Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/0fde38-e9b9-4b69-b414-30c1c5a080d9/1/5YyMypA-wswjIPl18LqPNpNiTzA.roa
File:                     5YyMypA-wswjIPl18LqPNpNiTzA.roa (raw, json)
Hash identifier:          C0nf2TLobWYopm1gjQlaLmQ0mSdnWSYhdyn3pdrrNZY=
Subject key identifier:   E5:8C:8C:CA:90:3E:C2:CC:23:20:F9:75:F0:BA:8F:36:93:62:4F:30
Certificate issuer:       /CN=d36be6f075400d305a16dde690e25cbd94645cbe
Certificate serial:       018CC5DC62A7E2290BC0179BA72F8FDB2161
Authority key identifier: D3:6B:E6:F0:75:40:0D:30:5A:16:DD:E6:90:E2:5C:BD:94:64:5C:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/02vm8HVADTBaFt3mkOJcvZRkXL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/0fde38-e9b9-4b69-b414-30c1c5a080d9/1/5YyMypA-wswjIPl18LqPNpNiTzA.roa
Signing time:             Mon 01 Jan 2024 16:30:03 +0000
ROA not before:           Mon 01 Jan 2024 16:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213330
IP address blocks:        2001:678:d20::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/0fde38-e9b9-4b69-b414-30c1c5a080d9/1/02vm8HVADTBaFt3mkOJcvZRkXL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/0fde38-e9b9-4b69-b414-30c1c5a080d9/1/02vm8HVADTBaFt3mkOJcvZRkXL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/02vm8HVADTBaFt3mkOJcvZRkXL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:62:a7:e2:29:0b:c0:17:9b:a7:2f:8f:db:21:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d36be6f075400d305a16dde690e25cbd94645cbe
        Validity
            Not Before: Jan  1 16:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e58c8cca903ec2cc2320f975f0ba8f3693624f30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:88:42:f5:c9:22:96:10:15:9f:ae:90:95:80:
                    bb:67:76:1c:8b:6e:78:df:5a:f6:36:f3:bd:1f:96:
                    11:82:eb:c8:6b:70:18:35:f3:06:1a:b2:4b:7a:1f:
                    01:11:fb:55:b7:36:b3:74:20:92:9d:e8:f7:b5:f8:
                    f4:ac:60:ee:66:b8:71:31:68:87:79:b9:2e:36:53:
                    e0:c6:7c:d3:d5:60:92:df:ac:59:cb:1a:de:0c:7d:
                    4f:2d:2b:7c:51:0d:e1:b4:39:d4:b0:21:1d:09:b6:
                    52:c6:6e:5d:76:d2:bf:a1:36:b9:5d:a4:52:24:ae:
                    07:22:6e:97:a4:21:2e:b6:75:49:46:16:97:c0:e7:
                    86:ae:fb:8a:7d:08:1a:c7:d1:12:5b:b1:84:a8:cc:
                    9b:83:1c:af:ab:04:c6:ea:3d:88:21:0d:55:c5:6c:
                    0e:bb:d3:19:c4:e3:c8:0b:82:f0:5c:e7:3f:8d:1b:
                    a8:5a:62:48:63:67:88:ec:0d:f7:7b:3b:3a:ee:9b:
                    dc:8e:a2:de:eb:e8:44:6b:26:7d:af:31:03:6e:0a:
                    5a:e5:39:aa:e4:10:50:86:f4:1d:e5:1a:da:70:94:
                    c0:22:cd:c4:d6:cb:21:cb:8b:55:9f:a9:7a:02:e8:
                    31:9c:38:e9:17:79:ed:e2:87:ab:96:31:cc:18:a1:
                    cf:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:8C:8C:CA:90:3E:C2:CC:23:20:F9:75:F0:BA:8F:36:93:62:4F:30
            X509v3 Authority Key Identifier:
