Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/955ed1-8b40-4185-84a9-2ddcf56a763e/1/A9st79ruM4hRubY3iQwXZmZj_I0.roa
File:                     A9st79ruM4hRubY3iQwXZmZj_I0.roa (raw, json)
Hash identifier:          DWubeyufd6g6p+JjdLLB4PNzmgaDWrJRIVEYf825um8=
Subject key identifier:   03:DB:2D:EF:DA:EE:33:88:51:B9:B6:37:89:0C:17:66:66:63:FC:8D
Certificate issuer:       /CN=23f1e09f0e6ed891ad17d6ce4a3c7328d759b4c8
Certificate serial:       018CC9BBBC9C56C84F9799249177462FA3CE
Authority key identifier: 23:F1:E0:9F:0E:6E:D8:91:AD:17:D6:CE:4A:3C:73:28:D7:59:B4:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I_Hgnw5u2JGtF9bOSjxzKNdZtMg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/955ed1-8b40-4185-84a9-2ddcf56a763e/1/A9st79ruM4hRubY3iQwXZmZj_I0.roa
Signing time:             Tue 02 Jan 2024 10:32:53 +0000
ROA not before:           Tue 02 Jan 2024 10:32:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8995
IP address blocks:        2001:678:394::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/955ed1-8b40-4185-84a9-2ddcf56a763e/1/I_Hgnw5u2JGtF9bOSjxzKNdZtMg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/955ed1-8b40-4185-84a9-2ddcf56a763e/1/I_Hgnw5u2JGtF9bOSjxzKNdZtMg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I_Hgnw5u2JGtF9bOSjxzKNdZtMg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 04:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:bc:9c:56:c8:4f:97:99:24:91:77:46:2f:a3:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23f1e09f0e6ed891ad17d6ce4a3c7328d759b4c8
        Validity
            Not Before: Jan  2 10:32:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03db2defdaee338851b9b637890c17666663fc8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:fa:57:c5:a8:25:fe:6c:bc:cf:54:fb:f3:71:
                    4f:b0:4a:0e:7c:60:09:1e:05:b4:c7:6d:45:3c:d6:
                    75:5e:d0:2b:2c:fd:f9:32:9c:fc:82:a6:71:7c:42:
                    c6:2f:e4:00:35:ba:34:90:b4:72:85:d9:be:bf:21:
                    89:55:5c:c8:3c:79:dd:64:be:b2:03:ee:ac:25:4d:
                    a9:95:a7:a6:b4:b3:6c:d2:0d:71:7d:f9:26:ac:07:
                    29:c6:c0:73:59:7d:d9:39:25:3c:a5:8d:ce:46:56:
                    a0:4b:55:1c:cd:3b:21:36:01:59:a0:12:29:64:53:
                    84:a0:88:0b:6e:1d:3f:dc:93:d4:ad:63:f2:c5:d7:
                    af:93:aa:cf:85:a0:ff:d9:53:e9:3e:44:77:92:e4:
                    e3:65:49:64:61:39:2c:f8:db:e7:d9:90:88:c3:3e:
                    1d:6d:10:92:be:1b:7d:f2:a3:0b:03:6c:6d:ac:b1:
                    2c:14:33:1c:63:21:b3:34:1a:d4:cd:0f:92:a4:ad:
                    0d:35:cc:c0:49:22:63:da:95:89:62:c4:af:91:f2:
                    ae:7a:63:64:4c:df:25:a1:7b:f2:91:e8:78:de:74:
                    ad:a1:98:58:e1:e5:71:66:fb:23:59:ec:84:ae:95:
                    b9:48:ec:e7:ae:b3:61:9b:10:2e:d0:ce:2a:ec:15:
                    9f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:DB:2D:EF:DA:EE:33:88:51:B9:B6:37:89:0C:17:66:66:63:FC:8D
            X509v3 Authority Key Identifier:
