Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/89b3d1-7de3-4c63-a077-82c1b65bed40/1/8dny7u5gUz1Q11qFQNW4vNRdILY.roa
File:                     8dny7u5gUz1Q11qFQNW4vNRdILY.roa (raw, json)
Hash identifier:          DlDoMPutjlcMxl3gPP/fwyEvZjtLqrc0ErTlaArGTKE=
Subject key identifier:   F1:D9:F2:EE:EE:60:53:3D:50:D7:5A:85:40:D5:B8:BC:D4:5D:20:B6
Certificate issuer:       /CN=f76e639524bda245b92db4cbbca56bd3a7a4ae0c
Certificate serial:       018CC50072C49DD3CB4BBD10FFD514249544
Authority key identifier: F7:6E:63:95:24:BD:A2:45:B9:2D:B4:CB:BC:A5:6B:D3:A7:A4:AE:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/925jlSS9okW5LbTLvKVr06ekrgw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/89b3d1-7de3-4c63-a077-82c1b65bed40/1/8dny7u5gUz1Q11qFQNW4vNRdILY.roa
Signing time:             Mon 01 Jan 2024 12:29:49 +0000
ROA not before:           Mon 01 Jan 2024 12:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47251
IP address blocks:        2001:678:254::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/89b3d1-7de3-4c63-a077-82c1b65bed40/1/925jlSS9okW5LbTLvKVr06ekrgw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/89b3d1-7de3-4c63-a077-82c1b65bed40/1/925jlSS9okW5LbTLvKVr06ekrgw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/925jlSS9okW5LbTLvKVr06ekrgw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 18:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:72:c4:9d:d3:cb:4b:bd:10:ff:d5:14:24:95:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f76e639524bda245b92db4cbbca56bd3a7a4ae0c
        Validity
            Not Before: Jan  1 12:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1d9f2eeee60533d50d75a8540d5b8bcd45d20b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f1:b4:34:b0:b7:d9:57:cd:d2:b2:b0:1b:07:
                    49:58:33:a0:43:17:04:7d:7b:f5:f2:55:84:56:41:
                    d6:2c:90:b3:ad:25:c5:c7:91:65:04:a2:d4:3b:79:
                    7f:e3:89:f5:1d:86:37:2b:22:b4:28:ff:b0:ca:72:
                    19:7b:36:03:c6:50:28:7b:36:96:f4:29:61:98:37:
                    94:7d:95:ea:0b:be:d0:94:d0:2c:87:11:ef:4b:97:
                    50:83:85:99:2e:dc:25:0a:9b:65:d8:e2:15:1c:4a:
                    2d:96:87:b3:13:ab:21:11:7e:1d:b8:60:69:3e:73:
                    71:65:00:be:df:34:db:16:f8:15:7a:00:28:81:8b:
                    ff:e4:a4:b8:3c:76:f1:4c:32:40:c9:fe:7a:42:08:
                    ee:60:d7:53:4a:b9:e8:d2:bd:53:5b:1b:e4:92:e9:
                    85:42:80:d5:62:81:41:8d:f7:44:74:5a:22:cb:a1:
                    45:6c:04:90:e2:d9:a0:e9:de:dd:27:d1:f3:4c:0c:
                    aa:d0:ed:0b:f0:ef:ec:99:88:9c:41:20:06:1a:44:
                    fd:08:6b:94:b4:5e:ae:80:8b:90:14:9a:94:30:c7:
                    5b:1c:52:e0:69:45:88:7e:45:de:f2:91:a9:91:4c:
                    92:41:7d:cc:c3:32:d6:3e:9f:68:f6:a8:b1:aa:8b:
                    d0:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:D9:F2:EE:EE:60:53:3D:50:D7:5A:85:40:D5:B8:BC:D4:5D:20:B6
            X509v3 Authority Key Identifier:
                keyid:F7:6E:63:95:24:BD:A2:45:B9:2D:B4:CB:BC:A5:6B:D3:A7:A4:AE:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/925jlSS9okW5LbTLvKVr06ekrgw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/89b3d1-7de3-4c63-a077-82c1b65bed40/1/8dny7u5gUz1Q11qFQNW4vNRdILY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/89b3d1-7de3-4c63-a077-82c1b65bed40/1/925jlSS9okW5LbTLvKVr06ekrgw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:254::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:57:f1:78:c2:69:39:41:a4:83:e2:a7:9e:33:c2:00:d9:51:
         fd:f9:df:17:73:a1:2d:fc:2a:f4:59:9b:e3:41:7e:cb:08:46:
         af:bb:7b:5c:ae:72:94:00:4f:c1:44:0b:74:9d:88:cc:74:8d:
         05:a8:bc:e6:c4:7a:71:ba:5f:fa:71:f8:c8:dc:34:f1:46:2b:
         d5:86:87:44:62:6d:d7:6d:35:32:56:16:4a:2f:f5:66:24:50:
         f9:70:cf:aa:27:70:32:d4:ea:b9:e0:93:cd:02:6d:a9:40:01:
         6d:89:6d:dc:09:ce:b0:c6:a5:79:a4:c2:bd:8c:b2:42:f0:e2:
         ba:d7:38:0a:cd:ca:52:0f:61:af:51:99:36:28:59:39:18:08:
         9b:56:14:82:e0:86:90:82:fb:0f:54:91:e7:be:b7:8c:1c:eb:
         0c:6e:f5:f4:8e:8b:ee:85:b7:09:c2:65:2b:40:8f:c1:23:22:
         d0:8f:4f:60:72:cb:5e:b6:48:e0:8d:93:0a:3b:f3:22:be:d0:
         8b:d1:f3:a9:0a:f0:a6:86:35:4d:ab:a2:9c:f7:82:fa:00:57:
         c3:8f:b1:ce:95:ad:e8:24:3f:ad:b8:ea:03:6a:6c:51:aa:6e:
         8f:71:93:95:3e:72:03:88:bd:ee:17:10:e5:ed:c1:b3:49:dc:
         8e:1d:f7:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAHLEndPLS70Q/9UUJJVEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NmU2Mzk1MjRiZGEyNDViOTJkYjRjYmJjYTU2YmQzYTdh
NGFlMGMwHhcNMjQwMTAxMTIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWQ5ZjJlZWVlNjA1MzNkNTBkNzVhODU0MGQ1YjhiY2Q0NWQyMGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfG0NLC32VfN0rKwGwdJWDOgQxcE
fXv18lWEVkHWLJCzrSXFx5FlBKLUO3l/44n1HYY3KyK0KP+wynIZezYDxlAoezaW
9ClhmDeUfZXqC77QlNAshxHvS5dQg4WZLtwlCptl2OIVHEotloezE6shEX4duGBp
PnNxZQC+3zTbFvgVegAogYv/5KS4PHbxTDJAyf56QgjuYNdTSrno0r1TWxvkkumF
QoDVYoFBjfdEdFoiy6FFbASQ4tmg6d7dJ9HzTAyq0O0L8O/smYicQSAGGkT9CGuU
tF6ugIuQFJqUMMdbHFLgaUWIfkXe8pGpkUySQX3MwzLWPp9o9qixqovQ3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPHZ8u7uYFM9UNdahUDVuLzUXSC2MB8GA1UdIwQY
MBaAFPduY5UkvaJFuS20y7yla9OnpK4MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTI1amxTUzlva1c1TGJUTHZLVnIwNmVrcmd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi84OWIzZDEtN2RlMy00YzYzLWEwNzct
ODJjMWI2NWJlZDQwLzEvOGRueTd1NWdVejFRMTFxRlFOVzR2TlJkSUxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi84OWIzZDEtN2RlMy00YzYzLWEwNzctODJjMWI2NWJlZDQw
LzEvOTI1amxTUzlva1c1TGJUTHZLVnIwNmVrcmd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAJU
MA0GCSqGSIb3DQEBCwUAA4IBAQCIV/F4wmk5QaSD4qeeM8IA2VH9+d8Xc6Et/Cr0
WZvjQX7LCEavu3tcrnKUAE/BRAt0nYjMdI0FqLzmxHpxul/6cfjI3DTxRivVhodE
Ym3XbTUyVhZKL/VmJFD5cM+qJ3Ay1Oq54JPNAm2pQAFtiW3cCc6wxqV5pMK9jLJC
8OK61zgKzcpSD2GvUZk2KFk5GAibVhSC4IaQgvsPVJHnvreMHOsMbvX0jovuhbcJ
wmUrQI/BIyLQj09gcstetkjgjZMKO/MivtCL0fOpCvCmhjVNq6Kc94L6AFfDj7HO
la3oJD+tuOoDamxRqm6PcZOVPnIDiL3uFxDl7cGzSdyOHfcT
-----END CERTIFICATE-----