Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/ec9159-dab4-4280-b44c-4cbce5babaa7/1/A-WVuiviOd-BD_n66FQ1ppJwkQE.roa
File:                     A-WVuiviOd-BD_n66FQ1ppJwkQE.roa (raw, json)
Hash identifier:          xgzA/eM/zy+v+EzkhAyTimtXWpmVCZItqu5727Qd0eQ=
Subject key identifier:   03:E5:95:BA:2B:E2:39:DF:81:0F:F9:FA:E8:54:35:A6:92:70:91:01
Certificate issuer:       /CN=c80609f21851bdf7f74ed18f0f09df92edb75355
Certificate serial:       018CC2DB6483604E12BAA582299122839ED9
Authority key identifier: C8:06:09:F2:18:51:BD:F7:F7:4E:D1:8F:0F:09:DF:92:ED:B7:53:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yAYJ8hhRvff3TtGPDwnfku23U1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/ec9159-dab4-4280-b44c-4cbce5babaa7/1/A-WVuiviOd-BD_n66FQ1ppJwkQE.roa
Signing time:             Mon 01 Jan 2024 02:30:07 +0000
ROA not before:           Mon 01 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203017
IP address blocks:        2001:678:154::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/ec9159-dab4-4280-b44c-4cbce5babaa7/1/yAYJ8hhRvff3TtGPDwnfku23U1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/ec9159-dab4-4280-b44c-4cbce5babaa7/1/yAYJ8hhRvff3TtGPDwnfku23U1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yAYJ8hhRvff3TtGPDwnfku23U1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:64:83:60:4e:12:ba:a5:82:29:91:22:83:9e:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c80609f21851bdf7f74ed18f0f09df92edb75355
        Validity
            Not Before: Jan  1 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03e595ba2be239df810ff9fae85435a692709101
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a4:94:a0:f1:ac:f5:34:86:7d:e2:68:c3:dd:
                    10:7d:64:0c:e1:12:07:d4:91:75:c9:30:e1:d8:a2:
                    68:b9:28:14:09:34:d9:f6:17:8a:24:3a:f2:de:a6:
                    bd:fe:7d:db:f4:40:1f:7a:69:4b:3a:d6:0e:07:a2:
                    e1:3d:95:f2:46:81:72:fa:51:c2:1c:53:c7:25:e1:
                    76:e3:b9:18:24:bd:d1:6a:ee:d7:bd:d4:52:50:c4:
                    29:64:dd:b9:f3:84:36:5e:cb:cb:67:9d:24:8a:60:
                    52:d8:22:13:7e:9e:5d:9d:e4:35:31:a1:4b:5e:5b:
                    77:62:16:bf:e5:70:22:40:24:98:fe:f1:68:6b:22:
                    82:60:35:04:55:66:61:47:05:16:31:4b:ca:ca:68:
                    9c:ad:8b:08:49:eb:35:21:bc:cc:c0:83:fa:e4:0e:
                    68:1e:9e:11:1b:8b:fd:99:27:95:67:44:fc:8e:bc:
                    15:c1:af:62:50:6d:60:65:03:f3:fb:4b:b0:69:f0:
                    de:ef:67:c9:d9:a2:7d:6a:86:2d:72:f3:b6:20:c8:
                    49:d3:98:4e:85:a3:00:f6:04:ee:72:70:84:61:5d:
                    95:2b:37:0f:aa:79:b4:bc:96:83:47:ea:52:46:c9:
                    09:7d:b6:39:03:e2:53:2e:9a:3a:dc:d7:0a:ec:d2:
                    0c:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:E5:95:BA:2B:E2:39:DF:81:0F:F9:FA:E8:54:35:A6:92:70:91:01
            X509v3 Authority Key Identifier:
