Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/5811c0-6dae-4dd4-987c-d46ffc501f36/1/kwxedtgCJvQ2TeENH934cKYAzRc.roa
File:                     kwxedtgCJvQ2TeENH934cKYAzRc.roa (raw, json)
Hash identifier:          8fLdkKHQI/BHnYw/WMlq17+ogPOIxjP/0fIIgxIHLMg=
Subject key identifier:   93:0C:5E:76:D8:02:26:F4:36:4D:E1:0D:1F:DD:F8:70:A6:00:CD:17
Certificate issuer:       /CN=991b5422cd5578d4715ebe4c5097202523dd5658
Certificate serial:       018CC34957FF000EE877917EFD19777BC966
Authority key identifier: 99:1B:54:22:CD:55:78:D4:71:5E:BE:4C:50:97:20:25:23:DD:56:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mRtUIs1VeNRxXr5MUJcgJSPdVlg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/5811c0-6dae-4dd4-987c-d46ffc501f36/1/kwxedtgCJvQ2TeENH934cKYAzRc.roa
Signing time:             Mon 01 Jan 2024 04:30:12 +0000
ROA not before:           Mon 01 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139321
IP address blocks:        2001:678:acc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/5811c0-6dae-4dd4-987c-d46ffc501f36/1/mRtUIs1VeNRxXr5MUJcgJSPdVlg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/5811c0-6dae-4dd4-987c-d46ffc501f36/1/mRtUIs1VeNRxXr5MUJcgJSPdVlg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mRtUIs1VeNRxXr5MUJcgJSPdVlg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:57:ff:00:0e:e8:77:91:7e:fd:19:77:7b:c9:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=991b5422cd5578d4715ebe4c5097202523dd5658
        Validity
            Not Before: Jan  1 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=930c5e76d80226f4364de10d1fddf870a600cd17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:2a:11:68:2a:5f:47:34:5c:bf:11:a8:32:d9:
                    de:12:1c:d9:13:0b:89:43:53:36:47:42:b2:37:25:
                    64:f1:b6:02:7a:be:71:04:ce:90:ba:2c:86:5c:93:
                    e4:c0:11:d9:13:83:66:dd:25:46:6a:35:53:c8:24:
                    27:9a:cb:b0:01:41:c6:ee:72:f2:23:d6:8c:ae:4a:
                    2e:83:70:af:77:bc:87:3c:a4:3a:87:0e:e1:be:36:
                    da:3b:be:ca:5b:ca:37:af:d6:ed:21:81:df:52:2c:
                    aa:8f:c8:7d:68:bc:dd:d5:32:cc:8a:94:54:30:d8:
                    37:86:00:5f:ae:ad:c9:ec:45:4d:b8:f8:ec:69:75:
                    4c:19:eb:ba:c5:84:e0:5c:41:35:84:fa:cd:e4:d4:
                    55:26:39:a0:c0:bc:fe:d1:cb:40:e4:d6:71:d3:c5:
                    42:16:59:f5:d8:6d:b0:c7:f1:82:c6:e0:7f:86:f0:
                    b6:11:ae:4a:a6:94:fe:9a:65:77:16:ab:b1:d5:f3:
                    db:50:d3:f1:23:9b:b4:83:d0:c7:d9:de:66:23:0d:
                    34:c6:7d:af:64:b1:f4:ed:6c:7e:49:a8:b9:35:14:
                    94:0c:7e:c6:21:cf:94:be:7a:68:0d:3e:03:23:f0:
                    ed:14:3a:23:ba:f7:c6:8e:64:b2:6e:9d:f2:a6:af:
                    e3:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:0C:5E:76:D8:02:26:F4:36:4D:E1:0D:1F:DD:F8:70:A6:00:CD:17
            X509v3 Authority Key Identifier:
                keyid:99:1B:54:22:CD:55:78:D4:71:5E:BE:4C:50:97:20:25:23:DD:56:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mRtUIs1VeNRxXr5MUJcgJSPdVlg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/5811c0-6dae-4dd4-987c-d46ffc501f36/1/kwxedtgCJvQ2TeENH934cKYAzRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/5811c0-6dae-4dd4-987c-d46ffc501f36/1/mRtUIs1VeNRxXr5MUJcgJSPdVlg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:acc::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:7c:07:07:cd:12:86:5e:a7:7b:c1:fb:36:de:d5:a5:2b:8f:
         a4:3c:73:b4:ed:c1:27:9b:7c:b4:62:27:a8:ac:b7:18:64:a3:
         44:97:16:b9:0c:68:2d:ac:16:26:75:75:ec:94:55:26:9f:8f:
         ad:ad:e4:49:0b:4f:a8:7d:10:ec:9b:6f:10:ea:6c:4c:7e:41:
         ed:db:9a:de:cb:c0:a7:cf:ec:4e:1c:44:25:94:3a:7f:10:a1:
         d5:bd:09:f0:96:f4:de:66:9e:6c:ac:7a:35:d2:27:5d:73:05:
         7a:c7:a3:5e:35:e8:fc:3c:66:aa:ce:d9:70:d8:67:d8:39:fd:
         6b:f3:8d:ee:79:82:e0:2e:22:f0:c8:97:c3:ac:20:8f:c7:2b:
         3d:cd:fa:2b:ed:b0:5a:4d:e0:c9:e8:96:3f:ba:0e:13:9b:9a:
         ea:29:06:61:74:37:c7:5b:6b:cd:77:88:37:33:20:be:88:3d:
         44:75:f1:44:30:7d:cd:15:e7:a3:7a:5b:ce:0d:00:82:a7:fa:
         b6:1c:66:6f:32:75:1e:19:e5:66:b3:fa:ea:3c:26:20:7d:fb:
         8b:18:1c:22:50:69:f2:08:ac:de:e7:e2:41:60:0e:e9:2d:73:
         05:74:47:6e:f0:71:3e:2c:4e:1c:79:09:52:bf:40:70:23:1b:
         1c:ea:6b:56
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSVf/AA7od5F+/Rl3e8lmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MWI1NDIyY2Q1NTc4ZDQ3MTVlYmU0YzUwOTcyMDI1MjNk
ZDU2NTgwHhcNMjQwMTAxMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzBjNWU3NmQ4MDIyNmY0MzY0ZGUxMGQxZmRkZjg3MGE2MDBjZDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyoRaCpfRzRcvxGoMtneEhzZEwuJ
Q1M2R0KyNyVk8bYCer5xBM6QuiyGXJPkwBHZE4Nm3SVGajVTyCQnmsuwAUHG7nLy
I9aMrkoug3Cvd7yHPKQ6hw7hvjbaO77KW8o3r9btIYHfUiyqj8h9aLzd1TLMipRU
MNg3hgBfrq3J7EVNuPjsaXVMGeu6xYTgXEE1hPrN5NRVJjmgwLz+0ctA5NZx08VC
Fln12G2wx/GCxuB/hvC2Ea5KppT+mmV3Fqux1fPbUNPxI5u0g9DH2d5mIw00xn2v
ZLH07Wx+Sai5NRSUDH7GIc+UvnpoDT4DI/DtFDojuvfGjmSybp3ypq/jrQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJMMXnbYAib0Nk3hDR/d+HCmAM0XMB8GA1UdIwQY
MBaAFJkbVCLNVXjUcV6+TFCXICUj3VZYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVJ0VUlzMVZlTlJ4WHI1TVVKY2dKU1BkVmxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy81ODExYzAtNmRhZS00ZGQ0LTk4N2Mt
ZDQ2ZmZjNTAxZjM2LzEva3d4ZWR0Z0NKdlEyVGVFTkg5MzRjS1lBelJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy81ODExYzAtNmRhZS00ZGQ0LTk4N2MtZDQ2ZmZjNTAxZjM2
LzEvbVJ0VUlzMVZlTlJ4WHI1TVVKY2dKU1BkVmxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeArM
MA0GCSqGSIb3DQEBCwUAA4IBAQBKfAcHzRKGXqd7wfs23tWlK4+kPHO07cEnm3y0
YieorLcYZKNElxa5DGgtrBYmdXXslFUmn4+treRJC0+ofRDsm28Q6mxMfkHt25re
y8Cnz+xOHEQllDp/EKHVvQnwlvTeZp5srHo10iddcwV6x6NeNej8PGaqztlw2GfY
Of1r843ueYLgLiLwyJfDrCCPxys9zfor7bBaTeDJ6JY/ug4Tm5rqKQZhdDfHW2vN
d4g3MyC+iD1EdfFEMH3NFeejelvODQCCp/q2HGZvMnUeGeVms/rqPCYgffuLGBwi
UGnyCKze5+JBYA7pLXMFdEdu8HE+LE4ceQlSv0BwIxsc6mtW
-----END CERTIFICATE-----