Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/5ef9e0-7a00-4fca-beaa-66b624eae78c/1/9fd26uJCuHxgzhFPcj0F_FgujSw.roa
File:                     9fd26uJCuHxgzhFPcj0F_FgujSw.roa (raw, json)
Hash identifier:          Iwfa5F3a2S5bI40kniQJyzqrHS4YRbjv19xOZ0Urt8E=
Subject key identifier:   F5:F7:76:EA:E2:42:B8:7C:60:CE:11:4F:72:3D:05:FC:58:2E:8D:2C
Certificate issuer:       /CN=133eeb9f7aba19e03b1366dab0883f3653fc03be
Certificate serial:       018CC79573A71976849803BB08D7A2333FC8
Authority key identifier: 13:3E:EB:9F:7A:BA:19:E0:3B:13:66:DA:B0:88:3F:36:53:FC:03:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ez7rn3q6GeA7E2basIg_NlP8A74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/5ef9e0-7a00-4fca-beaa-66b624eae78c/1/9fd26uJCuHxgzhFPcj0F_FgujSw.roa
Signing time:             Tue 02 Jan 2024 00:31:49 +0000
ROA not before:           Tue 02 Jan 2024 00:31:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212518
IP address blocks:        2001:678:e8c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/5ef9e0-7a00-4fca-beaa-66b624eae78c/1/Ez7rn3q6GeA7E2basIg_NlP8A74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/5ef9e0-7a00-4fca-beaa-66b624eae78c/1/Ez7rn3q6GeA7E2basIg_NlP8A74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ez7rn3q6GeA7E2basIg_NlP8A74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:73:a7:19:76:84:98:03:bb:08:d7:a2:33:3f:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=133eeb9f7aba19e03b1366dab0883f3653fc03be
        Validity
            Not Before: Jan  2 00:31:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5f776eae242b87c60ce114f723d05fc582e8d2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:7c:4e:18:37:41:c2:4f:fa:dc:a9:9d:4e:e2:
                    c4:28:41:ec:76:6e:33:87:65:77:be:31:c2:a3:81:
                    b0:d8:5e:63:52:09:c1:0f:64:61:3e:4e:2c:00:ea:
                    a3:55:39:eb:79:93:1b:b3:19:46:bd:fc:ba:e1:52:
                    05:72:7b:25:27:0a:1a:84:76:90:a9:f2:77:8b:37:
                    4d:e4:14:27:c1:dc:ed:5d:79:af:16:d7:8b:84:98:
                    c4:4a:65:07:af:bc:2b:86:4b:4f:e6:b1:8a:5d:1d:
                    7c:99:71:6e:1b:46:0e:bd:24:2a:42:d0:76:e4:b4:
                    f6:5d:96:29:b0:46:75:e8:79:6c:12:da:78:a4:78:
                    ff:5e:b9:df:ed:9e:43:d0:60:cc:14:e8:9d:18:96:
                    64:d0:e5:68:22:73:fb:9a:d3:fb:30:12:f0:e9:e8:
                    0c:8f:d9:a8:6b:48:e5:b4:cb:48:93:37:64:48:82:
                    74:dc:65:dc:dd:83:e7:0c:a6:1d:91:f3:de:f2:0e:
                    b2:54:a5:23:68:82:00:39:b7:b7:2c:82:9b:17:3d:
                    1f:48:56:1c:77:87:9b:80:20:4b:42:0a:a2:6d:1d:
                    e5:38:cb:59:20:40:07:a4:58:5f:b5:ca:1f:67:dd:
                    c6:8a:4c:ba:6c:db:93:e4:a5:de:71:41:69:78:2c:
                    7c:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:F7:76:EA:E2:42:B8:7C:60:CE:11:4F:72:3D:05:FC:58:2E:8D:2C
            X509v3 Authority Key Identifier:
                keyid:13:3E:EB:9F:7A:BA:19:E0:3B:13:66:DA:B0:88:3F:36:53:FC:03:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ez7rn3q6GeA7E2basIg_NlP8A74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/5ef9e0-7a00-4fca-beaa-66b624eae78c/1/9fd26uJCuHxgzhFPcj0F_FgujSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/5ef9e0-7a00-4fca-beaa-66b624eae78c/1/Ez7rn3q6GeA7E2basIg_NlP8A74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:e8c::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:e2:3f:0b:f4:1c:0b:3b:54:8a:cd:42:f8:79:95:cb:68:87:
         fe:fd:6c:21:54:31:9d:97:15:02:bf:7a:54:a4:76:40:3b:9e:
         c3:d3:94:27:b6:0a:c7:23:a3:13:81:ce:5d:9d:f0:82:15:33:
         6e:60:05:52:57:97:f0:a3:5f:a9:9e:79:53:e1:38:99:b3:01:
         f2:82:4c:bc:fa:e7:ae:b5:e1:4d:ee:54:24:8f:25:9b:25:02:
         3d:d6:6e:2b:df:55:2e:7c:7d:5d:b4:d4:ab:83:76:90:a7:95:
         bd:97:b7:ba:e2:5d:71:76:7a:90:26:2d:80:b0:87:c9:d7:dd:
         b3:15:0b:e5:ed:61:4f:ff:69:c9:ef:35:c6:6e:c9:27:fc:7d:
         6f:19:9e:d4:9a:cf:0a:d5:95:9c:ee:76:43:8b:ba:21:d5:c6:
         b2:9b:46:02:85:79:b0:a8:cb:3a:cb:a1:a8:ea:2e:9d:bd:43:
         cc:14:b9:cc:34:8c:46:a6:7e:ea:fa:aa:75:82:d6:0c:63:83:
         dd:3a:5d:f5:e9:5b:5f:cf:64:90:3a:30:db:f8:52:e9:89:81:
         07:22:f2:d7:11:a4:a4:16:66:3b:6d:e5:bc:6d:4e:c2:79:8a:
         99:67:8d:03:23:db:e8:f7:0b:d4:49:19:95:d0:05:af:34:a2:
         eb:5b:d6:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlXOnGXaEmAO7CNeiMz/IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzM2VlYjlmN2FiYTE5ZTAzYjEzNjZkYWIwODgzZjM2NTNm
YzAzYmUwHhcNMjQwMTAyMDAzMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWY3NzZlYWUyNDJiODdjNjBjZTExNGY3MjNkMDVmYzU4MmU4ZDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnxOGDdBwk/63KmdTuLEKEHsdm4z
h2V3vjHCo4Gw2F5jUgnBD2RhPk4sAOqjVTnreZMbsxlGvfy64VIFcnslJwoahHaQ
qfJ3izdN5BQnwdztXXmvFteLhJjESmUHr7wrhktP5rGKXR18mXFuG0YOvSQqQtB2
5LT2XZYpsEZ16HlsEtp4pHj/Xrnf7Z5D0GDMFOidGJZk0OVoInP7mtP7MBLw6egM
j9moa0jltMtIkzdkSIJ03GXc3YPnDKYdkfPe8g6yVKUjaIIAObe3LIKbFz0fSFYc
d4ebgCBLQgqibR3lOMtZIEAHpFhftcofZ93Giky6bNuT5KXecUFpeCx8zwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPX3duriQrh8YM4RT3I9BfxYLo0sMB8GA1UdIwQY
MBaAFBM+6596uhngOxNm2rCIPzZT/AO+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXo3cm4zcTZHZUE3RTJiYXNJZ19ObFA4QTc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS81ZWY5ZTAtN2EwMC00ZmNhLWJlYWEt
NjZiNjI0ZWFlNzhjLzEvOWZkMjZ1SkN1SHhnemhGUGNqMEZfRmd1alN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS81ZWY5ZTAtN2EwMC00ZmNhLWJlYWEtNjZiNjI0ZWFlNzhj
LzEvRXo3cm4zcTZHZUE3RTJiYXNJZ19ObFA4QTc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA6M
MA0GCSqGSIb3DQEBCwUAA4IBAQB/4j8L9BwLO1SKzUL4eZXLaIf+/WwhVDGdlxUC
v3pUpHZAO57D05QntgrHI6MTgc5dnfCCFTNuYAVSV5fwo1+pnnlT4TiZswHygky8
+ueuteFN7lQkjyWbJQI91m4r31UufH1dtNSrg3aQp5W9l7e64l1xdnqQJi2AsIfJ
192zFQvl7WFP/2nJ7zXGbskn/H1vGZ7Ums8K1ZWc7nZDi7oh1caym0YChXmwqMs6
y6Go6i6dvUPMFLnMNIxGpn7q+qp1gtYMY4PdOl316Vtfz2SQOjDb+FLpiYEHIvLX
EaSkFmY7beW8bU7CeYqZZ40DI9vo9wvUSRmV0AWvNKLrW9bR
-----END CERTIFICATE-----