Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/8f2093-0318-476c-9e9c-53fc4905629b/1/54Bx4gLBeIkIaAra7TpXaHo1fFU.roa
File:                     54Bx4gLBeIkIaAra7TpXaHo1fFU.roa (raw, json)
Hash identifier:          x9E2tMf6Y7Yr/vmxZ40f5Od3hSAjjUn1OHdf00e8mGI=
Subject key identifier:   E7:80:71:E2:02:C1:78:89:08:68:0A:DA:ED:3A:57:68:7A:35:7C:55
Certificate issuer:       /CN=bde75079618691bae1f47bcbed52314496963891
Certificate serial:       018CC726C46F1E023F57B5B08CE00A28A239
Authority key identifier: BD:E7:50:79:61:86:91:BA:E1:F4:7B:CB:ED:52:31:44:96:96:38:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vedQeWGGkbrh9HvL7VIxRJaWOJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/8f2093-0318-476c-9e9c-53fc4905629b/1/54Bx4gLBeIkIaAra7TpXaHo1fFU.roa
Signing time:             Mon 01 Jan 2024 22:30:55 +0000
ROA not before:           Mon 01 Jan 2024 22:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39334
IP address blocks:        2001:678:6d8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/8f2093-0318-476c-9e9c-53fc4905629b/1/vedQeWGGkbrh9HvL7VIxRJaWOJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/8f2093-0318-476c-9e9c-53fc4905629b/1/vedQeWGGkbrh9HvL7VIxRJaWOJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vedQeWGGkbrh9HvL7VIxRJaWOJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:c4:6f:1e:02:3f:57:b5:b0:8c:e0:0a:28:a2:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bde75079618691bae1f47bcbed52314496963891
        Validity
            Not Before: Jan  1 22:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e78071e202c1788908680adaed3a57687a357c55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:cf:98:0b:47:2b:11:42:b7:5a:c1:99:10:6f:
                    4f:2e:9f:dc:9d:6e:88:4d:56:2a:74:c6:7c:90:57:
                    11:14:f5:c1:cd:d9:6b:34:3c:c0:9d:7d:32:28:89:
                    27:e8:d7:50:01:8d:16:fd:ae:f4:f3:43:e8:c9:b8:
                    69:eb:98:b7:f7:e6:e7:9f:e5:21:72:d4:98:68:41:
                    8a:1b:7b:f2:01:16:4c:0c:7b:3c:cd:0e:13:c0:cb:
                    80:66:fe:2c:5b:6f:91:7b:98:87:65:00:a1:36:08:
                    2a:08:1d:0c:25:ec:14:63:14:af:54:be:4a:bc:0f:
                    6c:73:4a:f9:a4:82:9d:e8:d5:48:21:bb:69:ca:2e:
                    15:3e:65:49:f1:99:09:4c:f6:9d:d2:6f:f5:99:0f:
                    c0:97:1f:28:93:b9:81:0e:40:ce:d1:c1:44:45:00:
                    32:09:1c:69:98:4a:3a:6c:8a:d7:b0:d3:48:cd:f1:
                    f1:37:37:f3:10:65:a4:f9:ec:07:14:ec:e5:21:75:
                    64:99:c2:c3:36:54:db:e6:e5:99:1e:06:22:e1:67:
                    c0:a7:2e:b9:06:79:ff:5f:e3:61:69:8c:08:56:3a:
                    4b:d1:77:b1:95:9f:b1:40:8a:de:92:59:fc:64:63:
                    09:88:4e:12:8d:67:50:1f:3d:88:6e:7d:da:75:1b:
                    b6:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:80:71:E2:02:C1:78:89:08:68:0A:DA:ED:3A:57:68:7A:35:7C:55
            X509v3 Authority Key Identifier:
