Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/4df429-f776-4fd3-8de4-00bc903d2621/1/XtVDr_sdtbzkMH5FMXjPg7eHE24.roa
File:                     XtVDr_sdtbzkMH5FMXjPg7eHE24.roa (raw, json)
Hash identifier:          /JysPksT1UCYSbztAEQpCavysRoAh/u0l30nd+whXzM=
Subject key identifier:   5E:D5:43:AF:FB:1D:B5:BC:E4:30:7E:45:31:78:CF:83:B7:87:13:6E
Certificate issuer:       /CN=225cf0d31704b59d7eeb018548202d3a570da932
Certificate serial:       018CC8DEACA2FFE6B40AB997295E954D23CD
Authority key identifier: 22:5C:F0:D3:17:04:B5:9D:7E:EB:01:85:48:20:2D:3A:57:0D:A9:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ilzw0xcEtZ1-6wGFSCAtOlcNqTI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/4df429-f776-4fd3-8de4-00bc903d2621/1/XtVDr_sdtbzkMH5FMXjPg7eHE24.roa
Signing time:             Tue 02 Jan 2024 06:31:25 +0000
ROA not before:           Tue 02 Jan 2024 06:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1836
IP address blocks:        2001:678:810::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/4df429-f776-4fd3-8de4-00bc903d2621/1/Ilzw0xcEtZ1-6wGFSCAtOlcNqTI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/4df429-f776-4fd3-8de4-00bc903d2621/1/Ilzw0xcEtZ1-6wGFSCAtOlcNqTI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ilzw0xcEtZ1-6wGFSCAtOlcNqTI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ac:a2:ff:e6:b4:0a:b9:97:29:5e:95:4d:23:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=225cf0d31704b59d7eeb018548202d3a570da932
        Validity
            Not Before: Jan  2 06:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ed543affb1db5bce4307e453178cf83b787136e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:03:20:cb:1b:ef:7c:2d:99:f1:db:7c:12:6c:
                    dd:45:dd:5d:4b:5e:3e:72:72:7a:25:52:de:87:0f:
                    51:df:81:b2:30:16:2d:b9:79:e2:98:16:f2:38:85:
                    1f:e9:9f:59:4f:25:5b:44:70:50:02:35:30:b8:4c:
                    2a:8b:64:00:f2:e0:c5:dc:a8:1f:35:4c:3b:97:e4:
                    02:10:f0:51:6e:23:d4:ee:b2:f5:eb:8d:57:b9:78:
                    a6:1a:27:fd:7c:ff:8b:fe:75:68:04:9e:7d:8a:68:
                    71:77:8c:71:dc:fd:ff:89:6a:b2:23:c0:06:ab:ff:
                    11:98:c0:7a:b9:45:bd:c4:72:b3:1d:db:9e:91:4f:
                    e6:02:18:d0:fe:e2:3c:8d:13:25:ba:9f:69:cb:28:
                    0e:d8:54:9d:b6:22:89:04:0b:92:60:97:5d:10:80:
                    ac:48:b1:35:27:d7:dc:f1:35:18:a0:3e:14:e6:de:
                    3b:23:49:52:ed:79:95:c7:1b:71:15:3d:2c:d9:27:
                    cc:b0:52:d4:46:c7:50:82:fc:32:11:35:18:74:fd:
                    98:99:36:62:b9:71:56:42:48:ae:9d:f0:ec:16:ee:
                    e4:da:41:78:36:ca:13:b8:63:c0:17:86:5e:49:e9:
                    9f:ca:dd:70:5a:79:0a:52:61:ed:23:af:84:08:41:
                    ee:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:D5:43:AF:FB:1D:B5:BC:E4:30:7E:45:31:78:CF:83:B7:87:13:6E
            X509v3 Authority Key Identifier:
