Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/f507cb-7371-4ad1-b7e3-16a7d60d5bea/1/1-AmFSlLD44aCQF_SzuSxAnkDYnw.roa
File:                     1-AmFSlLD44aCQF_SzuSxAnkDYnw.roa (raw, json)
Hash identifier:          so9fzMjfwu0Nf28d6XE3k7ZxJERTkRZ3BMabnQjkVQI=
Subject key identifier:   F8:09:85:4A:52:C3:E3:86:82:40:5F:D2:CE:E4:B1:02:79:03:62:7C
Certificate issuer:       /CN=d116835d037786620a9e9f7a0e360498bb654127
Certificate serial:       018CC9BC390A42D749FFBE32899B3CBC152B
Authority key identifier: D1:16:83:5D:03:77:86:62:0A:9E:9F:7A:0E:36:04:98:BB:65:41:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0RaDXQN3hmIKnp96DjYEmLtlQSc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/f507cb-7371-4ad1-b7e3-16a7d60d5bea/1/1-AmFSlLD44aCQF_SzuSxAnkDYnw.roa
Signing time:             Tue 02 Jan 2024 10:33:24 +0000
ROA not before:           Tue 02 Jan 2024 10:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8881
IP address blocks:        2001:678:274::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/f507cb-7371-4ad1-b7e3-16a7d60d5bea/1/0RaDXQN3hmIKnp96DjYEmLtlQSc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/f507cb-7371-4ad1-b7e3-16a7d60d5bea/1/0RaDXQN3hmIKnp96DjYEmLtlQSc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0RaDXQN3hmIKnp96DjYEmLtlQSc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 10:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:39:0a:42:d7:49:ff:be:32:89:9b:3c:bc:15:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d116835d037786620a9e9f7a0e360498bb654127
        Validity
            Not Before: Jan  2 10:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f809854a52c3e38682405fd2cee4b1027903627c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c2:b7:ff:a6:08:a1:f6:93:56:aa:50:a4:f5:
                    f7:e1:ba:27:05:17:eb:5c:fb:5f:20:c6:72:f0:f9:
                    a1:6f:82:74:57:89:e9:aa:fb:83:13:fb:10:84:0f:
                    ca:9f:08:22:02:0d:4a:d1:88:5f:ed:41:de:a8:2f:
                    e5:c3:c3:6f:d5:7a:43:b3:9e:3c:8f:09:73:1c:51:
                    d7:ca:a2:dc:c0:fc:f8:32:d2:d7:fb:8b:ee:97:1e:
                    a8:31:dc:ca:3c:0c:64:50:46:e5:dd:1d:7c:34:32:
                    f0:a5:38:ec:24:6a:0a:15:43:6e:8c:30:da:bd:96:
                    36:c1:a4:fa:7e:93:d4:27:69:a9:a7:b7:ed:46:cc:
                    33:1a:40:22:36:1d:8e:e7:c5:0d:2e:87:21:a7:c2:
                    24:bb:8c:b4:43:ec:75:02:58:28:a3:ee:7d:e0:ae:
                    9a:0b:8f:5f:7a:0a:bb:2b:5d:5d:59:1e:02:c4:e9:
                    bf:5b:3d:4e:e9:f3:9b:89:5a:87:9d:1d:0c:95:66:
                    6a:1f:1a:da:bb:99:57:0c:1f:b9:db:8a:da:fb:48:
                    57:d9:63:48:ab:32:35:19:8c:ab:fe:db:10:98:ab:
                    68:c4:c7:e1:65:d6:0c:14:2c:90:22:62:34:86:e7:
                    37:75:9f:c9:56:77:7d:10:77:62:12:6c:03:f7:63:
                    e5:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:09:85:4A:52:C3:E3:86:82:40:5F:D2:CE:E4:B1:02:79:03:62:7C
            X509v3 Authority Key Identifier:
                keyid:D1:16:83:5D:03:77:86:62:0A:9E:9F:7A:0E:36:04:98:BB:65:41:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0RaDXQN3hmIKnp96DjYEmLtlQSc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/f507cb-7371-4ad1-b7e3-16a7d60d5bea/1/1-AmFSlLD44aCQF_SzuSxAnkDYnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/f507cb-7371-4ad1-b7e3-16a7d60d5bea/1/0RaDXQN3hmIKnp96DjYEmLtlQSc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:274::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:6a:f7:cf:35:32:e3:6c:44:91:54:e9:f9:2a:de:be:02:6f:
         f3:c8:a2:70:a0:88:e5:d0:cc:6e:f8:c5:cc:a9:6e:cd:b4:db:
         d5:1d:45:26:13:15:13:83:23:fe:96:6d:9f:dc:24:46:77:3f:
         00:ba:54:19:02:ad:fc:67:ef:e7:f0:96:cb:e1:fa:66:de:89:
         4f:66:65:37:8a:2d:39:2c:2e:6e:3a:56:68:de:e8:5e:14:e9:
         79:3e:0f:93:05:d6:c8:e9:49:5a:a3:b7:97:87:80:5d:40:d4:
         f2:d7:43:1d:65:48:96:32:12:2c:80:6e:8e:f2:7e:24:d2:6f:
         03:8d:34:8c:9e:f4:52:df:30:80:c3:16:4e:44:01:64:57:bc:
         9d:2d:a2:97:d5:24:3a:6a:bf:e8:52:f3:3f:28:08:79:75:52:
         76:24:cb:fd:7d:e8:a4:26:a3:86:06:87:ef:db:fb:c6:12:bb:
         d6:f5:af:d5:94:b7:85:36:49:c6:d8:a4:ef:5d:59:d9:8a:3f:
         59:61:3f:6e:28:11:08:a6:eb:47:f7:0f:74:c2:3e:98:f8:93:
         f4:c1:82:ec:27:3b:64:a9:c8:64:61:e5:1a:22:bc:08:90:7f:
         67:66:21:53:36:cb:79:45:cc:c2:5f:76:9d:73:ce:47:52:4e:
         3b:76:30:98
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzJvDkKQtdJ/74yiZs8vBUrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxMTY4MzVkMDM3Nzg2NjIwYTllOWY3YTBlMzYwNDk4YmI2
NTQxMjcwHhcNMjQwMTAyMTAzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODA5ODU0YTUyYzNlMzg2ODI0MDVmZDJjZWU0YjEwMjc5MDM2MjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8K3/6YIofaTVqpQpPX34bonBRfr
XPtfIMZy8Pmhb4J0V4npqvuDE/sQhA/KnwgiAg1K0Yhf7UHeqC/lw8Nv1XpDs548
jwlzHFHXyqLcwPz4MtLX+4vulx6oMdzKPAxkUEbl3R18NDLwpTjsJGoKFUNujDDa
vZY2waT6fpPUJ2mpp7ftRswzGkAiNh2O58UNLochp8Iku4y0Q+x1Algoo+594K6a
C49fegq7K11dWR4CxOm/Wz1O6fObiVqHnR0MlWZqHxrau5lXDB+524ra+0hX2WNI
qzI1GYyr/tsQmKtoxMfhZdYMFCyQImI0huc3dZ/JVnd9EHdiEmwD92PlUwIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPgJhUpSw+OGgkBf0s7ksQJ5A2J8MB8GA1UdIwQY
MBaAFNEWg10Dd4ZiCp6feg42BJi7ZUEnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFJhRFhRTjNobUlLbnA5NkRqWUVtTHRsUVNjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9mNTA3Y2ItNzM3MS00YWQxLWI3ZTMt
MTZhN2Q2MGQ1YmVhLzEvMS1BbUZTbExENDRhQ1FGX1N6dVN4QW5rRFludy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjcvZjUwN2NiLTczNzEtNGFkMS1iN2UzLTE2YTdkNjBkNWJl
YS8xLzBSYURYUU4zaG1JS25wOTZEallFbUx0bFFTYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBngC
dDANBgkqhkiG9w0BAQsFAAOCAQEAHGr3zzUy42xEkVTp+SrevgJv88iicKCI5dDM
bvjFzKluzbTb1R1FJhMVE4Mj/pZtn9wkRnc/ALpUGQKt/Gfv5/CWy+H6Zt6JT2Zl
N4otOSwubjpWaN7oXhTpeT4PkwXWyOlJWqO3l4eAXUDU8tdDHWVIljISLIBujvJ+
JNJvA400jJ70Ut8wgMMWTkQBZFe8nS2il9UkOmq/6FLzPygIeXVSdiTL/X3opCaj
hgaH79v7xhK71vWv1ZS3hTZJxtik711Z2Yo/WWE/bigRCKbrR/cPdMI+mPiT9MGC
7Cc7ZKnIZGHlGiK8CJB/Z2YhUzbLeUXMwl92nXPOR1JOO3YwmA==
-----END CERTIFICATE-----