Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/baab36-8886-4206-9e79-cc2cd7d31a26/1/Y5wOizT5hrWA8Jz7MhWicsgd8qo.roa
File:                     Y5wOizT5hrWA8Jz7MhWicsgd8qo.roa (raw, json)
Hash identifier:          fSgLMWo+G+s3B7nkPPTCquA7ljBUTZvWVbSa74E5gZM=
Subject key identifier:   63:9C:0E:8B:34:F9:86:B5:80:F0:9C:FB:32:15:A2:72:C8:1D:F2:AA
Certificate issuer:       /CN=1c7dd3c816d8596080472054348095ed2b8551e5
Certificate serial:       018CCA299B16D649C4C3D54CADA8FAE7187E
Authority key identifier: 1C:7D:D3:C8:16:D8:59:60:80:47:20:54:34:80:95:ED:2B:85:51:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HH3TyBbYWWCARyBUNICV7SuFUeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/baab36-8886-4206-9e79-cc2cd7d31a26/1/Y5wOizT5hrWA8Jz7MhWicsgd8qo.roa
Signing time:             Tue 02 Jan 2024 12:32:53 +0000
ROA not before:           Tue 02 Jan 2024 12:32:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212567
IP address blocks:        2001:678:ed0::/48 maxlen: 48
                          2001:678:e68::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/baab36-8886-4206-9e79-cc2cd7d31a26/1/HH3TyBbYWWCARyBUNICV7SuFUeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/baab36-8886-4206-9e79-cc2cd7d31a26/1/HH3TyBbYWWCARyBUNICV7SuFUeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HH3TyBbYWWCARyBUNICV7SuFUeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:9b:16:d6:49:c4:c3:d5:4c:ad:a8:fa:e7:18:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7dd3c816d8596080472054348095ed2b8551e5
        Validity
            Not Before: Jan  2 12:32:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=639c0e8b34f986b580f09cfb3215a272c81df2aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:18:e2:6e:3a:43:e7:b7:30:92:57:99:4c:35:
                    25:9e:ed:c8:1c:bf:24:19:91:6e:c9:b8:b9:f1:0a:
                    77:ed:97:b0:8d:b1:6b:49:5a:e4:1c:aa:5f:97:71:
                    61:46:50:b4:17:be:f9:9b:dc:0d:9f:f4:09:e2:f0:
                    15:86:27:90:12:db:0e:16:61:3e:a8:0a:7c:b7:a8:
                    79:db:7b:83:7b:46:e5:f1:7f:ba:88:41:c5:d4:19:
                    00:28:2e:fd:34:42:01:f2:d1:29:25:22:14:b8:78:
                    d5:4b:14:af:fa:e9:29:25:a3:7a:9a:b9:ff:fb:f0:
                    6c:e4:ae:33:91:ca:2e:62:15:49:05:d8:71:99:21:
                    81:e1:bd:87:d9:e5:d4:35:5f:b0:8b:35:d6:3b:0b:
                    35:2b:36:49:92:ee:40:ec:cd:74:e9:6b:ee:f1:ba:
                    e1:36:d4:4d:b6:2d:cb:86:51:18:4d:d7:36:83:0c:
                    da:4c:ca:f2:ef:8f:a5:f8:1a:9c:7c:de:e0:44:d5:
                    24:8b:4a:f3:c1:b2:e7:bb:39:13:a8:95:bf:52:45:
                    7d:fe:c1:f9:95:6c:8b:31:50:e6:37:ee:87:7e:fc:
                    2a:6a:3c:38:e9:ac:a6:26:83:d1:88:69:37:3f:0d:
                    68:42:08:14:cb:83:92:4b:dd:50:e4:00:82:ab:11:
                    4a:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:9C:0E:8B:34:F9:86:B5:80:F0:9C:FB:32:15:A2:72:C8:1D:F2:AA
            X509v3 Authority Key Identifier:
                keyid:1C:7D:D3:C8:16:D8:59:60:80:47:20:54:34:80:95:ED:2B:85:51:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HH3TyBbYWWCARyBUNICV7SuFUeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/baab36-8886-4206-9e79-cc2cd7d31a26/1/Y5wOizT5hrWA8Jz7MhWicsgd8qo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/baab36-8886-4206-9e79-cc2cd7d31a26/1/HH3TyBbYWWCARyBUNICV7SuFUeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:e68::/48
                  2001:678:ed0::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:bc:e8:d5:c6:4d:fa:e8:09:c1:11:b5:3f:be:df:41:74:5b:
         9d:f4:0d:7e:9a:43:92:32:91:74:ed:84:52:3d:9d:51:f1:01:
         ac:76:0b:b3:6e:a9:e7:22:31:43:3a:72:9e:ae:1e:82:85:84:
         d0:f3:19:50:a6:1c:4a:6c:5b:aa:06:a1:65:9e:6d:96:40:3b:
         e6:16:26:05:32:72:24:01:1c:d0:c0:82:1c:80:62:9b:fb:4d:
         65:94:eb:8d:3f:17:98:98:cd:c5:f3:62:42:f2:06:02:9a:a3:
         24:c4:0f:88:19:dd:30:b3:d6:49:69:3d:79:79:cc:10:90:03:
         3b:1a:9a:c9:25:be:91:f4:fc:8e:0e:ce:13:09:df:3b:6b:20:
         2f:c6:c5:b4:c2:25:f3:7f:f2:7b:fd:d7:80:a0:85:8c:63:5c:
         4e:eb:1f:96:dd:d2:02:c9:9f:79:7b:d7:11:30:62:8d:df:f0:
         08:09:80:f4:74:4a:e9:76:8c:d0:8d:26:28:45:30:65:3c:c4:
         f1:8f:2c:89:9c:ce:fb:09:7d:92:f1:18:1d:49:6f:1a:84:58:
         01:82:6a:64:e7:27:f5:ee:c2:d8:f7:cd:6a:28:22:ca:08:b7:
         5c:c8:26:64:a8:39:02:af:26:fd:96:c3:ff:9e:32:46:1e:83:
         30:38:a6:1c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKZsW1knEw9VMraj65xh+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2RkM2M4MTZkODU5NjA4MDQ3MjA1NDM0ODA5NWVkMmI4
NTUxZTUwHhcNMjQwMTAyMTIzMjUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzljMGU4YjM0Zjk4NmI1ODBmMDljZmIzMjE1YTI3MmM4MWRmMmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiBjibjpD57cwkleZTDUlnu3IHL8k
GZFuybi58Qp37ZewjbFrSVrkHKpfl3FhRlC0F775m9wNn/QJ4vAVhieQEtsOFmE+
qAp8t6h523uDe0bl8X+6iEHF1BkAKC79NEIB8tEpJSIUuHjVSxSv+ukpJaN6mrn/
+/Bs5K4zkcouYhVJBdhxmSGB4b2H2eXUNV+wizXWOws1KzZJku5A7M106Wvu8brh
NtRNti3LhlEYTdc2gwzaTMry74+l+BqcfN7gRNUki0rzwbLnuzkTqJW/UkV9/sH5
lWyLMVDmN+6Hfvwqajw46aymJoPRiGk3Pw1oQggUy4OSS91Q5ACCqxFKFwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGOcDos0+Ya1gPCc+zIVonLIHfKqMB8GA1UdIwQY
MBaAFBx908gW2FlggEcgVDSAle0rhVHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEgzVHlCYllXV0NBUnlCVU5JQ1Y3U3VGVWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9iYWFiMzYtODg4Ni00MjA2LTllNzkt
Y2MyY2Q3ZDMxYTI2LzEvWTV3T2l6VDVocldBOEp6N01oV2ljc2dkOHFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9iYWFiMzYtODg4Ni00MjA2LTllNzktY2MyY2Q3ZDMxYTI2
LzEvSEgzVHlCYllXV0NBUnlCVU5JQ1Y3U3VGVWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGeA5o
AwcAIAEGeA7QMA0GCSqGSIb3DQEBCwUAA4IBAQBYvOjVxk366AnBEbU/vt9BdFud
9A1+mkOSMpF07YRSPZ1R8QGsdguzbqnnIjFDOnKerh6ChYTQ8xlQphxKbFuqBqFl
nm2WQDvmFiYFMnIkARzQwIIcgGKb+01llOuNPxeYmM3F82JC8gYCmqMkxA+IGd0w
s9ZJaT15ecwQkAM7GprJJb6R9PyODs4TCd87ayAvxsW0wiXzf/J7/deAoIWMY1xO
6x+W3dICyZ95e9cRMGKN3/AICYD0dErpdozQjSYoRTBlPMTxjyyJnM77CX2S8Rgd
SW8ahFgBgmpk5yf17sLY981qKCLKCLdcyCZkqDkCryb9lsP/njJGHoMwOKYc
-----END CERTIFICATE-----