Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/8762f5-fae3-45f6-a79b-caedbd7140e9/1/micTPlmNj-YitEVk0mo3whydCKA.roa
File:                     micTPlmNj-YitEVk0mo3whydCKA.roa (raw, json)
Hash identifier:          X1vt3MCAXoi3FR5hhk4aoaMi+A+Y9nfZknAZ7Ivw3EQ=
Subject key identifier:   9A:27:13:3E:59:8D:8F:E6:22:B4:45:64:D2:6A:37:C2:1C:9D:08:A0
Certificate issuer:       /CN=e27a53053841e62f3787302bd3b3dc17ae8347a3
Certificate serial:       018CCA2BE140C52D02B1696DE8DDF4F56213
Authority key identifier: E2:7A:53:05:38:41:E6:2F:37:87:30:2B:D3:B3:DC:17:AE:83:47:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4npTBThB5i83hzAr07PcF66DR6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/8762f5-fae3-45f6-a79b-caedbd7140e9/1/micTPlmNj-YitEVk0mo3whydCKA.roa
Signing time:             Tue 02 Jan 2024 12:35:22 +0000
ROA not before:           Tue 02 Jan 2024 12:35:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210882
IP address blocks:        2001:678:e20::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/8762f5-fae3-45f6-a79b-caedbd7140e9/1/4npTBThB5i83hzAr07PcF66DR6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/8762f5-fae3-45f6-a79b-caedbd7140e9/1/4npTBThB5i83hzAr07PcF66DR6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4npTBThB5i83hzAr07PcF66DR6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:e1:40:c5:2d:02:b1:69:6d:e8:dd:f4:f5:62:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e27a53053841e62f3787302bd3b3dc17ae8347a3
        Validity
            Not Before: Jan  2 12:35:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a27133e598d8fe622b44564d26a37c21c9d08a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:2c:54:a3:1b:35:68:c2:15:74:b0:57:83:9a:
                    ac:54:56:5c:46:d4:62:c7:d8:55:00:2f:13:2b:3e:
                    c1:f4:ba:0e:3f:a5:44:c0:e7:36:ef:4b:68:1b:85:
                    c3:6a:78:63:61:fc:fb:99:10:f1:cb:bc:cf:cd:06:
                    3b:79:8e:b8:f2:c1:56:ee:65:24:12:e9:4a:4f:63:
                    20:6c:a2:09:80:19:c7:c0:6d:75:b0:6f:b4:d1:e8:
                    77:f5:b5:8c:6e:f1:df:88:fc:69:48:3f:44:b6:5c:
                    fc:79:30:90:c3:a3:4e:4d:77:ea:db:62:4f:95:cb:
                    5d:20:93:5f:73:88:7b:90:c4:de:04:4c:13:de:89:
                    ac:b1:ea:5a:02:66:2b:ea:87:be:b2:90:70:a9:7b:
                    02:2a:9c:b8:9f:b3:4b:79:e1:50:b7:9c:f7:9f:c1:
                    e2:af:ce:f3:33:fa:52:07:3b:d1:b5:c1:ca:68:96:
                    77:9a:7f:88:d4:d9:1d:d1:20:b5:7f:19:c3:0f:9e:
                    e2:e5:55:b5:34:a3:49:a7:7d:f9:79:12:3a:3b:0e:
                    16:a0:46:70:9c:79:84:13:aa:a4:69:93:e9:05:6d:
                    30:e8:bb:95:86:de:c9:bd:3c:c2:ad:5c:ae:45:35:
                    ee:ab:03:86:3d:76:54:2e:6b:95:8f:4e:4c:d7:43:
                    a9:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:27:13:3E:59:8D:8F:E6:22:B4:45:64:D2:6A:37:C2:1C:9D:08:A0
            X509v3 Authority Key Identifier:
