Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/e8922d-b304-4188-bda6-dc6b1ff72c18/1/NUcZgRpwb_fFXQrte9Oe2FBeaG8.roa
File:                     NUcZgRpwb_fFXQrte9Oe2FBeaG8.roa (raw, json)
Hash identifier:          nLhgCTC7vNdcye8I2Oj4B+m9PSwLlHWnVTk7zVuOmkc=
Subject key identifier:   35:47:19:81:1A:70:6F:F7:C5:5D:0A:ED:7B:D3:9E:D8:50:5E:68:6F
Certificate issuer:       /CN=1bf180eca4e4405e877a8b63923a7588d77e39d2
Certificate serial:       018EE32094322963585A9E12580E0AD6B39F
Authority key identifier: 1B:F1:80:EC:A4:E4:40:5E:87:7A:8B:63:92:3A:75:88:D7:7E:39:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G_GA7KTkQF6Heotjkjp1iNd-OdI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/e8922d-b304-4188-bda6-dc6b1ff72c18/1/NUcZgRpwb_fFXQrte9Oe2FBeaG8.roa
Signing time:             Mon 15 Apr 2024 18:59:06 +0000
ROA not before:           Mon 15 Apr 2024 18:59:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215697
IP address blocks:        2001:678:554::/48 maxlen: 48
                          2001:67c:e64::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/e8922d-b304-4188-bda6-dc6b1ff72c18/1/G_GA7KTkQF6Heotjkjp1iNd-OdI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/e8922d-b304-4188-bda6-dc6b1ff72c18/1/G_GA7KTkQF6Heotjkjp1iNd-OdI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G_GA7KTkQF6Heotjkjp1iNd-OdI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 03:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e3:20:94:32:29:63:58:5a:9e:12:58:0e:0a:d6:b3:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bf180eca4e4405e877a8b63923a7588d77e39d2
        Validity
            Not Before: Apr 15 18:59:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=354719811a706ff7c55d0aed7bd39ed8505e686f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e4:8f:f9:76:fd:b2:3e:e2:e1:47:85:0b:3f:
                    15:3d:a4:15:33:91:c3:3a:74:04:1f:7c:27:20:e0:
                    fa:db:18:e0:eb:26:1a:6a:90:91:c9:f0:37:77:1d:
                    29:82:73:2b:5d:5d:85:1d:1a:38:8f:cb:b1:32:f1:
                    99:de:0f:f0:67:22:a6:1a:87:20:12:83:dd:6b:50:
                    6b:7f:7f:9b:5e:b8:fa:50:31:e0:04:50:44:80:3e:
                    90:b0:9c:26:89:cf:c6:75:93:06:3c:82:e0:67:c9:
                    eb:08:99:17:dc:6f:49:cc:bd:1f:11:a1:75:0f:c9:
                    8e:a3:99:dd:a2:e8:3f:8a:e5:88:6d:65:1d:52:42:
                    cf:ae:3f:df:69:c4:93:a3:91:d8:4f:62:d7:46:e1:
                    a2:42:f9:1f:92:29:de:a4:4d:32:c9:2a:a1:ad:e2:
                    9e:30:3d:f9:74:59:cf:ee:e5:74:e3:f3:9f:1b:c7:
                    29:2f:20:14:89:67:ef:b1:50:54:43:f5:c4:a9:6d:
                    ef:ae:d2:00:30:7c:34:dd:66:cb:8c:93:06:7b:00:
                    59:23:d1:27:99:0a:16:14:88:6e:21:dd:d7:54:58:
                    0f:00:0e:4f:5d:cf:ee:14:b7:37:10:b9:de:ab:a6:
                    31:91:b6:af:d1:8e:2d:a7:35:d0:63:02:9e:5d:84:
                    e2:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:47:19:81:1A:70:6F:F7:C5:5D:0A:ED:7B:D3:9E:D8:50:5E:68:6F
            X509v3 Authority Key Identifier:
                keyid:1B:F1:80:EC:A4:E4:40:5E:87:7A:8B:63:92:3A:75:88:D7:7E:39:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G_GA7KTkQF6Heotjkjp1iNd-OdI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/e8922d-b304-4188-bda6-dc6b1ff72c18/1/NUcZgRpwb_fFXQrte9Oe2FBeaG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/e8922d-b304-4188-bda6-dc6b1ff72c18/1/G_GA7KTkQF6Heotjkjp1iNd-OdI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:554::/48
                  2001:67c:e64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:8c:f1:16:65:c9:0c:3c:86:45:c7:61:8e:a8:d0:ce:4c:60:
         a9:f9:ad:07:10:de:1a:bc:a8:82:34:76:35:6b:77:78:4b:ab:
         7e:3c:f1:24:4a:65:ae:f5:9a:4b:ed:dc:6e:bb:8b:1c:12:3c:
         97:95:eb:58:32:07:43:7c:9f:99:12:8e:8c:c7:9b:bc:3c:60:
         ea:5e:7e:70:fb:90:32:18:e2:40:8e:30:46:1f:5d:fc:a6:18:
         7d:8f:36:c4:ae:90:71:66:b1:75:1b:ed:e7:d2:2e:9d:98:e8:
         33:59:aa:ab:7c:00:08:2c:0f:5f:60:c6:3e:ce:0a:64:dd:32:
         76:37:21:ec:5c:1c:f1:a6:2c:4b:6f:27:b6:4c:f1:e5:83:a2:
         2a:02:10:ca:c5:6f:ab:a6:c0:89:10:e2:47:0d:e0:de:c2:65:
         0b:8c:54:5c:99:d0:19:93:3e:d6:9b:cb:35:48:90:89:cd:36:
         c7:96:5f:fb:a4:8d:c0:71:22:cf:81:28:58:cb:88:93:ad:a9:
         6a:d7:f5:a2:dc:e4:96:de:e6:79:68:ba:cf:0d:28:6a:c3:59:
         be:c5:86:d5:56:04:6e:94:24:68:61:bb:b4:d8:5a:8d:a5:47:
         19:9f:25:7c:29:88:c8:88:c4:07:c6:e4:93:ef:86:ed:85:19:
         6c:17:bf:9d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY7jIJQyKWNYWp4SWA4K1rOfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZjE4MGVjYTRlNDQwNWU4NzdhOGI2MzkyM2E3NTg4ZDc3
ZTM5ZDIwHhcNMjQwNDE1MTg1OTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTQ3MTk4MTFhNzA2ZmY3YzU1ZDBhZWQ3YmQzOWVkODUwNWU2ODZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeSP+Xb9sj7i4UeFCz8VPaQVM5HD
OnQEH3wnIOD62xjg6yYaapCRyfA3dx0pgnMrXV2FHRo4j8uxMvGZ3g/wZyKmGocg
EoPda1Brf3+bXrj6UDHgBFBEgD6QsJwmic/GdZMGPILgZ8nrCJkX3G9JzL0fEaF1
D8mOo5ndoug/iuWIbWUdUkLPrj/facSTo5HYT2LXRuGiQvkfkinepE0yySqhreKe
MD35dFnP7uV04/OfG8cpLyAUiWfvsVBUQ/XEqW3vrtIAMHw03WbLjJMGewBZI9En
mQoWFIhuId3XVFgPAA5PXc/uFLc3ELneq6Yxkbav0Y4tpzXQYwKeXYTi9wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDVHGYEacG/3xV0K7XvTnthQXmhvMB8GA1UdIwQY
MBaAFBvxgOyk5EBeh3qLY5I6dYjXfjnSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR19HQTdLVGtRRjZIZW90amtqcDFpTmQtT2RJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9lODkyMmQtYjMwNC00MTg4LWJkYTYt
ZGM2YjFmZjcyYzE4LzEvTlVjWmdScHdiX2ZGWFFydGU5T2UyRkJlYUc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9lODkyMmQtYjMwNC00MTg4LWJkYTYtZGM2YjFmZjcyYzE4
LzEvR19HQTdLVGtRRjZIZW90amtqcDFpTmQtT2RJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGeAVU
AwcAIAEGfA5kMA0GCSqGSIb3DQEBCwUAA4IBAQAcjPEWZckMPIZFx2GOqNDOTGCp
+a0HEN4avKiCNHY1a3d4S6t+PPEkSmWu9ZpL7dxuu4scEjyXletYMgdDfJ+ZEo6M
x5u8PGDqXn5w+5AyGOJAjjBGH138phh9jzbErpBxZrF1G+3n0i6dmOgzWaqrfAAI
LA9fYMY+zgpk3TJ2NyHsXBzxpixLbye2TPHlg6IqAhDKxW+rpsCJEOJHDeDewmUL
jFRcmdAZkz7Wm8s1SJCJzTbHll/7pI3AcSLPgShYy4iTralq1/Wi3OSW3uZ5aLrP
DShqw1m+xYbVVgRulCRoYbu02FqNpUcZnyV8KYjIiMQHxuST74bthRlsF7+d
-----END CERTIFICATE-----