Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/g2W_nAUfKHVcoZSGJJedzLFdVJg.roa
File:                     g2W_nAUfKHVcoZSGJJedzLFdVJg.roa (raw, json)
Hash identifier:          LkEPmrJSCtivnpjMysZ6hBGuattqrh+n27477uF3ga0=
Subject key identifier:   83:65:BF:9C:05:1F:28:75:5C:A1:94:86:24:97:9D:CC:B1:5D:54:98
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       018CCA2BB9535AA57877B543349A353F8251
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/g2W_nAUfKHVcoZSGJJedzLFdVJg.roa
Signing time:             Tue 02 Jan 2024 12:35:12 +0000
ROA not before:           Tue 02 Jan 2024 12:35:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42503
IP address blocks:        2001:1a68:7::/48 maxlen: 48
                          2001:1a68:b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:b9:53:5a:a5:78:77:b5:43:34:9a:35:3f:82:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 12:35:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8365bf9c051f28755ca1948624979dccb15d5498
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:09:7e:aa:07:3f:c5:01:0f:51:54:16:76:5e:
                    c2:2a:af:d2:9f:e6:d4:64:24:64:6c:1e:97:70:8a:
                    e2:27:2e:fc:24:7f:d8:2d:4e:19:73:84:b0:a5:5c:
                    fb:3f:21:12:ec:94:c7:a6:2e:bd:75:f6:91:6f:79:
                    01:24:17:6b:55:f4:58:5e:9a:f1:dc:44:a7:24:d6:
                    ba:fc:e2:6f:5b:ec:3d:58:d2:a5:5f:c2:5b:92:29:
                    e6:a9:65:40:45:08:6a:f5:1f:14:32:1c:e9:b5:57:
                    40:24:39:80:a1:11:da:ca:39:a2:34:59:18:3a:d6:
                    31:d5:49:ce:58:9a:d6:1c:34:5c:56:95:42:bc:57:
                    a2:91:b9:c1:22:85:e4:8f:52:cf:73:a0:5a:73:28:
                    f9:a9:3d:92:15:d2:35:9e:86:62:60:86:88:43:66:
                    09:95:eb:d2:f0:2a:cb:cf:c4:a7:3f:0c:12:23:36:
                    b4:23:15:0d:a2:c0:38:06:e6:4c:a8:0c:03:2e:45:
                    be:91:43:71:52:aa:7d:5c:a0:2c:b3:f2:61:ff:01:
                    5d:2e:8f:ac:3d:9b:c0:ba:7a:cb:e5:2d:65:17:7a:
                    8e:c0:47:c0:9e:c3:66:08:9f:f7:68:26:70:14:03:
                    97:54:10:f0:f8:0c:05:d6:10:a4:c9:f0:cf:25:34:
                    86:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:65:BF:9C:05:1F:28:75:5C:A1:94:86:24:97:9D:CC:B1:5D:54:98
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/g2W_nAUfKHVcoZSGJJedzLFdVJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1a68:7::/48
                  2001:1a68:b::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:bd:a7:bd:be:dc:7a:c2:38:59:1c:9e:f7:0a:24:e2:c8:39:
         45:57:5f:0c:1d:cd:42:fc:e4:d4:16:0a:21:f3:3c:16:07:a0:
         bd:47:23:24:98:e4:55:c1:a1:5b:72:3d:05:e3:5c:73:6b:09:
         89:3a:ea:3c:e3:f7:d9:24:d3:35:47:ca:74:9c:36:fd:da:d9:
         65:9f:a6:4d:30:1a:d2:53:c5:14:73:c2:36:34:5c:d8:08:d8:
         0f:46:96:4c:c2:a8:fe:cf:90:ec:29:76:4f:2c:52:4b:55:f6:
         26:7c:f6:62:3f:98:ed:c4:63:1a:1f:a5:8d:67:57:98:4a:22:
         53:8b:81:b4:3a:2f:fe:24:5b:a4:74:a2:93:50:68:c5:1d:16:
         6e:33:fd:30:b5:0d:8d:2b:c8:d1:b2:66:45:8d:ac:36:f5:65:
         90:85:e2:e2:dc:45:f1:1c:75:59:26:b9:34:a9:d3:9d:3c:cf:
         f8:8d:4c:67:5b:5f:a5:1b:b4:dd:00:0f:d5:45:a8:95:f5:98:
         87:57:4f:53:e4:13:9a:dc:04:0e:47:40:1a:c6:7a:19:1b:54:
         52:28:b5:77:25:ad:b3:4a:b5:d9:85:45:cb:19:28:4a:6f:5b:
         9e:bb:72:30:b0:2f:79:24:99:ca:22:60:cf:24:41:71:77:06:
         16:9e:74:ff
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKK7lTWqV4d7VDNJo1P4JRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjQwMTAyMTIzNTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzY1YmY5YzA1MWYyODc1NWNhMTk0ODYyNDk3OWRjY2IxNWQ1NDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgl+qgc/xQEPUVQWdl7CKq/Sn+bU
ZCRkbB6XcIriJy78JH/YLU4Zc4SwpVz7PyES7JTHpi69dfaRb3kBJBdrVfRYXprx
3ESnJNa6/OJvW+w9WNKlX8JbkinmqWVARQhq9R8UMhzptVdAJDmAoRHayjmiNFkY
OtYx1UnOWJrWHDRcVpVCvFeikbnBIoXkj1LPc6Bacyj5qT2SFdI1noZiYIaIQ2YJ
levS8CrLz8SnPwwSIza0IxUNosA4BuZMqAwDLkW+kUNxUqp9XKAss/Jh/wFdLo+s
PZvAunrL5S1lF3qOwEfAnsNmCJ/3aCZwFAOXVBDw+AwF1hCkyfDPJTSGuwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFINlv5wFHyh1XKGUhiSXncyxXVSYMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvZzJXX25BVWZLSFZjb1pTR0pKZWR6TEZkVkpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEaaAAH
AwcAIAEaaAALMA0GCSqGSIb3DQEBCwUAA4IBAQBavae9vtx6wjhZHJ73CiTiyDlF
V18MHc1C/OTUFgoh8zwWB6C9RyMkmORVwaFbcj0F41xzawmJOuo84/fZJNM1R8p0
nDb92tlln6ZNMBrSU8UUc8I2NFzYCNgPRpZMwqj+z5DsKXZPLFJLVfYmfPZiP5jt
xGMaH6WNZ1eYSiJTi4G0Oi/+JFukdKKTUGjFHRZuM/0wtQ2NK8jRsmZFjaw29WWQ
heLi3EXxHHVZJrk0qdOdPM/4jUxnW1+lG7TdAA/VRaiV9ZiHV09T5BOa3AQOR0Aa
xnoZG1RSKLV3Ja2zSrXZhUXLGShKb1ueu3IwsC95JJnKImDPJEFxdwYWnnT/
-----END CERTIFICATE-----