                keyid:C8:06:09:F2:18:51:BD:F7:F7:4E:D1:8F:0F:09:DF:92:ED:B7:53:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yAYJ8hhRvff3TtGPDwnfku23U1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/ec9159-dab4-4280-b44c-4cbce5babaa7/1/A-WVuiviOd-BD_n66FQ1ppJwkQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/ec9159-dab4-4280-b44c-4cbce5babaa7/1/yAYJ8hhRvff3TtGPDwnfku23U1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:154::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:88:c5:ef:f6:f6:cc:da:0d:b9:f5:e4:e2:ad:dd:04:8a:6c:
         27:4e:9c:f9:37:39:24:13:3e:7c:4b:f1:36:0a:50:50:7c:f4:
         31:a6:09:40:b0:13:df:aa:af:0a:94:7c:d2:7d:1a:98:5e:25:
         d4:d7:34:cf:d1:d2:7f:eb:cd:c0:ef:3f:0f:ad:d6:22:38:da:
         dc:6e:3c:9b:4b:31:ad:6f:81:ad:27:00:15:92:39:ae:7c:39:
         63:7c:c8:76:a0:6d:c5:59:93:8d:ec:8d:7d:ec:81:61:61:c2:
         54:6e:cd:79:5c:a3:82:06:f8:8b:a8:22:49:48:bf:9b:3e:90:
         33:09:13:04:a6:c1:5e:8f:c0:7d:61:10:76:44:68:29:4a:d3:
         fb:94:39:75:94:a2:f3:80:9c:38:a7:47:3a:72:6f:81:23:78:
         e2:8c:fb:8e:b6:35:42:28:0a:b5:fe:32:63:a3:8a:6c:ac:22:
         1a:24:e7:3d:13:c5:8a:13:01:9f:81:37:7b:5f:a2:d8:79:af:
         58:22:1e:80:f2:3a:77:80:02:0f:5e:36:94:07:f4:02:e6:e0:
         61:31:11:39:cd:3d:73:47:1e:cf:c1:01:28:a4:6a:7a:20:be:
         96:c4:6f:42:13:24:96:dd:9b:14:9b:33:0c:c7:01:a4:ec:47:
         92:71:bd:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC22SDYE4SuqWCKZEig57ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4MDYwOWYyMTg1MWJkZjdmNzRlZDE4ZjBmMDlkZjkyZWRi
NzUzNTUwHhcNMjQwMTAxMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2U1OTViYTJiZTIzOWRmODEwZmY5ZmFlODU0MzVhNjkyNzA5MTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6SUoPGs9TSGfeJow90QfWQM4RIH
1JF1yTDh2KJouSgUCTTZ9heKJDry3qa9/n3b9EAfemlLOtYOB6LhPZXyRoFy+lHC
HFPHJeF247kYJL3Rau7XvdRSUMQpZN2584Q2XsvLZ50kimBS2CITfp5dneQ1MaFL
Xlt3Yha/5XAiQCSY/vFoayKCYDUEVWZhRwUWMUvKymicrYsISes1IbzMwIP65A5o
Hp4RG4v9mSeVZ0T8jrwVwa9iUG1gZQPz+0uwafDe72fJ2aJ9aoYtcvO2IMhJ05hO
haMA9gTucnCEYV2VKzcPqnm0vJaDR+pSRskJfbY5A+JTLpo63NcK7NIM/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAPllbor4jnfgQ/5+uhUNaaScJEBMB8GA1UdIwQY
MBaAFMgGCfIYUb33907Rjw8J35Ltt1NVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUFZSjhoaFJ2ZmYzVHRHUER3bmZrdTIzVTFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lYzkxNTktZGFiNC00MjgwLWI0NGMt
NGNiY2U1YmFiYWE3LzEvQS1XVnVpdmlPZC1CRF9uNjZGUTFwcEp3a1FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lYzkxNTktZGFiNC00MjgwLWI0NGMtNGNiY2U1YmFiYWE3
LzEveUFZSjhoaFJ2ZmYzVHRHUER3bmZrdTIzVTFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAFU
MA0GCSqGSIb3DQEBCwUAA4IBAQB2iMXv9vbM2g259eTird0EimwnTpz5NzkkEz58
S/E2ClBQfPQxpglAsBPfqq8KlHzSfRqYXiXU1zTP0dJ/683A7z8PrdYiONrcbjyb
SzGtb4GtJwAVkjmufDljfMh2oG3FWZON7I197IFhYcJUbs15XKOCBviLqCJJSL+b
PpAzCRMEpsFej8B9YRB2RGgpStP7lDl1lKLzgJw4p0c6cm+BI3jijPuOtjVCKAq1
/jJjo4psrCIaJOc9E8WKEwGfgTd7X6LYea9YIh6A8jp3gAIPXjaUB/QC5uBhMRE5
zT1zRx7PwQEopGp6IL6WxG9CEySW3ZsUmzMMxwGk7EeScb1L
-----END CERTIFICATE-----