Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/661679-ac25-43ee-9cbf-8cf254b48794/1/Fy-5PiRLeU4F1qGBk8FqPzNY-qY.roa
File:                     Fy-5PiRLeU4F1qGBk8FqPzNY-qY.roa (raw, json)
Hash identifier:          egoNZvPlDs0u50QD7qboCOAXkkd9u5gNdMp/vhzrmME=
Subject key identifier:   17:2F:B9:3E:24:4B:79:4E:05:D6:A1:81:93:C1:6A:3F:33:58:FA:A6
Certificate issuer:       /CN=f7b7c2e8453ed4c0929c7504baf046043159d105
Certificate serial:       018CC56E3A314F2F981FF183A9C8E5CFCA21
Authority key identifier: F7:B7:C2:E8:45:3E:D4:C0:92:9C:75:04:BA:F0:46:04:31:59:D1:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/97fC6EU-1MCSnHUEuvBGBDFZ0QU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/661679-ac25-43ee-9cbf-8cf254b48794/1/Fy-5PiRLeU4F1qGBk8FqPzNY-qY.roa
Signing time:             Mon 01 Jan 2024 14:29:44 +0000
ROA not before:           Mon 01 Jan 2024 14:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12360
IP address blocks:        2001:678:78c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/661679-ac25-43ee-9cbf-8cf254b48794/1/97fC6EU-1MCSnHUEuvBGBDFZ0QU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/661679-ac25-43ee-9cbf-8cf254b48794/1/97fC6EU-1MCSnHUEuvBGBDFZ0QU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/97fC6EU-1MCSnHUEuvBGBDFZ0QU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 13:57:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:3a:31:4f:2f:98:1f:f1:83:a9:c8:e5:cf:ca:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7b7c2e8453ed4c0929c7504baf046043159d105
        Validity
            Not Before: Jan  1 14:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=172fb93e244b794e05d6a18193c16a3f3358faa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a2:1d:0f:b2:06:29:57:02:a6:c6:15:52:2b:
                    df:cb:3b:ad:91:a8:a3:d9:f2:bd:76:5e:f8:8e:a7:
                    c4:f5:b4:9b:d2:9d:aa:6b:0b:96:57:93:d4:3a:7a:
                    4c:cc:5d:8d:88:a8:56:82:0b:60:f1:a8:e2:2b:9d:
                    61:8d:8e:2c:ce:63:fc:64:14:ed:70:47:28:64:cb:
                    5a:da:9d:db:4b:bf:dc:d7:2c:9e:c1:ef:91:ff:b5:
                    bc:1c:63:8d:21:7d:d5:2a:4a:b5:10:fd:90:61:67:
                    98:a8:10:7f:ed:70:a5:a0:75:58:d7:81:07:47:2c:
                    b7:43:99:36:10:b4:d5:72:d0:f7:96:85:1e:ec:30:
                    da:4d:f8:80:dc:9d:82:7e:60:45:30:aa:ae:1b:ea:
                    52:49:bb:0a:de:82:24:8f:c2:b1:51:40:5d:cc:ce:
                    9d:19:6e:8a:1a:49:6b:30:e3:f1:58:99:68:e5:60:
                    cd:f1:a4:34:e2:38:56:d0:e4:5c:4b:86:1b:2f:ec:
                    d2:89:2f:c2:ff:e6:54:bb:c6:38:54:58:51:f2:55:
                    e6:ba:c6:36:e5:af:79:98:f8:1a:4e:41:ec:a9:f6:
                    cb:02:68:48:a6:2d:41:e1:b5:2f:ff:47:49:aa:6c:
                    a4:69:4a:c6:28:33:b8:7e:87:b6:af:1a:cf:eb:7d:
                    a4:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:2F:B9:3E:24:4B:79:4E:05:D6:A1:81:93:C1:6A:3F:33:58:FA:A6
            X509v3 Authority Key Identifier:
                keyid:F7:B7:C2:E8:45:3E:D4:C0:92:9C:75:04:BA:F0:46:04:31:59:D1:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/97fC6EU-1MCSnHUEuvBGBDFZ0QU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/661679-ac25-43ee-9cbf-8cf254b48794/1/Fy-5PiRLeU4F1qGBk8FqPzNY-qY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/661679-ac25-43ee-9cbf-8cf254b48794/1/97fC6EU-1MCSnHUEuvBGBDFZ0QU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:78c::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:b0:fe:c0:6d:77:f1:7b:9c:9a:5b:1a:e8:0c:fe:2b:21:fe:
         69:4d:5f:32:99:16:10:17:0a:62:41:52:24:09:29:91:a4:46:
         39:ba:ff:db:45:9d:65:db:97:a7:92:af:3c:b1:da:44:38:86:
         fc:2c:fc:a4:54:f8:0a:8a:b9:e2:fd:ac:dd:54:64:b3:5d:fd:
         b4:40:d7:f7:d3:3d:2f:25:11:34:6e:6d:98:f8:65:e0:34:82:
         b0:f0:31:16:52:69:f5:5b:44:ad:10:3e:bf:4f:09:4c:9b:69:
         a2:b5:21:61:f0:62:31:01:3d:63:37:2a:1d:5f:78:97:76:c7:
         8e:8c:40:5e:6a:ac:ce:18:d3:39:7a:52:e2:d6:8a:a5:43:7e:
         76:37:d3:7a:13:70:14:5d:93:56:95:f3:81:5e:23:78:7e:a7:
         b8:7d:f6:a0:66:5c:f6:39:2b:c5:88:23:f9:eb:3f:bd:3f:e8:
         6e:27:88:88:19:e9:39:ca:1f:f9:bb:43:a4:b4:d7:fa:70:a3:
         a7:ff:b1:28:36:31:f1:d4:35:ec:1f:01:e3:30:3d:b9:ee:73:
         a5:64:77:44:21:c4:16:a2:42:97:97:85:ea:2f:e1:cb:30:b8:
         b2:ca:6a:99:54:fc:11:ad:b1:2f:d0:c5:ce:ff:cc:50:60:69:
         70:2c:68:56
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbjoxTy+YH/GDqcjlz8ohMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YjdjMmU4NDUzZWQ0YzA5MjljNzUwNGJhZjA0NjA0MzE1
OWQxMDUwHhcNMjQwMTAxMTQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzJmYjkzZTI0NGI3OTRlMDVkNmExODE5M2MxNmEzZjMzNThmYWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6IdD7IGKVcCpsYVUivfyzutkaij
2fK9dl74jqfE9bSb0p2qawuWV5PUOnpMzF2NiKhWggtg8ajiK51hjY4szmP8ZBTt
cEcoZMta2p3bS7/c1yyewe+R/7W8HGONIX3VKkq1EP2QYWeYqBB/7XCloHVY14EH
Ryy3Q5k2ELTVctD3loUe7DDaTfiA3J2CfmBFMKquG+pSSbsK3oIkj8KxUUBdzM6d
GW6KGklrMOPxWJlo5WDN8aQ04jhW0ORcS4YbL+zSiS/C/+ZUu8Y4VFhR8lXmusY2
5a95mPgaTkHsqfbLAmhIpi1B4bUv/0dJqmykaUrGKDO4foe2rxrP632k6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBcvuT4kS3lOBdahgZPBaj8zWPqmMB8GA1UdIwQY
MBaAFPe3wuhFPtTAkpx1BLrwRgQxWdEFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTdmQzZFVS0xTUNTbkhVRXV2QkdCREZaMFFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC82NjE2NzktYWMyNS00M2VlLTljYmYt
OGNmMjU0YjQ4Nzk0LzEvRnktNVBpUkxlVTRGMXFHQms4RnFQek5ZLXFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC82NjE2NzktYWMyNS00M2VlLTljYmYtOGNmMjU0YjQ4Nzk0
LzEvOTdmQzZFVS0xTUNTbkhVRXV2QkdCREZaMFFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAeM
MA0GCSqGSIb3DQEBCwUAA4IBAQCLsP7AbXfxe5yaWxroDP4rIf5pTV8ymRYQFwpi
QVIkCSmRpEY5uv/bRZ1l25enkq88sdpEOIb8LPykVPgKirni/azdVGSzXf20QNf3
0z0vJRE0bm2Y+GXgNIKw8DEWUmn1W0StED6/TwlMm2mitSFh8GIxAT1jNyodX3iX
dseOjEBeaqzOGNM5elLi1oqlQ352N9N6E3AUXZNWlfOBXiN4fqe4ffagZlz2OSvF
iCP56z+9P+huJ4iIGek5yh/5u0OktNf6cKOn/7EoNjHx1DXsHwHjMD257nOlZHdE
IcQWokKXl4XqL+HLMLiyymqZVPwRrbEv0MXO/8xQYGlwLGhW
-----END CERTIFICATE-----