Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/999cf5-812f-4e0a-8ea1-618238b7b942/1/Y3cqm_SKUVIKboDdk96dj-yn9H4.roa
File:                     Y3cqm_SKUVIKboDdk96dj-yn9H4.roa (raw, json)
Hash identifier:          uaXFFykwCZYmndOr2yOXAhu7tu1dDU2+8VDY+HcItis=
Subject key identifier:   63:77:2A:9B:F4:8A:51:52:0A:6E:80:DD:93:DE:9D:8F:EC:A7:F4:7E
Certificate issuer:       /CN=b1b34e006765b154f37b6d3484588189511fb200
Certificate serial:       018CC56E0C11B9ADC77525DC7204E574CE6A
Authority key identifier: B1:B3:4E:00:67:65:B1:54:F3:7B:6D:34:84:58:81:89:51:1F:B2:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sbNOAGdlsVTze200hFiBiVEfsgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/999cf5-812f-4e0a-8ea1-618238b7b942/1/Y3cqm_SKUVIKboDdk96dj-yn9H4.roa
Signing time:             Mon 01 Jan 2024 14:29:32 +0000
ROA not before:           Mon 01 Jan 2024 14:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13045
IP address blocks:        2001:678:7d4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/999cf5-812f-4e0a-8ea1-618238b7b942/1/sbNOAGdlsVTze200hFiBiVEfsgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/999cf5-812f-4e0a-8ea1-618238b7b942/1/sbNOAGdlsVTze200hFiBiVEfsgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sbNOAGdlsVTze200hFiBiVEfsgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 08:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0c:11:b9:ad:c7:75:25:dc:72:04:e5:74:ce:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1b34e006765b154f37b6d3484588189511fb200
        Validity
            Not Before: Jan  1 14:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63772a9bf48a51520a6e80dd93de9d8feca7f47e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ef:06:1c:58:43:33:a9:9a:ae:37:66:38:ea:
                    a0:a7:b3:9f:9b:51:bd:79:b2:25:9a:b2:cc:68:81:
                    f0:1c:da:fb:f6:66:59:e9:60:be:6b:d6:26:a6:b4:
                    11:73:ba:a2:a3:53:f2:cc:fd:fe:48:5f:df:31:ec:
                    b5:de:1e:aa:e7:82:99:63:4f:44:e7:6b:5e:11:b7:
                    05:5d:13:76:9a:6b:b5:20:f5:8b:5d:19:60:23:30:
                    f8:86:f4:d0:13:b9:e9:79:f4:75:08:39:34:56:93:
                    6c:3a:20:52:d8:e2:8d:73:b1:92:48:cb:46:04:18:
                    11:9a:c8:ab:66:4d:9f:1e:f6:ce:91:2b:5c:a8:05:
                    c6:cc:1d:8d:e2:cc:c4:12:1c:33:e0:16:a7:20:75:
                    52:f0:23:f3:2e:1b:11:66:c3:b6:37:7e:f7:7c:00:
                    03:9a:bc:71:a8:87:95:d6:8c:d6:de:f7:f5:b4:54:
                    4c:fa:c7:b2:40:d8:c5:4f:ca:24:af:8a:0e:06:cf:
                    b8:05:04:ae:e1:bf:e4:82:cb:41:c1:80:8a:62:d5:
                    b0:f2:5b:04:6f:d8:b9:c6:65:db:7f:cb:47:af:34:
                    a4:8a:cc:a8:8f:d3:f8:5f:0b:c8:b5:5c:74:ff:4b:
                    2a:64:82:9a:24:8f:12:88:9f:8a:c1:9e:94:83:53:
                    fe:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:77:2A:9B:F4:8A:51:52:0A:6E:80:DD:93:DE:9D:8F:EC:A7:F4:7E
            X509v3 Authority Key Identifier:
                keyid:B1:B3:4E:00:67:65:B1:54:F3:7B:6D:34:84:58:81:89:51:1F:B2:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sbNOAGdlsVTze200hFiBiVEfsgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/999cf5-812f-4e0a-8ea1-618238b7b942/1/Y3cqm_SKUVIKboDdk96dj-yn9H4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/999cf5-812f-4e0a-8ea1-618238b7b942/1/sbNOAGdlsVTze200hFiBiVEfsgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:7d4::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:ab:e9:e7:c1:70:bf:db:b7:ec:5e:0d:89:85:62:85:b9:22:
         36:e0:7d:1c:4a:7e:ea:0f:05:24:db:fa:79:69:f7:93:ad:b1:
         b5:63:3e:9e:6d:9e:4e:d3:63:6b:82:65:4e:03:d1:fe:47:7a:
         76:f6:ef:0a:74:25:ec:0e:4e:cf:a7:eb:51:5f:db:17:5e:4e:
         d4:d3:61:56:66:9f:ef:e1:a6:02:eb:e0:66:02:19:53:b5:f6:
         d7:03:72:66:05:8c:97:cb:e9:63:2d:b9:b7:4b:e9:47:49:ca:
         ec:bc:04:13:47:a9:3f:fb:9d:78:9b:82:e8:05:88:7f:3e:b9:
         a2:dd:50:2c:72:dc:b5:c8:ed:64:54:cf:d7:8a:ba:ca:4d:16:
         50:31:d9:20:93:3d:01:8c:a3:24:ec:63:12:c4:94:01:71:f2:
         e5:42:f7:7e:19:c8:23:dc:4c:af:8d:0c:83:65:0b:12:f7:e4:
         87:ac:1a:28:d7:30:15:0f:8c:69:32:7a:24:4b:77:d9:2a:68:
         de:75:02:fc:35:32:6b:e0:6e:18:1a:21:76:94:c6:40:68:ba:
         0d:7a:4f:62:23:2d:47:c1:4e:30:37:48:02:ff:b2:74:eb:22:
         ec:9c:04:64:3a:de:35:c8:da:49:5c:bf:3f:6d:42:fb:a7:96:
         9f:f9:7a:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbgwRua3HdSXccgTldM5qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYjM0ZTAwNjc2NWIxNTRmMzdiNmQzNDg0NTg4MTg5NTEx
ZmIyMDAwHhcNMjQwMTAxMTQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mzc3MmE5YmY0OGE1MTUyMGE2ZTgwZGQ5M2RlOWQ4ZmVjYTdmNDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjO8GHFhDM6marjdmOOqgp7Ofm1G9
ebIlmrLMaIHwHNr79mZZ6WC+a9YmprQRc7qio1PyzP3+SF/fMey13h6q54KZY09E
52teEbcFXRN2mmu1IPWLXRlgIzD4hvTQE7npefR1CDk0VpNsOiBS2OKNc7GSSMtG
BBgRmsirZk2fHvbOkStcqAXGzB2N4szEEhwz4BanIHVS8CPzLhsRZsO2N373fAAD
mrxxqIeV1ozW3vf1tFRM+seyQNjFT8okr4oOBs+4BQSu4b/kgstBwYCKYtWw8lsE
b9i5xmXbf8tHrzSkisyoj9P4XwvItVx0/0sqZIKaJI8SiJ+KwZ6Ug1P+sQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGN3Kpv0ilFSCm6A3ZPenY/sp/R+MB8GA1UdIwQY
MBaAFLGzTgBnZbFU83ttNIRYgYlRH7IAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2JOT0FHZGxzVlR6ZTIwMGhGaUJpVkVmc2dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy85OTljZjUtODEyZi00ZTBhLThlYTEt
NjE4MjM4YjdiOTQyLzEvWTNjcW1fU0tVVklLYm9EZGs5NmRqLXluOUg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy85OTljZjUtODEyZi00ZTBhLThlYTEtNjE4MjM4YjdiOTQy
LzEvc2JOT0FHZGxzVlR6ZTIwMGhGaUJpVkVmc2dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAfU
MA0GCSqGSIb3DQEBCwUAA4IBAQAdq+nnwXC/27fsXg2JhWKFuSI24H0cSn7qDwUk
2/p5afeTrbG1Yz6ebZ5O02NrgmVOA9H+R3p29u8KdCXsDk7Pp+tRX9sXXk7U02FW
Zp/v4aYC6+BmAhlTtfbXA3JmBYyXy+ljLbm3S+lHScrsvAQTR6k/+514m4LoBYh/
Prmi3VAscty1yO1kVM/XirrKTRZQMdkgkz0BjKMk7GMSxJQBcfLlQvd+Gcgj3Eyv
jQyDZQsS9+SHrBoo1zAVD4xpMnokS3fZKmjedQL8NTJr4G4YGiF2lMZAaLoNek9i
Iy1HwU4wN0gC/7J06yLsnARkOt41yNpJXL8/bUL7p5af+XqP
-----END CERTIFICATE-----