Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/115961-b872-444d-beaa-be795250cb50/1/Ma8in0t_8XK703H3nf-SX9AaKpQ.roa
File:                     Ma8in0t_8XK703H3nf-SX9AaKpQ.roa (raw, json)
Hash identifier:          fXg75JlYT7O6+ZmCp71evNcqvBqOIzMzozMrVBJYX7E=
Subject key identifier:   31:AF:22:9F:4B:7F:F1:72:BB:D3:71:F7:9D:FF:92:5F:D0:1A:2A:94
Certificate issuer:       /CN=255ff2960129747c51bdab6e183c60ff787ac5e6
Certificate serial:       018CC72730ACB6F0B5CF4CA7E58FD8BCB30B
Authority key identifier: 25:5F:F2:96:01:29:74:7C:51:BD:AB:6E:18:3C:60:FF:78:7A:C5:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JV_ylgEpdHxRvatuGDxg_3h6xeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/115961-b872-444d-beaa-be795250cb50/1/Ma8in0t_8XK703H3nf-SX9AaKpQ.roa
Signing time:             Mon 01 Jan 2024 22:31:23 +0000
ROA not before:           Mon 01 Jan 2024 22:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206506
IP address blocks:        2001:678:360::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/115961-b872-444d-beaa-be795250cb50/1/JV_ylgEpdHxRvatuGDxg_3h6xeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/115961-b872-444d-beaa-be795250cb50/1/JV_ylgEpdHxRvatuGDxg_3h6xeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JV_ylgEpdHxRvatuGDxg_3h6xeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Nov 2024 23:00:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:30:ac:b6:f0:b5:cf:4c:a7:e5:8f:d8:bc:b3:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=255ff2960129747c51bdab6e183c60ff787ac5e6
        Validity
            Not Before: Jan  1 22:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31af229f4b7ff172bbd371f79dff925fd01a2a94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:99:72:74:8e:f9:73:ec:f5:f3:6d:4e:81:0b:
                    31:f0:fd:ee:19:28:39:f6:34:41:21:af:ae:68:c1:
                    a7:30:e2:70:54:30:4d:f5:49:97:75:58:c6:b3:32:
                    c6:80:48:e4:36:94:67:b8:ae:13:7b:f5:5d:d9:11:
                    bb:50:b2:de:23:ff:83:0a:cb:ae:ba:8f:7a:a9:16:
                    30:4d:b3:44:fa:8d:11:ef:ff:67:78:d4:b0:b8:7b:
                    80:78:48:af:50:a2:27:40:37:22:89:38:ce:bb:81:
                    a8:fc:91:98:75:2b:b6:2b:a5:db:ef:10:40:b9:cd:
                    4c:5f:68:96:76:be:52:6e:7c:f5:9c:d9:2e:3b:4f:
                    36:65:27:f7:30:5e:3a:b9:15:7b:42:10:82:af:62:
                    70:f2:67:e5:99:b3:fb:de:43:0e:2e:89:da:e6:fe:
                    83:87:ad:38:f0:c4:5d:b5:44:b8:2c:e8:30:3b:c0:
                    d8:7f:84:05:a6:45:91:77:c1:fe:9e:3c:fc:6a:13:
                    33:4e:b1:35:12:24:8c:05:49:a9:c5:b9:bd:eb:32:
                    86:e6:e7:11:4e:bc:3b:4b:e1:93:0f:d3:8f:36:e7:
                    c4:1c:7a:78:1d:73:f9:62:bc:cd:6c:de:3f:92:9e:
                    f7:16:33:cf:6e:fe:30:ee:96:23:9f:aa:a7:a9:c1:
                    ce:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:AF:22:9F:4B:7F:F1:72:BB:D3:71:F7:9D:FF:92:5F:D0:1A:2A:94
            X509v3 Authority Key Identifier:
                keyid:25:5F:F2:96:01:29:74:7C:51:BD:AB:6E:18:3C:60:FF:78:7A:C5:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JV_ylgEpdHxRvatuGDxg_3h6xeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/115961-b872-444d-beaa-be795250cb50/1/Ma8in0t_8XK703H3nf-SX9AaKpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/115961-b872-444d-beaa-be795250cb50/1/JV_ylgEpdHxRvatuGDxg_3h6xeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:360::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:74:9b:dc:20:cf:a6:9d:13:f3:56:68:fd:b1:8f:0d:02:40:
         d9:9e:93:87:16:c0:3f:f6:79:25:3c:c4:60:75:c5:c6:41:a8:
         5e:67:b5:52:9c:5c:e5:a4:90:43:94:36:36:a6:ab:3c:0e:3f:
         08:a3:01:3d:50:7a:09:32:59:35:eb:fa:58:c9:54:17:68:8b:
         65:bb:13:3f:94:f0:e3:22:7f:e8:59:c9:56:2d:17:51:9c:9e:
         96:84:9d:8d:48:ba:9d:7d:fc:a2:84:0b:73:46:f3:07:5c:e2:
         b2:c8:9b:e8:34:0a:6d:49:93:7b:30:0b:85:28:12:23:83:b4:
         55:c5:a7:84:e4:4f:10:10:98:ca:c3:1f:17:0f:0d:95:0f:ff:
         2a:bd:07:d1:a6:27:a9:d1:d2:25:b7:8b:6a:9d:9b:07:d9:9a:
         43:ef:74:1b:14:b0:2e:82:21:5e:1c:72:7a:30:6a:4b:b7:e2:
         ed:ec:cb:e2:ae:ce:c1:c3:0a:8b:fc:6e:b9:fc:a4:09:f0:95:
         45:e3:ea:24:0f:66:a7:a1:b0:94:9d:63:ca:fa:53:67:0c:93:
         f4:27:ad:34:fc:1d:6b:7f:ae:21:5b:ea:cb:7b:f1:3e:f5:65:
         be:e1:91:fa:df:2a:99:2f:e0:a5:7f:f9:b7:1f:1f:1b:e0:99:
         58:5d:51:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJzCstvC1z0yn5Y/YvLMLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NWZmMjk2MDEyOTc0N2M1MWJkYWI2ZTE4M2M2MGZmNzg3
YWM1ZTYwHhcNMjQwMTAxMjIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWFmMjI5ZjRiN2ZmMTcyYmJkMzcxZjc5ZGZmOTI1ZmQwMWEyYTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtplydI75c+z1821OgQsx8P3uGSg5
9jRBIa+uaMGnMOJwVDBN9UmXdVjGszLGgEjkNpRnuK4Te/Vd2RG7ULLeI/+DCsuu
uo96qRYwTbNE+o0R7/9neNSwuHuAeEivUKInQDciiTjOu4Go/JGYdSu2K6Xb7xBA
uc1MX2iWdr5Sbnz1nNkuO082ZSf3MF46uRV7QhCCr2Jw8mflmbP73kMOLona5v6D
h6048MRdtUS4LOgwO8DYf4QFpkWRd8H+njz8ahMzTrE1EiSMBUmpxbm96zKG5ucR
Trw7S+GTD9OPNufEHHp4HXP5YrzNbN4/kp73FjPPbv4w7pYjn6qnqcHOSwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDGvIp9Lf/Fyu9Nx953/kl/QGiqUMB8GA1UdIwQY
MBaAFCVf8pYBKXR8Ub2rbhg8YP94esXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlZfeWxnRXBkSHhSdmF0dUdEeGdfM2g2eGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8xMTU5NjEtYjg3Mi00NDRkLWJlYWEt
YmU3OTUyNTBjYjUwLzEvTWE4aW4wdF84WEs3MDNIM25mLVNYOUFhS3BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8xMTU5NjEtYjg3Mi00NDRkLWJlYWEtYmU3OTUyNTBjYjUw
LzEvSlZfeWxnRXBkSHhSdmF0dUdEeGdfM2g2eGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeANg
MA0GCSqGSIb3DQEBCwUAA4IBAQBSdJvcIM+mnRPzVmj9sY8NAkDZnpOHFsA/9nkl
PMRgdcXGQaheZ7VSnFzlpJBDlDY2pqs8Dj8IowE9UHoJMlk16/pYyVQXaItluxM/
lPDjIn/oWclWLRdRnJ6WhJ2NSLqdffyihAtzRvMHXOKyyJvoNAptSZN7MAuFKBIj
g7RVxaeE5E8QEJjKwx8XDw2VD/8qvQfRpiep0dIlt4tqnZsH2ZpD73QbFLAugiFe
HHJ6MGpLt+Lt7Mvirs7BwwqL/G65/KQJ8JVF4+okD2anobCUnWPK+lNnDJP0J600
/B1rf64hW+rLe/E+9WW+4ZH63yqZL+Clf/m3Hx8b4JlYXVGC
-----END CERTIFICATE-----