Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/2c8b70-66bc-4163-8f80-20f7d44ed126/1/KnTRChWS7J5DPO-AAr2TRkZKSsI.roa
File:                     KnTRChWS7J5DPO-AAr2TRkZKSsI.roa (raw, json)
Hash identifier:          TbENO/xxXnuwYwY3JHARrBDfSA5WXqG+MLEvHggjjYs=
Subject key identifier:   2A:74:D1:0A:15:92:EC:9E:43:3C:EF:80:02:BD:93:46:46:4A:4A:C2
Certificate issuer:       /CN=a63dcb90a14742a52be5ca09cbed8dfc1cd3d1ef
Certificate serial:       018CC26CEE6FB84912C05FD59D3140F72E6B
Authority key identifier: A6:3D:CB:90:A1:47:42:A5:2B:E5:CA:09:CB:ED:8D:FC:1C:D3:D1:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pj3LkKFHQqUr5coJy-2N_BzT0e8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/2c8b70-66bc-4163-8f80-20f7d44ed126/1/KnTRChWS7J5DPO-AAr2TRkZKSsI.roa
Signing time:             Mon 01 Jan 2024 00:29:27 +0000
ROA not before:           Mon 01 Jan 2024 00:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204307
IP address blocks:        2001:678:638::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/2c8b70-66bc-4163-8f80-20f7d44ed126/1/pj3LkKFHQqUr5coJy-2N_BzT0e8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/2c8b70-66bc-4163-8f80-20f7d44ed126/1/pj3LkKFHQqUr5coJy-2N_BzT0e8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pj3LkKFHQqUr5coJy-2N_BzT0e8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:ee:6f:b8:49:12:c0:5f:d5:9d:31:40:f7:2e:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a63dcb90a14742a52be5ca09cbed8dfc1cd3d1ef
        Validity
            Not Before: Jan  1 00:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a74d10a1592ec9e433cef8002bd9346464a4ac2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a0:0c:5b:c7:20:14:64:9e:40:3a:30:75:af:
                    9e:25:a5:7a:b3:d9:0d:64:9a:7a:ff:28:26:b1:c5:
                    c8:4f:b5:bd:f9:24:f5:17:40:31:17:09:d9:d7:a7:
                    5f:37:56:b1:c4:f0:ca:b2:69:3e:dc:c4:ec:eb:a1:
                    87:95:fc:35:c7:7a:1b:62:6d:bf:5f:c0:37:43:29:
                    a7:21:1d:7e:95:c2:56:ab:15:aa:0f:53:8e:38:06:
                    7f:bb:e7:7b:d5:4b:9d:57:8d:62:ee:08:b2:5e:1c:
                    77:90:c4:31:d9:84:4a:88:da:c4:42:2d:16:80:0d:
                    a2:83:9a:af:78:ca:c7:65:f3:6c:f8:5f:13:1d:82:
                    08:87:53:3b:f8:1b:e0:62:21:52:c3:84:3a:75:32:
                    71:68:4b:8c:be:30:0f:67:4d:65:0f:02:de:b5:50:
                    62:4c:2a:0b:b2:71:0e:38:11:9b:92:d8:4b:5a:e3:
                    2b:da:78:3d:02:da:7e:9f:20:3b:87:3a:e0:ed:96:
                    98:2d:b7:74:43:77:92:25:61:d0:da:37:4a:0a:34:
                    63:a0:5f:46:0a:d8:ac:08:6f:35:89:b9:c0:74:00:
                    cf:62:3c:90:cf:36:ed:80:ab:2e:3a:78:13:42:36:
                    24:8f:f4:5e:bb:5d:79:6a:a7:f2:ff:f0:fb:e8:a2:
                    49:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:74:D1:0A:15:92:EC:9E:43:3C:EF:80:02:BD:93:46:46:4A:4A:C2
            X509v3 Authority Key Identifier:
                keyid:A6:3D:CB:90:A1:47:42:A5:2B:E5:CA:09:CB:ED:8D:FC:1C:D3:D1:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pj3LkKFHQqUr5coJy-2N_BzT0e8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/2c8b70-66bc-4163-8f80-20f7d44ed126/1/KnTRChWS7J5DPO-AAr2TRkZKSsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/2c8b70-66bc-4163-8f80-20f7d44ed126/1/pj3LkKFHQqUr5coJy-2N_BzT0e8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:638::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:7e:2e:30:ef:4b:dd:74:cb:5b:3f:a8:ec:be:fc:c3:7b:18:
         97:fc:7a:dd:33:bc:1e:bd:e5:a0:2c:f0:a8:63:af:61:ac:72:
         9c:49:34:e0:3e:9a:47:62:eb:96:69:4e:08:84:24:2d:3c:ad:
         10:1f:04:96:c2:5d:b4:eb:2b:05:15:07:00:3f:88:b5:f6:1f:
         79:6f:7c:4c:57:10:f1:a5:d5:f4:b3:2d:6c:0b:d7:a3:7b:2c:
         0d:bf:ef:36:da:2d:bb:a6:7c:45:05:03:47:17:73:e7:fb:93:
         26:27:61:bc:03:0f:9b:ed:23:bd:46:f6:8a:49:44:07:9f:22:
         c8:ad:e8:05:3f:77:64:97:e6:71:c2:6e:d3:53:f9:4d:7b:31:
         1b:c1:30:58:ed:2d:fb:bc:16:a4:74:c9:e3:92:bf:6b:86:4a:
         6f:6f:de:e6:e6:91:59:7b:63:10:38:74:e3:0e:f1:31:6f:e6:
         1e:34:f6:41:af:fa:d8:53:44:76:d3:5f:bf:7d:05:bc:c9:a6:
         20:72:75:dd:9a:02:ad:6e:5a:a5:8a:a4:07:68:5c:da:2a:11:
         81:ab:8d:2b:ed:5d:92:88:2b:bc:8e:41:97:f6:17:73:68:3d:
         6a:d2:4a:c9:42:4c:9b:53:eb:1c:3e:b4:d1:fe:bb:09:4a:c0:
         ef:42:75:41
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbO5vuEkSwF/VnTFA9y5rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2M2RjYjkwYTE0NzQyYTUyYmU1Y2EwOWNiZWQ4ZGZjMWNk
M2QxZWYwHhcNMjQwMTAxMDAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTc0ZDEwYTE1OTJlYzllNDMzY2VmODAwMmJkOTM0NjQ2NGE0YWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqAMW8cgFGSeQDowda+eJaV6s9kN
ZJp6/ygmscXIT7W9+ST1F0AxFwnZ16dfN1axxPDKsmk+3MTs66GHlfw1x3obYm2/
X8A3QymnIR1+lcJWqxWqD1OOOAZ/u+d71UudV41i7giyXhx3kMQx2YRKiNrEQi0W
gA2ig5qveMrHZfNs+F8THYIIh1M7+BvgYiFSw4Q6dTJxaEuMvjAPZ01lDwLetVBi
TCoLsnEOOBGbkthLWuMr2ng9Atp+nyA7hzrg7ZaYLbd0Q3eSJWHQ2jdKCjRjoF9G
CtisCG81ibnAdADPYjyQzzbtgKsuOngTQjYkj/Reu115aqfy//D76KJJ4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCp00QoVkuyeQzzvgAK9k0ZGSkrCMB8GA1UdIwQY
MBaAFKY9y5ChR0KlK+XKCcvtjfwc09HvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGozTGtLRkhRcVVyNWNvSnktMk5fQnpUMGU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy8yYzhiNzAtNjZiYy00MTYzLThmODAt
MjBmN2Q0NGVkMTI2LzEvS25UUkNoV1M3SjVEUE8tQUFyMlRSa1pLU3NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy8yYzhiNzAtNjZiYy00MTYzLThmODAtMjBmN2Q0NGVkMTI2
LzEvcGozTGtLRkhRcVVyNWNvSnktMk5fQnpUMGU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAY4
MA0GCSqGSIb3DQEBCwUAA4IBAQCyfi4w70vddMtbP6jsvvzDexiX/HrdM7weveWg
LPCoY69hrHKcSTTgPppHYuuWaU4IhCQtPK0QHwSWwl206ysFFQcAP4i19h95b3xM
VxDxpdX0sy1sC9ejeywNv+822i27pnxFBQNHF3Pn+5MmJ2G8Aw+b7SO9RvaKSUQH
nyLIregFP3dkl+Zxwm7TU/lNezEbwTBY7S37vBakdMnjkr9rhkpvb97m5pFZe2MQ
OHTjDvExb+YeNPZBr/rYU0R201+/fQW8yaYgcnXdmgKtblqliqQHaFzaKhGBq40r
7V2SiCu8jkGX9hdzaD1q0krJQkybU+scPrTR/rsJSsDvQnVB
-----END CERTIFICATE-----