Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/cc8ffe-36b4-4c80-a907-aeaa9df01a9d/1/XgLe25af1c62D1H_ojEozMq7op4.roa
File:                     XgLe25af1c62D1H_ojEozMq7op4.roa (raw, json)
Hash identifier:          svJI79kaRCShfto3Q8yIVwe42sSE8csxYyjqqMwQLrY=
Subject key identifier:   5E:02:DE:DB:96:9F:D5:CE:B6:0F:51:FF:A2:31:28:CC:CA:BB:A2:9E
Certificate issuer:       /CN=c024bdbded6e5d2fe0fb526500b3ff87665b600e
Certificate serial:       018CCA2B207AF14B9EC1F39292A5481A88F5
Authority key identifier: C0:24:BD:BD:ED:6E:5D:2F:E0:FB:52:65:00:B3:FF:87:66:5B:60:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wCS9ve1uXS_g-1JlALP_h2ZbYA4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/cc8ffe-36b4-4c80-a907-aeaa9df01a9d/1/XgLe25af1c62D1H_ojEozMq7op4.roa
Signing time:             Tue 02 Jan 2024 12:34:33 +0000
ROA not before:           Tue 02 Jan 2024 12:34:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208818
IP address blocks:        2001:67c:277c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/cc8ffe-36b4-4c80-a907-aeaa9df01a9d/1/wCS9ve1uXS_g-1JlALP_h2ZbYA4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/cc8ffe-36b4-4c80-a907-aeaa9df01a9d/1/wCS9ve1uXS_g-1JlALP_h2ZbYA4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wCS9ve1uXS_g-1JlALP_h2ZbYA4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:20:7a:f1:4b:9e:c1:f3:92:92:a5:48:1a:88:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c024bdbded6e5d2fe0fb526500b3ff87665b600e
        Validity
            Not Before: Jan  2 12:34:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e02dedb969fd5ceb60f51ffa23128cccabba29e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:de:2f:da:04:5b:3a:ba:92:24:a0:48:2c:69:
                    09:f1:00:6f:a7:87:92:59:af:a2:e1:53:e3:b9:ea:
                    41:c2:51:18:36:82:d5:3f:bf:f7:1d:8f:c5:5d:d8:
                    e4:62:4f:e1:cc:43:6f:56:17:04:3e:4f:0e:f1:e9:
                    17:db:d5:90:98:68:44:ba:34:71:c4:86:44:1f:23:
                    22:bf:32:53:8a:b1:85:c8:25:fc:b9:44:f8:76:1c:
                    d5:f0:85:63:c5:90:c2:9e:29:54:2b:8d:c6:c2:fb:
                    41:9c:fe:b2:c8:b7:0a:45:1b:42:a3:8d:ea:fb:b0:
                    49:7b:8e:bf:d6:df:4f:22:a4:87:6b:31:9c:ff:3a:
                    8e:17:8a:8f:4a:bd:ae:9a:cd:07:41:fe:bc:24:15:
                    bf:8b:04:63:fa:16:92:46:27:0a:70:c5:84:b9:0c:
                    64:63:df:c6:ee:f3:e7:b0:03:e5:88:36:84:dd:c7:
                    23:07:95:e9:7f:6d:fd:23:28:f5:fa:df:d8:31:51:
                    bd:73:2b:58:7d:9e:a6:5f:45:cb:9a:cd:8c:7a:37:
                    e0:41:04:d2:8a:aa:09:96:f7:22:01:aa:df:9e:5c:
                    9a:26:82:9c:5d:b7:0e:9b:a2:99:42:82:4b:91:e6:
                    b3:84:b5:8e:f7:3d:68:77:c8:90:b1:02:85:00:f0:
                    93:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:02:DE:DB:96:9F:D5:CE:B6:0F:51:FF:A2:31:28:CC:CA:BB:A2:9E
            X509v3 Authority Key Identifier:
