Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/8e38d7-e7d5-4dd8-a360-584a140b8b71/1/XyR19z1CdAirLYWqJeaDIRgx9zI.roa
File:                     XyR19z1CdAirLYWqJeaDIRgx9zI.roa (raw, json)
Hash identifier:          hsxZQMiPNNztb15aR9RxaT97uCWBMvs7l94THnSAfiI=
Subject key identifier:   5F:24:75:F7:3D:42:74:08:AB:2D:85:AA:25:E6:83:21:18:31:F7:32
Certificate issuer:       /CN=62ef977550fa7c813dee5c1b90e9511b9c68dd0a
Certificate serial:       018CC2DAB21E92291096BEC35BC7D5947371
Authority key identifier: 62:EF:97:75:50:FA:7C:81:3D:EE:5C:1B:90:E9:51:1B:9C:68:DD:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yu-XdVD6fIE97lwbkOlRG5xo3Qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/8e38d7-e7d5-4dd8-a360-584a140b8b71/1/XyR19z1CdAirLYWqJeaDIRgx9zI.roa
Signing time:             Mon 01 Jan 2024 02:29:21 +0000
ROA not before:           Mon 01 Jan 2024 02:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49704
IP address blocks:        2001:678:924::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/8e38d7-e7d5-4dd8-a360-584a140b8b71/1/Yu-XdVD6fIE97lwbkOlRG5xo3Qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/8e38d7-e7d5-4dd8-a360-584a140b8b71/1/Yu-XdVD6fIE97lwbkOlRG5xo3Qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yu-XdVD6fIE97lwbkOlRG5xo3Qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b2:1e:92:29:10:96:be:c3:5b:c7:d5:94:73:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62ef977550fa7c813dee5c1b90e9511b9c68dd0a
        Validity
            Not Before: Jan  1 02:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f2475f73d427408ab2d85aa25e683211831f732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:cb:6d:de:ab:6b:44:83:14:73:d6:fe:d9:c2:
                    08:f1:c8:c0:94:22:cf:c7:10:63:62:ff:82:c4:12:
                    83:e4:7c:35:1d:72:71:90:fb:66:7c:11:36:55:7b:
                    78:de:38:83:e3:09:f4:de:81:09:a7:87:84:eb:21:
                    b2:98:0f:90:f3:ba:78:df:5e:47:05:d3:bc:73:80:
                    36:43:d1:80:9d:cf:b4:c4:3b:53:95:be:53:98:05:
                    cf:07:2e:e7:cd:b1:4a:14:eb:3e:dc:a0:5d:b2:b4:
                    f7:0d:c2:e8:cb:0a:61:d8:85:7c:9a:dd:d9:d3:ed:
                    d2:66:a0:79:00:21:f7:26:31:fa:e0:60:3f:e0:ad:
                    c9:92:11:8c:d6:91:3c:7c:b5:cc:18:6c:17:06:f3:
                    c3:d9:09:d2:90:e0:b2:c0:53:56:81:60:f4:31:8c:
                    22:11:36:32:61:c7:88:9e:55:e5:de:f3:15:ba:54:
                    8a:f7:91:2b:16:50:47:37:14:56:a4:b5:c8:e0:3a:
                    bc:5f:0b:98:08:f8:13:7b:27:38:c1:a3:59:6a:15:
                    0d:c3:99:b2:8e:0d:cc:f1:34:18:8e:82:91:8a:9f:
                    42:81:de:25:76:00:9b:31:97:38:f9:a6:bd:63:6f:
                    c7:9e:6a:12:51:76:32:2e:85:26:25:93:34:39:9a:
                    c2:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:24:75:F7:3D:42:74:08:AB:2D:85:AA:25:E6:83:21:18:31:F7:32
            X509v3 Authority Key Identifier:
