Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/6f1f2d-99bb-44e0-adc5-8dfd5b152f79/1/doWTq4Gg8yVRYQmZ48ybIihCAuU.roa
File:                     doWTq4Gg8yVRYQmZ48ybIihCAuU.roa (raw, json)
Hash identifier:          T5l0aIYeM9acFPTOcVDdj6wQGr3BtAByag1EcTh00Go=
Subject key identifier:   76:85:93:AB:81:A0:F3:25:51:61:09:99:E3:CC:9B:22:28:42:02:E5
Certificate issuer:       /CN=92d8b76b21647696c9f4d6382b525d83a0580f4a
Certificate serial:       018CC6B7B65FFC502208C3DEB85FA96D3D3D
Authority key identifier: 92:D8:B7:6B:21:64:76:96:C9:F4:D6:38:2B:52:5D:83:A0:58:0F:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kti3ayFkdpbJ9NY4K1Jdg6BYD0o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/6f1f2d-99bb-44e0-adc5-8dfd5b152f79/1/doWTq4Gg8yVRYQmZ48ybIihCAuU.roa
Signing time:             Mon 01 Jan 2024 20:29:37 +0000
ROA not before:           Mon 01 Jan 2024 20:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213151
IP address blocks:        2001:678:1e8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/6f1f2d-99bb-44e0-adc5-8dfd5b152f79/1/kti3ayFkdpbJ9NY4K1Jdg6BYD0o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/6f1f2d-99bb-44e0-adc5-8dfd5b152f79/1/kti3ayFkdpbJ9NY4K1Jdg6BYD0o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kti3ayFkdpbJ9NY4K1Jdg6BYD0o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b6:5f:fc:50:22:08:c3:de:b8:5f:a9:6d:3d:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d8b76b21647696c9f4d6382b525d83a0580f4a
        Validity
            Not Before: Jan  1 20:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=768593ab81a0f32551610999e3cc9b22284202e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c5:b4:c3:65:52:e5:2b:21:94:24:a7:b8:0c:
                    a7:d4:f4:b9:27:ab:7f:db:da:e6:b8:a2:5d:de:f7:
                    75:96:c7:84:47:2a:0c:04:af:e1:f4:5a:36:11:9d:
                    a3:28:84:12:ac:73:91:38:70:f7:ce:35:37:7e:b4:
                    9d:5c:36:b2:15:24:f7:05:31:c9:87:32:d5:dc:a7:
                    72:5e:87:89:52:36:20:e1:29:bd:d9:ee:6d:f4:a3:
                    53:2c:0c:e3:1e:3f:68:b0:e8:a9:fb:d5:3d:91:ed:
                    21:ac:02:5d:51:43:11:54:9d:51:a3:56:34:94:4a:
                    e0:f9:b2:df:61:61:a9:7f:b4:87:e1:04:8d:5f:38:
                    33:6d:cc:88:e2:07:a9:3f:28:7a:d2:04:8e:17:d6:
                    7c:14:ed:02:ef:1f:fe:f8:8b:1b:00:aa:74:85:75:
                    37:2f:87:9e:2d:62:33:f4:1f:ec:08:12:01:77:f6:
                    73:64:cd:a2:37:0f:6b:2a:2f:92:85:e1:84:47:d2:
                    7c:53:e8:1e:36:44:5b:90:81:17:ed:ba:be:60:dd:
                    42:5f:89:bc:8e:f5:ad:33:9f:3b:f7:77:90:f1:36:
                    c9:45:9a:e1:0d:6c:3a:d9:d9:54:e0:bd:31:65:a7:
                    ca:1e:8f:86:ef:e1:20:44:42:6f:2b:49:42:d8:2d:
                    01:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:85:93:AB:81:A0:F3:25:51:61:09:99:E3:CC:9B:22:28:42:02:E5
            X509v3 Authority Key Identifier:
