Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/c6570e-f22b-488b-a3fe-fdcb93b491e5/1/kkBdxolfOUPYG18H0Fx3c8EbyfY.roa
File:                     kkBdxolfOUPYG18H0Fx3c8EbyfY.roa (raw, json)
Hash identifier:          GmpytjViCrNgUf4tt0mamBGjFcZucbdyFCA0k8kodXY=
Subject key identifier:   92:40:5D:C6:89:5F:39:43:D8:1B:5F:07:D0:5C:77:73:C1:1B:C9:F6
Certificate issuer:       /CN=0ba068483acbc96a31e28bcda54bbeafe3482d19
Certificate serial:       018CC7953F99BB2D1EDF5260600407A2ECC3
Authority key identifier: 0B:A0:68:48:3A:CB:C9:6A:31:E2:8B:CD:A5:4B:BE:AF:E3:48:2D:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C6BoSDrLyWox4ovNpUu-r-NILRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/c6570e-f22b-488b-a3fe-fdcb93b491e5/1/kkBdxolfOUPYG18H0Fx3c8EbyfY.roa
Signing time:             Tue 02 Jan 2024 00:31:36 +0000
ROA not before:           Tue 02 Jan 2024 00:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204345
IP address blocks:        2001:678:634::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/c6570e-f22b-488b-a3fe-fdcb93b491e5/1/C6BoSDrLyWox4ovNpUu-r-NILRk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/c6570e-f22b-488b-a3fe-fdcb93b491e5/1/C6BoSDrLyWox4ovNpUu-r-NILRk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C6BoSDrLyWox4ovNpUu-r-NILRk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:3f:99:bb:2d:1e:df:52:60:60:04:07:a2:ec:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ba068483acbc96a31e28bcda54bbeafe3482d19
        Validity
            Not Before: Jan  2 00:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92405dc6895f3943d81b5f07d05c7773c11bc9f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:f7:d7:66:b0:4a:35:fc:3a:e3:15:df:15:47:
                    0a:e9:a1:e0:66:8c:af:9e:65:27:25:57:e5:84:b9:
                    a7:50:43:43:78:31:4d:08:ff:05:08:97:40:1e:82:
                    55:6c:40:aa:86:c2:0a:e0:16:3a:09:5f:5c:6b:e2:
                    01:19:5f:e6:74:71:9d:da:98:5e:d9:85:17:65:b0:
                    49:58:aa:fa:c8:42:12:08:52:3a:ca:09:9a:48:ea:
                    af:9f:7c:17:86:d9:58:23:29:a9:d7:a3:fe:9f:6b:
                    9b:e1:16:eb:bb:e4:f1:50:05:c2:13:cf:1b:59:bd:
                    e3:1e:ee:2f:f1:25:53:09:9a:07:8d:b6:b4:62:04:
                    a9:5f:cc:0c:23:37:b5:65:b6:72:56:e4:98:ee:19:
                    d9:67:50:8f:54:86:94:22:69:34:b8:05:03:a9:8b:
                    79:2d:2a:b4:9a:43:85:f5:9f:7d:8c:28:0f:50:df:
                    4a:c2:e8:81:fe:7e:0a:d4:27:28:e1:f2:2f:3d:b5:
                    21:33:8e:09:a1:f1:14:ca:5c:df:0a:5b:57:57:11:
                    5c:e5:19:2e:9e:d9:6e:df:7b:ff:a3:3e:1a:a9:48:
                    54:ac:0e:c2:bc:98:a0:87:d3:d3:b3:82:25:17:91:
                    15:c3:0e:23:2f:b5:38:86:6f:f6:c1:a8:81:67:82:
                    f2:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:40:5D:C6:89:5F:39:43:D8:1B:5F:07:D0:5C:77:73:C1:1B:C9:F6
            X509v3 Authority Key Identifier:
                keyid:0B:A0:68:48:3A:CB:C9:6A:31:E2:8B:CD:A5:4B:BE:AF:E3:48:2D:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C6BoSDrLyWox4ovNpUu-r-NILRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c6570e-f22b-488b-a3fe-fdcb93b491e5/1/kkBdxolfOUPYG18H0Fx3c8EbyfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c6570e-f22b-488b-a3fe-fdcb93b491e5/1/C6BoSDrLyWox4ovNpUu-r-NILRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:634::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:0e:46:99:8d:ac:dd:e5:9d:00:a2:f1:3a:81:71:b9:23:5d:
         f5:0b:bf:ff:39:ae:d0:53:9d:00:3d:d2:02:48:0c:f9:b0:8f:
         e8:d7:68:6b:18:51:ec:13:74:70:a9:d0:16:c5:cc:a7:9d:20:
         68:48:0e:2c:d9:e9:27:78:9c:2a:67:27:08:b3:cb:d6:d1:12:
         31:de:a5:67:39:e0:4f:24:1a:ca:67:cf:67:52:08:52:22:9b:
         a1:70:e0:34:ae:ed:3f:d9:57:27:48:79:e7:b8:1f:d8:63:a9:
         45:c9:85:08:0b:5a:5d:c5:6e:91:b9:97:44:b7:ac:1a:94:1f:
         3e:65:d2:b0:82:a4:2f:7a:e3:4a:c9:19:11:85:d7:13:29:e5:
         82:70:93:c2:42:bf:94:8a:16:2a:e3:76:ab:0b:29:51:40:99:
         93:07:36:c3:87:82:80:f4:37:83:cc:54:a5:c8:14:a2:ec:28:
         89:16:2a:43:2d:4c:e1:70:56:d5:f8:85:24:b9:e7:80:93:83:
         20:d7:9e:ef:07:dc:aa:d7:39:ea:6f:ca:ce:30:23:64:90:f4:
         bb:cd:ab:8d:26:77:5b:44:38:0a:43:3a:ab:fc:dc:16:e6:90:
         37:41:28:a1:02:ed:9f:9e:9a:10:9a:bb:1d:d4:11:b2:69:1e:
         05:71:1a:33
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlT+Zuy0e31JgYAQHouzDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYTA2ODQ4M2FjYmM5NmEzMWUyOGJjZGE1NGJiZWFmZTM0
ODJkMTkwHhcNMjQwMTAyMDAzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjQwNWRjNjg5NWYzOTQzZDgxYjVmMDdkMDVjNzc3M2MxMWJjOWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvfXZrBKNfw64xXfFUcK6aHgZoyv
nmUnJVflhLmnUENDeDFNCP8FCJdAHoJVbECqhsIK4BY6CV9ca+IBGV/mdHGd2phe
2YUXZbBJWKr6yEISCFI6ygmaSOqvn3wXhtlYIymp16P+n2ub4Rbru+TxUAXCE88b
Wb3jHu4v8SVTCZoHjba0YgSpX8wMIze1ZbZyVuSY7hnZZ1CPVIaUImk0uAUDqYt5
LSq0mkOF9Z99jCgPUN9KwuiB/n4K1Cco4fIvPbUhM44JofEUylzfCltXVxFc5Rku
ntlu33v/oz4aqUhUrA7CvJigh9PTs4IlF5EVww4jL7U4hm/2waiBZ4LyKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJJAXcaJXzlD2BtfB9Bcd3PBG8n2MB8GA1UdIwQY
MBaAFAugaEg6y8lqMeKLzaVLvq/jSC0ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzZCb1NEckx5V294NG92TnBVdS1yLU5JTFJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9jNjU3MGUtZjIyYi00ODhiLWEzZmUt
ZmRjYjkzYjQ5MWU1LzEva2tCZHhvbGZPVVBZRzE4SDBGeDNjOEVieWZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9jNjU3MGUtZjIyYi00ODhiLWEzZmUtZmRjYjkzYjQ5MWU1
LzEvQzZCb1NEckx5V294NG92TnBVdS1yLU5JTFJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAY0
MA0GCSqGSIb3DQEBCwUAA4IBAQALDkaZjazd5Z0AovE6gXG5I131C7//Oa7QU50A
PdICSAz5sI/o12hrGFHsE3RwqdAWxcynnSBoSA4s2ekneJwqZycIs8vW0RIx3qVn
OeBPJBrKZ89nUghSIpuhcOA0ru0/2VcnSHnnuB/YY6lFyYUIC1pdxW6RuZdEt6wa
lB8+ZdKwgqQveuNKyRkRhdcTKeWCcJPCQr+UihYq43arCylRQJmTBzbDh4KA9DeD
zFSlyBSi7CiJFipDLUzhcFbV+IUkueeAk4Mg157vB9yq1znqb8rOMCNkkPS7zauN
JndbRDgKQzqr/NwW5pA3QSihAu2fnpoQmrsd1BGyaR4FcRoz
-----END CERTIFICATE-----