Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/2694f8-fa1f-4c81-8312-3b6f1bdf412a/1/kYp5tt5tFuuxA4SAdNVKCLWtuwE.roa
File:                     kYp5tt5tFuuxA4SAdNVKCLWtuwE.roa (raw, json)
Hash identifier:          Uqs+Knag97+uEd6pJ0jXoD8WG7Z1anNhTNUsfPbTJJY=
Subject key identifier:   91:8A:79:B6:DE:6D:16:EB:B1:03:84:80:74:D5:4A:08:B5:AD:BB:01
Certificate issuer:       /CN=afa929be73491acd99d590372a52b815fa1f23f5
Certificate serial:       018CC2DB09AABABCEF5AC3265835046B3549
Authority key identifier: AF:A9:29:BE:73:49:1A:CD:99:D5:90:37:2A:52:B8:15:FA:1F:23:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r6kpvnNJGs2Z1ZA3KlK4FfofI_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/2694f8-fa1f-4c81-8312-3b6f1bdf412a/1/kYp5tt5tFuuxA4SAdNVKCLWtuwE.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42504
IP address blocks:        2001:678:d38::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/2694f8-fa1f-4c81-8312-3b6f1bdf412a/1/r6kpvnNJGs2Z1ZA3KlK4FfofI_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/2694f8-fa1f-4c81-8312-3b6f1bdf412a/1/r6kpvnNJGs2Z1ZA3KlK4FfofI_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r6kpvnNJGs2Z1ZA3KlK4FfofI_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:09:aa:ba:bc:ef:5a:c3:26:58:35:04:6b:35:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afa929be73491acd99d590372a52b815fa1f23f5
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=918a79b6de6d16ebb103848074d54a08b5adbb01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:a1:d9:b7:7d:38:2b:93:7c:d2:7e:4e:ab:9f:
                    ca:06:29:6b:e0:ee:c0:9d:bc:3a:c1:99:c7:0e:b8:
                    95:d4:54:a9:2c:7e:42:c2:9f:ad:d1:b7:1f:c9:32:
                    a6:d6:5d:26:c6:6c:9a:12:ef:21:47:38:63:79:df:
                    e2:a9:5b:ef:55:d3:4f:7d:f9:53:14:cc:a9:46:7f:
                    a7:46:82:71:b8:1c:6a:a2:25:dc:0b:1d:43:15:82:
                    00:0c:38:c5:d4:70:fc:51:6c:03:06:a9:c0:14:e3:
                    bf:48:a8:e4:0b:44:12:c0:a8:34:33:1f:22:83:34:
                    63:ce:92:42:b8:5e:46:48:6d:18:76:ef:ec:0a:87:
                    12:36:01:fc:27:f9:4a:fb:e0:22:1a:90:ee:d8:aa:
                    ad:3d:f0:2b:c6:3b:bd:04:cc:45:04:28:2d:67:eb:
                    86:83:3b:d9:ec:43:e0:31:78:c6:de:41:35:7e:d2:
                    d3:4a:57:07:8a:eb:54:5f:66:b8:ac:6e:2b:38:e0:
                    a4:a5:80:30:29:a7:70:a4:72:4d:13:61:ef:a2:6d:
                    ab:bb:5b:62:29:78:92:46:fa:e4:cc:03:c6:cc:50:
                    6f:81:71:83:7d:9a:8a:66:89:af:04:3f:26:5e:84:
                    c1:59:89:e3:28:92:23:64:dd:46:1a:64:4e:1e:e8:
                    85:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:8A:79:B6:DE:6D:16:EB:B1:03:84:80:74:D5:4A:08:B5:AD:BB:01
            X509v3 Authority Key Identifier:
