Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/ErQ3Da583_gg8g2xg2bXGkrfDMs.roa
File:                     ErQ3Da583_gg8g2xg2bXGkrfDMs.roa (raw, json)
Hash identifier:          Agfb6tPa0ShnPDjEZTECtHyEN9K3NhOhpxWaDZS3ZMQ=
Subject key identifier:   12:B4:37:0D:AE:7C:DF:F8:20:F2:0D:B1:83:66:D7:1A:4A:DF:0C:CB
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       018CCA2BBDD3AED1E52204E60D0AB6EA000A
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/ErQ3Da583_gg8g2xg2bXGkrfDMs.roa
Signing time:             Tue 02 Jan 2024 12:35:13 +0000
ROA not before:           Tue 02 Jan 2024 12:35:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198430
IP address blocks:        2001:1a68:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:bd:d3:ae:d1:e5:22:04:e6:0d:0a:b6:ea:00:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 12:35:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12b4370dae7cdff820f20db18366d71a4adf0ccb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:79:77:15:e4:7d:f5:57:c6:4d:07:be:5e:0a:
                    b3:1e:26:92:a3:21:b1:e1:c6:81:ad:b9:70:55:42:
                    b1:fc:02:7e:fa:e0:e3:02:37:ba:55:08:c5:f6:65:
                    c4:9f:5e:dd:5c:95:f8:d7:dd:e8:1e:9a:d2:ee:0f:
                    f5:b3:45:61:c4:36:9f:21:7f:cf:a9:88:96:3f:21:
                    7f:75:8d:6e:94:6c:02:9c:f1:8b:9d:bd:fe:0e:3f:
                    0f:31:39:27:08:97:4e:6e:ed:3e:ff:32:94:f1:7c:
                    74:9b:86:ab:62:b3:6d:e1:51:f3:89:56:7f:ed:77:
                    98:a4:70:02:4b:68:cd:cb:c8:24:67:49:28:7c:52:
                    72:b9:d2:1e:25:51:bb:88:1b:7b:bd:4d:5c:7e:78:
                    a6:30:af:7a:0a:8c:b2:9c:c0:63:40:42:bd:ba:b1:
                    17:7d:f5:82:a6:9c:fa:f7:10:f8:95:56:a6:c8:49:
                    92:e0:e1:05:83:25:5f:4b:b3:f2:f1:4a:bf:4f:a3:
                    66:9c:fe:37:d4:ed:d6:4c:43:84:0d:ca:cb:ef:69:
                    7d:1c:40:3b:e3:78:f9:95:95:71:be:db:21:9a:6a:
                    5e:3d:1b:7b:03:a2:96:e1:38:19:28:4a:2e:9e:70:
                    39:77:82:ea:99:00:48:82:ba:47:15:af:72:a8:64:
                    84:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:B4:37:0D:AE:7C:DF:F8:20:F2:0D:B1:83:66:D7:1A:4A:DF:0C:CB
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/ErQ3Da583_gg8g2xg2bXGkrfDMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1a68:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:6d:62:ba:77:36:29:4f:e2:6e:c4:62:ad:87:81:3c:7e:22:
         5a:4b:ed:5e:d9:8a:31:97:a8:68:d3:ea:d8:f8:b0:64:4d:fc:
         27:e0:45:47:72:15:82:33:36:5a:61:37:a6:28:54:ce:38:2d:
         96:95:39:00:9c:f0:d9:03:c5:42:db:2e:bf:50:a6:51:34:f8:
         ea:ad:33:56:93:ef:fe:d7:bf:15:ce:70:b8:8c:f9:d7:24:b8:
         4e:fd:9b:f5:78:02:15:e4:55:65:6c:18:a9:c1:ea:db:6d:35:
         0c:47:b3:5b:e0:7f:2a:01:4d:93:72:9e:57:25:4b:6c:f2:d6:
         22:57:58:8d:31:be:cb:0b:bd:15:d8:56:88:8f:7a:b2:0b:50:
         99:a5:04:27:b1:4f:73:fd:7f:bf:9e:c8:69:64:54:82:6b:1d:
         99:a1:24:dd:c0:90:8b:fb:5b:e0:40:e8:68:ed:68:94:13:58:
         9e:e2:f4:4d:63:24:5d:49:3c:10:93:26:c3:70:4c:b9:d1:2e:
         26:23:c5:95:6a:d9:32:1f:99:a1:57:80:49:7e:35:a6:f6:81:
         53:27:d7:5f:54:26:1a:39:75:8c:2a:fd:7a:5a:68:58:95:9c:
         1f:16:80:c0:21:d4:03:28:55:86:e7:aa:d7:27:85:80:f8:5c:
         b7:a1:93:e6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKK73TrtHlIgTmDQq26gAKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjQwMTAyMTIzNTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmI0MzcwZGFlN2NkZmY4MjBmMjBkYjE4MzY2ZDcxYTRhZGYwY2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnl3FeR99VfGTQe+XgqzHiaSoyGx
4caBrblwVUKx/AJ++uDjAje6VQjF9mXEn17dXJX4193oHprS7g/1s0VhxDafIX/P
qYiWPyF/dY1ulGwCnPGLnb3+Dj8PMTknCJdObu0+/zKU8Xx0m4arYrNt4VHziVZ/
7XeYpHACS2jNy8gkZ0kofFJyudIeJVG7iBt7vU1cfnimMK96CoyynMBjQEK9urEX
ffWCppz69xD4lVamyEmS4OEFgyVfS7Py8Uq/T6NmnP431O3WTEOEDcrL72l9HEA7
43j5lZVxvtshmmpePRt7A6KW4TgZKEounnA5d4LqmQBIgrpHFa9yqGSEoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBK0Nw2ufN/4IPINsYNm1xpK3wzLMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvRXJRM0RhNTgzX2dnOGcyeGcyYlhHa3JmRE1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEaaAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQChbWK6dzYpT+JuxGKth4E8fiJaS+1e2Yoxl6ho
0+rY+LBkTfwn4EVHchWCMzZaYTemKFTOOC2WlTkAnPDZA8VC2y6/UKZRNPjqrTNW
k+/+178VznC4jPnXJLhO/Zv1eAIV5FVlbBipwerbbTUMR7Nb4H8qAU2Tcp5XJUts
8tYiV1iNMb7LC70V2FaIj3qyC1CZpQQnsU9z/X+/nshpZFSCax2ZoSTdwJCL+1vg
QOho7WiUE1ie4vRNYyRdSTwQkybDcEy50S4mI8WVatkyH5mhV4BJfjWm9oFTJ9df
VCYaOXWMKv16WmhYlZwfFoDAIdQDKFWG56rXJ4WA+Fy3oZPm
-----END CERTIFICATE-----