Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/a2ffd4-2382-4ca2-8603-44d92de438c9/1/Of55SB9MKsB9HBMm1LuhWTTuT_0.roa
File:                     Of55SB9MKsB9HBMm1LuhWTTuT_0.roa (raw, json)
Hash identifier:          sF2+SjieiaMXb9Oi9MqiqtzI6BnaAS3pxmxl4O8p6H4=
Subject key identifier:   39:FE:79:48:1F:4C:2A:C0:7D:1C:13:26:D4:BB:A1:59:34:EE:4F:FD
Certificate issuer:       /CN=c8c1dcf4c023467db3bf2eef3dd15b2efeeb2bd7
Certificate serial:       018D9972D2BBDB6D14E02FF96F44B9253666
Authority key identifier: C8:C1:DC:F4:C0:23:46:7D:B3:BF:2E:EF:3D:D1:5B:2E:FE:EB:2B:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yMHc9MAjRn2zvy7vPdFbLv7rK9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/a2ffd4-2382-4ca2-8603-44d92de438c9/1/Of55SB9MKsB9HBMm1LuhWTTuT_0.roa
Signing time:             Sun 11 Feb 2024 18:34:15 +0000
ROA not before:           Sun 11 Feb 2024 18:34:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49581
IP address blocks:        2001:678:90c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/a2ffd4-2382-4ca2-8603-44d92de438c9/1/yMHc9MAjRn2zvy7vPdFbLv7rK9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/a2ffd4-2382-4ca2-8603-44d92de438c9/1/yMHc9MAjRn2zvy7vPdFbLv7rK9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yMHc9MAjRn2zvy7vPdFbLv7rK9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 15:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:99:72:d2:bb:db:6d:14:e0:2f:f9:6f:44:b9:25:36:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8c1dcf4c023467db3bf2eef3dd15b2efeeb2bd7
        Validity
            Not Before: Feb 11 18:34:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39fe79481f4c2ac07d1c1326d4bba15934ee4ffd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:f1:a3:55:a8:8a:05:6a:b4:6b:1e:19:e7:43:
                    7d:04:4d:40:03:db:cb:78:18:ee:04:81:9c:7e:00:
                    67:d5:39:59:8d:44:70:49:26:f4:f0:4e:2d:80:49:
                    a4:e3:9b:cc:7f:a7:98:5d:41:f4:5f:c2:86:9e:cd:
                    99:b9:ca:c3:07:35:c3:7d:0a:1c:99:05:f5:aa:fe:
                    b3:57:86:e5:40:ce:e9:dc:a9:a7:46:f3:11:76:af:
                    0a:a6:e0:d9:36:51:6c:e8:db:bd:9a:cd:c6:56:23:
                    6e:4d:66:6d:22:e3:9f:bf:d8:90:03:e1:56:6c:95:
                    32:66:bb:12:e4:eb:0d:2b:fc:da:9f:86:cd:1a:ad:
                    cf:7c:5c:86:8a:9b:dd:bb:10:79:93:de:d7:cd:c1:
                    8f:8e:d7:4b:88:8f:23:3b:e0:3e:91:a8:ba:c8:3d:
                    2e:36:d1:26:08:5f:4d:57:85:af:09:02:ad:21:c8:
                    c1:d2:cc:a6:0c:40:12:b2:03:02:35:a5:ca:dd:27:
                    78:f0:ee:4a:e9:8a:d3:70:ef:98:ee:d2:f1:2d:58:
                    a3:9d:97:ce:e3:63:9e:e0:23:cb:20:7f:fc:d6:3f:
                    e0:2f:59:83:92:0e:9b:84:0c:89:36:d9:e0:01:c8:
                    c7:c6:b7:db:3b:8b:b0:e4:cb:c9:49:a8:05:9a:2a:
                    ad:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:FE:79:48:1F:4C:2A:C0:7D:1C:13:26:D4:BB:A1:59:34:EE:4F:FD
            X509v3 Authority Key Identifier:
