b:7f:67:2d:af:28:e5:6e:f7:
                    1c:af:70:66:04:c6:37:f8:85:47:11:85:33:f4:3b:
                    d3:61:99:f0:fd:fd:29:d1:6a:11:ad:72:da:74:32:
                    3d:4a:b8:32:03:77:99:21:a1:fb:58:50:da:86:2f:
                    99:88:16:9c:d0:0b:ef:c8:cc:b8:be:e0:6d:ba:aa:
                    b8:a8:82:3b:40:76:91:9a:59:fa:71:fc:b5:2c:7c:
                    8b:18:a1:69:0e:44:17:d4:e7:d4:18:8c:3d:a2:7b:
                    d8:81:31:47:c2:fc:81:4b:a5:de:d2:e8:5a:93:aa:
                    31:a9:8f:5b:9c:b2:61:17:25:cd:25:78:fd:ee:b2:
                    79:32:25:fd:df:82:e4:25:79:c3:fb:4a:30:34:73:
                    f9:5f:74:97:50:3e:d0:5f:de:4c:eb:c1:63:ad:8f:
                    5d:68:b0:2c:31:e7:85:e8:02:d9:48:d2:05:5d:1a:
                    3c:27:9f:92:f0:83:b6:90:ff:52:2a:a1:30:25:61:
                    61:aa:47:61:f7:42:e8:36:1a:a0:51:b5:57:8a:28:
                    bc:76:8f:69:32:b7:05:67:71:f8:5c:46:b9:b3:e8:
                    b8:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:8C:38:C7:17:16:0C:0A:B2:2E:A6:E0:59:3D:C4:26:72:E8:CB:AA
            X509v3 Authority Key Identifier:
                keyid:4F:49:FE:07:46:35:1C:87:C3:41:8A:CD:39:86:E7:62:8C:45:87:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T0n-B0Y1HIfDQYrNOYbnYoxFh2c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/20e95b-af0c-4796-abe2-e7cc87023961/1/d4w4xxcWDAqyLqbgWT3EJnLoy6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/20e95b-af0c-4796-abe2-e7cc87023961/1/T0n-B0Y1HIfDQYrNOYbnYoxFh2c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:10a8::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:3a:71:5c:67:bd:f4:d5:ad:b0:e5:32:55:eb:45:3f:ba:c0:
         d5:85:36:ed:40:0c:3c:77:d1:5f:f8:0c:18:a6:c6:b1:ad:56:
         77:25:23:35:6a:cb:d2:2a:b0:8e:a2:ac:40:d9:ec:69:f9:ec:
         b4:f0:8d:e3:57:6e:ba:8e:b1:42:05:72:33:99:2c:34:c6:f1:
         f2:9b:02:da:59:7a:20:3c:eb:19:8b:4a:d8:49:1e:1a:71:2a:
         66:88:5b:a4:e5:9e:e1:fc:f3:28:4a:bd:d0:78:76:f9:c8:20:
         f1:b4:e7:06:19:36:2e:49:39:3a:51:f5:00:cd:61:43:e1:16:
         e0:d4:34:f8:67:04:27:28:99:28:f9:4c:c0:21:1b:dd:96:23:
         ab:1f:44:9e:92:01:2e:24:8f:e7:fd:ab:80:ee:d3:b7:ba:27:
         07:67:18:2b:49:11:5a:21:d9:25:4b:36:0c:a3:c4:33:ae:09:
         de:ad:b2:ea:62:c7:15:e6:03:44:bf:c5:09:8d:69:f9:54:f2:
         2e:7d:0f:2e:5c:1f:95:d5:0b:95:85:09:ce:70:14:5e:e3:e6:
         c6:b6:28:19:8a:91:ca:45:f7:9f:47:9d:5b:1b:b3:d1:39:60:
         29:07:22:f7:85:b7:c9:fe:bf:2e:6d:c8:56:80:45:3d:93:45:
         f8:ca:4e:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZdar3WqRZaxTgk0ry9ONZADMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNDlmZTA3NDYzNTFjODdjMzQxOGFjZDM5ODZlNzYyOGM0
NTg3NjcwHhcNMjUwNjEwMTYzMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzhjMzhjNzE3MTYwYzBhYjIyZWE2ZTA1OTNkYzQyNjcyZThjYmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2R3DpqaquGHzYoNrUb/IMZRBLIm8
cvSZnE4EXQGSFKtcv3cbf2ctryjlbvccr3BmBMY3+IVHEYUz9DvTYZnw/f0p0WoR
rXLadDI9SrgyA3eZIaH7WFDahi+ZiBac0AvvyMy4vuBtuqq4qII7QHaRmln6cfy1
LHyLGKFpDkQX1OfUGIw9onvYgTFHwvyBS6Xe0uhak6oxqY9bnLJhFyXNJXj97rJ5
MiX934LkJXnD+0owNHP5X3SXUD7QX95M68FjrY9daLAsMeeF6ALZSNIFXRo8J5+S
8IO2kP9SKqEwJWFhqkdh90LoNhqgUbVXiii8do9pMrcFZ3H4XEa5s+i4EQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHeMOMcXFgwKsi6m4Fk9xCZy6MuqMB8GA1UdIwQY
MBaAFE9J/gdGNRyHw0GKzTmG52KMRYdnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDBuLUIwWTFISWZEUVlyTk9ZYm5Zb3hGaDJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yMGU5NWItYWYwYy00Nzk2LWFiZTIt
ZTdjYzg3MDIzOTYxLzEvZDR3NHh4Y1dEQXF5THFiZ1dUM0VKbkxveTZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yMGU5NWItYWYwYy00Nzk2LWFiZTItZTdjYzg3MDIzOTYx
LzEvVDBuLUIwWTFISWZEUVlyTk9ZYm5Zb3hGaDJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBCo
MA0GCSqGSIb3DQEBCwUAA4IBAQBBOnFcZ7301a2w5TJV60U/usDVhTbtQAw8d9Ff
+AwYpsaxrVZ3JSM1asvSKrCOoqxA2exp+ey08I3jV266jrFCBXIzmSw0xvHymwLa
WXogPOsZi0rYSR4acSpmiFuk5Z7h/PMoSr3QeHb5yCDxtOcGGTYuSTk6UfUAzWFD
4Rbg1DT4ZwQnKJko+UzAIRvdliOrH0SekgEuJI/n/auA7tO3uicHZxgrSRFaIdkl
SzYMo8QzrgnerbLqYscV5gNEv8UJjWn5VPIufQ8uXB+V1QuVhQnOcBRe4+bGtigZ
ipHKRfefR51bG7PROWApByL3hbfJ/r8ubchWgEU9k0X4yk5M
-----END CERTIFICATE-----