Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/2f9689-a915-4127-a470-85c305f9fe6f/1/n0_FBdwIGNbN6YeP72FocbCAUnY.roa
File:                     n0_FBdwIGNbN6YeP72FocbCAUnY.roa (raw, json)
Hash identifier:          c6/gzPejw8PrruMY0gKKCpiJTHwDgNBp+O5m6ZIsXl0=
Subject key identifier:   9F:4F:C5:05:DC:08:18:D6:CD:E9:87:8F:EF:61:68:71:B0:80:52:76
Certificate issuer:       /CN=23162bbf0246cda2280a293432ae6f0bd6826131
Certificate serial:       018CC3489A7703959771438D94C7352B7C09
Authority key identifier: 23:16:2B:BF:02:46:CD:A2:28:0A:29:34:32:AE:6F:0B:D6:82:61:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IxYrvwJGzaIoCik0Mq5vC9aCYTE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/2f9689-a915-4127-a470-85c305f9fe6f/1/n0_FBdwIGNbN6YeP72FocbCAUnY.roa
Signing time:             Mon 01 Jan 2024 04:29:24 +0000
ROA not before:           Mon 01 Jan 2024 04:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198902
IP address blocks:        2001:678:f7c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/2f9689-a915-4127-a470-85c305f9fe6f/1/IxYrvwJGzaIoCik0Mq5vC9aCYTE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/2f9689-a915-4127-a470-85c305f9fe6f/1/IxYrvwJGzaIoCik0Mq5vC9aCYTE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IxYrvwJGzaIoCik0Mq5vC9aCYTE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:9a:77:03:95:97:71:43:8d:94:c7:35:2b:7c:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23162bbf0246cda2280a293432ae6f0bd6826131
        Validity
            Not Before: Jan  1 04:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f4fc505dc0818d6cde9878fef616871b0805276
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:19:49:ac:98:a8:2c:33:d0:e2:73:b2:ab:de:
                    ad:e2:74:7f:74:d8:b2:61:00:66:cf:2e:de:37:68:
                    5b:c6:e2:8a:68:1c:e3:44:76:00:4c:2e:a4:e7:23:
                    c6:80:12:85:c9:7c:d5:2c:43:38:cd:22:6b:89:9c:
                    9d:60:f3:14:21:15:c2:9e:ee:83:03:ba:95:96:a2:
                    b2:2a:3d:fd:0a:b9:fd:d0:06:27:9a:f8:44:65:0e:
                    10:12:29:01:fb:68:46:e2:a5:c0:48:b0:56:a3:16:
                    4a:db:cc:9e:ad:6d:e5:6f:fc:f1:a3:b0:0f:87:27:
                    dc:a3:58:af:85:c5:32:9d:75:25:ca:e2:f3:93:eb:
                    e9:62:a3:3e:b6:b9:09:84:3b:56:78:6c:4b:fd:f7:
                    8c:22:0f:05:a5:62:9d:74:09:38:94:22:1c:9c:06:
                    7f:3f:2a:46:ea:e5:c3:fa:d3:10:80:f2:1b:34:90:
                    d3:a7:75:43:e0:b5:a0:2f:c0:1a:df:0f:9a:46:a6:
                    67:7a:6c:90:cb:c6:e2:e0:3a:44:85:25:2b:bc:aa:
                    0f:59:b6:4c:92:6a:35:44:4c:31:fe:47:67:a6:7a:
                    6a:4b:8c:93:73:00:fb:34:b1:b0:7b:75:0b:a0:d5:
                    62:f6:ff:f9:3d:60:45:4f:23:36:79:4f:c2:f4:71:
                    3d:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:4F:C5:05:DC:08:18:D6:CD:E9:87:8F:EF:61:68:71:B0:80:52:76
            X509v3 Authority Key Identifier:
                keyid:23:16:2B:BF:02:46:CD:A2:28:0A:29:34:32:AE:6F:0B:D6:82:61:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IxYrvwJGzaIoCik0Mq5vC9aCYTE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/2f9689-a915-4127-a470-85c305f9fe6f/1/n0_FBdwIGNbN6YeP72FocbCAUnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/2f9689-a915-4127-a470-85c305f9fe6f/1/IxYrvwJGzaIoCik0Mq5vC9aCYTE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f7c::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:2b:f9:e9:97:46:aa:81:c1:d6:a7:17:a5:38:1f:f8:2c:11:
         0c:4b:b9:4e:0f:78:03:4d:1b:89:43:7a:c5:f1:86:cd:31:f2:
         f3:fc:d2:48:1e:02:0f:9e:79:22:f1:7f:54:54:98:38:fa:15:
         5e:56:92:69:00:af:d7:07:a9:00:e6:07:28:ab:ce:5f:7a:4c:
         67:85:24:92:e6:df:a9:78:fb:f4:05:cf:1d:6d:dd:10:89:e4:
         07:b0:45:ec:9f:6a:8e:01:18:97:d3:7d:d5:02:72:a2:58:7c:
         36:93:58:98:d1:cc:18:8b:d1:86:93:79:71:c0:bf:4c:46:0d:
         62:96:28:7b:e7:96:e2:8b:f4:b0:97:4b:c8:66:b8:a3:aa:ee:
         ca:03:b4:e4:41:f0:44:c5:d2:ee:75:16:d1:91:25:c9:14:3b:
         97:fd:d7:22:50:aa:dd:42:a3:25:0d:c1:30:ba:be:34:95:fe:
         5f:e9:54:41:1b:80:e2:8a:9e:17:25:b4:c5:00:91:3e:40:f6:
         f4:39:dd:20:74:9a:4c:02:11:2f:7b:70:9b:22:b1:95:69:4d:
         e0:3a:f0:24:9c:bf:ca:dd:48:7e:08:07:be:42:c7:5f:80:5e:
         44:81:f0:e0:87:03:88:55:8e:b3:08:47:cb:fb:30:f4:3e:b9:
         72:84:cd:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSJp3A5WXcUONlMc1K3wJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMTYyYmJmMDI0NmNkYTIyODBhMjkzNDMyYWU2ZjBiZDY4
MjYxMzEwHhcNMjQwMTAxMDQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjRmYzUwNWRjMDgxOGQ2Y2RlOTg3OGZlZjYxNjg3MWIwODA1Mjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8xlJrJioLDPQ4nOyq96t4nR/dNiy
YQBmzy7eN2hbxuKKaBzjRHYATC6k5yPGgBKFyXzVLEM4zSJriZydYPMUIRXCnu6D
A7qVlqKyKj39Crn90AYnmvhEZQ4QEikB+2hG4qXASLBWoxZK28yerW3lb/zxo7AP
hyfco1ivhcUynXUlyuLzk+vpYqM+trkJhDtWeGxL/feMIg8FpWKddAk4lCIcnAZ/
PypG6uXD+tMQgPIbNJDTp3VD4LWgL8Aa3w+aRqZnemyQy8bi4DpEhSUrvKoPWbZM
kmo1REwx/kdnpnpqS4yTcwD7NLGwe3ULoNVi9v/5PWBFTyM2eU/C9HE90wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ9PxQXcCBjWzemHj+9haHGwgFJ2MB8GA1UdIwQY
MBaAFCMWK78CRs2iKAopNDKubwvWgmExMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXhZcnZ3Skd6YUlvQ2lrME1xNXZDOWFDWVRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8yZjk2ODktYTkxNS00MTI3LWE0NzAt
ODVjMzA1ZjlmZTZmLzEvbjBfRkJkd0lHTmJONlllUDcyRm9jYkNBVW5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8yZjk2ODktYTkxNS00MTI3LWE0NzAtODVjMzA1ZjlmZTZm
LzEvSXhZcnZ3Skd6YUlvQ2lrME1xNXZDOWFDWVRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA98
MA0GCSqGSIb3DQEBCwUAA4IBAQAVK/npl0aqgcHWpxelOB/4LBEMS7lOD3gDTRuJ
Q3rF8YbNMfLz/NJIHgIPnnki8X9UVJg4+hVeVpJpAK/XB6kA5gcoq85fekxnhSSS
5t+pePv0Bc8dbd0QieQHsEXsn2qOARiX033VAnKiWHw2k1iY0cwYi9GGk3lxwL9M
Rg1ilih755bii/Swl0vIZrijqu7KA7TkQfBExdLudRbRkSXJFDuX/dciUKrdQqMl
DcEwur40lf5f6VRBG4Diip4XJbTFAJE+QPb0Od0gdJpMAhEve3CbIrGVaU3gOvAk
nL/K3Uh+CAe+QsdfgF5EgfDghwOIVY6zCEfL+zD0PrlyhM1M
-----END CERTIFICATE-----