Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/iuGhXTInPWKlbre9IuLF6ZSvg0A.roa
File:                     iuGhXTInPWKlbre9IuLF6ZSvg0A.roa (raw, json)
Hash identifier:          ni1mklqJxWktBMB04MiJA5SIznBEW12NWZnOrp7RvDo=
Subject key identifier:   8A:E1:A1:5D:32:27:3D:62:A5:6E:B7:BD:22:E2:C5:E9:94:AF:83:40
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       018CC7946B1258158E6603981C351FC33911
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/iuGhXTInPWKlbre9IuLF6ZSvg0A.roa
Signing time:             Tue 02 Jan 2024 00:30:41 +0000
ROA not before:           Tue 02 Jan 2024 00:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31216
IP address blocks:        2001:678:8b8::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:6b:12:58:15:8e:66:03:98:1c:35:1f:c3:39:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Jan  2 00:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ae1a15d32273d62a56eb7bd22e2c5e994af8340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ad:3a:ae:7c:11:ba:38:1b:da:92:12:73:b9:
                    36:4b:db:8e:97:cf:ef:0f:b0:2c:f9:e6:7b:27:61:
                    66:be:72:a8:31:b7:76:22:6f:ed:82:b5:2b:c7:9f:
                    bb:59:e0:2d:1e:f2:5c:63:87:d3:6e:95:98:14:65:
                    2d:a2:64:a3:43:6e:23:4c:fb:d2:57:36:4f:8b:89:
                    87:3a:73:7e:43:af:10:35:1e:de:11:42:65:7a:0e:
                    e3:8c:ed:45:58:fd:fd:10:a9:10:52:e5:f2:c0:d4:
                    ec:34:bc:69:4f:3d:e5:aa:4a:58:e4:bf:ef:f9:80:
                    53:4a:c8:ed:28:ba:dd:d9:5b:5d:fd:76:90:c9:69:
                    60:a5:80:b2:0c:06:07:73:80:1b:10:b9:56:65:ca:
                    f2:ae:7d:77:7f:4a:09:00:ff:10:bb:86:60:65:9b:
                    3b:42:a6:2b:e0:d1:bc:4e:6e:56:b8:ef:cc:23:71:
                    12:a8:b8:9a:28:01:d0:69:c7:e9:22:91:ee:94:71:
                    17:46:f5:5d:00:91:e7:4e:eb:e8:a5:af:3c:84:ec:
                    18:23:ab:58:05:c0:e2:ab:a4:fe:b5:36:b0:57:1f:
                    a2:dc:18:54:96:36:fe:a0:da:c4:ab:8c:52:a7:e0:
                    ef:d1:c2:4a:0a:0b:e9:d0:0c:7d:4b:a4:25:b3:98:
                    fa:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:E1:A1:5D:32:27:3D:62:A5:6E:B7:BD:22:E2:C5:E9:94:AF:83:40
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/iuGhXTInPWKlbre9IuLF6ZSvg0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:8b8::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:54:fb:08:48:2d:8d:d2:e4:91:04:23:7e:b4:e6:b9:ae:23:
         ed:20:06:bd:78:7d:37:0b:5e:f9:d6:e4:7f:d8:ec:d4:ab:de:
         7d:99:77:2f:59:c2:21:2f:66:6f:c9:75:8c:8c:0d:ce:08:d8:
         2a:4e:7a:ef:28:78:3c:5a:68:1e:35:cf:ce:39:96:a2:97:bf:
         57:a2:7c:ac:63:df:21:63:3f:4a:85:7b:91:67:a6:2d:d3:69:
         77:30:52:03:77:40:09:6b:c3:bd:63:30:2d:05:aa:bc:d6:f9:
         64:4e:30:dd:ba:b3:3a:8f:bf:90:4f:ac:27:0a:db:8e:79:dd:
         ac:55:7f:90:a4:8c:fe:7a:e5:f0:95:7e:40:44:05:9a:2d:66:
         c4:b6:e5:27:18:e1:1d:28:92:02:55:62:0c:aa:4e:d2:2c:86:
         c6:ba:2a:78:ab:73:dc:92:af:84:ee:44:24:d3:39:67:58:fe:
         5a:d5:4d:01:25:73:d5:b5:0b:78:1e:6d:07:b3:56:0d:54:78:
         39:46:43:71:e8:a1:32:4d:af:9e:56:02:6f:85:e6:92:62:6c:
         48:b5:7b:f6:50:48:8a:58:21:2d:ce:7f:53:ff:ea:77:01:44:
         b7:21:c4:68:d0:f1:1c:1b:38:e5:24:43:47:19:8b:3d:94:72:
         5a:9d:09:f9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlGsSWBWOZgOYHDUfwzkRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjQwMTAyMDAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWUxYTE1ZDMyMjczZDYyYTU2ZWI3YmQyMmUyYzVlOTk0YWY4MzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAta06rnwRujgb2pISc7k2S9uOl8/v
D7As+eZ7J2FmvnKoMbd2Im/tgrUrx5+7WeAtHvJcY4fTbpWYFGUtomSjQ24jTPvS
VzZPi4mHOnN+Q68QNR7eEUJleg7jjO1FWP39EKkQUuXywNTsNLxpTz3lqkpY5L/v
+YBTSsjtKLrd2Vtd/XaQyWlgpYCyDAYHc4AbELlWZcryrn13f0oJAP8Qu4ZgZZs7
QqYr4NG8Tm5WuO/MI3ESqLiaKAHQacfpIpHulHEXRvVdAJHnTuvopa88hOwYI6tY
BcDiq6T+tTawVx+i3BhUljb+oNrEq4xSp+Dv0cJKCgvp0Ax9S6Qls5j6nQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIrhoV0yJz1ipW63vSLixemUr4NAMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvaXVHaFhUSW5QV0tsYnJlOUl1TEY2WlN2ZzBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAi4
MA0GCSqGSIb3DQEBCwUAA4IBAQAMVPsISC2N0uSRBCN+tOa5riPtIAa9eH03C175
1uR/2OzUq959mXcvWcIhL2ZvyXWMjA3OCNgqTnrvKHg8WmgeNc/OOZail79Xonys
Y98hYz9KhXuRZ6Yt02l3MFIDd0AJa8O9YzAtBaq81vlkTjDdurM6j7+QT6wnCtuO
ed2sVX+QpIz+euXwlX5ARAWaLWbEtuUnGOEdKJICVWIMqk7SLIbGuip4q3Pckq+E
7kQk0zlnWP5a1U0BJXPVtQt4Hm0Hs1YNVHg5RkNx6KEyTa+eVgJvheaSYmxItXv2
UEiKWCEtzn9T/+p3AUS3IcRo0PEcGzjlJENHGYs9lHJanQn5
-----END CERTIFICATE-----