                keyid:AF:A9:29:BE:73:49:1A:CD:99:D5:90:37:2A:52:B8:15:FA:1F:23:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r6kpvnNJGs2Z1ZA3KlK4FfofI_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/2694f8-fa1f-4c81-8312-3b6f1bdf412a/1/kYp5tt5tFuuxA4SAdNVKCLWtuwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/2694f8-fa1f-4c81-8312-3b6f1bdf412a/1/r6kpvnNJGs2Z1ZA3KlK4FfofI_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d38::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:ba:21:78:3c:a1:97:f0:93:d1:54:6e:e2:cd:ec:87:7a:25:
         c7:28:e8:96:ca:f2:22:9e:a5:ea:54:dd:ca:89:b8:0b:c4:c7:
         24:db:75:22:ac:2f:30:ce:12:e4:c8:25:80:82:e2:0f:7f:b2:
         5c:06:17:f0:17:67:08:36:2c:e6:a4:1b:1c:63:2d:5e:aa:29:
         51:ba:9e:8a:d5:6f:53:2f:5f:61:2c:0b:72:b8:0f:21:a5:ae:
         ee:bb:aa:77:ae:e0:0f:3f:31:fe:eb:4b:70:b0:00:a0:f3:46:
         96:d6:7d:5d:fc:96:17:36:88:c2:da:fe:69:29:77:a2:60:d8:
         41:44:7a:90:6a:83:a2:e3:de:cc:68:eb:02:4a:e1:be:5d:f3:
         3c:a5:93:ed:61:a2:a1:5f:d2:6e:61:e9:3f:f3:fe:6d:5e:a9:
         e6:98:ca:04:5f:bd:ba:72:10:68:82:b0:2f:34:87:9d:4f:0f:
         e1:31:bf:48:cd:ae:22:d4:f2:db:a7:21:0a:98:11:7d:a4:e9:
         ff:32:99:08:3b:2e:c5:71:a1:56:7f:b0:05:c8:bf:11:f5:96:
         53:72:83:e2:14:4e:cb:23:41:31:43:74:55:43:e3:b8:18:72:
         50:ce:73:88:e3:a6:a8:8e:89:75:23:8f:d3:95:19:bf:fe:5d:
         b9:76:0e:20
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wmqurzvWsMmWDUEazVJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmYTkyOWJlNzM0OTFhY2Q5OWQ1OTAzNzJhNTJiODE1ZmEx
ZjIzZjUwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MThhNzliNmRlNmQxNmViYjEwMzg0ODA3NGQ1NGEwOGI1YWRiYjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7aHZt304K5N80n5Oq5/KBilr4O7A
nbw6wZnHDriV1FSpLH5Cwp+t0bcfyTKm1l0mxmyaEu8hRzhjed/iqVvvVdNPfflT
FMypRn+nRoJxuBxqoiXcCx1DFYIADDjF1HD8UWwDBqnAFOO/SKjkC0QSwKg0Mx8i
gzRjzpJCuF5GSG0Ydu/sCocSNgH8J/lK++AiGpDu2KqtPfArxju9BMxFBCgtZ+uG
gzvZ7EPgMXjG3kE1ftLTSlcHiutUX2a4rG4rOOCkpYAwKadwpHJNE2Hvom2ru1ti
KXiSRvrkzAPGzFBvgXGDfZqKZomvBD8mXoTBWYnjKJIjZN1GGmROHuiFMQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJGKebbebRbrsQOEgHTVSgi1rbsBMB8GA1UdIwQY
MBaAFK+pKb5zSRrNmdWQNypSuBX6HyP1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjZrcHZuTkpHczJaMVpBM0tsSzRGZm9mSV9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8yNjk0ZjgtZmExZi00YzgxLTgzMTIt
M2I2ZjFiZGY0MTJhLzEva1lwNXR0NXRGdXV4QTRTQWROVktDTFd0dXdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8yNjk0ZjgtZmExZi00YzgxLTgzMTItM2I2ZjFiZGY0MTJh
LzEvcjZrcHZuTkpHczJaMVpBM0tsSzRGZm9mSV9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA04
MA0GCSqGSIb3DQEBCwUAA4IBAQCXuiF4PKGX8JPRVG7izeyHeiXHKOiWyvIinqXq
VN3KibgLxMck23UirC8wzhLkyCWAguIPf7JcBhfwF2cINizmpBscYy1eqilRup6K
1W9TL19hLAtyuA8hpa7uu6p3ruAPPzH+60twsACg80aW1n1d/JYXNojC2v5pKXei
YNhBRHqQaoOi497MaOsCSuG+XfM8pZPtYaKhX9JuYek/8/5tXqnmmMoEX726chBo
grAvNIedTw/hMb9Iza4i1PLbpyEKmBF9pOn/MpkIOy7FcaFWf7AFyL8R9ZZTcoPi
FE7LI0ExQ3RVQ+O4GHJQznOI46aojol1I4/TlRm//l25dg4g
-----END CERTIFICATE-----