Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/0d6655-c0eb-4626-96d5-e63c91adce7f/1/5YJ5FoE6GNJ7V6vP_Bv8-7oFJNM.roa
File:                     5YJ5FoE6GNJ7V6vP_Bv8-7oFJNM.roa (raw, json)
Hash identifier:          WA/HDuDnqUZfe50CJ+qq96TPQBvLjBUQdlQz/0jzkIg=
Subject key identifier:   E5:82:79:16:81:3A:18:D2:7B:57:AB:CF:FC:1B:FC:FB:BA:05:24:D3
Certificate issuer:       /CN=5485c8ef037cb897c8e94cf621c5a37d651c5ea5
Certificate serial:       018CCA29CDF738593895DDAA290C8233FFD7
Authority key identifier: 54:85:C8:EF:03:7C:B8:97:C8:E9:4C:F6:21:C5:A3:7D:65:1C:5E:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VIXI7wN8uJfI6Uz2IcWjfWUcXqU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/0d6655-c0eb-4626-96d5-e63c91adce7f/1/5YJ5FoE6GNJ7V6vP_Bv8-7oFJNM.roa
Signing time:             Tue 02 Jan 2024 12:33:06 +0000
ROA not before:           Tue 02 Jan 2024 12:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199086
IP address blocks:        2001:678:4cc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/0d6655-c0eb-4626-96d5-e63c91adce7f/1/VIXI7wN8uJfI6Uz2IcWjfWUcXqU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/0d6655-c0eb-4626-96d5-e63c91adce7f/1/VIXI7wN8uJfI6Uz2IcWjfWUcXqU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VIXI7wN8uJfI6Uz2IcWjfWUcXqU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:cd:f7:38:59:38:95:dd:aa:29:0c:82:33:ff:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5485c8ef037cb897c8e94cf621c5a37d651c5ea5
        Validity
            Not Before: Jan  2 12:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5827916813a18d27b57abcffc1bfcfbba0524d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:63:7a:60:b8:e4:bc:dd:a0:cd:da:95:ff:c5:
                    90:4f:3c:8b:4d:68:ab:9b:36:a7:36:93:6c:29:3b:
                    e2:6e:50:c9:72:98:66:f1:89:de:32:af:2f:2c:c9:
                    f2:86:08:75:29:0c:a7:a6:7d:de:b7:fb:d4:9a:8b:
                    99:ea:3e:e5:9c:22:d8:76:ab:d1:f1:f8:15:b5:32:
                    ba:37:47:a0:c0:e8:79:1a:e4:50:da:67:ca:28:d6:
                    43:6c:4d:62:a6:7f:55:98:d2:0f:98:a7:c7:5e:a9:
                    44:1c:3d:0f:a8:26:01:ea:18:fe:c0:3b:ff:19:f1:
                    2d:c6:96:eb:26:a1:83:bf:ed:77:11:a2:5b:be:c6:
                    89:b3:70:c5:2c:7b:b1:4f:eb:bc:de:fa:ea:a3:50:
                    5e:bd:f3:81:a5:11:02:f7:66:38:ee:00:d2:85:76:
                    57:df:3a:3d:04:c3:19:d9:44:b5:af:f8:26:c6:ee:
                    a6:2d:14:43:ef:7b:25:6e:16:78:88:3d:95:76:6c:
                    74:e8:b8:ae:6d:69:bb:1b:c1:26:10:cf:d6:43:b8:
                    49:99:ae:6c:1c:5e:f6:88:43:68:28:05:d2:7b:98:
                    2a:d8:2c:84:67:40:c3:c3:1f:ab:cf:48:7e:42:8b:
                    19:6c:76:45:da:39:ee:9b:f4:52:cd:e0:b4:ef:e2:
                    7d:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:82:79:16:81:3A:18:D2:7B:57:AB:CF:FC:1B:FC:FB:BA:05:24:D3
            X509v3 Authority Key Identifier:
                keyid:54:85:C8:EF:03:7C:B8:97:C8:E9:4C:F6:21:C5:A3:7D:65:1C:5E:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VIXI7wN8uJfI6Uz2IcWjfWUcXqU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/0d6655-c0eb-4626-96d5-e63c91adce7f/1/5YJ5FoE6GNJ7V6vP_Bv8-7oFJNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/0d6655-c0eb-4626-96d5-e63c91adce7f/1/VIXI7wN8uJfI6Uz2IcWjfWUcXqU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:4cc::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:34:a0:3c:a3:45:a4:ec:8f:6f:c9:ff:ed:d8:fe:2c:42:79:
         6f:98:35:55:76:13:f2:13:c0:35:57:8f:2f:73:d7:e1:f7:ca:
         0a:78:69:f0:02:34:ca:b3:a6:dc:13:87:6a:b0:2f:fc:80:eb:
         88:a3:d7:13:a6:e1:ce:53:ee:06:84:90:89:61:15:f9:b3:03:
         55:c0:9c:b1:1f:6a:c0:79:63:df:3c:c3:2c:20:fa:dc:0e:85:
         3b:7a:eb:0f:e5:f7:9d:54:48:df:a9:f7:41:88:43:14:9e:c4:
         81:d7:97:ef:74:4f:3c:03:01:e8:a0:bf:b3:e5:1c:5c:37:9c:
         76:55:b8:24:a7:74:a1:3b:8a:bf:8c:08:08:28:4d:1d:38:ed:
         24:f3:40:e2:5e:e9:14:72:7e:8b:d9:51:2b:e5:bd:f7:02:25:
         ce:96:51:95:c4:ec:a2:8e:c0:fc:58:ad:27:db:fc:42:2f:04:
         6c:04:a6:a3:dc:c5:87:f9:89:8a:bc:30:8a:96:da:31:18:c7:
         2b:1a:e0:ad:67:ac:20:3c:75:17:56:0c:c6:c0:48:db:39:20:
         cf:28:e7:c9:b4:3b:52:ca:01:ce:ee:d1:4d:1e:ac:f9:76:40:
         9f:7c:24:4b:a5:bb:c0:7b:34:98:2e:b3:7e:62:bf:52:a0:43:
         0e:41:51:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKc33OFk4ld2qKQyCM//XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0ODVjOGVmMDM3Y2I4OTdjOGU5NGNmNjIxYzVhMzdkNjUx
YzVlYTUwHhcNMjQwMTAyMTIzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTgyNzkxNjgxM2ExOGQyN2I1N2FiY2ZmYzFiZmNmYmJhMDUyNGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmN6YLjkvN2gzdqV/8WQTzyLTWir
mzanNpNsKTviblDJcphm8YneMq8vLMnyhgh1KQynpn3et/vUmouZ6j7lnCLYdqvR
8fgVtTK6N0egwOh5GuRQ2mfKKNZDbE1ipn9VmNIPmKfHXqlEHD0PqCYB6hj+wDv/
GfEtxpbrJqGDv+13EaJbvsaJs3DFLHuxT+u83vrqo1BevfOBpREC92Y47gDShXZX
3zo9BMMZ2US1r/gmxu6mLRRD73slbhZ4iD2Vdmx06LiubWm7G8EmEM/WQ7hJma5s
HF72iENoKAXSe5gq2CyEZ0DDwx+rz0h+QosZbHZF2jnum/RSzeC07+J9YwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOWCeRaBOhjSe1erz/wb/Pu6BSTTMB8GA1UdIwQY
MBaAFFSFyO8DfLiXyOlM9iHFo31lHF6lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVklYSTd3Tjh1SmZJNlV6MkljV2pmV1VjWHFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi8wZDY2NTUtYzBlYi00NjI2LTk2ZDUt
ZTYzYzkxYWRjZTdmLzEvNVlKNUZvRTZHTko3VjZ2UF9CdjgtN29GSk5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi8wZDY2NTUtYzBlYi00NjI2LTk2ZDUtZTYzYzkxYWRjZTdm
LzEvVklYSTd3Tjh1SmZJNlV6MkljV2pmV1VjWHFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeATM
MA0GCSqGSIb3DQEBCwUAA4IBAQBXNKA8o0Wk7I9vyf/t2P4sQnlvmDVVdhPyE8A1
V48vc9fh98oKeGnwAjTKs6bcE4dqsC/8gOuIo9cTpuHOU+4GhJCJYRX5swNVwJyx
H2rAeWPfPMMsIPrcDoU7eusP5fedVEjfqfdBiEMUnsSB15fvdE88AwHooL+z5Rxc
N5x2Vbgkp3ShO4q/jAgIKE0dOO0k80DiXukUcn6L2VEr5b33AiXOllGVxOyijsD8
WK0n2/xCLwRsBKaj3MWH+YmKvDCKltoxGMcrGuCtZ6wgPHUXVgzGwEjbOSDPKOfJ
tDtSygHO7tFNHqz5dkCffCRLpbvAezSYLrN+Yr9SoEMOQVET
-----END CERTIFICATE-----