Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/d7a4a7-07e2-48ad-ba56-0db0ec1e945c/1/9XXSi1AaOrZaaFfz8klRgpfX6kk.roa
File:                     9XXSi1AaOrZaaFfz8klRgpfX6kk.roa (raw, json)
Hash identifier:          k5jYaQ9bDeH5z/+VWAZtIsbYPDwo4a+kNMroELCHYPY=
Subject key identifier:   F5:75:D2:8B:50:1A:3A:B6:5A:68:57:F3:F2:49:51:82:97:D7:EA:49
Certificate issuer:       /CN=d0e65348dc13c85499c7774d156614c120118ab5
Certificate serial:       019353C5C4E0F3355AE26E5E881421A5340A
Authority key identifier: D0:E6:53:48:DC:13:C8:54:99:C7:77:4D:15:66:14:C1:20:11:8A:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0OZTSNwTyFSZx3dNFWYUwSARirU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/d7a4a7-07e2-48ad-ba56-0db0ec1e945c/1/9XXSi1AaOrZaaFfz8klRgpfX6kk.roa
Signing time:             Fri 22 Nov 2024 12:08:10 +0000
ROA not before:           Fri 22 Nov 2024 12:08:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197942
IP address blocks:        2001:678:4b0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/d7a4a7-07e2-48ad-ba56-0db0ec1e945c/1/0OZTSNwTyFSZx3dNFWYUwSARirU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/d7a4a7-07e2-48ad-ba56-0db0ec1e945c/1/0OZTSNwTyFSZx3dNFWYUwSARirU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0OZTSNwTyFSZx3dNFWYUwSARirU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:53:c5:c4:e0:f3:35:5a:e2:6e:5e:88:14:21:a5:34:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0e65348dc13c85499c7774d156614c120118ab5
        Validity
            Not Before: Nov 22 12:08:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f575d28b501a3ab65a6857f3f249518297d7ea49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:02:50:95:f2:37:7e:54:f2:ef:2a:8b:6f:a7:
                    9b:c3:e8:88:12:3b:6a:e1:ab:14:6a:f8:bb:a8:95:
                    cc:79:8c:b9:43:83:a7:fc:7f:05:e3:15:bf:86:4d:
                    c4:15:1f:02:5c:be:9d:e6:e3:5a:c5:3b:2f:15:4c:
                    ac:1f:df:16:b1:42:8b:ec:31:a6:fc:22:e3:f0:1e:
                    71:0f:52:a1:6b:79:21:d3:09:26:cb:6c:b8:46:07:
                    24:fe:56:a7:47:5a:86:08:48:ac:01:65:f4:ba:03:
                    25:30:4c:43:82:ad:f6:a2:8b:e0:f5:aa:63:fb:ea:
                    7d:17:a7:22:9a:7b:30:af:56:16:fa:d8:e2:b8:11:
                    bf:d9:3d:5a:0d:9b:d8:51:9c:9e:b0:ad:f4:ef:d5:
                    22:59:f7:00:b5:28:96:6b:54:d3:e9:21:ae:24:99:
                    81:13:ba:ef:e9:43:85:78:2f:09:98:75:be:7e:44:
                    f0:62:b7:9f:c0:9e:0a:07:f1:89:a8:53:6d:36:87:
                    0d:fb:10:f7:98:ea:54:98:53:37:07:29:78:43:6a:
                    d1:d8:e2:2d:69:06:26:b2:b9:8e:f5:0a:a5:a1:0b:
                    a7:e2:f3:de:3d:8a:cc:d0:7b:c6:8e:f4:01:a4:9e:
                    8b:55:ab:f0:53:60:8e:60:f6:f3:3e:de:a1:5e:e8:
                    aa:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:75:D2:8B:50:1A:3A:B6:5A:68:57:F3:F2:49:51:82:97:D7:EA:49
            X509v3 Authority Key Identifier:
                keyid:D0:E6:53:48:DC:13:C8:54:99:C7:77:4D:15:66:14:C1:20:11:8A:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0OZTSNwTyFSZx3dNFWYUwSARirU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/d7a4a7-07e2-48ad-ba56-0db0ec1e945c/1/9XXSi1AaOrZaaFfz8klRgpfX6kk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/d7a4a7-07e2-48ad-ba56-0db0ec1e945c/1/0OZTSNwTyFSZx3dNFWYUwSARirU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:4b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:75:cc:e2:6f:5f:d8:5d:d7:4e:e8:a6:a5:ec:31:d4:e0:26:
         bd:8c:bb:62:e0:7f:c1:50:1c:b7:d0:6f:c3:75:27:91:da:e1:
         32:02:be:40:4a:f6:18:0e:ae:aa:c2:5c:24:cf:02:be:a3:28:
         f1:aa:92:81:7b:33:dd:87:63:07:e7:fe:6b:ee:d8:c5:20:44:
         92:a1:16:02:41:0b:ac:9c:6e:b3:25:d1:7e:a7:e6:44:f1:fe:
         81:e0:86:c0:fe:72:9e:1e:9b:cb:e7:94:4a:ce:12:a1:21:7d:
         32:d3:60:24:e5:79:64:41:ad:32:1f:4e:f9:00:b1:f4:ef:79:
         76:6f:b4:98:9d:0b:32:fa:fe:2c:ea:95:8d:43:83:3a:76:d1:
         81:c1:62:98:c1:ca:a1:4c:e4:2b:ee:8d:d7:c2:75:6d:40:3d:
         0f:b2:9f:52:64:d1:eb:99:98:c5:6b:3d:c3:e0:cd:87:8c:3c:
         fc:e5:c3:2c:68:33:6e:7b:d4:1f:1e:35:a2:cd:5e:1b:50:27:
         a5:09:10:a3:85:fd:9d:a5:1f:bd:54:de:63:d3:1e:c5:78:cc:
         6d:bb:3e:92:75:99:f7:be:f3:96:fb:09:bf:66:a8:d1:3c:9f:
         ea:c4:fc:df:a7:29:15:50:09:2d:fb:8c:ac:0a:90:96:7d:31:
         be:34:73:57
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZNTxcTg8zVa4m5eiBQhpTQKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZTY1MzQ4ZGMxM2M4NTQ5OWM3Nzc0ZDE1NjYxNGMxMjAx
MThhYjUwHhcNMjQxMTIyMTIwODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTc1ZDI4YjUwMWEzYWI2NWE2ODU3ZjNmMjQ5NTE4Mjk3ZDdlYTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQJQlfI3flTy7yqLb6ebw+iIEjtq
4asUavi7qJXMeYy5Q4On/H8F4xW/hk3EFR8CXL6d5uNaxTsvFUysH98WsUKL7DGm
/CLj8B5xD1Kha3kh0wkmy2y4Rgck/lanR1qGCEisAWX0ugMlMExDgq32oovg9apj
++p9F6cimnswr1YW+tjiuBG/2T1aDZvYUZyesK3079UiWfcAtSiWa1TT6SGuJJmB
E7rv6UOFeC8JmHW+fkTwYrefwJ4KB/GJqFNtNocN+xD3mOpUmFM3Byl4Q2rR2OIt
aQYmsrmO9QqloQun4vPePYrM0HvGjvQBpJ6LVavwU2COYPbzPt6hXuiqHwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPV10otQGjq2WmhX8/JJUYKX1+pJMB8GA1UdIwQY
MBaAFNDmU0jcE8hUmcd3TRVmFMEgEYq1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME9aVFNOd1R5RlNaeDNkTkZXWVV3U0FSaXJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9kN2E0YTctMDdlMi00OGFkLWJhNTYt
MGRiMGVjMWU5NDVjLzEvOVhYU2kxQWFPclphYUZmejhrbFJncGZYNmtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9kN2E0YTctMDdlMi00OGFkLWJhNTYtMGRiMGVjMWU5NDVj
LzEvME9aVFNOd1R5RlNaeDNkTkZXWVV3U0FSaXJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeASw
MA0GCSqGSIb3DQEBCwUAA4IBAQCTdczib1/YXddO6Kal7DHU4Ca9jLti4H/BUBy3
0G/DdSeR2uEyAr5ASvYYDq6qwlwkzwK+oyjxqpKBezPdh2MH5/5r7tjFIESSoRYC
QQusnG6zJdF+p+ZE8f6B4IbA/nKeHpvL55RKzhKhIX0y02Ak5XlkQa0yH075ALH0
73l2b7SYnQsy+v4s6pWNQ4M6dtGBwWKYwcqhTOQr7o3XwnVtQD0Psp9SZNHrmZjF
az3D4M2HjDz85cMsaDNue9QfHjWizV4bUCelCRCjhf2dpR+9VN5j0x7FeMxtuz6S
dZn3vvOW+wm/ZqjRPJ/qxPzfpykVUAkt+4ysCpCWfTG+NHNX
-----END CERTIFICATE-----