Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/eeeb85-29d4-46bb-b3f6-ac3b6a4567ba/1/9BcAtSmgPT_RPHc9YnJONAohEZQ.roa
File:                     9BcAtSmgPT_RPHc9YnJONAohEZQ.roa (raw, json)
Hash identifier:          0rat6X2aRCx37aGIRfYJBlFMyIJa7kWcgHTZ+2pP0Vw=
Subject key identifier:   F4:17:00:B5:29:A0:3D:3F:D1:3C:77:3D:62:72:4E:34:0A:21:11:94
Certificate issuer:       /CN=a19c643946a059397355420d73bc45f14da2a76b
Certificate serial:       018CC86F8DC272C611FF23156EED172F3935
Authority key identifier: A1:9C:64:39:46:A0:59:39:73:55:42:0D:73:BC:45:F1:4D:A2:A7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oZxkOUagWTlzVUINc7xF8U2ip2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/eeeb85-29d4-46bb-b3f6-ac3b6a4567ba/1/9BcAtSmgPT_RPHc9YnJONAohEZQ.roa
Signing time:             Tue 02 Jan 2024 04:30:03 +0000
ROA not before:           Tue 02 Jan 2024 04:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213364
IP address blocks:        2001:678:d14::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/eeeb85-29d4-46bb-b3f6-ac3b6a4567ba/1/oZxkOUagWTlzVUINc7xF8U2ip2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/eeeb85-29d4-46bb-b3f6-ac3b6a4567ba/1/oZxkOUagWTlzVUINc7xF8U2ip2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oZxkOUagWTlzVUINc7xF8U2ip2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:8d:c2:72:c6:11:ff:23:15:6e:ed:17:2f:39:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a19c643946a059397355420d73bc45f14da2a76b
        Validity
            Not Before: Jan  2 04:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f41700b529a03d3fd13c773d62724e340a211194
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:97:db:11:c3:3f:60:4f:c1:8d:a3:54:46:20:
                    27:a0:1e:7d:28:2e:5b:66:86:a2:ff:81:e4:9d:31:
                    2b:05:a5:13:cf:a7:9a:0c:c0:74:07:a9:f5:59:47:
                    e1:c1:5a:58:6b:74:23:43:24:8b:4b:b6:7f:96:61:
                    20:bd:04:74:52:a2:34:37:3b:65:f8:30:95:28:29:
                    1e:94:93:4e:51:60:3a:fb:2d:6b:97:fe:c6:0b:c6:
                    87:b9:3c:7f:cd:1d:e2:bc:ff:1a:25:45:00:a9:e0:
                    90:0c:1c:25:ad:ae:e0:68:ad:17:68:f3:81:18:32:
                    8f:b7:c2:df:4b:cc:da:07:3f:ce:3b:ff:e2:d1:7f:
                    8e:dd:05:71:61:c3:29:a0:f2:38:96:87:cd:41:ef:
                    70:2a:15:02:38:c4:51:6d:1e:2f:6e:df:d8:7a:5e:
                    c4:5c:a9:94:56:11:c7:8d:80:fe:12:f2:67:c7:97:
                    0d:78:43:84:a4:d4:47:03:09:cf:f4:91:87:70:1e:
                    c0:30:a6:1c:ed:06:3b:04:d9:dc:c9:06:89:50:6a:
                    b0:74:e8:6d:fa:bb:a0:d6:fe:ee:73:33:03:4a:ca:
                    bb:2a:38:67:2e:b5:4c:e1:d3:f1:49:59:9c:7e:fc:
                    a8:86:2f:36:7c:c6:16:f9:4d:e3:96:e6:1e:52:63:
                    bf:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:17:00:B5:29:A0:3D:3F:D1:3C:77:3D:62:72:4E:34:0A:21:11:94
            X509v3 Authority Key Identifier:
                keyid:A1:9C:64:39:46:A0:59:39:73:55:42:0D:73:BC:45:F1:4D:A2:A7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oZxkOUagWTlzVUINc7xF8U2ip2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/eeeb85-29d4-46bb-b3f6-ac3b6a4567ba/1/9BcAtSmgPT_RPHc9YnJONAohEZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/eeeb85-29d4-46bb-b3f6-ac3b6a4567ba/1/oZxkOUagWTlzVUINc7xF8U2ip2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d14::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:6e:b7:6f:d1:33:20:46:b3:62:54:b3:a5:3a:8f:de:1e:6a:
         e3:0f:75:51:38:6c:72:b8:76:47:eb:5f:a6:e8:29:c7:ad:04:
         e5:6b:13:bf:92:cb:8d:81:e6:c9:ea:a2:61:ed:1a:d7:f0:8b:
         96:a3:3d:2b:a5:df:44:62:44:6f:2c:c1:9d:3f:c9:06:09:7c:
         3b:79:75:6e:26:64:72:4a:a4:c2:3a:44:60:b9:67:c6:57:cc:
         6c:06:83:0c:88:67:b3:19:d6:42:a9:1d:d0:12:bc:45:b1:b4:
         23:74:22:b1:36:65:8d:94:2a:0a:9c:82:74:a3:cc:2f:d1:b1:
         2a:f8:2b:4d:27:f5:6a:5a:ca:5f:01:8d:15:06:7a:b5:36:fd:
         ca:93:81:4a:ae:f7:99:0d:1e:15:52:07:67:37:a4:9d:5e:af:
         5d:a5:a6:6c:13:70:58:6c:3b:17:dc:1b:c8:e5:e5:93:b4:e7:
         b4:9e:7d:ca:01:ec:3f:86:bc:9e:3b:f2:e2:09:ff:b9:2f:02:
         2b:cf:18:04:b9:af:e7:25:42:22:e5:fb:52:7a:54:63:82:bd:
         19:44:fb:64:07:01:d6:06:4c:22:21:52:92:a5:fd:9a:24:8c:
         4b:10:75:9e:c7:b9:70:ef:5d:68:2d:55:d4:de:f1:13:38:5b:
         cd:47:1b:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb43CcsYR/yMVbu0XLzk1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExOWM2NDM5NDZhMDU5Mzk3MzU1NDIwZDczYmM0NWYxNGRh
MmE3NmIwHhcNMjQwMTAyMDQzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDE3MDBiNTI5YTAzZDNmZDEzYzc3M2Q2MjcyNGUzNDBhMjExMTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5fbEcM/YE/BjaNURiAnoB59KC5b
Zoai/4HknTErBaUTz6eaDMB0B6n1WUfhwVpYa3QjQySLS7Z/lmEgvQR0UqI0Nztl
+DCVKCkelJNOUWA6+y1rl/7GC8aHuTx/zR3ivP8aJUUAqeCQDBwlra7gaK0XaPOB
GDKPt8LfS8zaBz/OO//i0X+O3QVxYcMpoPI4lofNQe9wKhUCOMRRbR4vbt/Yel7E
XKmUVhHHjYD+EvJnx5cNeEOEpNRHAwnP9JGHcB7AMKYc7QY7BNncyQaJUGqwdOht
+rug1v7uczMDSsq7KjhnLrVM4dPxSVmcfvyohi82fMYW+U3jluYeUmO/AwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPQXALUpoD0/0Tx3PWJyTjQKIRGUMB8GA1UdIwQY
MBaAFKGcZDlGoFk5c1VCDXO8RfFNoqdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1p4a09VYWdXVGx6VlVJTmM3eEY4VTJpcDJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9lZWViODUtMjlkNC00NmJiLWIzZjYt
YWMzYjZhNDU2N2JhLzEvOUJjQXRTbWdQVF9SUEhjOVluSk9OQW9oRVpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9lZWViODUtMjlkNC00NmJiLWIzZjYtYWMzYjZhNDU2N2Jh
LzEvb1p4a09VYWdXVGx6VlVJTmM3eEY4VTJpcDJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA0U
MA0GCSqGSIb3DQEBCwUAA4IBAQCQbrdv0TMgRrNiVLOlOo/eHmrjD3VROGxyuHZH
61+m6CnHrQTlaxO/ksuNgebJ6qJh7RrX8IuWoz0rpd9EYkRvLMGdP8kGCXw7eXVu
JmRySqTCOkRguWfGV8xsBoMMiGezGdZCqR3QErxFsbQjdCKxNmWNlCoKnIJ0o8wv
0bEq+CtNJ/VqWspfAY0VBnq1Nv3Kk4FKrveZDR4VUgdnN6SdXq9dpaZsE3BYbDsX
3BvI5eWTtOe0nn3KAew/hryeO/LiCf+5LwIrzxgEua/nJUIi5ftSelRjgr0ZRPtk
BwHWBkwiIVKSpf2aJIxLEHWex7lw711oLVXU3vETOFvNRxuz
-----END CERTIFICATE-----