Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/679b4d-fa3d-4993-a18a-63c9c84ec74f/1/ShzUzNa-xHzOunWk_b4JT0-krZo.roa
File:                     ShzUzNa-xHzOunWk_b4JT0-krZo.roa (raw, json)
Hash identifier:          gOO+1YG+RR8Eu8RqDCs+BUxlx91y2isSVRXPXTMcADg=
Subject key identifier:   4A:1C:D4:CC:D6:BE:C4:7C:CE:BA:75:A4:FD:BE:09:4F:4F:A4:AD:9A
Certificate issuer:       /CN=f44024ade5e4802c0a2f61e6f80f4d22dc154853
Certificate serial:       018CC2DB5B0571BD0E8EE006438C2C3C31A8
Authority key identifier: F4:40:24:AD:E5:E4:80:2C:0A:2F:61:E6:F8:0F:4D:22:DC:15:48:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9EAkreXkgCwKL2Hm-A9NItwVSFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/679b4d-fa3d-4993-a18a-63c9c84ec74f/1/ShzUzNa-xHzOunWk_b4JT0-krZo.roa
Signing time:             Mon 01 Jan 2024 02:30:04 +0000
ROA not before:           Mon 01 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212515
IP address blocks:        2001:678:e34::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/679b4d-fa3d-4993-a18a-63c9c84ec74f/1/9EAkreXkgCwKL2Hm-A9NItwVSFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/679b4d-fa3d-4993-a18a-63c9c84ec74f/1/9EAkreXkgCwKL2Hm-A9NItwVSFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9EAkreXkgCwKL2Hm-A9NItwVSFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5b:05:71:bd:0e:8e:e0:06:43:8c:2c:3c:31:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f44024ade5e4802c0a2f61e6f80f4d22dc154853
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a1cd4ccd6bec47cceba75a4fdbe094f4fa4ad9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:db:9b:09:1d:52:3a:4f:f8:26:1e:cf:0e:32:
                    27:de:fb:4d:59:f2:ae:9d:53:a8:76:50:53:65:13:
                    2b:9a:d6:e8:da:1f:ad:44:31:6e:52:90:e5:05:3d:
                    65:6f:b2:4c:d7:1a:99:e3:b8:28:fe:4b:ea:55:f5:
                    47:67:e3:af:9e:d2:a0:7e:69:2f:f7:79:ae:b4:f5:
                    5b:7c:6d:3d:1c:9d:51:69:b3:e0:9e:6f:98:ad:c9:
                    db:51:45:3a:59:e0:c8:fb:7d:c3:1f:6b:18:c5:42:
                    39:f5:4c:7c:53:3a:70:dc:00:c4:e0:fe:8e:8b:e5:
                    3e:3e:b2:e1:89:52:a8:1e:67:a9:94:42:cb:e4:2b:
                    80:98:31:94:f1:b1:ba:88:48:58:b7:c1:18:5d:e5:
                    41:0d:44:4b:2b:15:2d:3f:65:9d:7a:22:73:d1:e1:
                    2b:d6:80:5f:b2:4a:37:4f:38:9f:16:29:22:ea:6b:
                    3b:60:88:53:9d:ef:4a:a2:2d:36:9b:dc:22:29:5f:
                    a5:a7:5b:e4:c4:ea:65:63:20:61:78:f9:f5:14:eb:
                    9e:f6:5c:01:c7:2b:f9:d2:68:26:5b:e5:e4:a1:91:
                    ce:76:99:33:4a:1e:42:bd:21:3d:4c:52:1a:8c:6d:
                    16:20:30:8d:22:0c:10:6a:2f:75:3e:bd:d7:77:de:
                    da:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:1C:D4:CC:D6:BE:C4:7C:CE:BA:75:A4:FD:BE:09:4F:4F:A4:AD:9A
            X509v3 Authority Key Identifier:
                keyid:F4:40:24:AD:E5:E4:80:2C:0A:2F:61:E6:F8:0F:4D:22:DC:15:48:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9EAkreXkgCwKL2Hm-A9NItwVSFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/679b4d-fa3d-4993-a18a-63c9c84ec74f/1/ShzUzNa-xHzOunWk_b4JT0-krZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/679b4d-fa3d-4993-a18a-63c9c84ec74f/1/9EAkreXkgCwKL2Hm-A9NItwVSFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:e34::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:fa:e4:71:1d:4d:8d:4f:65:3d:9e:32:23:9c:ed:8f:5c:8f:
         39:35:80:20:19:6f:1f:c9:49:19:02:29:7b:06:40:e0:52:ae:
         e9:ca:7a:72:0e:2c:96:e1:c0:de:3c:27:9b:da:77:74:98:d5:
         5e:c5:89:b4:46:ed:5d:89:f4:4b:eb:b6:8a:fb:1f:1f:f0:4b:
         17:23:ee:1d:f1:76:98:96:e2:cf:d0:b3:f5:f9:e0:a5:0a:0c:
         b6:c0:d9:bb:bc:45:36:e9:b7:9f:4f:47:b6:22:9d:75:03:1b:
         97:53:55:08:4d:9d:32:63:f2:fe:d4:17:30:95:ac:52:36:ea:
         ad:7c:ad:ac:22:59:b7:3e:cd:6f:27:2c:f4:25:03:e6:98:98:
         10:a4:fe:10:e3:2e:15:d4:84:3f:0b:a0:fe:d6:97:e9:8a:f4:
         b6:17:aa:4c:73:43:76:87:5d:7b:16:b3:8b:de:67:b4:a6:bf:
         9f:6c:3c:33:6c:16:dd:af:cd:14:b0:21:30:fc:08:6f:2a:81:
         b6:3e:ad:9e:fa:25:6e:1a:a6:8c:08:c8:30:22:43:ec:32:41:
         25:e2:66:d7:3a:c0:96:42:34:37:2d:e4:c0:58:47:f1:16:50:
         15:fc:36:24:66:1d:95:7e:89:c2:e4:b3:38:b5:9a:82:84:20:
         69:a9:e5:de
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC21sFcb0OjuAGQ4wsPDGoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0NDAyNGFkZTVlNDgwMmMwYTJmNjFlNmY4MGY0ZDIyZGMx
NTQ4NTMwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTFjZDRjY2Q2YmVjNDdjY2ViYTc1YTRmZGJlMDk0ZjRmYTRhZDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNubCR1SOk/4Jh7PDjIn3vtNWfKu
nVOodlBTZRMrmtbo2h+tRDFuUpDlBT1lb7JM1xqZ47go/kvqVfVHZ+OvntKgfmkv
93mutPVbfG09HJ1RabPgnm+YrcnbUUU6WeDI+33DH2sYxUI59Ux8Uzpw3ADE4P6O
i+U+PrLhiVKoHmeplELL5CuAmDGU8bG6iEhYt8EYXeVBDURLKxUtP2WdeiJz0eEr
1oBfsko3TzifFiki6ms7YIhTne9Koi02m9wiKV+lp1vkxOplYyBhePn1FOue9lwB
xyv50mgmW+XkoZHOdpkzSh5CvSE9TFIajG0WIDCNIgwQai91Pr3Xd97a/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEoc1MzWvsR8zrp1pP2+CU9PpK2aMB8GA1UdIwQY
MBaAFPRAJK3l5IAsCi9h5vgPTSLcFUhTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUVBa3JlWGtnQ3dLTDJIbS1BOU5JdHdWU0ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi82NzliNGQtZmEzZC00OTkzLWExOGEt
NjNjOWM4NGVjNzRmLzEvU2h6VXpOYS14SHpPdW5Xa19iNEpUMC1rclpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi82NzliNGQtZmEzZC00OTkzLWExOGEtNjNjOWM4NGVjNzRm
LzEvOUVBa3JlWGtnQ3dLTDJIbS1BOU5JdHdWU0ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA40
MA0GCSqGSIb3DQEBCwUAA4IBAQBe+uRxHU2NT2U9njIjnO2PXI85NYAgGW8fyUkZ
Ail7BkDgUq7pynpyDiyW4cDePCeb2nd0mNVexYm0Ru1difRL67aK+x8f8EsXI+4d
8XaYluLP0LP1+eClCgy2wNm7vEU26befT0e2Ip11AxuXU1UITZ0yY/L+1BcwlaxS
NuqtfK2sIlm3Ps1vJyz0JQPmmJgQpP4Q4y4V1IQ/C6D+1pfpivS2F6pMc0N2h117
FrOL3me0pr+fbDwzbBbdr80UsCEw/AhvKoG2Pq2e+iVuGqaMCMgwIkPsMkEl4mbX
OsCWQjQ3LeTAWEfxFlAV/DYkZh2VfonC5LM4tZqChCBpqeXe
-----END CERTIFICATE-----