Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/2b2cb3-ccb6-41e0-89bc-1b760451dac8/1/9YGtIz05m62kDXigdHalhEsScLs.roa
File:                     9YGtIz05m62kDXigdHalhEsScLs.roa (raw, json)
Hash identifier:          9DxKD6A36HwAz0T3AIYbizIt4Twbkzdyn2hjT+gOCkg=
Subject key identifier:   F5:81:AD:23:3D:39:9B:AD:A4:0D:78:A0:74:76:A5:84:4B:12:70:BB
Certificate issuer:       /CN=d08db08e1338a579ad3789535fa73a5e54511ff1
Certificate serial:       018CC5001B874B96EB4826131AA8E026586F
Authority key identifier: D0:8D:B0:8E:13:38:A5:79:AD:37:89:53:5F:A7:3A:5E:54:51:1F:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2wjhM4pXmtN4lTX6c6XlRRH_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/2b2cb3-ccb6-41e0-89bc-1b760451dac8/1/9YGtIz05m62kDXigdHalhEsScLs.roa
Signing time:             Mon 01 Jan 2024 12:29:27 +0000
ROA not before:           Mon 01 Jan 2024 12:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204926
IP address blocks:        2001:678:58c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/2b2cb3-ccb6-41e0-89bc-1b760451dac8/1/0I2wjhM4pXmtN4lTX6c6XlRRH_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/2b2cb3-ccb6-41e0-89bc-1b760451dac8/1/0I2wjhM4pXmtN4lTX6c6XlRRH_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2wjhM4pXmtN4lTX6c6XlRRH_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:1b:87:4b:96:eb:48:26:13:1a:a8:e0:26:58:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08db08e1338a579ad3789535fa73a5e54511ff1
        Validity
            Not Before: Jan  1 12:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f581ad233d399bada40d78a07476a5844b1270bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:2c:29:96:fa:65:fd:87:60:7d:a6:ef:de:63:
                    1c:5b:93:2a:5b:21:b5:4d:e8:0b:cb:67:c3:30:01:
                    06:61:f1:aa:37:0f:e2:05:06:8f:90:e8:3c:b5:23:
                    c0:c5:75:61:e9:19:cc:4f:d6:d7:63:1a:58:84:38:
                    36:c5:29:31:97:d3:21:f4:bc:2b:f6:86:6c:1e:8d:
                    de:25:7b:dc:9f:e5:f0:22:34:80:07:ed:f2:65:20:
                    6c:d1:26:85:db:c9:36:97:14:e7:ca:0c:64:81:ac:
                    81:f6:ff:c2:a9:1d:ec:cf:ca:ab:d2:eb:86:72:81:
                    17:2e:6e:a0:75:17:03:ca:85:9b:23:51:0c:24:a6:
                    b7:6f:b3:53:5d:17:40:bc:86:23:25:f3:e4:bb:0e:
                    5c:69:6e:9a:87:b3:e0:10:ac:75:fc:0f:4e:78:d5:
                    05:42:cb:c0:b9:67:cc:03:a8:03:97:85:6e:d8:19:
                    73:5b:e0:7e:3d:69:d7:e8:b1:aa:4a:01:41:5c:64:
                    22:3a:75:3d:37:8f:73:9f:e3:73:12:eb:46:1e:a6:
                    d6:7b:33:53:36:f8:7f:5a:8e:3a:b1:2c:bd:5d:a5:
                    bc:7c:ab:54:67:fb:a8:ee:b2:4a:85:76:f1:a7:19:
                    e7:5a:36:ae:1b:34:da:ef:2c:22:c2:ff:0d:d4:95:
                    31:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:81:AD:23:3D:39:9B:AD:A4:0D:78:A0:74:76:A5:84:4B:12:70:BB
            X509v3 Authority Key Identifier:
                keyid:D0:8D:B0:8E:13:38:A5:79:AD:37:89:53:5F:A7:3A:5E:54:51:1F:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2wjhM4pXmtN4lTX6c6XlRRH_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/2b2cb3-ccb6-41e0-89bc-1b760451dac8/1/9YGtIz05m62kDXigdHalhEsScLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/2b2cb3-ccb6-41e0-89bc-1b760451dac8/1/0I2wjhM4pXmtN4lTX6c6XlRRH_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:58c::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:ec:1a:9a:2e:f1:8c:ca:38:e0:cd:96:34:74:2b:ea:76:80:
         b8:f6:92:79:6d:52:df:7b:c1:9a:ce:51:2d:af:91:01:fc:20:
         2e:b6:2a:2c:f1:d3:a2:31:27:5a:ff:71:a9:e5:d0:84:5b:47:
         0f:72:f0:64:78:0b:73:75:0b:50:f5:cb:ea:6f:5f:f7:1e:3a:
         c4:e0:3e:b8:b7:0c:2a:d0:98:1b:56:6d:c7:98:bd:30:5c:72:
         2e:e1:b8:92:6c:12:6e:c5:4a:39:81:c0:85:e0:03:8f:ea:78:
         8a:05:d0:05:a4:be:89:36:8a:94:2d:f7:87:5b:b4:87:35:ab:
         ba:e7:37:83:78:6e:eb:5f:bf:a2:0a:35:15:95:51:8b:23:3d:
         94:7e:5f:87:14:01:e4:3f:02:ba:8e:df:55:ab:a1:b8:e6:1a:
         20:98:ed:84:22:1b:a3:cf:e5:95:6a:b6:42:80:7f:a7:c7:5e:
         6d:c9:e0:7d:b8:90:c9:4e:7d:8f:d6:f8:00:1b:84:9b:65:82:
         3c:33:b0:52:a2:b7:2c:f7:45:56:7f:b4:6f:8a:3a:5d:ff:32:
         d9:c8:08:84:12:95:dc:1c:34:68:13:90:5d:da:f4:50:ac:0a:
         f3:7f:e8:f4:fd:0a:4f:fc:4f:e4:e7:0e:4d:f3:c2:ba:2f:23:
         49:26:8c:27
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFABuHS5brSCYTGqjgJlhvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRiMDhlMTMzOGE1NzlhZDM3ODk1MzVmYTczYTVlNTQ1
MTFmZjEwHhcNMjQwMTAxMTIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTgxYWQyMzNkMzk5YmFkYTQwZDc4YTA3NDc2YTU4NDRiMTI3MGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCwplvpl/Ydgfabv3mMcW5MqWyG1
TegLy2fDMAEGYfGqNw/iBQaPkOg8tSPAxXVh6RnMT9bXYxpYhDg2xSkxl9Mh9Lwr
9oZsHo3eJXvcn+XwIjSAB+3yZSBs0SaF28k2lxTnygxkgayB9v/CqR3sz8qr0uuG
coEXLm6gdRcDyoWbI1EMJKa3b7NTXRdAvIYjJfPkuw5caW6ah7PgEKx1/A9OeNUF
QsvAuWfMA6gDl4Vu2BlzW+B+PWnX6LGqSgFBXGQiOnU9N49zn+NzEutGHqbWezNT
Nvh/Wo46sSy9XaW8fKtUZ/uo7rJKhXbxpxnnWjauGzTa7ywiwv8N1JUxBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPWBrSM9OZutpA14oHR2pYRLEnC7MB8GA1UdIwQY
MBaAFNCNsI4TOKV5rTeJU1+nOl5UUR/xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkyd2poTTRwWG10TjRsVFg2YzZYbFJSSF9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yYjJjYjMtY2NiNi00MWUwLTg5YmMt
MWI3NjA0NTFkYWM4LzEvOVlHdEl6MDVtNjJrRFhpZ2RIYWxoRXNTY0xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8yYjJjYjMtY2NiNi00MWUwLTg5YmMtMWI3NjA0NTFkYWM4
LzEvMEkyd2poTTRwWG10TjRsVFg2YzZYbFJSSF9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAWM
MA0GCSqGSIb3DQEBCwUAA4IBAQBm7BqaLvGMyjjgzZY0dCvqdoC49pJ5bVLfe8Ga
zlEtr5EB/CAutios8dOiMSda/3Gp5dCEW0cPcvBkeAtzdQtQ9cvqb1/3HjrE4D64
twwq0JgbVm3HmL0wXHIu4biSbBJuxUo5gcCF4AOP6niKBdAFpL6JNoqULfeHW7SH
Nau65zeDeG7rX7+iCjUVlVGLIz2Ufl+HFAHkPwK6jt9Vq6G45hogmO2EIhujz+WV
arZCgH+nx15tyeB9uJDJTn2P1vgAG4SbZYI8M7BSorcs90VWf7Rvijpd/zLZyAiE
EpXcHDRoE5Bd2vRQrArzf+j0/QpP/E/k5w5N88K6LyNJJown
-----END CERTIFICATE-----