                keyid:C8:C1:DC:F4:C0:23:46:7D:B3:BF:2E:EF:3D:D1:5B:2E:FE:EB:2B:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yMHc9MAjRn2zvy7vPdFbLv7rK9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/a2ffd4-2382-4ca2-8603-44d92de438c9/1/Of55SB9MKsB9HBMm1LuhWTTuT_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/a2ffd4-2382-4ca2-8603-44d92de438c9/1/yMHc9MAjRn2zvy7vPdFbLv7rK9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:90c::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:ea:c4:d3:9c:dd:8a:12:73:a7:e3:c8:f4:ba:53:9d:4e:8d:
         c2:96:2b:24:eb:de:ba:1c:f9:d1:8b:4d:cd:40:c7:0f:4b:aa:
         c3:69:a8:de:9c:4f:7f:25:6c:9d:24:35:42:e0:7c:17:4b:24:
         5c:ff:a8:23:72:78:de:d4:76:43:be:e6:a5:bc:61:50:2c:ca:
         c0:eb:08:16:f1:ef:e2:e2:42:07:64:23:c6:8b:68:cf:ce:68:
         50:46:9d:89:7c:f3:cc:6f:43:22:4a:88:43:05:54:88:9a:40:
         1d:f6:0f:66:ce:5a:27:50:bb:fc:8c:d4:2a:d9:56:0b:3b:ea:
         3a:f4:6d:61:54:12:09:ee:1a:94:a4:cf:3f:26:6b:0e:37:6d:
         39:0d:a5:81:4c:61:a9:50:33:08:79:4f:37:18:68:14:31:60:
         73:2c:04:32:83:75:0e:c9:c9:e2:15:53:ec:71:e5:18:db:75:
         88:2a:1f:94:a0:a8:32:5f:0f:7c:93:51:46:13:52:d5:e2:c2:
         1b:31:5d:7a:1b:df:cf:4e:8d:ed:96:19:ab:88:48:69:05:82:
         c6:91:12:c9:a0:3d:54:f3:90:d0:78:b9:18:24:0d:90:39:30:
         1c:4a:6f:6c:32:a9:12:7b:e7:ed:0b:19:a7:90:d2:0e:0e:30:
         2e:88:25:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2ZctK7220U4C/5b0S5JTZmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4YzFkY2Y0YzAyMzQ2N2RiM2JmMmVlZjNkZDE1YjJlZmVl
YjJiZDcwHhcNMjQwMjExMTgzNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWZlNzk0ODFmNGMyYWMwN2QxYzEzMjZkNGJiYTE1OTM0ZWU0ZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfGjVaiKBWq0ax4Z50N9BE1AA9vL
eBjuBIGcfgBn1TlZjURwSSb08E4tgEmk45vMf6eYXUH0X8KGns2ZucrDBzXDfQoc
mQX1qv6zV4blQM7p3KmnRvMRdq8KpuDZNlFs6Nu9ms3GViNuTWZtIuOfv9iQA+FW
bJUyZrsS5OsNK/zan4bNGq3PfFyGipvduxB5k97XzcGPjtdLiI8jO+A+kai6yD0u
NtEmCF9NV4WvCQKtIcjB0symDEASsgMCNaXK3Sd48O5K6YrTcO+Y7tLxLVijnZfO
42Oe4CPLIH/81j/gL1mDkg6bhAyJNtngAcjHxrfbO4uw5MvJSagFmiqtNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDn+eUgfTCrAfRwTJtS7oVk07k/9MB8GA1UdIwQY
MBaAFMjB3PTAI0Z9s78u7z3RWy7+6yvXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU1IYzlNQWpSbjJ6dnk3dlBkRmJMdjdySzljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9hMmZmZDQtMjM4Mi00Y2EyLTg2MDMt
NDRkOTJkZTQzOGM5LzEvT2Y1NVNCOU1Lc0I5SEJNbTFMdWhXVFR1VF8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9hMmZmZDQtMjM4Mi00Y2EyLTg2MDMtNDRkOTJkZTQzOGM5
LzEveU1IYzlNQWpSbjJ6dnk3dlBkRmJMdjdySzljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAkM
MA0GCSqGSIb3DQEBCwUAA4IBAQAH6sTTnN2KEnOn48j0ulOdTo3Clisk6966HPnR
i03NQMcPS6rDaajenE9/JWydJDVC4HwXSyRc/6gjcnje1HZDvualvGFQLMrA6wgW
8e/i4kIHZCPGi2jPzmhQRp2JfPPMb0MiSohDBVSImkAd9g9mzlonULv8jNQq2VYL
O+o69G1hVBIJ7hqUpM8/JmsON205DaWBTGGpUDMIeU83GGgUMWBzLAQyg3UOycni
FVPsceUY23WIKh+UoKgyXw98k1FGE1LV4sIbMV16G9/PTo3tlhmriEhpBYLGkRLJ
oD1U85DQeLkYJA2QOTAcSm9sMqkSe+ftCxmnkNIODjAuiCUj
-----END CERTIFICATE-----