Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/b678f5-557d-4b5d-aa50-9a4ff0137012/1/mCiA442NbnN5jARiREhsYMrKbo4.roa
File:                     mCiA442NbnN5jARiREhsYMrKbo4.roa (raw, json)
Hash identifier:          iaaw7kyr/nRl21oPFb2v/rCqw6sNnpF9zn9eQmPqG9k=
Subject key identifier:   98:28:80:E3:8D:8D:6E:73:79:8C:04:62:44:48:6C:60:CA:CA:6E:8E
Certificate issuer:       /CN=977bfd99d35116f9c644194c36d9b646f73127c6
Certificate serial:       018CC6B8953E45007C8DEA083EB83C679251
Authority key identifier: 97:7B:FD:99:D3:51:16:F9:C6:44:19:4C:36:D9:B6:46:F7:31:27:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l3v9mdNRFvnGRBlMNtm2RvcxJ8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/b678f5-557d-4b5d-aa50-9a4ff0137012/1/mCiA442NbnN5jARiREhsYMrKbo4.roa
Signing time:             Mon 01 Jan 2024 20:30:34 +0000
ROA not before:           Mon 01 Jan 2024 20:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8820
IP address blocks:        2001:67c:1758::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/b678f5-557d-4b5d-aa50-9a4ff0137012/1/l3v9mdNRFvnGRBlMNtm2RvcxJ8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/b678f5-557d-4b5d-aa50-9a4ff0137012/1/l3v9mdNRFvnGRBlMNtm2RvcxJ8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l3v9mdNRFvnGRBlMNtm2RvcxJ8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:95:3e:45:00:7c:8d:ea:08:3e:b8:3c:67:92:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=977bfd99d35116f9c644194c36d9b646f73127c6
        Validity
            Not Before: Jan  1 20:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=982880e38d8d6e73798c046244486c60caca6e8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:b2:7f:95:16:f5:08:12:23:00:b1:05:d7:2e:
                    42:64:90:6a:9b:e7:f4:fa:d0:37:27:09:2c:63:0a:
                    4d:c6:53:36:ea:aa:e7:eb:52:d5:7a:f5:78:05:4f:
                    6b:8e:dd:f0:4b:26:de:f2:1f:f4:fe:f8:5e:da:ba:
                    47:b6:5e:de:4d:8e:de:74:ba:1b:7d:ef:5f:43:21:
                    da:b3:02:29:d3:a6:2f:d8:33:74:31:56:60:67:44:
                    a3:20:ee:9a:1b:29:bc:fa:cb:46:d8:db:c2:9e:d9:
                    f3:03:dd:3a:d5:3d:fb:05:8d:a2:03:51:2a:94:10:
                    15:4a:27:78:6a:f8:de:94:78:fd:7f:a8:b6:21:ac:
                    50:ac:de:4b:03:c7:10:5a:95:31:be:ea:a0:e4:92:
                    36:9c:cb:b6:66:e1:f5:c1:28:bf:f5:d8:74:53:71:
                    30:1f:0a:de:16:4b:1e:76:89:1c:e6:e2:0b:ff:82:
                    aa:bd:53:c9:e6:7b:ad:83:b4:51:7f:38:ac:1a:10:
                    12:55:e3:ce:be:97:9e:7d:1f:73:2e:ae:b3:6c:74:
                    35:15:af:d2:11:a3:40:37:c3:4f:29:82:24:e5:59:
                    d7:11:d3:a4:79:2d:47:4d:82:d6:95:36:ee:0c:ae:
                    31:e1:0f:32:45:3d:90:d8:c7:82:7a:dc:28:4b:ed:
                    56:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:28:80:E3:8D:8D:6E:73:79:8C:04:62:44:48:6C:60:CA:CA:6E:8E
            X509v3 Authority Key Identifier:
                keyid:97:7B:FD:99:D3:51:16:F9:C6:44:19:4C:36:D9:B6:46:F7:31:27:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l3v9mdNRFvnGRBlMNtm2RvcxJ8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/b678f5-557d-4b5d-aa50-9a4ff0137012/1/mCiA442NbnN5jARiREhsYMrKbo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/b678f5-557d-4b5d-aa50-9a4ff0137012/1/l3v9mdNRFvnGRBlMNtm2RvcxJ8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1758::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:6c:d1:cc:5e:41:37:f1:2b:aa:7b:b7:47:b0:0d:64:95:a0:
         95:0c:0d:99:20:f2:73:4a:21:8b:21:a7:6e:60:94:d8:51:07:
         52:67:34:1b:1a:5e:a4:69:76:3b:47:60:1e:60:f4:52:4e:5f:
         0c:3e:50:6b:38:23:47:db:2a:13:b8:5a:ae:44:a2:03:35:9c:
         17:30:8f:a6:5e:fa:fa:20:58:e2:b0:6f:ae:c1:51:9a:7c:8f:
         93:42:73:8b:82:e1:ea:f6:ab:ae:7e:ea:e3:f3:58:4a:1b:81:
         49:6f:00:ab:d0:8f:12:83:9b:18:a6:71:2b:ad:e0:83:cc:fd:
         61:06:4d:7c:a8:8b:8b:3a:52:fe:d2:8a:fa:29:31:1d:df:60:
         08:fc:ac:49:ce:e2:1e:60:be:17:89:15:b7:0a:c5:d5:1e:78:
         c4:63:d4:0f:9e:eb:61:3a:76:80:0f:c2:a7:b0:25:25:5a:d3:
         99:37:3e:92:ab:f6:13:37:4e:92:20:3d:b7:e3:81:8a:a8:b4:
         91:79:f7:99:93:89:e7:19:e6:ab:58:7c:f2:7b:2b:fd:68:a2:
         17:53:61:5e:b9:a8:1d:43:49:0f:d4:ed:1f:8b:5b:78:61:cd:
         d3:43:04:74:3b:5b:60:69:0a:1f:35:33:47:fb:35:1e:90:30:
         e2:33:01:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuJU+RQB8jeoIPrg8Z5JRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3N2JmZDk5ZDM1MTE2ZjljNjQ0MTk0YzM2ZDliNjQ2Zjcz
MTI3YzYwHhcNMjQwMTAxMjAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODI4ODBlMzhkOGQ2ZTczNzk4YzA0NjI0NDQ4NmM2MGNhY2E2ZThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLJ/lRb1CBIjALEF1y5CZJBqm+f0
+tA3JwksYwpNxlM26qrn61LVevV4BU9rjt3wSybe8h/0/vhe2rpHtl7eTY7edLob
fe9fQyHaswIp06Yv2DN0MVZgZ0SjIO6aGym8+stG2NvCntnzA9061T37BY2iA1Eq
lBAVSid4avjelHj9f6i2IaxQrN5LA8cQWpUxvuqg5JI2nMu2ZuH1wSi/9dh0U3Ew
HwreFksedokc5uIL/4KqvVPJ5nutg7RRfzisGhASVePOvpeefR9zLq6zbHQ1Fa/S
EaNAN8NPKYIk5VnXEdOkeS1HTYLWlTbuDK4x4Q8yRT2Q2MeCetwoS+1WrwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJgogOONjW5zeYwEYkRIbGDKym6OMB8GA1UdIwQY
MBaAFJd7/ZnTURb5xkQZTDbZtkb3MSfGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDN2OW1kTlJGdm5HUkJsTU50bTJSdmN4SjhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9iNjc4ZjUtNTU3ZC00YjVkLWFhNTAt
OWE0ZmYwMTM3MDEyLzEvbUNpQTQ0Mk5ibk41akFSaVJFaHNZTXJLYm80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9iNjc4ZjUtNTU3ZC00YjVkLWFhNTAtOWE0ZmYwMTM3MDEy
LzEvbDN2OW1kTlJGdm5HUkJsTU50bTJSdmN4SjhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBdY
MA0GCSqGSIb3DQEBCwUAA4IBAQCFbNHMXkE38Suqe7dHsA1klaCVDA2ZIPJzSiGL
IaduYJTYUQdSZzQbGl6kaXY7R2AeYPRSTl8MPlBrOCNH2yoTuFquRKIDNZwXMI+m
Xvr6IFjisG+uwVGafI+TQnOLguHq9quufurj81hKG4FJbwCr0I8Sg5sYpnErreCD
zP1hBk18qIuLOlL+0or6KTEd32AI/KxJzuIeYL4XiRW3CsXVHnjEY9QPnuthOnaA
D8KnsCUlWtOZNz6Sq/YTN06SID2344GKqLSRefeZk4nnGearWHzyeyv9aKIXU2Fe
uagdQ0kP1O0fi1t4Yc3TQwR0O1tgaQofNTNH+zUekDDiMwEJ
-----END CERTIFICATE-----