Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/cGJ1VxLgdswEENN9s9bq0rxYbK0.roa
File:                     cGJ1VxLgdswEENN9s9bq0rxYbK0.roa (raw, json)
Hash identifier:          nAcE9FqKkq/hf6KpXjAYdVWQCVpXnHpglbPl60YpmOE=
Subject key identifier:   70:62:75:57:12:E0:76:CC:04:10:D3:7D:B3:D6:EA:D2:BC:58:6C:AD
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       018CCA2BB411DD3B55EDC4029D8F94456F73
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/cGJ1VxLgdswEENN9s9bq0rxYbK0.roa
Signing time:             Tue 02 Jan 2024 12:35:10 +0000
ROA not before:           Tue 02 Jan 2024 12:35:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20555
IP address blocks:        2001:1a68:a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:b4:11:dd:3b:55:ed:c4:02:9d:8f:94:45:6f:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 12:35:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7062755712e076cc0410d37db3d6ead2bc586cad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:4b:7f:a9:34:aa:0b:39:6e:9a:81:e4:da:dc:
                    a2:3f:6b:c0:90:c4:c5:71:be:0a:50:60:7c:c7:92:
                    78:01:24:9e:34:5e:f4:69:3a:c7:73:b8:92:d8:ae:
                    cb:42:a8:9c:d0:b0:fd:b4:49:da:f1:17:c9:56:b8:
                    e7:cf:84:ab:9f:2c:8a:6c:0f:4d:b3:cc:3d:aa:1d:
                    f5:e4:35:3c:89:22:1c:1a:34:4b:ae:28:9d:35:e5:
                    b1:b0:b4:a8:e6:02:27:ad:4d:82:f1:c9:3f:2e:c7:
                    ba:b0:49:36:da:e2:52:a4:a4:ea:a5:1a:68:f9:6f:
                    21:60:f2:8d:29:02:4f:1f:b0:c1:83:49:10:35:e0:
                    fa:0e:7f:11:4b:63:33:5a:67:48:f0:e4:a4:2c:c3:
                    ed:fd:54:bd:bb:c1:4a:6d:06:98:67:d0:b3:a8:ad:
                    09:17:a4:ce:ae:2c:fe:b9:2f:03:5f:69:82:0f:46:
                    29:6a:73:fe:8f:c7:d1:47:74:0e:0f:ca:0a:eb:0f:
                    78:4c:d6:a7:ab:83:32:3a:38:e1:74:7d:1a:a5:52:
                    6a:db:e9:71:9e:40:4b:11:a6:79:72:de:b9:a6:9d:
                    b1:ab:db:e0:c1:59:f9:ea:60:eb:84:59:a3:8a:10:
                    58:ca:55:b5:5b:b0:9b:31:6f:70:5b:24:b5:4c:d0:
                    1e:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:62:75:57:12:E0:76:CC:04:10:D3:7D:B3:D6:EA:D2:BC:58:6C:AD
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/cGJ1VxLgdswEENN9s9bq0rxYbK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1a68:a::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:1b:17:84:b2:ce:ab:2b:70:f8:42:8f:3b:71:a3:ae:52:6f:
         b2:5d:36:09:ee:70:be:6c:0c:46:8b:85:85:9d:a6:b3:3a:18:
         e8:60:29:67:ac:10:0c:6f:c7:a0:03:07:10:85:3f:b0:bd:a5:
         0f:5d:10:f2:44:85:0a:90:cc:fb:db:52:97:94:74:a8:76:36:
         75:3f:72:7a:3f:a5:67:3a:54:9c:ba:d6:2c:b4:08:29:52:a4:
         28:7c:d6:7e:e6:13:f5:08:a3:52:72:60:66:34:cc:51:6e:54:
         cb:63:52:50:c9:6d:ee:68:55:34:1c:4c:b9:6e:a4:cd:9a:6c:
         18:5a:68:be:5d:27:c8:d3:22:9b:3d:0e:19:9c:c4:6f:73:ff:
         69:33:23:94:a4:26:6a:a4:f9:0d:1d:9d:e4:7c:1a:d3:a4:82:
         1b:93:e2:d1:63:7b:68:28:37:d0:48:bb:64:53:02:13:09:7e:
         74:f2:c5:39:9c:ce:2a:65:df:90:ba:db:00:4d:54:09:17:43:
         c3:c3:42:10:9c:90:bf:1a:b1:7e:5a:0d:42:f6:fd:3c:95:76:
         a0:ee:c3:88:01:7e:a2:64:32:6c:3b:a8:e1:cd:b2:fb:30:6c:
         fa:04:fb:97:2b:8e:6d:0d:f0:12:8c:c5:f8:ef:4c:67:5d:7f:
         fc:29:95:40
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKK7QR3TtV7cQCnY+URW9zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjQwMTAyMTIzNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDYyNzU1NzEyZTA3NmNjMDQxMGQzN2RiM2Q2ZWFkMmJjNTg2Y2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0t/qTSqCzlumoHk2tyiP2vAkMTF
cb4KUGB8x5J4ASSeNF70aTrHc7iS2K7LQqic0LD9tEna8RfJVrjnz4SrnyyKbA9N
s8w9qh315DU8iSIcGjRLriidNeWxsLSo5gInrU2C8ck/Lse6sEk22uJSpKTqpRpo
+W8hYPKNKQJPH7DBg0kQNeD6Dn8RS2MzWmdI8OSkLMPt/VS9u8FKbQaYZ9CzqK0J
F6TOriz+uS8DX2mCD0YpanP+j8fRR3QOD8oK6w94TNanq4MyOjjhdH0apVJq2+lx
nkBLEaZ5ct65pp2xq9vgwVn56mDrhFmjihBYylW1W7CbMW9wWyS1TNAeuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHBidVcS4HbMBBDTfbPW6tK8WGytMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvY0dKMVZ4TGdkc3dFRU5OOXM5YnEwcnhZYkswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEaaAAK
MA0GCSqGSIb3DQEBCwUAA4IBAQCvGxeEss6rK3D4Qo87caOuUm+yXTYJ7nC+bAxG
i4WFnaazOhjoYClnrBAMb8egAwcQhT+wvaUPXRDyRIUKkMz721KXlHSodjZ1P3J6
P6VnOlScutYstAgpUqQofNZ+5hP1CKNScmBmNMxRblTLY1JQyW3uaFU0HEy5bqTN
mmwYWmi+XSfI0yKbPQ4ZnMRvc/9pMyOUpCZqpPkNHZ3kfBrTpIIbk+LRY3toKDfQ
SLtkUwITCX508sU5nM4qZd+QutsATVQJF0PDw0IQnJC/GrF+Wg1C9v08lXag7sOI
AX6iZDJsO6jhzbL7MGz6BPuXK45tDfASjMX470xnXX/8KZVA
-----END CERTIFICATE-----