Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/41446b-e49a-4ae7-81e5-9425856ec542/1/0I35SvmcposDjIGw4ERiuFAyrVI.roa
File:                     0I35SvmcposDjIGw4ERiuFAyrVI.roa (raw, json)
Hash identifier:          KdjruwAE5v4gkYS9HTHw94098b88lHnTQ3HGv4uYljE=
Subject key identifier:   D0:8D:F9:4A:F9:9C:A6:8B:03:8C:81:B0:E0:44:62:B8:50:32:AD:52
Certificate issuer:       /CN=4ae8d08909d185af41d0a0c3be5ea28c352f0226
Certificate serial:       018CC8709DA62FE4A1D82B95FB34328C6626
Authority key identifier: 4A:E8:D0:89:09:D1:85:AF:41:D0:A0:C3:BE:5E:A2:8C:35:2F:02:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SujQiQnRha9B0KDDvl6ijDUvAiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/41446b-e49a-4ae7-81e5-9425856ec542/1/0I35SvmcposDjIGw4ERiuFAyrVI.roa
Signing time:             Tue 02 Jan 2024 04:31:12 +0000
ROA not before:           Tue 02 Jan 2024 04:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212989
IP address blocks:        2001:678:ddc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/41446b-e49a-4ae7-81e5-9425856ec542/1/SujQiQnRha9B0KDDvl6ijDUvAiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/41446b-e49a-4ae7-81e5-9425856ec542/1/SujQiQnRha9B0KDDvl6ijDUvAiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SujQiQnRha9B0KDDvl6ijDUvAiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:9d:a6:2f:e4:a1:d8:2b:95:fb:34:32:8c:66:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ae8d08909d185af41d0a0c3be5ea28c352f0226
        Validity
            Not Before: Jan  2 04:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d08df94af99ca68b038c81b0e04462b85032ad52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:2c:09:89:d5:ec:1e:cf:e8:0a:76:c9:9a:c4:
                    79:5e:40:b5:da:bc:c5:eb:74:02:ae:d5:48:51:cb:
                    79:da:c5:1f:59:ab:bc:01:d4:81:ba:9e:31:6e:24:
                    9b:dd:91:79:57:49:a9:d6:b4:79:d0:16:36:e2:4a:
                    14:e2:c5:07:f4:92:dc:32:bb:c9:e6:41:10:df:ab:
                    26:ad:fc:47:3c:ba:a6:0c:50:7a:34:83:08:63:97:
                    a0:bc:bc:ba:83:ca:2b:a4:b1:b1:2c:a0:9a:aa:bb:
                    7f:7a:0d:09:78:4e:50:1e:52:c2:64:73:da:bd:5e:
                    63:5a:bd:d8:08:56:bf:42:27:88:51:30:89:b6:e0:
                    13:74:20:fd:61:ee:dd:f1:2a:03:a0:50:f7:ce:9e:
                    89:86:27:f9:04:32:77:0a:14:26:20:66:58:34:66:
                    35:72:f1:50:01:fb:d7:d2:67:4b:bf:ba:de:d2:ed:
                    0e:5e:f9:81:09:86:94:23:8d:03:fc:34:e3:e5:a1:
                    75:5c:dd:70:98:77:b1:dc:b0:69:e3:7d:bc:90:ab:
                    17:88:ed:7b:06:d2:ea:71:d2:ef:10:ef:bb:90:75:
                    44:f4:29:20:cd:6d:d2:28:89:a7:1c:16:1e:77:18:
                    f5:5a:c0:30:a5:51:5a:a4:ba:38:17:90:53:5e:e3:
                    a6:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:8D:F9:4A:F9:9C:A6:8B:03:8C:81:B0:E0:44:62:B8:50:32:AD:52
            X509v3 Authority Key Identifier:
                keyid:4A:E8:D0:89:09:D1:85:AF:41:D0:A0:C3:BE:5E:A2:8C:35:2F:02:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SujQiQnRha9B0KDDvl6ijDUvAiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/41446b-e49a-4ae7-81e5-9425856ec542/1/0I35SvmcposDjIGw4ERiuFAyrVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/41446b-e49a-4ae7-81e5-9425856ec542/1/SujQiQnRha9B0KDDvl6ijDUvAiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:ddc::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:c5:25:b5:29:c8:31:8a:54:f0:39:de:b6:95:64:01:a9:7c:
         85:cd:42:2d:44:18:22:a6:1f:fb:58:be:50:b7:6e:1c:6d:33:
         d4:c7:a8:07:33:64:65:2f:90:3f:fa:a5:df:6f:af:3c:4a:9d:
         ce:c9:57:29:d1:dc:de:ef:5b:55:86:e7:ef:5a:ed:0e:dd:f6:
         83:b9:d3:28:a3:2f:29:6b:a2:b7:62:79:18:ab:8d:80:03:22:
         2b:5a:7b:7e:52:6f:f6:8b:b8:7b:b2:d2:f7:4e:30:87:3b:6a:
         45:25:7f:56:e6:41:88:8f:e8:ac:cd:73:58:b9:50:a4:45:2c:
         e4:ca:73:24:b0:2d:d2:5f:9c:1f:d5:0c:76:78:27:89:af:5c:
         18:fa:ff:ad:e2:e3:ab:55:db:e6:32:16:3f:94:3a:0b:ce:bf:
         cb:ef:0f:fd:4f:87:c8:02:c5:74:bf:43:a3:18:34:1b:a1:c2:
         ef:ac:8a:61:a6:7c:b8:78:4c:b7:5c:7c:4a:46:a0:80:05:2b:
         bd:9e:cb:fc:38:52:b6:a4:51:df:49:3a:f2:3a:ef:be:4b:a7:
         1f:08:db:36:12:44:b1:f4:59:c7:59:ea:66:b0:ab:c5:f6:61:
         b7:9e:0e:d6:b8:68:55:85:b7:c2:43:00:e4:60:cf:de:e0:a3:
         b3:64:84:0e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIcJ2mL+Sh2CuV+zQyjGYmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhZThkMDg5MDlkMTg1YWY0MWQwYTBjM2JlNWVhMjhjMzUy
ZjAyMjYwHhcNMjQwMTAyMDQzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDhkZjk0YWY5OWNhNjhiMDM4YzgxYjBlMDQ0NjJiODUwMzJhZDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoywJidXsHs/oCnbJmsR5XkC12rzF
63QCrtVIUct52sUfWau8AdSBup4xbiSb3ZF5V0mp1rR50BY24koU4sUH9JLcMrvJ
5kEQ36smrfxHPLqmDFB6NIMIY5egvLy6g8orpLGxLKCaqrt/eg0JeE5QHlLCZHPa
vV5jWr3YCFa/QieIUTCJtuATdCD9Ye7d8SoDoFD3zp6Jhif5BDJ3ChQmIGZYNGY1
cvFQAfvX0mdLv7re0u0OXvmBCYaUI40D/DTj5aF1XN1wmHex3LBp4328kKsXiO17
BtLqcdLvEO+7kHVE9CkgzW3SKImnHBYedxj1WsAwpVFapLo4F5BTXuOmPQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNCN+Ur5nKaLA4yBsOBEYrhQMq1SMB8GA1UdIwQY
MBaAFEro0IkJ0YWvQdCgw75eoow1LwImMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3VqUWlRblJoYTlCMEtERHZsNmlqRFV2QWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS80MTQ0NmItZTQ5YS00YWU3LTgxZTUt
OTQyNTg1NmVjNTQyLzEvMEkzNVN2bWNwb3NEaklHdzRFUml1RkF5clZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS80MTQ0NmItZTQ5YS00YWU3LTgxZTUtOTQyNTg1NmVjNTQy
LzEvU3VqUWlRblJoYTlCMEtERHZsNmlqRFV2QWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA3c
MA0GCSqGSIb3DQEBCwUAA4IBAQAKxSW1KcgxilTwOd62lWQBqXyFzUItRBgiph/7
WL5Qt24cbTPUx6gHM2RlL5A/+qXfb688Sp3OyVcp0dze71tVhufvWu0O3faDudMo
oy8pa6K3YnkYq42AAyIrWnt+Um/2i7h7stL3TjCHO2pFJX9W5kGIj+iszXNYuVCk
RSzkynMksC3SX5wf1Qx2eCeJr1wY+v+t4uOrVdvmMhY/lDoLzr/L7w/9T4fIAsV0
v0OjGDQbocLvrIphpny4eEy3XHxKRqCABSu9nsv8OFK2pFHfSTryOu++S6cfCNs2
EkSx9FnHWepmsKvF9mG3ng7WuGhVhbfCQwDkYM/e4KOzZIQO
-----END CERTIFICATE-----