Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/c58189-d57e-415d-b977-0067bcaf3770/1/VMVnclwVco8xnDBY2RKFb7JtIJI.roa
File:                     VMVnclwVco8xnDBY2RKFb7JtIJI.roa (raw, json)
Hash identifier:          UbSx9ru3MPr6YvZKD0fF4/l79uTe7gOWptlTS6Wn+II=
Subject key identifier:   54:C5:67:72:5C:15:72:8F:31:9C:30:58:D9:12:85:6F:B2:6D:20:92
Certificate issuer:       /CN=58a5ed8e3ecc92a2de8c80abe9a8195d5ff997e6
Certificate serial:       018CC493697E674FC9D72C224215AA972DD8
Authority key identifier: 58:A5:ED:8E:3E:CC:92:A2:DE:8C:80:AB:E9:A8:19:5D:5F:F9:97:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WKXtjj7MkqLejICr6agZXV_5l-Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/c58189-d57e-415d-b977-0067bcaf3770/1/VMVnclwVco8xnDBY2RKFb7JtIJI.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49852
IP address blocks:        2001:678:6ac::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/c58189-d57e-415d-b977-0067bcaf3770/1/WKXtjj7MkqLejICr6agZXV_5l-Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/c58189-d57e-415d-b977-0067bcaf3770/1/WKXtjj7MkqLejICr6agZXV_5l-Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WKXtjj7MkqLejICr6agZXV_5l-Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:69:7e:67:4f:c9:d7:2c:22:42:15:aa:97:2d:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58a5ed8e3ecc92a2de8c80abe9a8195d5ff997e6
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54c567725c15728f319c3058d912856fb26d2092
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:49:ed:9b:54:d2:bf:f0:3c:9d:b1:51:68:38:
                    b2:fe:f6:c4:ec:38:5b:a3:f6:2a:8d:30:6a:c9:ed:
                    c2:d7:06:ce:84:0d:d9:d2:38:62:2d:de:84:77:93:
                    29:07:9f:d1:25:7b:68:ac:a2:e6:03:c7:f1:3a:b5:
                    83:27:e9:1f:26:5c:35:e4:ce:c6:25:6e:63:29:5e:
                    e1:11:54:d8:8d:9e:22:1f:89:d1:64:a7:22:41:bd:
                    d8:0c:09:5e:7c:f2:dc:f4:88:9e:5f:98:76:e2:a5:
                    d8:29:dd:24:24:c2:72:3c:27:5e:1a:3d:b4:03:5d:
                    7f:73:60:cf:14:20:50:4f:ad:25:fc:89:bb:64:ed:
                    7b:9d:3d:49:40:6d:bc:ec:19:f8:5f:51:8b:9b:ef:
                    e3:62:15:81:f9:bc:02:50:68:c7:e4:0b:81:cf:05:
                    ca:22:90:4a:06:17:d7:d9:d2:23:85:8b:04:c4:a9:
                    ab:fe:67:52:f2:75:6c:f5:2b:d6:92:27:59:3a:21:
                    3a:72:f9:bd:8e:26:68:61:76:2e:4c:88:1e:c9:0f:
                    d9:62:08:83:f4:b9:64:94:32:8f:96:53:77:9b:a7:
                    df:03:85:06:10:52:74:bb:ac:d5:9e:b8:ba:7f:3c:
                    40:5a:33:f0:36:bd:ed:af:79:4f:30:b9:e3:e6:b4:
                    72:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:C5:67:72:5C:15:72:8F:31:9C:30:58:D9:12:85:6F:B2:6D:20:92
            X509v3 Authority Key Identifier:
                keyid:58:A5:ED:8E:3E:CC:92:A2:DE:8C:80:AB:E9:A8:19:5D:5F:F9:97:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WKXtjj7MkqLejICr6agZXV_5l-Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/c58189-d57e-415d-b977-0067bcaf3770/1/VMVnclwVco8xnDBY2RKFb7JtIJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/c58189-d57e-415d-b977-0067bcaf3770/1/WKXtjj7MkqLejICr6agZXV_5l-Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:6ac::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:4f:6b:14:57:cb:84:b0:e3:fb:b5:00:c8:dc:3f:2a:57:73:
         2f:c6:4c:bb:58:a4:54:25:4b:5f:93:05:be:e9:40:a5:82:c3:
         30:8d:36:e3:1a:1c:9e:fc:50:d7:bb:ee:34:57:3a:eb:6f:a1:
         ee:1b:97:73:0f:5a:77:c5:8f:b2:d5:f6:f7:e0:a0:9f:57:84:
         78:12:9a:eb:65:82:cd:1c:bd:62:60:86:ec:7e:45:48:e9:c4:
         a7:ad:3f:37:9a:77:db:aa:38:99:a7:7b:d2:4e:07:88:e3:65:
         47:b9:f1:59:0a:f9:bf:4d:2d:03:5c:25:bf:37:bf:39:a7:0c:
         01:05:90:28:83:a1:ea:d4:01:99:b1:1d:6f:5b:6d:30:9f:aa:
         83:4d:44:67:72:5d:22:80:de:97:ea:d1:b1:d7:72:d3:38:31:
         75:73:ef:94:7f:b3:93:b4:3a:f3:07:f1:47:e6:e7:ee:a9:54:
         be:28:90:38:e4:16:b2:d4:46:32:d0:98:0a:ab:cf:90:f9:d3:
         2e:00:e6:96:cf:ca:5a:21:3d:a4:4b:a4:7d:8c:b4:97:69:d4:
         51:ee:2f:6f:b8:0a:aa:2c:6a:0e:07:0d:bb:a4:ba:c2:eb:0e:
         c3:25:de:62:8c:40:fe:9f:52:88:da:20:86:de:c3:bb:26:e4:
         3e:ac:ce:7c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk2l+Z0/J1ywiQhWqly3YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YTVlZDhlM2VjYzkyYTJkZThjODBhYmU5YTgxOTVkNWZm
OTk3ZTYwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGM1Njc3MjVjMTU3MjhmMzE5YzMwNThkOTEyODU2ZmIyNmQyMDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkntm1TSv/A8nbFRaDiy/vbE7Dhb
o/YqjTBqye3C1wbOhA3Z0jhiLd6Ed5MpB5/RJXtorKLmA8fxOrWDJ+kfJlw15M7G
JW5jKV7hEVTYjZ4iH4nRZKciQb3YDAlefPLc9IieX5h24qXYKd0kJMJyPCdeGj20
A11/c2DPFCBQT60l/Im7ZO17nT1JQG287Bn4X1GLm+/jYhWB+bwCUGjH5AuBzwXK
IpBKBhfX2dIjhYsExKmr/mdS8nVs9SvWkidZOiE6cvm9jiZoYXYuTIgeyQ/ZYgiD
9LlklDKPllN3m6ffA4UGEFJ0u6zVnri6fzxAWjPwNr3tr3lPMLnj5rRyNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFTFZ3JcFXKPMZwwWNkShW+ybSCSMB8GA1UdIwQY
MBaAFFil7Y4+zJKi3oyAq+moGV1f+ZfmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0tYdGpqN01rcUxlaklDcjZhZ1pYVl81bC1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9jNTgxODktZDU3ZS00MTVkLWI5Nzct
MDA2N2JjYWYzNzcwLzEvVk1WbmNsd1Zjbzh4bkRCWTJSS0ZiN0p0SUpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9jNTgxODktZDU3ZS00MTVkLWI5NzctMDA2N2JjYWYzNzcw
LzEvV0tYdGpqN01rcUxlaklDcjZhZ1pYVl81bC1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAas
MA0GCSqGSIb3DQEBCwUAA4IBAQCST2sUV8uEsOP7tQDI3D8qV3Mvxky7WKRUJUtf
kwW+6UClgsMwjTbjGhye/FDXu+40Vzrrb6HuG5dzD1p3xY+y1fb34KCfV4R4Eprr
ZYLNHL1iYIbsfkVI6cSnrT83mnfbqjiZp3vSTgeI42VHufFZCvm/TS0DXCW/N785
pwwBBZAog6Hq1AGZsR1vW20wn6qDTURncl0igN6X6tGx13LTODF1c++Uf7OTtDrz
B/FH5ufuqVS+KJA45Bay1EYy0JgKq8+Q+dMuAOaWz8paIT2kS6R9jLSXadRR7i9v
uAqqLGoOBw27pLrC6w7DJd5ijED+n1KI2iCG3sO7JuQ+rM58
-----END CERTIFICATE-----