Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/d800be-4acf-49f2-969d-db227c496804/1/IO35Muv-BryoM0I1ZKBw4gQAssI.roa
File:                     IO35Muv-BryoM0I1ZKBw4gQAssI.roa (raw, json)
Hash identifier:          /HIdjuk2TTG+JsiNcy4Oe8mhBPP53nj2Gqq6oeor96M=
Subject key identifier:   20:ED:F9:32:EB:FE:06:BC:A8:33:42:35:64:A0:70:E2:04:00:B2:C2
Certificate issuer:       /CN=89bd54e7d69c147d6b56f8c6a209d3deaea277dd
Certificate serial:       018CC26D33B6915732894361EDFE5963E341
Authority key identifier: 89:BD:54:E7:D6:9C:14:7D:6B:56:F8:C6:A2:09:D3:DE:AE:A2:77:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ib1U59acFH1rVvjGognT3q6id90.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/d800be-4acf-49f2-969d-db227c496804/1/IO35Muv-BryoM0I1ZKBw4gQAssI.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2001:678:f64::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/d800be-4acf-49f2-969d-db227c496804/1/ib1U59acFH1rVvjGognT3q6id90.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/d800be-4acf-49f2-969d-db227c496804/1/ib1U59acFH1rVvjGognT3q6id90.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ib1U59acFH1rVvjGognT3q6id90.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:33:b6:91:57:32:89:43:61:ed:fe:59:63:e3:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89bd54e7d69c147d6b56f8c6a209d3deaea277dd
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20edf932ebfe06bca833423564a070e20400b2c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b5:a5:09:f1:d9:3a:0f:39:47:5c:ce:d9:23:
                    2f:61:ab:18:42:14:90:a6:57:88:83:14:db:13:0e:
                    44:6a:59:e8:11:0d:b3:45:78:cd:48:4b:cf:99:b2:
                    53:c5:9b:33:c5:a4:76:f9:9d:a1:f0:00:98:8e:60:
                    f6:a3:0f:48:db:d0:3d:b1:6d:f5:30:64:5d:c0:ca:
                    59:bd:23:14:62:ef:b8:5f:2a:81:08:26:cf:28:55:
                    46:fc:a9:1a:86:cb:e2:61:ec:25:4e:c1:4a:23:a5:
                    8d:47:44:8d:98:2f:ab:f2:d5:fc:e6:3c:c5:fb:91:
                    34:34:b2:0f:75:fc:99:d2:f7:47:dc:fa:09:04:17:
                    25:57:bc:14:07:60:38:f5:a7:a5:ec:27:f3:cc:6d:
                    b3:87:d1:19:fa:c5:77:f7:16:9c:9f:e3:d4:55:1c:
                    c7:66:b9:3c:1f:0e:34:6e:67:0e:16:fd:05:4d:5a:
                    84:3b:6a:51:41:cf:03:42:4d:5f:e2:3c:17:52:4b:
                    c5:15:64:7e:0d:1b:18:3d:2d:bc:d4:ee:ed:a5:bd:
                    e0:f7:6c:1c:f0:c1:58:a1:9c:f9:c2:75:77:3b:1c:
                    67:64:6d:8e:57:6f:5c:4f:2f:95:4b:10:50:72:41:
                    5f:8d:fb:77:26:9b:9f:22:d5:b7:a6:6e:2f:95:65:
                    b6:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:ED:F9:32:EB:FE:06:BC:A8:33:42:35:64:A0:70:E2:04:00:B2:C2
            X509v3 Authority Key Identifier:
                keyid:89:BD:54:E7:D6:9C:14:7D:6B:56:F8:C6:A2:09:D3:DE:AE:A2:77:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ib1U59acFH1rVvjGognT3q6id90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d800be-4acf-49f2-969d-db227c496804/1/IO35Muv-BryoM0I1ZKBw4gQAssI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d800be-4acf-49f2-969d-db227c496804/1/ib1U59acFH1rVvjGognT3q6id90.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f64::/48

    Signature Algorithm: sha256WithRSAEncryption
         e1:19:bc:10:d2:98:bd:1e:a0:03:bd:d7:22:da:c2:49:0a:2b:
         6e:35:a2:bd:db:d9:b2:b5:e6:b8:7c:ab:5c:24:dc:87:ae:5d:
         d4:f8:ee:ce:26:62:23:84:0a:d8:3d:ef:33:be:3e:3a:bd:8d:
         66:10:fc:0c:8b:27:00:e7:54:a7:19:a9:7a:36:c5:0c:87:cc:
         69:7a:72:55:2e:e9:f9:23:87:2c:6a:3b:81:23:b8:45:ff:be:
         5c:13:74:05:2c:49:3f:8c:84:e7:8a:bd:e2:90:e6:f6:d3:bc:
         e1:a1:26:71:32:15:04:4f:7b:b1:a2:81:9b:b0:98:ba:df:d4:
         38:22:b3:92:da:6e:3d:6e:9e:d0:96:22:0b:b0:55:49:c2:cb:
         19:d1:d2:1e:0d:6c:f6:8f:9b:8a:d0:68:2e:cb:06:e5:d9:c9:
         ca:c0:00:4d:38:ae:0e:c2:1a:ab:e1:93:9f:e6:8c:2b:8a:ff:
         50:b6:4e:d6:4c:d4:a5:06:7b:fb:61:0d:e5:86:30:6f:dc:2c:
         79:43:e3:ad:0f:b2:93:8b:f2:a5:63:33:aa:e7:c7:7f:0e:41:
         2b:c2:0e:a4:e6:36:ad:13:1e:f4:e5:ba:2a:79:d6:e1:b8:55:
         42:a3:e9:30:a2:91:3e:62:71:db:39:24:4d:03:57:4d:ea:04:
         cb:4c:9d:64
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbTO2kVcyiUNh7f5ZY+NBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YmQ1NGU3ZDY5YzE0N2Q2YjU2ZjhjNmEyMDlkM2RlYWVh
Mjc3ZGQwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGVkZjkzMmViZmUwNmJjYTgzMzQyMzU2NGEwNzBlMjA0MDBiMmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7WlCfHZOg85R1zO2SMvYasYQhSQ
pleIgxTbEw5EalnoEQ2zRXjNSEvPmbJTxZszxaR2+Z2h8ACYjmD2ow9I29A9sW31
MGRdwMpZvSMUYu+4XyqBCCbPKFVG/KkahsviYewlTsFKI6WNR0SNmC+r8tX85jzF
+5E0NLIPdfyZ0vdH3PoJBBclV7wUB2A49ael7CfzzG2zh9EZ+sV39xacn+PUVRzH
Zrk8Hw40bmcOFv0FTVqEO2pRQc8DQk1f4jwXUkvFFWR+DRsYPS281O7tpb3g92wc
8MFYoZz5wnV3OxxnZG2OV29cTy+VSxBQckFfjft3JpufItW3pm4vlWW2ywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCDt+TLr/ga8qDNCNWSgcOIEALLCMB8GA1UdIwQY
MBaAFIm9VOfWnBR9a1b4xqIJ096uonfdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWIxVTU5YWNGSDFyVnZqR29nblQzcTZpZDkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9kODAwYmUtNGFjZi00OWYyLTk2OWQt
ZGIyMjdjNDk2ODA0LzEvSU8zNU11di1CcnlvTTBJMVpLQnc0Z1FBc3NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9kODAwYmUtNGFjZi00OWYyLTk2OWQtZGIyMjdjNDk2ODA0
LzEvaWIxVTU5YWNGSDFyVnZqR29nblQzcTZpZDkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA9k
MA0GCSqGSIb3DQEBCwUAA4IBAQDhGbwQ0pi9HqADvdci2sJJCituNaK929mytea4
fKtcJNyHrl3U+O7OJmIjhArYPe8zvj46vY1mEPwMiycA51SnGal6NsUMh8xpenJV
Lun5I4csajuBI7hF/75cE3QFLEk/jITnir3ikOb207zhoSZxMhUET3uxooGbsJi6
39Q4IrOS2m49bp7QliILsFVJwssZ0dIeDWz2j5uK0Gguywbl2cnKwABNOK4Owhqr
4ZOf5owriv9Qtk7WTNSlBnv7YQ3lhjBv3Cx5Q+OtD7KTi/KlYzOq58d/DkErwg6k
5jatEx705boqedbhuFVCo+kwopE+YnHbOSRNA1dN6gTLTJ1k
-----END CERTIFICATE-----