Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/8af211-cf7b-4191-8e24-f41b18ee9c01/1/haukUjSH6UcN6AV3sJ20cWGrGJw.roa
File:                     haukUjSH6UcN6AV3sJ20cWGrGJw.roa (raw, json)
Hash identifier:          dxThA7B4CjlZL0dq8kjJKeA0OcdJdconVhfVtTf0jcg=
Subject key identifier:   85:AB:A4:52:34:87:E9:47:0D:E8:05:77:B0:9D:B4:71:61:AB:18:9C
Certificate issuer:       /CN=6ccf884cf78ec531986e46ede02fc68861965381
Certificate serial:       018CC5000A79EF00BC1BB5C0058C63F70F9D
Authority key identifier: 6C:CF:88:4C:F7:8E:C5:31:98:6E:46:ED:E0:2F:C6:88:61:96:53:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM-ITPeOxTGYbkbt4C_GiGGWU4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/8af211-cf7b-4191-8e24-f41b18ee9c01/1/haukUjSH6UcN6AV3sJ20cWGrGJw.roa
Signing time:             Mon 01 Jan 2024 12:29:23 +0000
ROA not before:           Mon 01 Jan 2024 12:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207871
IP address blocks:        2001:678:b7c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/8af211-cf7b-4191-8e24-f41b18ee9c01/1/bM-ITPeOxTGYbkbt4C_GiGGWU4E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/8af211-cf7b-4191-8e24-f41b18ee9c01/1/bM-ITPeOxTGYbkbt4C_GiGGWU4E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM-ITPeOxTGYbkbt4C_GiGGWU4E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0a:79:ef:00:bc:1b:b5:c0:05:8c:63:f7:0f:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccf884cf78ec531986e46ede02fc68861965381
        Validity
            Not Before: Jan  1 12:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85aba4523487e9470de80577b09db47161ab189c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6e:c1:68:18:60:8a:c9:f4:04:13:20:4d:c7:
                    7f:a7:c7:30:49:f9:1d:77:0a:e6:06:48:91:3b:e8:
                    0d:b2:0b:57:1c:a5:3c:1a:23:a0:4e:51:08:35:e6:
                    94:d8:b6:fe:b1:45:e9:b9:2a:5c:cb:6f:50:a2:b0:
                    5a:8a:e3:6e:0d:ca:12:53:85:f5:43:c0:44:95:03:
                    ab:e4:0d:3f:5e:3e:86:a3:ee:d3:0a:ed:89:79:a7:
                    a4:0f:6e:f7:c3:57:5a:71:8c:5d:82:44:b5:4e:46:
                    ca:cd:fe:10:dc:4f:ba:02:41:f5:0e:3e:7f:47:11:
                    63:85:8b:9d:41:77:5a:cc:66:c9:59:91:f2:6c:a2:
                    59:6f:b3:56:f7:b0:93:d0:0e:c7:68:c7:96:bd:f3:
                    4b:c9:df:30:d4:34:18:8f:df:34:23:70:97:e4:80:
                    d1:02:9f:27:a3:3a:20:fd:5d:d9:ab:f7:25:03:39:
                    26:65:b8:5c:54:01:26:d4:34:ff:12:a5:40:cb:9d:
                    4d:b4:40:9e:d6:dd:1e:13:56:da:6e:28:1c:ed:8d:
                    71:e1:a8:41:9d:6a:58:f7:07:b4:7f:3a:98:24:7d:
                    65:70:27:ba:f3:e7:43:64:1e:eb:f9:b0:ec:18:0e:
                    31:05:e9:d8:73:51:6a:bf:6f:6b:ca:51:e3:de:e2:
                    2b:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:AB:A4:52:34:87:E9:47:0D:E8:05:77:B0:9D:B4:71:61:AB:18:9C
            X509v3 Authority Key Identifier:
                keyid:6C:CF:88:4C:F7:8E:C5:31:98:6E:46:ED:E0:2F:C6:88:61:96:53:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM-ITPeOxTGYbkbt4C_GiGGWU4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/8af211-cf7b-4191-8e24-f41b18ee9c01/1/haukUjSH6UcN6AV3sJ20cWGrGJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/8af211-cf7b-4191-8e24-f41b18ee9c01/1/bM-ITPeOxTGYbkbt4C_GiGGWU4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:b7c::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:1f:5f:a5:63:01:b3:42:77:21:93:5e:9a:30:85:e9:0e:42:
         eb:a0:ed:9f:d1:ba:0e:9c:2a:c4:45:df:2e:2a:3c:12:cf:6b:
         4e:1c:5c:9b:5b:a7:ff:a7:f3:bf:df:73:28:03:c8:ac:e1:a3:
         3d:7f:22:96:d5:80:5b:a9:3a:e8:de:47:34:9a:a9:05:5e:9d:
         46:4e:9f:d5:16:3d:ca:43:de:84:86:c2:23:8b:ec:5e:7c:50:
         95:61:8d:15:45:6a:ef:7b:b9:63:17:5b:21:ce:82:b3:7a:3d:
         cb:3f:6d:c4:d1:29:da:1a:b8:d1:66:14:01:f4:98:e2:93:e3:
         11:39:8e:cd:c9:88:89:76:1f:0c:9f:45:85:d9:c5:a9:2d:2e:
         12:9b:cd:33:09:c1:2f:f6:54:09:c3:5b:58:09:29:f9:e9:42:
         81:8e:df:87:ee:fe:50:6f:3e:9f:fa:61:ef:21:4d:9a:19:53:
         8d:1a:87:02:07:fd:6a:4c:bc:93:bd:9b:32:c8:7f:9c:b6:18:
         79:27:1c:9b:ee:a8:e6:23:f2:43:6d:10:2f:59:12:97:76:0c:
         0a:5f:98:06:06:c5:e0:fc:a8:10:38:43:e4:0e:8c:d1:18:0d:
         fc:85:44:a8:a1:aa:e0:3d:a6:a5:ad:00:a8:86:7d:41:9c:f5:
         d6:88:08:18
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAAp57wC8G7XABYxj9w+dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjY2Y4ODRjZjc4ZWM1MzE5ODZlNDZlZGUwMmZjNjg4NjE5
NjUzODEwHhcNMjQwMTAxMTIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWFiYTQ1MjM0ODdlOTQ3MGRlODA1NzdiMDlkYjQ3MTYxYWIxODljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtm7BaBhgisn0BBMgTcd/p8cwSfkd
dwrmBkiRO+gNsgtXHKU8GiOgTlEINeaU2Lb+sUXpuSpcy29QorBaiuNuDcoSU4X1
Q8BElQOr5A0/Xj6Go+7TCu2JeaekD273w1dacYxdgkS1TkbKzf4Q3E+6AkH1Dj5/
RxFjhYudQXdazGbJWZHybKJZb7NW97CT0A7HaMeWvfNLyd8w1DQYj980I3CX5IDR
Ap8nozog/V3Zq/clAzkmZbhcVAEm1DT/EqVAy51NtECe1t0eE1babigc7Y1x4ahB
nWpY9we0fzqYJH1lcCe68+dDZB7r+bDsGA4xBenYc1Fqv29rylHj3uIr/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIWrpFI0h+lHDegFd7CdtHFhqxicMB8GA1UdIwQY
MBaAFGzPiEz3jsUxmG5G7eAvxohhllOBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk0tSVRQZU94VEdZYmtidDRDX0dpR0dXVTRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS84YWYyMTEtY2Y3Yi00MTkxLThlMjQt
ZjQxYjE4ZWU5YzAxLzEvaGF1a1VqU0g2VWNONkFWM3NKMjBjV0dyR0p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS84YWYyMTEtY2Y3Yi00MTkxLThlMjQtZjQxYjE4ZWU5YzAx
LzEvYk0tSVRQZU94VEdZYmtidDRDX0dpR0dXVTRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAt8
MA0GCSqGSIb3DQEBCwUAA4IBAQBOH1+lYwGzQnchk16aMIXpDkLroO2f0boOnCrE
Rd8uKjwSz2tOHFybW6f/p/O/33MoA8is4aM9fyKW1YBbqTro3kc0mqkFXp1GTp/V
Fj3KQ96EhsIji+xefFCVYY0VRWrve7ljF1shzoKzej3LP23E0SnaGrjRZhQB9Jji
k+MROY7NyYiJdh8Mn0WF2cWpLS4Sm80zCcEv9lQJw1tYCSn56UKBjt+H7v5Qbz6f
+mHvIU2aGVONGocCB/1qTLyTvZsyyH+cthh5Jxyb7qjmI/JDbRAvWRKXdgwKX5gG
BsXg/KgQOEPkDozRGA38hUSooargPaalrQCohn1BnPXWiAgY
-----END CERTIFICATE-----