                keyid:22:5C:F0:D3:17:04:B5:9D:7E:EB:01:85:48:20:2D:3A:57:0D:A9:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ilzw0xcEtZ1-6wGFSCAtOlcNqTI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/4df429-f776-4fd3-8de4-00bc903d2621/1/XtVDr_sdtbzkMH5FMXjPg7eHE24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/4df429-f776-4fd3-8de4-00bc903d2621/1/Ilzw0xcEtZ1-6wGFSCAtOlcNqTI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:810::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:03:59:8a:d2:80:7c:52:76:34:7b:af:39:a5:62:64:f1:d3:
         2f:d8:16:e2:99:d6:34:f2:02:12:b9:ec:8c:4c:6b:05:90:9c:
         31:66:1c:4d:7d:5a:6c:3a:7c:04:c8:6c:9a:f8:b8:c2:51:25:
         83:b6:2f:f1:f5:50:89:ad:f3:b4:7d:f5:07:d6:d4:fd:d9:49:
         ec:d6:fc:1d:42:da:d4:50:c4:03:74:40:c2:8c:09:8a:10:30:
         d9:f6:b6:02:a5:6b:76:02:e3:d4:53:f9:9d:9e:54:fb:2e:7d:
         b7:27:eb:8c:e6:cc:26:55:b5:49:61:8d:0f:67:61:1a:f7:71:
         53:bf:f9:62:a5:c0:6b:4a:2a:92:88:b0:88:f7:27:2b:05:59:
         df:97:ba:e9:3c:68:3b:24:9e:08:a9:d7:8d:58:f8:ca:7b:c8:
         42:5c:0e:89:3f:5b:51:b4:2f:de:41:b4:93:62:82:ff:9d:24:
         92:6f:cd:86:17:7b:13:ea:e8:c5:f6:1e:c8:14:a3:68:87:17:
         ea:00:b7:73:01:ef:04:8e:0a:17:8f:97:4a:42:49:0a:74:6e:
         c5:67:7c:cb:e2:4e:4a:4c:0d:c5:28:98:91:67:be:38:ea:f4:
         f6:4f:11:2f:fb:f5:46:3c:0a:16:c3:9d:17:d1:73:1f:b8:a3:
         24:8a:39:be
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI3qyi/+a0CrmXKV6VTSPNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyNWNmMGQzMTcwNGI1OWQ3ZWViMDE4NTQ4MjAyZDNhNTcw
ZGE5MzIwHhcNMjQwMTAyMDYzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWQ1NDNhZmZiMWRiNWJjZTQzMDdlNDUzMTc4Y2Y4M2I3ODcxMzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwMgyxvvfC2Z8dt8EmzdRd1dS14+
cnJ6JVLehw9R34GyMBYtuXnimBbyOIUf6Z9ZTyVbRHBQAjUwuEwqi2QA8uDF3Kgf
NUw7l+QCEPBRbiPU7rL1641XuXimGif9fP+L/nVoBJ59imhxd4xx3P3/iWqyI8AG
q/8RmMB6uUW9xHKzHduekU/mAhjQ/uI8jRMlup9pyygO2FSdtiKJBAuSYJddEICs
SLE1J9fc8TUYoD4U5t47I0lS7XmVxxtxFT0s2SfMsFLURsdQgvwyETUYdP2YmTZi
uXFWQkiunfDsFu7k2kF4NsoTuGPAF4ZeSemfyt1wWnkKUmHtI6+ECEHuewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF7VQ6/7HbW85DB+RTF4z4O3hxNuMB8GA1UdIwQY
MBaAFCJc8NMXBLWdfusBhUggLTpXDakyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWx6dzB4Y0V0WjEtNndHRlNDQXRPbGNOcVRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS80ZGY0MjktZjc3Ni00ZmQzLThkZTQt
MDBiYzkwM2QyNjIxLzEvWHRWRHJfc2R0YnprTUg1Rk1YalBnN2VIRTI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS80ZGY0MjktZjc3Ni00ZmQzLThkZTQtMDBiYzkwM2QyNjIx
LzEvSWx6dzB4Y0V0WjEtNndHRlNDQXRPbGNOcVRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAgQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBzA1mK0oB8UnY0e685pWJk8dMv2BbimdY08gIS
ueyMTGsFkJwxZhxNfVpsOnwEyGya+LjCUSWDti/x9VCJrfO0ffUH1tT92Uns1vwd
QtrUUMQDdEDCjAmKEDDZ9rYCpWt2AuPUU/mdnlT7Ln23J+uM5swmVbVJYY0PZ2Ea
93FTv/lipcBrSiqSiLCI9ycrBVnfl7rpPGg7JJ4IqdeNWPjKe8hCXA6JP1tRtC/e
QbSTYoL/nSSSb82GF3sT6ujF9h7IFKNohxfqALdzAe8EjgoXj5dKQkkKdG7FZ3zL
4k5KTA3FKJiRZ7446vT2TxEv+/VGPAoWw50X0XMfuKMkijm+
-----END CERTIFICATE-----