Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/777a60-6de1-4dfb-b965-26222f0955ae/1/xRjKSCzbuqdGKUv4uad967-9e-0.roa
File:                     xRjKSCzbuqdGKUv4uad967-9e-0.roa (raw, json)
Hash identifier:          EObLzfwvGmwvtoWMDq/rqs54pHTgGUyZTiJQR4KNNzg=
Subject key identifier:   C5:18:CA:48:2C:DB:BA:A7:46:29:4B:F8:B9:A7:7D:EB:BF:BD:7B:ED
Certificate issuer:       /CN=c5471397cf5ec399aa0eec5c3173b1f3040723a9
Certificate serial:       018CC64AFEE0AFB524A88ECBA678CCA5AFD1
Authority key identifier: C5:47:13:97:CF:5E:C3:99:AA:0E:EC:5C:31:73:B1:F3:04:07:23:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xUcTl89ew5mqDuxcMXOx8wQHI6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/777a60-6de1-4dfb-b965-26222f0955ae/1/xRjKSCzbuqdGKUv4uad967-9e-0.roa
Signing time:             Mon 01 Jan 2024 18:30:52 +0000
ROA not before:           Mon 01 Jan 2024 18:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212170
IP address blocks:        2001:678:ba8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/777a60-6de1-4dfb-b965-26222f0955ae/1/xUcTl89ew5mqDuxcMXOx8wQHI6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/777a60-6de1-4dfb-b965-26222f0955ae/1/xUcTl89ew5mqDuxcMXOx8wQHI6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xUcTl89ew5mqDuxcMXOx8wQHI6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 07:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:fe:e0:af:b5:24:a8:8e:cb:a6:78:cc:a5:af:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5471397cf5ec399aa0eec5c3173b1f3040723a9
        Validity
            Not Before: Jan  1 18:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c518ca482cdbbaa746294bf8b9a77debbfbd7bed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e2:a5:bc:2d:8b:eb:41:97:b6:6a:94:85:4c:
                    46:aa:90:fa:2a:70:a2:de:cf:41:05:e5:bb:50:96:
                    ee:94:86:a0:b9:67:64:01:71:68:33:42:be:57:44:
                    13:ac:49:fa:89:2e:59:ce:36:01:60:9c:51:6e:2c:
                    85:98:8a:fc:38:18:45:65:39:66:8f:67:61:5f:19:
                    94:d3:4a:0a:39:43:3a:18:8e:18:eb:2a:8c:40:f6:
                    b5:5d:ae:f4:6f:c3:a8:04:81:1a:6e:1c:be:0f:f6:
                    a1:6f:86:29:a2:71:43:c3:6d:a9:40:5c:8e:92:d4:
                    95:58:a5:e0:09:af:aa:ed:79:71:65:12:76:88:f6:
                    49:02:aa:10:0b:2b:34:33:1d:46:ed:c9:6c:0c:ce:
                    0a:b9:4f:cc:ea:84:b0:74:f0:f0:9e:56:9a:52:ea:
                    eb:84:d4:1e:a1:f0:0e:79:33:f5:3a:49:60:fb:d8:
                    d1:de:28:77:26:93:97:a1:1e:a9:73:71:84:2c:7b:
                    1b:3a:69:9c:91:97:cb:27:e6:e7:07:21:ec:58:f5:
                    95:ee:fe:54:fb:ed:65:46:8e:d1:70:b9:2b:36:96:
                    03:64:65:5b:a1:48:46:31:3b:f2:a8:d9:69:3f:1c:
                    25:ff:20:72:4f:d3:d7:b0:7b:4b:2a:f6:7d:11:55:
                    7c:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:18:CA:48:2C:DB:BA:A7:46:29:4B:F8:B9:A7:7D:EB:BF:BD:7B:ED
            X509v3 Authority Key Identifier:
                keyid:C5:47:13:97:CF:5E:C3:99:AA:0E:EC:5C:31:73:B1:F3:04:07:23:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xUcTl89ew5mqDuxcMXOx8wQHI6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/777a60-6de1-4dfb-b965-26222f0955ae/1/xRjKSCzbuqdGKUv4uad967-9e-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/777a60-6de1-4dfb-b965-26222f0955ae/1/xUcTl89ew5mqDuxcMXOx8wQHI6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:ba8::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:01:d9:c4:32:32:d1:a4:2c:43:e6:10:33:64:fd:a3:2f:bd:
         c2:c4:fd:1f:f8:e5:5c:e5:98:1d:60:4f:c1:a0:33:44:a6:8c:
         14:93:c9:c6:a0:c3:86:1e:ee:a4:6b:34:34:08:78:2d:19:45:
         d5:52:64:94:8a:bb:5d:89:91:81:c6:e7:87:1b:40:fd:9b:26:
         a5:47:84:cc:cb:11:fa:fc:e8:6c:bc:0b:ea:e0:0b:7c:28:95:
         6d:35:8a:fc:7a:76:fa:66:4d:c0:bf:5c:9b:b9:56:dc:d3:d6:
         d3:54:79:9a:d6:fc:12:1a:8e:df:8a:8e:19:f2:9d:b2:08:65:
         6c:1b:34:73:36:c4:16:85:33:dd:53:73:7d:a1:68:be:3b:64:
         92:49:f5:4f:fa:73:5e:ba:44:9b:98:a3:ba:68:75:ae:49:bd:
         f2:6e:f7:a9:21:e2:b2:13:8e:04:2c:a3:95:39:d0:09:df:39:
         21:28:22:e6:e1:44:38:e4:0b:2a:7a:f1:33:1b:93:4d:40:27:
         22:e1:95:44:45:d1:8b:3a:f5:91:fa:49:43:b9:fe:0a:0c:7b:
         75:a3:f2:67:71:7e:ad:fe:e8:c4:71:2b:35:d4:0b:49:3d:1b:
         08:9e:69:5a:8f:20:c7:a0:61:c4:31:e2:2d:9f:99:e2:18:fd:
         07:a1:a5:27
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSv7gr7UkqI7LpnjMpa/RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NDcxMzk3Y2Y1ZWMzOTlhYTBlZWM1YzMxNzNiMWYzMDQw
NzIzYTkwHhcNMjQwMTAxMTgzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTE4Y2E0ODJjZGJiYWE3NDYyOTRiZjhiOWE3N2RlYmJmYmQ3YmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeKlvC2L60GXtmqUhUxGqpD6KnCi
3s9BBeW7UJbulIaguWdkAXFoM0K+V0QTrEn6iS5ZzjYBYJxRbiyFmIr8OBhFZTlm
j2dhXxmU00oKOUM6GI4Y6yqMQPa1Xa70b8OoBIEabhy+D/ahb4YponFDw22pQFyO
ktSVWKXgCa+q7XlxZRJ2iPZJAqoQCys0Mx1G7clsDM4KuU/M6oSwdPDwnlaaUurr
hNQeofAOeTP1Oklg+9jR3ih3JpOXoR6pc3GELHsbOmmckZfLJ+bnByHsWPWV7v5U
++1lRo7RcLkrNpYDZGVboUhGMTvyqNlpPxwl/yByT9PXsHtLKvZ9EVV8eQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMUYykgs27qnRilL+Lmnfeu/vXvtMB8GA1UdIwQY
MBaAFMVHE5fPXsOZqg7sXDFzsfMEByOpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFVjVGw4OWV3NW1xRHV4Y01YT3g4d1FISTZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS83NzdhNjAtNmRlMS00ZGZiLWI5NjUt
MjYyMjJmMDk1NWFlLzEveFJqS1NDemJ1cWRHS1V2NHVhZDk2Ny05ZS0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS83NzdhNjAtNmRlMS00ZGZiLWI5NjUtMjYyMjJmMDk1NWFl
LzEveFVjVGw4OWV3NW1xRHV4Y01YT3g4d1FISTZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAuo
MA0GCSqGSIb3DQEBCwUAA4IBAQA6AdnEMjLRpCxD5hAzZP2jL73CxP0f+OVc5Zgd
YE/BoDNEpowUk8nGoMOGHu6kazQ0CHgtGUXVUmSUirtdiZGBxueHG0D9myalR4TM
yxH6/OhsvAvq4At8KJVtNYr8enb6Zk3Av1ybuVbc09bTVHma1vwSGo7fio4Z8p2y
CGVsGzRzNsQWhTPdU3N9oWi+O2SSSfVP+nNeukSbmKO6aHWuSb3ybvepIeKyE44E
LKOVOdAJ3zkhKCLm4UQ45AsqevEzG5NNQCci4ZVERdGLOvWR+klDuf4KDHt1o/Jn
cX6t/ujEcSs11AtJPRsInmlajyDHoGHEMeItn5niGP0HoaUn
-----END CERTIFICATE-----