Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/3439d8-7ea3-4e32-9352-ba1ed9474ba2/1/miz2H_HUj0t370Uf87CcanT4HuA.roa
File:                     miz2H_HUj0t370Uf87CcanT4HuA.roa (raw, json)
Hash identifier:          G4t42NHlxbaJn0FBMROUHfBWF1rEcbgYt27SpH6Es48=
Subject key identifier:   9A:2C:F6:1F:F1:D4:8F:4B:77:EF:45:1F:F3:B0:9C:6A:74:F8:1E:E0
Certificate issuer:       /CN=f68e231d5551876e15afc6637eab7fca80088391
Certificate serial:       018CC349441610EAC3E174BC7BA329E66B8C
Authority key identifier: F6:8E:23:1D:55:51:87:6E:15:AF:C6:63:7E:AB:7F:CA:80:08:83:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9o4jHVVRh24Vr8Zjfqt_yoAIg5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/3439d8-7ea3-4e32-9352-ba1ed9474ba2/1/miz2H_HUj0t370Uf87CcanT4HuA.roa
Signing time:             Mon 01 Jan 2024 04:30:07 +0000
ROA not before:           Mon 01 Jan 2024 04:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213100
IP address blocks:        2001:678:d68::/48 maxlen: 48
                          2001:678:d6c::/48 maxlen: 48
                          2001:67c:2848::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/3439d8-7ea3-4e32-9352-ba1ed9474ba2/1/9o4jHVVRh24Vr8Zjfqt_yoAIg5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/3439d8-7ea3-4e32-9352-ba1ed9474ba2/1/9o4jHVVRh24Vr8Zjfqt_yoAIg5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9o4jHVVRh24Vr8Zjfqt_yoAIg5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 13:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:44:16:10:ea:c3:e1:74:bc:7b:a3:29:e6:6b:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f68e231d5551876e15afc6637eab7fca80088391
        Validity
            Not Before: Jan  1 04:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a2cf61ff1d48f4b77ef451ff3b09c6a74f81ee0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ed:a6:78:19:4b:4d:52:a9:92:bd:e4:cd:d6:
                    35:63:6c:21:6f:e9:1f:7e:99:32:63:14:9f:9e:ac:
                    6f:f3:9c:8a:10:9e:97:83:1b:fc:f2:f9:21:22:1b:
                    fb:a9:1d:71:5a:05:e9:20:ad:56:c3:b2:de:ad:b1:
                    d8:b1:8f:cb:8e:9e:38:5f:2d:b9:4b:33:2c:e1:01:
                    66:8f:ba:f6:aa:6e:62:ea:a2:1a:17:7a:8a:d7:c1:
                    09:c7:01:ca:55:4d:20:99:7b:7c:bd:b8:09:ac:7a:
                    02:aa:19:bc:4d:87:4a:a3:7c:86:61:0d:a2:79:25:
                    77:ec:86:bc:80:36:a2:af:23:24:27:80:b4:27:87:
                    87:f3:b0:15:48:5a:57:ee:4b:47:7a:ae:90:1c:14:
                    c5:f6:95:dc:3d:61:64:98:78:43:07:30:19:40:15:
                    da:48:86:fa:28:01:0f:0f:4f:40:c0:0c:0f:e4:f5:
                    70:96:dc:fa:aa:15:2a:c1:00:06:63:d8:1d:8f:45:
                    6b:1c:53:91:2c:56:24:2e:df:ae:e7:1f:23:03:97:
                    dd:b1:90:19:15:f3:b0:1b:6b:89:77:6b:43:6c:2d:
                    36:ac:48:c4:39:dd:e7:91:55:87:43:48:eb:12:81:
                    77:c5:15:2b:5f:d3:70:f0:f7:b3:27:a7:4f:62:c3:
                    11:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:2C:F6:1F:F1:D4:8F:4B:77:EF:45:1F:F3:B0:9C:6A:74:F8:1E:E0
            X509v3 Authority Key Identifier:
                keyid:F6:8E:23:1D:55:51:87:6E:15:AF:C6:63:7E:AB:7F:CA:80:08:83:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9o4jHVVRh24Vr8Zjfqt_yoAIg5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/3439d8-7ea3-4e32-9352-ba1ed9474ba2/1/miz2H_HUj0t370Uf87CcanT4HuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/3439d8-7ea3-4e32-9352-ba1ed9474ba2/1/9o4jHVVRh24Vr8Zjfqt_yoAIg5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d68::/48
                  2001:678:d6c::/48
                  2001:67c:2848::/48

    Signature Algorithm: sha256WithRSAEncryption
         ad:8f:63:cf:70:97:da:65:06:ca:31:04:75:84:e9:5f:a5:18:
         48:13:f6:28:2a:fa:04:2b:a9:49:43:d9:16:fc:60:98:a7:00:
         51:1f:2d:27:ac:f0:4c:16:c6:0c:76:1b:c9:13:38:45:70:f2:
         8c:c6:53:5c:8d:9d:53:ea:b5:c6:e4:2e:e2:fe:e0:d1:0b:69:
         55:f2:01:42:9c:8f:48:bf:b0:f9:85:a9:70:a9:d5:76:cd:22:
         7e:64:e1:85:6f:f9:b9:c6:d5:66:ee:a2:83:8e:4d:92:27:39:
         3e:7c:2a:db:7e:1a:9a:a5:f6:3b:0c:b5:cf:a9:cf:bd:cb:bf:
         a5:50:fd:22:dc:96:c9:5c:92:5b:0e:9a:dd:c4:f3:0a:8a:57:
         4e:a3:97:31:6c:11:eb:23:00:ad:ee:8f:46:05:38:98:20:f3:
         95:16:4f:80:a3:ed:a8:36:4d:ce:14:ef:ae:c4:29:0c:82:46:
         8f:68:39:0a:c7:91:12:39:e9:df:83:15:fe:1e:73:ed:27:86:
         e5:42:87:5c:db:28:44:14:e8:08:9c:e7:6e:30:54:44:66:59:
         4e:62:cd:44:aa:95:6e:88:4a:bb:40:58:2c:fb:3a:30:96:0c:
         db:66:29:f2:0a:e9:d1:b8:9c:16:62:02:a8:13:9f:ba:71:a6:
         d2:0f:eb:06
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDSUQWEOrD4XS8e6Mp5muMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2OGUyMzFkNTU1MTg3NmUxNWFmYzY2MzdlYWI3ZmNhODAw
ODgzOTEwHhcNMjQwMTAxMDQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTJjZjYxZmYxZDQ4ZjRiNzdlZjQ1MWZmM2IwOWM2YTc0ZjgxZWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnO2meBlLTVKpkr3kzdY1Y2whb+kf
fpkyYxSfnqxv85yKEJ6Xgxv88vkhIhv7qR1xWgXpIK1Ww7LerbHYsY/Ljp44Xy25
SzMs4QFmj7r2qm5i6qIaF3qK18EJxwHKVU0gmXt8vbgJrHoCqhm8TYdKo3yGYQ2i
eSV37Ia8gDairyMkJ4C0J4eH87AVSFpX7ktHeq6QHBTF9pXcPWFkmHhDBzAZQBXa
SIb6KAEPD09AwAwP5PVwltz6qhUqwQAGY9gdj0VrHFORLFYkLt+u5x8jA5fdsZAZ
FfOwG2uJd2tDbC02rEjEOd3nkVWHQ0jrEoF3xRUrX9Nw8PezJ6dPYsMRewIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJos9h/x1I9Ld+9FH/OwnGp0+B7gMB8GA1UdIwQY
MBaAFPaOIx1VUYduFa/GY36rf8qACIORMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOW80akhWVlJoMjRWcjhaamZxdF95b0FJZzVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8zNDM5ZDgtN2VhMy00ZTMyLTkzNTIt
YmExZWQ5NDc0YmEyLzEvbWl6MkhfSFVqMHQzNzBVZjg3Q2NhblQ0SHVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8zNDM5ZDgtN2VhMy00ZTMyLTkzNTItYmExZWQ5NDc0YmEy
LzEvOW80akhWVlJoMjRWcjhaamZxdF95b0FJZzVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAIAEGeA1o
AwcAIAEGeA1sAwcAIAEGfChIMA0GCSqGSIb3DQEBCwUAA4IBAQCtj2PPcJfaZQbK
MQR1hOlfpRhIE/YoKvoEK6lJQ9kW/GCYpwBRHy0nrPBMFsYMdhvJEzhFcPKMxlNc
jZ1T6rXG5C7i/uDRC2lV8gFCnI9Iv7D5halwqdV2zSJ+ZOGFb/m5xtVm7qKDjk2S
Jzk+fCrbfhqapfY7DLXPqc+9y7+lUP0i3JbJXJJbDprdxPMKildOo5cxbBHrIwCt
7o9GBTiYIPOVFk+Ao+2oNk3OFO+uxCkMgkaPaDkKx5ESOenfgxX+HnPtJ4blQodc
2yhEFOgInOduMFREZllOYs1EqpVuiEq7QFgs+zowlgzbZinyCunRuJwWYgKoE5+6
cabSD+sG
-----END CERTIFICATE-----