                keyid:92:D8:B7:6B:21:64:76:96:C9:F4:D6:38:2B:52:5D:83:A0:58:0F:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kti3ayFkdpbJ9NY4K1Jdg6BYD0o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/6f1f2d-99bb-44e0-adc5-8dfd5b152f79/1/doWTq4Gg8yVRYQmZ48ybIihCAuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/6f1f2d-99bb-44e0-adc5-8dfd5b152f79/1/kti3ayFkdpbJ9NY4K1Jdg6BYD0o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:fb:5c:8b:85:00:35:a0:85:ae:b4:f9:77:4b:78:a3:77:33:
         11:5f:d0:31:79:c5:cd:24:f7:88:d3:14:dc:21:d2:ce:7d:60:
         f2:04:c4:cf:6b:e7:87:59:a0:a7:66:b6:6f:69:cc:94:07:8e:
         a5:f7:9d:d8:5e:3f:33:cd:eb:e8:71:7c:7f:0d:12:27:96:95:
         cb:59:b1:14:4a:ff:51:ee:aa:d8:b5:91:b4:57:ef:00:b9:39:
         0b:dc:d7:13:73:54:e6:d5:cf:d8:83:58:71:9e:49:19:15:2f:
         bb:5a:f8:99:be:fd:53:83:37:bd:c2:78:f2:a3:d9:9a:8f:93:
         9a:b8:78:24:2b:8b:55:1e:c5:9f:01:4c:80:66:00:27:28:50:
         8e:23:6f:2a:28:92:27:0e:3f:b8:14:02:00:11:63:23:c6:e9:
         e0:36:da:30:7d:ce:b7:eb:d4:2b:37:17:96:25:7e:54:d9:bb:
         15:03:0c:97:5d:2f:15:d7:e4:0a:46:41:3c:6b:7c:5b:92:8e:
         3c:02:90:e7:1f:3f:0c:34:56:08:61:75:2e:84:94:5c:33:39:
         6d:d6:b2:09:cf:13:c0:15:ff:e4:c7:2d:9d:82:e7:08:bd:9d:
         c3:37:b7:0a:e0:06:cb:4d:94:bc:db:9c:5f:89:53:96:96:68:
         22:07:31:02
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGt7Zf/FAiCMPeuF+pbT09MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDhiNzZiMjE2NDc2OTZjOWY0ZDYzODJiNTI1ZDgzYTA1
ODBmNGEwHhcNMjQwMTAxMjAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Njg1OTNhYjgxYTBmMzI1NTE2MTA5OTllM2NjOWIyMjI4NDIwMmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMW0w2VS5SshlCSnuAyn1PS5J6t/
29rmuKJd3vd1lseERyoMBK/h9Fo2EZ2jKIQSrHOROHD3zjU3frSdXDayFST3BTHJ
hzLV3KdyXoeJUjYg4Sm92e5t9KNTLAzjHj9osOip+9U9ke0hrAJdUUMRVJ1Ro1Y0
lErg+bLfYWGpf7SH4QSNXzgzbcyI4gepPyh60gSOF9Z8FO0C7x/++IsbAKp0hXU3
L4eeLWIz9B/sCBIBd/ZzZM2iNw9rKi+SheGER9J8U+geNkRbkIEX7bq+YN1CX4m8
jvWtM58793eQ8TbJRZrhDWw62dlU4L0xZafKHo+G7+EgREJvK0lC2C0BTQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHaFk6uBoPMlUWEJmePMmyIoQgLlMB8GA1UdIwQY
MBaAFJLYt2shZHaWyfTWOCtSXYOgWA9KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RpM2F5RmtkcGJKOU5ZNEsxSmRnNkJZRDBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi82ZjFmMmQtOTliYi00NGUwLWFkYzUt
OGRmZDViMTUyZjc5LzEvZG9XVHE0R2c4eVZSWVFtWjQ4eWJJaWhDQXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi82ZjFmMmQtOTliYi00NGUwLWFkYzUtOGRmZDViMTUyZjc5
LzEva3RpM2F5RmtkcGJKOU5ZNEsxSmRnNkJZRDBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAHo
MA0GCSqGSIb3DQEBCwUAA4IBAQAR+1yLhQA1oIWutPl3S3ijdzMRX9AxecXNJPeI
0xTcIdLOfWDyBMTPa+eHWaCnZrZvacyUB46l953YXj8zzevocXx/DRInlpXLWbEU
Sv9R7qrYtZG0V+8AuTkL3NcTc1Tm1c/Yg1hxnkkZFS+7WviZvv1Tgze9wnjyo9ma
j5OauHgkK4tVHsWfAUyAZgAnKFCOI28qKJInDj+4FAIAEWMjxungNtowfc6369Qr
NxeWJX5U2bsVAwyXXS8V1+QKRkE8a3xbko48ApDnHz8MNFYIYXUuhJRcMzlt1rIJ
zxPAFf/kxy2dgucIvZ3DN7cK4AbLTZS825xfiVOWlmgiBzEC
-----END CERTIFICATE-----