                keyid:23:F1:E0:9F:0E:6E:D8:91:AD:17:D6:CE:4A:3C:73:28:D7:59:B4:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I_Hgnw5u2JGtF9bOSjxzKNdZtMg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/955ed1-8b40-4185-84a9-2ddcf56a763e/1/A9st79ruM4hRubY3iQwXZmZj_I0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/955ed1-8b40-4185-84a9-2ddcf56a763e/1/I_Hgnw5u2JGtF9bOSjxzKNdZtMg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:394::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:53:8b:bc:07:b0:a2:ee:be:07:10:5c:e7:f3:43:cc:49:c9:
         c9:8a:3b:e6:b3:98:65:d7:27:af:8e:7e:36:1e:66:86:a3:98:
         c8:2a:78:51:11:e1:75:02:63:03:d3:66:7f:e6:a6:c1:f8:8a:
         d6:66:a7:09:67:73:90:d0:fb:fd:b7:e1:24:a1:d3:62:4f:96:
         36:c9:dd:14:31:77:04:ef:0d:c0:c7:81:c6:67:b3:a6:3a:91:
         f5:bf:5e:0a:49:91:67:ea:cb:4a:11:6d:35:b6:eb:90:9d:43:
         89:92:49:4d:8d:7f:17:ae:ef:b3:14:b3:a4:94:e2:18:af:0f:
         4f:10:14:6f:26:39:ec:ff:f8:cc:66:ce:c7:7e:38:74:94:18:
         36:48:33:f4:3a:b8:ae:20:d6:14:71:69:f5:fa:21:ff:9e:35:
         19:9d:6c:d7:56:5f:2d:db:cb:44:d8:71:2e:73:15:e3:f1:72:
         3e:75:45:0d:c5:9f:fe:f5:e1:ea:8c:ab:42:58:cb:5e:93:78:
         ef:16:a3:b3:2a:9d:b8:1c:2c:5d:23:01:37:ab:67:91:9d:e5:
         90:e2:9c:47:77:57:ab:06:33:5d:c8:fa:35:48:34:89:85:43:
         38:f6:bf:64:93:79:1d:5b:5a:ee:3e:30:d0:a0:11:9c:9d:5d:
         3d:1f:03:d7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJu7ycVshPl5kkkXdGL6POMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZjFlMDlmMGU2ZWQ4OTFhZDE3ZDZjZTRhM2M3MzI4ZDc1
OWI0YzgwHhcNMjQwMTAyMTAzMjUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2RiMmRlZmRhZWUzMzg4NTFiOWI2Mzc4OTBjMTc2NjY2NjNmYzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPpXxagl/my8z1T783FPsEoOfGAJ
HgW0x21FPNZ1XtArLP35Mpz8gqZxfELGL+QANbo0kLRyhdm+vyGJVVzIPHndZL6y
A+6sJU2plaemtLNs0g1xffkmrAcpxsBzWX3ZOSU8pY3ORlagS1UczTshNgFZoBIp
ZFOEoIgLbh0/3JPUrWPyxdevk6rPhaD/2VPpPkR3kuTjZUlkYTks+Nvn2ZCIwz4d
bRCSvht98qMLA2xtrLEsFDMcYyGzNBrUzQ+SpK0NNczASSJj2pWJYsSvkfKuemNk
TN8loXvykeh43nStoZhY4eVxZvsjWeyErpW5SOznrrNhmxAu0M4q7BWfDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAPbLe/a7jOIUbm2N4kMF2ZmY/yNMB8GA1UdIwQY
MBaAFCPx4J8ObtiRrRfWzko8cyjXWbTIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSV9IZ253NXUySkd0RjliT1NqeHpLTmRadE1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC85NTVlZDEtOGI0MC00MTg1LTg0YTkt
MmRkY2Y1NmE3NjNlLzEvQTlzdDc5cnVNNGhSdWJZM2lRd1habVpqX0kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC85NTVlZDEtOGI0MC00MTg1LTg0YTktMmRkY2Y1NmE3NjNl
LzEvSV9IZ253NXUySkd0RjliT1NqeHpLTmRadE1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAOU
MA0GCSqGSIb3DQEBCwUAA4IBAQBaU4u8B7Ci7r4HEFzn80PMScnJijvms5hl1yev
jn42HmaGo5jIKnhREeF1AmMD02Z/5qbB+IrWZqcJZ3OQ0Pv9t+EkodNiT5Y2yd0U
MXcE7w3Ax4HGZ7OmOpH1v14KSZFn6stKEW01tuuQnUOJkklNjX8Xru+zFLOklOIY
rw9PEBRvJjns//jMZs7Hfjh0lBg2SDP0OriuINYUcWn1+iH/njUZnWzXVl8t28tE
2HEucxXj8XI+dUUNxZ/+9eHqjKtCWMtek3jvFqOzKp24HCxdIwE3q2eRneWQ4pxH
d1erBjNdyPo1SDSJhUM49r9kk3kdW1ruPjDQoBGcnV09HwPX
-----END CERTIFICATE-----