                keyid:E2:7A:53:05:38:41:E6:2F:37:87:30:2B:D3:B3:DC:17:AE:83:47:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4npTBThB5i83hzAr07PcF66DR6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/8762f5-fae3-45f6-a79b-caedbd7140e9/1/micTPlmNj-YitEVk0mo3whydCKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/8762f5-fae3-45f6-a79b-caedbd7140e9/1/4npTBThB5i83hzAr07PcF66DR6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:e20::/48

    Signature Algorithm: sha256WithRSAEncryption
         8f:3e:58:fb:f3:78:97:25:5d:ba:09:ca:a8:3d:03:62:6d:86:
         38:14:0d:c2:45:c7:33:b5:6b:ff:58:f1:f2:60:c7:49:38:4c:
         7e:0e:62:2b:fa:84:0b:d0:3b:ab:5d:99:01:d8:4b:b3:74:09:
         f7:1f:a8:f0:b7:a5:31:da:fe:fd:b3:f4:88:71:b8:89:36:a7:
         3c:bf:01:67:d5:59:70:e3:ec:6e:7d:f4:5c:5e:ab:ee:96:fe:
         63:d0:24:de:72:f6:8c:8a:2e:28:73:c2:d3:30:f8:8f:83:b4:
         d8:2b:07:43:38:59:a3:24:70:b4:ed:ac:c6:85:ba:1b:fd:21:
         86:06:fb:f2:18:96:96:ad:32:b9:ff:1d:71:ae:48:fa:40:91:
         e0:44:36:a4:2c:36:cf:97:58:1b:96:a9:88:d0:66:04:34:2f:
         59:5e:16:8e:f5:7b:2f:2b:45:3d:ad:1c:a0:a5:48:1e:c2:2f:
         ed:77:89:3a:95:4f:49:1b:43:51:18:d0:74:b6:24:50:bb:c0:
         9b:82:b0:78:01:04:bb:42:58:d4:a3:2c:95:9a:80:36:8e:d6:
         4b:9a:5b:cb:91:98:52:43:b1:6f:59:9f:95:65:e8:3e:0f:00:
         38:91:59:ac:64:21:a9:7d:1f:3f:8a:6f:dc:22:fb:11:c4:6c:
         0f:56:2f:c4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKK+FAxS0CsWlt6N309WITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyN2E1MzA1Mzg0MWU2MmYzNzg3MzAyYmQzYjNkYzE3YWU4
MzQ3YTMwHhcNMjQwMTAyMTIzNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTI3MTMzZTU5OGQ4ZmU2MjJiNDQ1NjRkMjZhMzdjMjFjOWQwOGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyxUoxs1aMIVdLBXg5qsVFZcRtRi
x9hVAC8TKz7B9LoOP6VEwOc270toG4XDanhjYfz7mRDxy7zPzQY7eY648sFW7mUk
EulKT2MgbKIJgBnHwG11sG+00eh39bWMbvHfiPxpSD9Etlz8eTCQw6NOTXfq22JP
lctdIJNfc4h7kMTeBEwT3omssepaAmYr6oe+spBwqXsCKpy4n7NLeeFQt5z3n8Hi
r87zM/pSBzvRtcHKaJZ3mn+I1Nkd0SC1fxnDD57i5VW1NKNJp335eRI6Ow4WoEZw
nHmEE6qkaZPpBW0w6LuVht7JvTzCrVyuRTXuqwOGPXZULmuVj05M10OpwwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJonEz5ZjY/mIrRFZNJqN8IcnQigMB8GA1UdIwQY
MBaAFOJ6UwU4QeYvN4cwK9Oz3Beug0ejMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNG5wVEJUaEI1aTgzaHpBcjA3UGNGNjZEUjZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny84NzYyZjUtZmFlMy00NWY2LWE3OWIt
Y2FlZGJkNzE0MGU5LzEvbWljVFBsbU5qLVlpdEVWazBtbzN3aHlkQ0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny84NzYyZjUtZmFlMy00NWY2LWE3OWItY2FlZGJkNzE0MGU5
LzEvNG5wVEJUaEI1aTgzaHpBcjA3UGNGNjZEUjZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA4g
MA0GCSqGSIb3DQEBCwUAA4IBAQCPPlj783iXJV26CcqoPQNibYY4FA3CRccztWv/
WPHyYMdJOEx+DmIr+oQL0DurXZkB2EuzdAn3H6jwt6Ux2v79s/SIcbiJNqc8vwFn
1Vlw4+xuffRcXqvulv5j0CTecvaMii4oc8LTMPiPg7TYKwdDOFmjJHC07azGhbob
/SGGBvvyGJaWrTK5/x1xrkj6QJHgRDakLDbPl1gblqmI0GYENC9ZXhaO9XsvK0U9
rRygpUgewi/td4k6lU9JG0NRGNB0tiRQu8CbgrB4AQS7QljUoyyVmoA2jtZLmlvL
kZhSQ7FvWZ+VZeg+DwA4kVmsZCGpfR8/im/cIvsRxGwPVi/E
-----END CERTIFICATE-----