                keyid:BD:E7:50:79:61:86:91:BA:E1:F4:7B:CB:ED:52:31:44:96:96:38:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vedQeWGGkbrh9HvL7VIxRJaWOJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/8f2093-0318-476c-9e9c-53fc4905629b/1/54Bx4gLBeIkIaAra7TpXaHo1fFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/8f2093-0318-476c-9e9c-53fc4905629b/1/vedQeWGGkbrh9HvL7VIxRJaWOJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:6d8::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:bb:ec:56:5a:d0:3f:55:48:33:d4:d1:13:33:3a:b0:b6:1b:
         db:ea:57:d0:9b:19:8a:f6:44:5c:45:98:1b:d6:d8:bd:7d:af:
         b6:fc:e5:04:91:00:be:5e:e8:99:ce:9c:0f:c8:cb:90:2f:0a:
         b0:61:97:27:f5:7e:89:86:d3:c4:d2:ec:9a:d9:ff:59:cc:ee:
         85:bb:be:d2:a6:e4:04:6b:e9:f1:68:e6:46:b0:e6:9b:6a:63:
         be:32:dd:fd:fb:6c:87:a7:c1:8e:c9:b7:67:02:a3:be:63:78:
         bc:34:da:bd:e5:19:15:81:cc:61:0e:07:27:2b:99:91:91:16:
         dc:1c:25:ea:a1:ef:4c:3b:14:c0:14:21:7e:75:56:68:53:51:
         1a:44:0e:2b:c4:33:48:e8:67:ba:2b:c2:e5:28:fd:bf:7e:05:
         65:be:d4:db:6b:3c:00:aa:e4:d9:de:99:b7:f6:6f:0c:3d:31:
         4e:54:32:91:33:a7:55:1c:7b:50:cb:a2:ad:93:65:8f:fa:bf:
         88:c9:68:89:6c:2a:fd:94:2e:fe:2c:06:0f:9f:15:62:ed:1e:
         16:57:41:b1:67:92:05:3c:1f:0e:1e:48:74:6d:7c:35:1e:19:
         44:d3:88:84:3b:50:78:04:be:1f:89:fd:3c:c2:ca:a2:fd:01:
         26:06:c1:85
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJsRvHgI/V7WwjOAKKKI5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZTc1MDc5NjE4NjkxYmFlMWY0N2JjYmVkNTIzMTQ0OTY5
NjM4OTEwHhcNMjQwMTAxMjIzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzgwNzFlMjAyYzE3ODg5MDg2ODBhZGFlZDNhNTc2ODdhMzU3YzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuM+YC0crEUK3WsGZEG9PLp/cnW6I
TVYqdMZ8kFcRFPXBzdlrNDzAnX0yKIkn6NdQAY0W/a7080Poybhp65i39+bnn+Uh
ctSYaEGKG3vyARZMDHs8zQ4TwMuAZv4sW2+Re5iHZQChNggqCB0MJewUYxSvVL5K
vA9sc0r5pIKd6NVIIbtpyi4VPmVJ8ZkJTPad0m/1mQ/Alx8ok7mBDkDO0cFERQAy
CRxpmEo6bIrXsNNIzfHxNzfzEGWk+ewHFOzlIXVkmcLDNlTb5uWZHgYi4WfApy65
Bnn/X+NhaYwIVjpL0XexlZ+xQIrekln8ZGMJiE4SjWdQHz2Ibn3adRu2UwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOeAceICwXiJCGgK2u06V2h6NXxVMB8GA1UdIwQY
MBaAFL3nUHlhhpG64fR7y+1SMUSWljiRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmVkUWVXR0drYnJoOUh2TDdWSXhSSmFXT0pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi84ZjIwOTMtMDMxOC00NzZjLTllOWMt
NTNmYzQ5MDU2MjliLzEvNTRCeDRnTEJlSWtJYUFyYTdUcFhhSG8xZkZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi84ZjIwOTMtMDMxOC00NzZjLTllOWMtNTNmYzQ5MDU2Mjli
LzEvdmVkUWVXR0drYnJoOUh2TDdWSXhSSmFXT0pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAbY
MA0GCSqGSIb3DQEBCwUAA4IBAQBBu+xWWtA/VUgz1NETMzqwthvb6lfQmxmK9kRc
RZgb1ti9fa+2/OUEkQC+XuiZzpwPyMuQLwqwYZcn9X6JhtPE0uya2f9ZzO6Fu77S
puQEa+nxaOZGsOabamO+Mt39+2yHp8GOybdnAqO+Y3i8NNq95RkVgcxhDgcnK5mR
kRbcHCXqoe9MOxTAFCF+dVZoU1EaRA4rxDNI6Ge6K8LlKP2/fgVlvtTbazwAquTZ
3pm39m8MPTFOVDKRM6dVHHtQy6Ktk2WP+r+IyWiJbCr9lC7+LAYPnxVi7R4WV0Gx
Z5IFPB8OHkh0bXw1HhlE04iEO1B4BL4fif08wsqi/QEmBsGF
-----END CERTIFICATE-----