                keyid:D3:6B:E6:F0:75:40:0D:30:5A:16:DD:E6:90:E2:5C:BD:94:64:5C:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/02vm8HVADTBaFt3mkOJcvZRkXL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/0fde38-e9b9-4b69-b414-30c1c5a080d9/1/5YyMypA-wswjIPl18LqPNpNiTzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/0fde38-e9b9-4b69-b414-30c1c5a080d9/1/02vm8HVADTBaFt3mkOJcvZRkXL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d20::/48

    Signature Algorithm: sha256WithRSAEncryption
         be:43:b5:69:c2:31:ae:1d:03:92:25:2c:e4:a2:c7:76:12:6c:
         78:b1:84:0a:d6:39:f2:56:cf:c1:56:0e:94:81:5c:d0:da:e9:
         d6:0e:3f:20:35:54:ad:7f:6d:98:bb:13:74:9e:54:a7:a9:fc:
         d0:c6:23:db:b0:47:21:e4:c8:29:6e:d6:b8:18:1d:a7:1e:1f:
         e8:90:c0:d0:b9:17:eb:b8:78:82:b8:3b:c6:1f:ca:9e:47:ad:
         96:30:f5:4d:83:4d:9e:04:d8:96:93:68:05:43:8a:55:e2:35:
         3e:6e:e2:07:66:79:6a:54:8d:82:4e:62:9c:d2:e0:b7:73:9c:
         0a:7a:ef:c6:16:82:7b:0d:30:e3:60:37:6c:8a:91:7e:35:ce:
         34:32:ba:5c:3e:b6:a5:51:6c:59:43:46:06:8d:1a:a2:60:49:
         9d:79:f7:c6:2f:ce:0c:65:32:a2:1a:7e:8c:e9:11:34:8a:c7:
         69:c9:4f:19:db:90:cb:68:69:c5:f4:62:87:02:30:2a:ab:ad:
         b9:bc:2d:3a:db:90:12:da:64:90:b9:5e:d8:03:30:95:cc:fc:
         50:0d:57:30:4d:fb:e7:0d:cb:7f:b7:9e:bb:20:a6:cc:f9:fe:
         36:66:54:aa:9f:2b:06:e7:da:12:dd:27:fa:4b:e3:97:67:fc:
         e3:ad:87:f3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3GKn4ikLwBebpy+P2yFhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNmJlNmYwNzU0MDBkMzA1YTE2ZGRlNjkwZTI1Y2JkOTQ2
NDVjYmUwHhcNMjQwMTAxMTYzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNThjOGNjYTkwM2VjMmNjMjMyMGY5NzVmMGJhOGYzNjkzNjI0ZjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4hC9ckilhAVn66QlYC7Z3Yci254
31r2NvO9H5YRguvIa3AYNfMGGrJLeh8BEftVtzazdCCSnej3tfj0rGDuZrhxMWiH
ebkuNlPgxnzT1WCS36xZyxreDH1PLSt8UQ3htDnUsCEdCbZSxm5ddtK/oTa5XaRS
JK4HIm6XpCEutnVJRhaXwOeGrvuKfQgax9ESW7GEqMybgxyvqwTG6j2IIQ1VxWwO
u9MZxOPIC4LwXOc/jRuoWmJIY2eI7A33ezs67pvcjqLe6+hEayZ9rzEDbgpa5Tmq
5BBQhvQd5RracJTAIs3E1sshy4tVn6l6AugxnDjpF3nt4oerljHMGKHP0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOWMjMqQPsLMIyD5dfC6jzaTYk8wMB8GA1UdIwQY
MBaAFNNr5vB1QA0wWhbd5pDiXL2UZFy+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDJ2bThIVkFEVEJhRnQzbWtPSmN2WlJrWEw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8wZmRlMzgtZTliOS00YjY5LWI0MTQt
MzBjMWM1YTA4MGQ5LzEvNVl5TXlwQS13c3dqSVBsMThMcVBOcE5pVHpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8wZmRlMzgtZTliOS00YjY5LWI0MTQtMzBjMWM1YTA4MGQ5
LzEvMDJ2bThIVkFEVEJhRnQzbWtPSmN2WlJrWEw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA0g
MA0GCSqGSIb3DQEBCwUAA4IBAQC+Q7VpwjGuHQOSJSzkosd2Emx4sYQK1jnyVs/B
Vg6UgVzQ2unWDj8gNVStf22YuxN0nlSnqfzQxiPbsEch5Mgpbta4GB2nHh/okMDQ
uRfruHiCuDvGH8qeR62WMPVNg02eBNiWk2gFQ4pV4jU+buIHZnlqVI2CTmKc0uC3
c5wKeu/GFoJ7DTDjYDdsipF+Nc40MrpcPralUWxZQ0YGjRqiYEmdeffGL84MZTKi
Gn6M6RE0isdpyU8Z25DLaGnF9GKHAjAqq625vC0625AS2mSQuV7YAzCVzPxQDVcw
TfvnDct/t567IKbM+f42ZlSqnysG59oS3Sf6S+OXZ/zjrYfz
-----END CERTIFICATE-----