                keyid:C0:24:BD:BD:ED:6E:5D:2F:E0:FB:52:65:00:B3:FF:87:66:5B:60:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wCS9ve1uXS_g-1JlALP_h2ZbYA4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/cc8ffe-36b4-4c80-a907-aeaa9df01a9d/1/XgLe25af1c62D1H_ojEozMq7op4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/cc8ffe-36b4-4c80-a907-aeaa9df01a9d/1/wCS9ve1uXS_g-1JlALP_h2ZbYA4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:277c::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:f1:25:a3:11:67:a3:2a:2b:73:31:8a:37:88:5c:91:4c:d3:
         4e:a5:7b:73:e0:15:a1:1e:6e:9a:79:0e:de:da:af:f9:70:ba:
         43:aa:1f:20:92:f9:97:54:43:29:29:99:80:b3:18:c8:b5:eb:
         41:72:2c:8f:cf:34:f4:4e:55:41:59:fc:35:63:61:19:20:51:
         e7:40:1c:80:17:92:d0:9d:59:37:32:9e:d1:e7:b8:70:c6:4d:
         d0:a3:5c:a9:48:1e:c8:b9:96:d3:5a:fe:8c:f2:8a:37:5a:a4:
         49:db:80:51:2f:71:52:d4:4c:82:93:89:47:b7:d1:57:29:85:
         74:9d:75:e2:22:2c:63:01:fc:bb:b6:43:44:14:0c:2a:4c:78:
         e9:06:7d:c3:bc:44:11:ca:fc:3a:20:34:d6:43:9f:b2:c4:5a:
         c7:0a:93:fc:a6:dd:85:d3:db:df:76:3b:59:74:ae:7b:34:48:
         21:e7:4c:bd:67:d5:38:f0:f6:53:94:29:cd:a4:e8:ef:0a:30:
         6b:2a:96:22:2a:a4:9a:f2:ac:5e:3c:c3:36:71:d2:d1:3f:cb:
         84:54:28:39:79:e0:7b:97:28:9b:b7:12:c9:ee:c1:6f:9b:b7:
         e5:70:fd:4b:58:fc:75:d1:02:a3:8b:1e:bf:b7:b1:ad:1f:7e:
         d4:d0:73:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKyB68UuewfOSkqVIGoj1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwMjRiZGJkZWQ2ZTVkMmZlMGZiNTI2NTAwYjNmZjg3NjY1
YjYwMGUwHhcNMjQwMTAyMTIzNDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTAyZGVkYjk2OWZkNWNlYjYwZjUxZmZhMjMxMjhjY2NhYmJhMjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjd4v2gRbOrqSJKBILGkJ8QBvp4eS
Wa+i4VPjuepBwlEYNoLVP7/3HY/FXdjkYk/hzENvVhcEPk8O8ekX29WQmGhEujRx
xIZEHyMivzJTirGFyCX8uUT4dhzV8IVjxZDCnilUK43GwvtBnP6yyLcKRRtCo43q
+7BJe46/1t9PIqSHazGc/zqOF4qPSr2ums0HQf68JBW/iwRj+haSRicKcMWEuQxk
Y9/G7vPnsAPliDaE3ccjB5Xpf239Iyj1+t/YMVG9cytYfZ6mX0XLms2MejfgQQTS
iqoJlvciAarfnlyaJoKcXbcOm6KZQoJLkeazhLWO9z1od8iQsQKFAPCT3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF4C3tuWn9XOtg9R/6IxKMzKu6KeMB8GA1UdIwQY
MBaAFMAkvb3tbl0v4PtSZQCz/4dmW2AOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0NTOXZlMXVYU19nLTFKbEFMUF9oMlpiWUE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9jYzhmZmUtMzZiNC00YzgwLWE5MDct
YWVhYTlkZjAxYTlkLzEvWGdMZTI1YWYxYzYyRDFIX29qRW96TXE3b3A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9jYzhmZmUtMzZiNC00YzgwLWE5MDctYWVhYTlkZjAxYTlk
LzEvd0NTOXZlMXVYU19nLTFKbEFMUF9oMlpiWUE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCd8
MA0GCSqGSIb3DQEBCwUAA4IBAQCU8SWjEWejKitzMYo3iFyRTNNOpXtz4BWhHm6a
eQ7e2q/5cLpDqh8gkvmXVEMpKZmAsxjItetBciyPzzT0TlVBWfw1Y2EZIFHnQByA
F5LQnVk3Mp7R57hwxk3Qo1ypSB7IuZbTWv6M8oo3WqRJ24BRL3FS1EyCk4lHt9FX
KYV0nXXiIixjAfy7tkNEFAwqTHjpBn3DvEQRyvw6IDTWQ5+yxFrHCpP8pt2F09vf
djtZdK57NEgh50y9Z9U48PZTlCnNpOjvCjBrKpYiKqSa8qxePMM2cdLRP8uEVCg5
eeB7lyibtxLJ7sFvm7flcP1LWPx10QKjix6/t7GtH37U0HOC
-----END CERTIFICATE-----