Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/bbb1c6-9f91-4346-b616-c2dc7a058e30/1/0yAUXLNTaL2gPAHZCC0ACAkiiZQ.roa
File:                     0yAUXLNTaL2gPAHZCC0ACAkiiZQ.roa (raw, json)
Hash identifier:          DDEVjBEWu/DIWshghZTipjlXJu5RP824AxMwo3ksFmY=
Subject key identifier:   D3:20:14:5C:B3:53:68:BD:A0:3C:01:D9:08:2D:00:08:09:22:89:94
Certificate issuer:       /CN=061bb0916c853801f22ce723bc2cc418869db7d0
Certificate serial:       018CC34925AE83327A29801FF45A80567A5A
Authority key identifier: 06:1B:B0:91:6C:85:38:01:F2:2C:E7:23:BC:2C:C4:18:86:9D:B7:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BhuwkWyFOAHyLOcjvCzEGIadt9A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/bbb1c6-9f91-4346-b616-c2dc7a058e30/1/0yAUXLNTaL2gPAHZCC0ACAkiiZQ.roa
Signing time:             Mon 01 Jan 2024 04:29:59 +0000
ROA not before:           Mon 01 Jan 2024 04:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25098
IP address blocks:        2001:678:b04::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/bbb1c6-9f91-4346-b616-c2dc7a058e30/1/BhuwkWyFOAHyLOcjvCzEGIadt9A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/bbb1c6-9f91-4346-b616-c2dc7a058e30/1/BhuwkWyFOAHyLOcjvCzEGIadt9A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BhuwkWyFOAHyLOcjvCzEGIadt9A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:25:ae:83:32:7a:29:80:1f:f4:5a:80:56:7a:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=061bb0916c853801f22ce723bc2cc418869db7d0
        Validity
            Not Before: Jan  1 04:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d320145cb35368bda03c01d9082d000809228994
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f7:e3:48:81:06:95:e0:cd:1c:fe:44:66:a4:
                    24:37:17:5e:13:87:86:61:4f:6c:e5:9e:12:7e:f5:
                    78:4f:46:52:87:3b:ae:ec:7b:56:b3:0e:b0:a2:76:
                    3f:05:c3:6f:6e:3f:80:0c:1e:22:bc:4b:17:11:08:
                    9c:c3:92:1f:5c:33:15:0a:9b:e4:01:2a:4e:cd:0e:
                    17:2a:89:96:18:99:2f:c7:0d:ac:54:5c:57:03:1f:
                    9a:4d:92:1d:29:a4:db:f1:2d:7f:46:6e:09:78:da:
                    bb:b5:a0:ab:76:58:12:69:20:4c:10:6c:bb:7e:53:
                    3d:9c:9c:e0:2c:4b:58:ff:6d:a1:3b:f0:db:8d:4b:
                    70:c0:de:7c:94:5b:00:3b:00:65:6a:c7:55:ef:27:
                    71:91:20:25:cd:97:b0:3c:37:a7:6e:58:c9:06:67:
                    9f:07:11:51:c1:db:ca:ce:0e:f4:28:09:b0:96:a0:
                    c2:33:b8:4e:67:55:d5:35:17:be:02:3e:8f:e1:18:
                    ef:97:65:d0:55:06:af:57:c6:9d:e9:70:35:85:00:
                    59:01:d8:72:91:32:c4:1e:7f:6b:2d:6b:e9:3c:24:
                    fc:a4:da:dc:ed:2a:fe:a3:f8:03:47:fd:a7:9c:12:
                    3b:d9:02:8a:b6:0a:4f:21:3d:42:49:4e:2e:a2:4b:
                    07:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:20:14:5C:B3:53:68:BD:A0:3C:01:D9:08:2D:00:08:09:22:89:94
            X509v3 Authority Key Identifier:
                keyid:06:1B:B0:91:6C:85:38:01:F2:2C:E7:23:BC:2C:C4:18:86:9D:B7:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BhuwkWyFOAHyLOcjvCzEGIadt9A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/bbb1c6-9f91-4346-b616-c2dc7a058e30/1/0yAUXLNTaL2gPAHZCC0ACAkiiZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/bbb1c6-9f91-4346-b616-c2dc7a058e30/1/BhuwkWyFOAHyLOcjvCzEGIadt9A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:b04::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:85:82:b1:b4:1c:64:02:36:c6:ec:c1:60:98:43:0c:e4:ef:
         df:b7:88:67:14:15:39:fa:57:ff:aa:84:c1:16:2e:2a:8f:5d:
         53:2d:68:35:8f:38:7f:2c:72:00:c0:11:e6:b0:4a:d1:a1:eb:
         34:a6:7a:db:4a:ac:31:99:90:5a:67:f6:ac:ba:f6:55:69:27:
         16:1d:47:e7:2f:e7:4e:f7:f1:d8:18:24:e0:74:8d:20:ca:a6:
         d5:62:fb:6a:b9:a2:4f:29:0b:9f:b2:eb:3b:44:40:43:50:67:
         9f:5a:5c:49:e2:07:e2:e5:10:6e:27:95:71:3b:47:c5:77:56:
         10:9c:93:7b:55:8e:e3:ec:ce:55:45:d8:26:7e:7b:52:81:91:
         83:07:62:38:bd:80:bd:74:85:7c:03:02:df:b8:73:f4:f5:3b:
         dd:1e:7f:2f:dc:6b:93:77:6e:89:33:6c:1b:df:43:7b:66:78:
         25:c7:99:3a:91:1e:02:bf:b9:a6:0f:a4:3c:ed:c0:d5:12:cd:
         58:d0:62:22:6c:4e:f5:93:b1:c4:27:46:42:7e:7e:81:ad:8f:
         07:77:50:0f:ac:45:87:05:3c:39:72:69:6e:61:7e:40:c8:f9:
         3e:a3:2d:d2:13:6f:64:e4:0c:c9:df:05:07:4f:84:dd:34:d1:
         5a:bc:5c:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSSWugzJ6KYAf9FqAVnpaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MWJiMDkxNmM4NTM4MDFmMjJjZTcyM2JjMmNjNDE4ODY5
ZGI3ZDAwHhcNMjQwMTAxMDQyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzIwMTQ1Y2IzNTM2OGJkYTAzYzAxZDkwODJkMDAwODA5MjI4OTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvfjSIEGleDNHP5EZqQkNxdeE4eG
YU9s5Z4SfvV4T0ZShzuu7HtWsw6wonY/BcNvbj+ADB4ivEsXEQicw5IfXDMVCpvk
ASpOzQ4XKomWGJkvxw2sVFxXAx+aTZIdKaTb8S1/Rm4JeNq7taCrdlgSaSBMEGy7
flM9nJzgLEtY/22hO/DbjUtwwN58lFsAOwBlasdV7ydxkSAlzZewPDenbljJBmef
BxFRwdvKzg70KAmwlqDCM7hOZ1XVNRe+Aj6P4Rjvl2XQVQavV8ad6XA1hQBZAdhy
kTLEHn9rLWvpPCT8pNrc7Sr+o/gDR/2nnBI72QKKtgpPIT1CSU4uoksHoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNMgFFyzU2i9oDwB2QgtAAgJIomUMB8GA1UdIwQY
MBaAFAYbsJFshTgB8iznI7wsxBiGnbfQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmh1d2tXeUZPQUh5TE9janZDekVHSWFkdDlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iYmIxYzYtOWY5MS00MzQ2LWI2MTYt
YzJkYzdhMDU4ZTMwLzEvMHlBVVhMTlRhTDJnUEFIWkNDMEFDQWtpaVpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iYmIxYzYtOWY5MS00MzQ2LWI2MTYtYzJkYzdhMDU4ZTMw
LzEvQmh1d2tXeUZPQUh5TE9janZDekVHSWFkdDlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAsE
MA0GCSqGSIb3DQEBCwUAA4IBAQB7hYKxtBxkAjbG7MFgmEMM5O/ft4hnFBU5+lf/
qoTBFi4qj11TLWg1jzh/LHIAwBHmsErRoes0pnrbSqwxmZBaZ/asuvZVaScWHUfn
L+dO9/HYGCTgdI0gyqbVYvtquaJPKQufsus7REBDUGefWlxJ4gfi5RBuJ5VxO0fF
d1YQnJN7VY7j7M5VRdgmfntSgZGDB2I4vYC9dIV8AwLfuHP09TvdHn8v3GuTd26J
M2wb30N7Znglx5k6kR4Cv7mmD6Q87cDVEs1Y0GIibE71k7HEJ0ZCfn6BrY8Hd1AP
rEWHBTw5cmluYX5AyPk+oy3SE29k5AzJ3wUHT4TdNNFavFxM
-----END CERTIFICATE-----