Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/f507cb-7371-4ad1-b7e3-16a7d60d5bea/1/FWJIMX_TaHTGG1YZ9dnR8wqLLps.roa
File:                     FWJIMX_TaHTGG1YZ9dnR8wqLLps.roa (raw, json)
Hash identifier:          G8RolEltbCNu4ErqJe6LceNbQKZXmOodqnPr3UQPioo=
Subject key identifier:   15:62:48:31:7F:D3:68:74:C6:1B:56:19:F5:D9:D1:F3:0A:8B:2E:9B
Certificate issuer:       /CN=d116835d037786620a9e9f7a0e360498bb654127
Certificate serial:       018CC9BC38C8EAC2A97C834A564AD6A38AB4
Authority key identifier: D1:16:83:5D:03:77:86:62:0A:9E:9F:7A:0E:36:04:98:BB:65:41:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0RaDXQN3hmIKnp96DjYEmLtlQSc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/f507cb-7371-4ad1-b7e3-16a7d60d5bea/1/FWJIMX_TaHTGG1YZ9dnR8wqLLps.roa
Signing time:             Tue 02 Jan 2024 10:33:24 +0000
ROA not before:           Tue 02 Jan 2024 10:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        2001:678:274::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/f507cb-7371-4ad1-b7e3-16a7d60d5bea/1/0RaDXQN3hmIKnp96DjYEmLtlQSc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/f507cb-7371-4ad1-b7e3-16a7d60d5bea/1/0RaDXQN3hmIKnp96DjYEmLtlQSc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0RaDXQN3hmIKnp96DjYEmLtlQSc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:38:c8:ea:c2:a9:7c:83:4a:56:4a:d6:a3:8a:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d116835d037786620a9e9f7a0e360498bb654127
        Validity
            Not Before: Jan  2 10:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=156248317fd36874c61b5619f5d9d1f30a8b2e9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:55:5d:63:19:aa:50:54:1a:86:12:eb:4e:0d:
                    cb:18:73:cf:be:d6:47:7c:2d:46:3c:a4:58:ad:75:
                    69:c5:42:19:6e:de:1f:5e:34:64:33:75:46:3c:f3:
                    5f:c6:a9:0c:58:bb:f6:82:62:90:3a:69:46:31:82:
                    7f:f6:fe:2f:04:e1:94:81:95:9c:03:c9:87:19:72:
                    9e:87:86:22:b1:46:b7:e9:0e:d1:97:ee:f8:bd:70:
                    c3:2d:22:6a:44:21:11:f4:14:1b:6d:ad:5d:a1:c6:
                    6b:13:df:2d:2a:38:00:aa:41:d3:f7:32:ce:5b:67:
                    91:61:b6:80:84:98:0b:7b:ee:55:e2:e9:f7:65:62:
                    2c:55:99:06:c8:51:83:9b:d9:c3:8c:4a:c2:fa:02:
                    5e:1a:d7:6d:73:35:53:99:bd:ac:bb:a1:4b:79:24:
                    c0:88:21:6e:52:92:56:54:6c:fe:81:06:b8:84:c5:
                    63:15:62:77:ee:8c:3d:c8:80:89:a8:85:30:8c:6e:
                    8e:59:c7:d4:a3:ce:6d:58:f5:89:3b:a1:73:ab:ba:
                    6a:0e:11:c2:aa:da:2b:05:a5:17:4b:ec:96:b4:de:
                    56:e4:52:0c:6c:b8:dd:aa:93:27:e6:cb:77:5b:43:
                    0e:55:2e:c5:0f:1e:d3:f8:19:95:a0:06:86:37:7c:
                    b3:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:62:48:31:7F:D3:68:74:C6:1B:56:19:F5:D9:D1:F3:0A:8B:2E:9B
            X509v3 Authority Key Identifier:
                keyid:D1:16:83:5D:03:77:86:62:0A:9E:9F:7A:0E:36:04:98:BB:65:41:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0RaDXQN3hmIKnp96DjYEmLtlQSc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/f507cb-7371-4ad1-b7e3-16a7d60d5bea/1/FWJIMX_TaHTGG1YZ9dnR8wqLLps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/f507cb-7371-4ad1-b7e3-16a7d60d5bea/1/0RaDXQN3hmIKnp96DjYEmLtlQSc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:274::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:dc:9a:44:65:5c:c1:81:ee:30:83:5b:ba:65:be:7f:1c:06:
         ea:3a:19:bd:17:43:94:54:73:53:23:7a:e1:3a:6f:83:43:40:
         71:57:87:d9:3f:02:33:60:5b:79:2a:4a:90:88:87:11:4d:e7:
         ff:86:75:32:f9:fc:a0:85:d2:97:e1:bd:47:f1:fb:42:cd:eb:
         8f:1a:49:2b:d1:7d:6c:67:b1:d3:b0:a2:c3:5b:f7:91:e6:9a:
         78:d1:22:10:d3:62:e7:9a:f2:b3:29:87:04:3b:86:0d:5e:d3:
         21:21:f0:18:0d:7a:fc:22:f3:69:cd:55:cb:67:8c:a5:6d:7b:
         d4:7b:30:f8:7a:16:61:cd:a3:c6:c0:66:33:c6:2e:1a:f6:c3:
         f9:fe:2a:b5:69:4e:7f:7e:b8:bf:2a:48:ed:76:6c:43:e0:b4:
         a3:35:f0:5a:56:44:73:8f:0f:9d:25:66:e8:03:96:78:ea:50:
         00:cc:89:69:60:1b:84:a7:7a:17:37:4d:ab:8c:bc:ec:94:37:
         ef:db:51:a7:7c:fa:ef:75:4f:6c:59:c1:42:20:68:26:68:5f:
         33:e8:a3:a0:21:1b:4e:13:6e:c2:fb:63:81:61:8c:aa:7e:a5:
         20:2b:13:c3:6b:92:e1:8a:75:a2:d5:da:d0:d3:d4:b8:b9:54:
         5d:1c:25:26
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvDjI6sKpfINKVkrWo4q0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxMTY4MzVkMDM3Nzg2NjIwYTllOWY3YTBlMzYwNDk4YmI2
NTQxMjcwHhcNMjQwMTAyMTAzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTYyNDgzMTdmZDM2ODc0YzYxYjU2MTlmNWQ5ZDFmMzBhOGIyZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVVdYxmqUFQahhLrTg3LGHPPvtZH
fC1GPKRYrXVpxUIZbt4fXjRkM3VGPPNfxqkMWLv2gmKQOmlGMYJ/9v4vBOGUgZWc
A8mHGXKeh4YisUa36Q7Rl+74vXDDLSJqRCER9BQbba1docZrE98tKjgAqkHT9zLO
W2eRYbaAhJgLe+5V4un3ZWIsVZkGyFGDm9nDjErC+gJeGtdtczVTmb2su6FLeSTA
iCFuUpJWVGz+gQa4hMVjFWJ37ow9yICJqIUwjG6OWcfUo85tWPWJO6Fzq7pqDhHC
qtorBaUXS+yWtN5W5FIMbLjdqpMn5st3W0MOVS7FDx7T+BmVoAaGN3yzCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBViSDF/02h0xhtWGfXZ0fMKiy6bMB8GA1UdIwQY
MBaAFNEWg10Dd4ZiCp6feg42BJi7ZUEnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFJhRFhRTjNobUlLbnA5NkRqWUVtTHRsUVNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9mNTA3Y2ItNzM3MS00YWQxLWI3ZTMt
MTZhN2Q2MGQ1YmVhLzEvRldKSU1YX1RhSFRHRzFZWjlkblI4d3FMTHBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9mNTA3Y2ItNzM3MS00YWQxLWI3ZTMtMTZhN2Q2MGQ1YmVh
LzEvMFJhRFhRTjNobUlLbnA5NkRqWUVtTHRsUVNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAJ0
MA0GCSqGSIb3DQEBCwUAA4IBAQBj3JpEZVzBge4wg1u6Zb5/HAbqOhm9F0OUVHNT
I3rhOm+DQ0BxV4fZPwIzYFt5KkqQiIcRTef/hnUy+fyghdKX4b1H8ftCzeuPGkkr
0X1sZ7HTsKLDW/eR5pp40SIQ02LnmvKzKYcEO4YNXtMhIfAYDXr8IvNpzVXLZ4yl
bXvUezD4ehZhzaPGwGYzxi4a9sP5/iq1aU5/fri/KkjtdmxD4LSjNfBaVkRzjw+d
JWboA5Z46lAAzIlpYBuEp3oXN02rjLzslDfv21GnfPrvdU9sWcFCIGgmaF8z6KOg
IRtOE27C+2OBYYyqfqUgKxPDa5LhinWi1drQ09S4uVRdHCUm
-----END CERTIFICATE-----