                keyid:62:EF:97:75:50:FA:7C:81:3D:EE:5C:1B:90:E9:51:1B:9C:68:DD:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yu-XdVD6fIE97lwbkOlRG5xo3Qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/8e38d7-e7d5-4dd8-a360-584a140b8b71/1/XyR19z1CdAirLYWqJeaDIRgx9zI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/8e38d7-e7d5-4dd8-a360-584a140b8b71/1/Yu-XdVD6fIE97lwbkOlRG5xo3Qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:924::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:47:2a:c8:88:da:57:1c:ad:2c:9b:22:0f:40:f1:ab:c0:0c:
         85:2b:38:76:1e:23:22:c2:14:39:66:b8:74:09:28:91:c2:e8:
         8c:f7:fa:03:55:f8:4b:ef:5f:e0:b6:38:ab:70:6d:80:67:69:
         3a:1b:67:06:62:8c:71:69:b0:28:20:ff:4c:1b:89:77:a3:99:
         c3:7e:bb:06:4c:55:6f:14:a6:9c:23:a2:2d:f2:d2:18:f5:7c:
         6f:35:28:94:d8:d3:05:cd:5d:8f:f2:a1:26:63:e6:4d:96:16:
         ac:ca:06:26:f3:4f:09:39:8e:e0:e4:2b:8b:2b:33:67:a7:d5:
         99:17:1d:6b:62:9c:d3:7c:5f:90:bf:9c:ce:8a:47:84:e4:69:
         dd:57:b0:5f:5f:bf:0e:ca:b3:9a:3f:fd:1e:94:e8:2b:ff:8f:
         bf:a7:79:1a:9b:62:90:fa:90:6a:32:8a:33:6d:a6:e7:3e:fb:
         b2:f2:4b:7f:e9:cb:8f:9c:3a:52:cc:bb:3d:28:53:38:0b:4b:
         30:6f:dd:ef:b4:a3:dd:6f:47:d2:9f:92:2c:06:68:f6:a0:46:
         72:61:5e:a7:b2:bd:dd:cf:62:a8:2c:cd:f6:0f:d7:46:0b:23:
         51:d4:48:37:f8:8c:34:60:c8:39:bd:21:64:7d:21:d0:ff:03:
         e7:f9:14:10
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2rIekikQlr7DW8fVlHNxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZWY5Nzc1NTBmYTdjODEzZGVlNWMxYjkwZTk1MTFiOWM2
OGRkMGEwHhcNMjQwMTAxMDIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjI0NzVmNzNkNDI3NDA4YWIyZDg1YWEyNWU2ODMyMTE4MzFmNzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkctt3qtrRIMUc9b+2cII8cjAlCLP
xxBjYv+CxBKD5Hw1HXJxkPtmfBE2VXt43jiD4wn03oEJp4eE6yGymA+Q87p4315H
BdO8c4A2Q9GAnc+0xDtTlb5TmAXPBy7nzbFKFOs+3KBdsrT3DcLoywph2IV8mt3Z
0+3SZqB5ACH3JjH64GA/4K3JkhGM1pE8fLXMGGwXBvPD2QnSkOCywFNWgWD0MYwi
ETYyYceInlXl3vMVulSK95ErFlBHNxRWpLXI4Dq8XwuYCPgTeyc4waNZahUNw5my
jg3M8TQYjoKRip9Cgd4ldgCbMZc4+aa9Y2/HnmoSUXYyLoUmJZM0OZrCLQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF8kdfc9QnQIqy2FqiXmgyEYMfcyMB8GA1UdIwQY
MBaAFGLvl3VQ+nyBPe5cG5DpURucaN0KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXUtWGRWRDZmSUU5N2x3YmtPbFJHNXhvM1FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My84ZTM4ZDctZTdkNS00ZGQ4LWEzNjAt
NTg0YTE0MGI4YjcxLzEvWHlSMTl6MUNkQWlyTFlXcUplYURJUmd4OXpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My84ZTM4ZDctZTdkNS00ZGQ4LWEzNjAtNTg0YTE0MGI4Yjcx
LzEvWXUtWGRWRDZmSUU5N2x3YmtPbFJHNXhvM1FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAkk
MA0GCSqGSIb3DQEBCwUAA4IBAQAIRyrIiNpXHK0smyIPQPGrwAyFKzh2HiMiwhQ5
Zrh0CSiRwuiM9/oDVfhL71/gtjircG2AZ2k6G2cGYoxxabAoIP9MG4l3o5nDfrsG
TFVvFKacI6It8tIY9XxvNSiU2NMFzV2P8qEmY+ZNlhasygYm808JOY7g5CuLKzNn
p9WZFx1rYpzTfF+Qv5zOikeE5GndV7BfX78OyrOaP/0elOgr/4+/p3kam2KQ+pBq
MoozbabnPvuy8kt/6cuPnDpSzLs9KFM4C0swb93vtKPdb0fSn5IsBmj2oEZyYV6n
sr3dz2KoLM32D9dGCyNR1Eg3+Iw0YMg5vSFkfSHQ/wPn+RQQ
-----END CERTIFICATE-----