Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/da4dd9-594d-456c-9f71-76a194554b05/1/xfklWPccq07hGEXg7TlS-PEm7TY.roa
File:                     xfklWPccq07hGEXg7TlS-PEm7TY.roa (raw, json)
Hash identifier:          dkyLEMb8YMytuJxEOC8Tvk+ZVoYaGttDD7a4tKtP3XU=
Subject key identifier:   C5:F9:25:58:F7:1C:AB:4E:E1:18:45:E0:ED:39:52:F8:F1:26:ED:36
Certificate issuer:       /CN=d843f1aa0498d84f795323c1ff6bae3af40206d1
Certificate serial:       018CC7273E566331E37860E7BD23DB6C0775
Authority key identifier: D8:43:F1:AA:04:98:D8:4F:79:53:23:C1:FF:6B:AE:3A:F4:02:06:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2EPxqgSY2E95UyPB_2uuOvQCBtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/da4dd9-594d-456c-9f71-76a194554b05/1/xfklWPccq07hGEXg7TlS-PEm7TY.roa
Signing time:             Mon 01 Jan 2024 22:31:27 +0000
ROA not before:           Mon 01 Jan 2024 22:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208584
IP address blocks:        2001:678:ab4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/da4dd9-594d-456c-9f71-76a194554b05/1/2EPxqgSY2E95UyPB_2uuOvQCBtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/da4dd9-594d-456c-9f71-76a194554b05/1/2EPxqgSY2E95UyPB_2uuOvQCBtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2EPxqgSY2E95UyPB_2uuOvQCBtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3e:56:63:31:e3:78:60:e7:bd:23:db:6c:07:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d843f1aa0498d84f795323c1ff6bae3af40206d1
        Validity
            Not Before: Jan  1 22:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5f92558f71cab4ee11845e0ed3952f8f126ed36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:82:78:b6:93:88:82:67:99:7d:e8:8c:43:23:
                    74:ce:9d:33:93:f5:36:83:3b:59:a8:bb:f3:2d:ec:
                    30:2c:b4:93:fa:d8:d8:06:29:ce:56:1d:aa:49:21:
                    6a:43:32:5d:37:4e:9b:eb:99:81:91:06:37:d4:cf:
                    c0:0a:dd:c8:ee:46:2f:85:16:80:45:65:2b:11:a0:
                    cd:6f:f7:b8:48:23:fd:6e:6f:e7:65:ab:5b:54:b3:
                    f7:13:83:9e:87:d1:8a:f7:7a:6a:86:6f:11:13:32:
                    ec:a8:69:a9:3b:5e:58:6b:42:fe:da:71:d4:71:54:
                    05:7f:d2:a5:90:1b:f4:93:82:15:c9:0e:61:34:8d:
                    1b:23:be:76:46:43:81:ec:34:0c:43:aa:81:f0:66:
                    14:ad:3b:69:37:96:6f:d3:28:1e:dd:c7:6b:f5:fe:
                    54:08:3d:42:e7:48:19:a2:e5:99:13:cd:d5:1e:67:
                    a2:78:2f:8f:00:66:3e:c3:c1:77:23:23:8e:9e:c6:
                    53:97:64:23:62:e1:a3:6d:4d:10:93:2c:8c:be:0f:
                    07:f2:6c:14:be:a2:d7:6e:d6:b4:bc:a7:48:73:db:
                    c3:e9:9e:79:26:76:c2:95:50:c0:97:78:d2:97:50:
                    41:98:57:71:55:cc:f8:fa:97:14:d9:f3:e9:ae:f5:
                    e3:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:F9:25:58:F7:1C:AB:4E:E1:18:45:E0:ED:39:52:F8:F1:26:ED:36
            X509v3 Authority Key Identifier:
                keyid:D8:43:F1:AA:04:98:D8:4F:79:53:23:C1:FF:6B:AE:3A:F4:02:06:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2EPxqgSY2E95UyPB_2uuOvQCBtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/da4dd9-594d-456c-9f71-76a194554b05/1/xfklWPccq07hGEXg7TlS-PEm7TY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/da4dd9-594d-456c-9f71-76a194554b05/1/2EPxqgSY2E95UyPB_2uuOvQCBtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:ab4::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:2f:e0:8d:8c:c2:1a:bb:6c:e6:8e:46:7a:5d:a5:a9:9b:17:
         9a:1f:f2:8c:91:b8:9d:bb:aa:2b:79:e9:7a:45:f4:37:7e:1a:
         9f:72:a9:81:c0:31:59:b8:d7:6d:b9:cd:18:93:40:84:66:10:
         c1:22:3c:69:dd:8e:11:10:a3:d4:62:a9:9a:01:b4:a9:ba:7b:
         b8:52:5b:57:78:d8:19:7a:60:47:e6:51:20:97:25:00:82:2f:
         9c:70:d7:e3:2b:01:80:e5:2f:3d:1b:50:64:76:e7:b8:f0:c8:
         cf:88:89:06:e4:75:e9:2e:6e:5a:71:3b:51:a5:36:2c:45:70:
         4d:87:10:63:e9:28:60:85:73:a0:88:a5:6c:b8:36:43:dc:02:
         ab:cd:07:6d:06:83:8f:56:a0:ab:df:f8:25:01:7c:a7:73:c0:
         68:25:33:be:00:43:1e:27:3c:19:63:41:cc:42:c4:72:8f:8e:
         d3:76:e4:23:98:a6:7e:4f:d6:07:11:66:08:3a:12:2b:f9:0a:
         8b:5e:32:34:fe:e0:47:e0:c4:69:65:d6:00:b1:f1:4f:e8:3e:
         c1:2a:08:70:97:4e:29:92:24:bc:ec:39:18:68:75:5c:a9:57:
         30:33:44:f3:48:67:ba:7f:7b:b9:73:a4:e6:20:6e:19:66:fd:
         7b:3d:00:7e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJz5WYzHjeGDnvSPbbAd1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4NDNmMWFhMDQ5OGQ4NGY3OTUzMjNjMWZmNmJhZTNhZjQw
MjA2ZDEwHhcNMjQwMTAxMjIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWY5MjU1OGY3MWNhYjRlZTExODQ1ZTBlZDM5NTJmOGYxMjZlZDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIJ4tpOIgmeZfeiMQyN0zp0zk/U2
gztZqLvzLewwLLST+tjYBinOVh2qSSFqQzJdN06b65mBkQY31M/ACt3I7kYvhRaA
RWUrEaDNb/e4SCP9bm/nZatbVLP3E4Oeh9GK93pqhm8REzLsqGmpO15Ya0L+2nHU
cVQFf9KlkBv0k4IVyQ5hNI0bI752RkOB7DQMQ6qB8GYUrTtpN5Zv0yge3cdr9f5U
CD1C50gZouWZE83VHmeieC+PAGY+w8F3IyOOnsZTl2QjYuGjbU0QkyyMvg8H8mwU
vqLXbta0vKdIc9vD6Z55JnbClVDAl3jSl1BBmFdxVcz4+pcU2fPprvXjQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMX5JVj3HKtO4RhF4O05UvjxJu02MB8GA1UdIwQY
MBaAFNhD8aoEmNhPeVMjwf9rrjr0AgbRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkVQeHFnU1kyRTk1VXlQQl8ydXVPdlFDQnRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9kYTRkZDktNTk0ZC00NTZjLTlmNzEt
NzZhMTk0NTU0YjA1LzEveGZrbFdQY2NxMDdoR0VYZzdUbFMtUEVtN1RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9kYTRkZDktNTk0ZC00NTZjLTlmNzEtNzZhMTk0NTU0YjA1
LzEvMkVQeHFnU1kyRTk1VXlQQl8ydXVPdlFDQnRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAq0
MA0GCSqGSIb3DQEBCwUAA4IBAQCJL+CNjMIau2zmjkZ6XaWpmxeaH/KMkbidu6or
eel6RfQ3fhqfcqmBwDFZuNdtuc0Yk0CEZhDBIjxp3Y4REKPUYqmaAbSpunu4UltX
eNgZemBH5lEglyUAgi+ccNfjKwGA5S89G1Bkdue48MjPiIkG5HXpLm5acTtRpTYs
RXBNhxBj6ShghXOgiKVsuDZD3AKrzQdtBoOPVqCr3/glAXync8BoJTO+AEMeJzwZ
Y0HMQsRyj47TduQjmKZ+T9YHEWYIOhIr+QqLXjI0/uBH4MRpZdYAsfFP6D7BKghw
l04pkiS87DkYaHVcqVcwM0TzSGe6f3u5c6TmIG4ZZv17PQB+
-----END CERTIFICATE-----