Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/9c3d28-05d6-47b0-91ef-e5064db21b20/1/l9OJUjyRFj7FF9b7Vpagm8G6ekc.roa
File:                     l9OJUjyRFj7FF9b7Vpagm8G6ekc.roa (raw, json)
Hash identifier:          VTviF7/0qzxvU5tFnN2NW92ha52FASHmwaSQCKE0T3M=
Subject key identifier:   97:D3:89:52:3C:91:16:3E:C5:17:D6:FB:56:96:A0:9B:C1:BA:7A:47
Certificate issuer:       /CN=1d90344dcaffbd33e68d84895d87d8abf53c74a3
Certificate serial:       018CC64B3175E158AD0A9FBE08CE43B74A4B
Authority key identifier: 1D:90:34:4D:CA:FF:BD:33:E6:8D:84:89:5D:87:D8:AB:F5:3C:74:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HZA0Tcr_vTPmjYSJXYfYq_U8dKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/9c3d28-05d6-47b0-91ef-e5064db21b20/1/l9OJUjyRFj7FF9b7Vpagm8G6ekc.roa
Signing time:             Mon 01 Jan 2024 18:31:05 +0000
ROA not before:           Mon 01 Jan 2024 18:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58299
IP address blocks:        2001:678:ca0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/9c3d28-05d6-47b0-91ef-e5064db21b20/1/HZA0Tcr_vTPmjYSJXYfYq_U8dKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/9c3d28-05d6-47b0-91ef-e5064db21b20/1/HZA0Tcr_vTPmjYSJXYfYq_U8dKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HZA0Tcr_vTPmjYSJXYfYq_U8dKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:31:75:e1:58:ad:0a:9f:be:08:ce:43:b7:4a:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d90344dcaffbd33e68d84895d87d8abf53c74a3
        Validity
            Not Before: Jan  1 18:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97d389523c91163ec517d6fb5696a09bc1ba7a47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:b8:85:ab:43:39:26:41:ea:70:f1:88:1b:d0:
                    54:00:c6:38:37:96:7f:29:76:bb:48:a5:15:21:61:
                    c7:7e:36:ec:41:3d:b1:03:21:81:89:59:3e:4a:da:
                    53:d7:a7:b1:ab:42:68:ad:4c:e3:18:0a:fd:6f:b7:
                    ed:5b:87:47:89:fa:50:d3:a6:44:fe:0b:64:8a:4f:
                    5c:66:41:df:48:30:a8:a1:81:4b:ed:09:d2:1d:87:
                    42:9a:9e:51:14:96:f6:b7:38:66:0f:9d:02:6a:13:
                    a0:77:de:23:7a:ac:0c:38:cc:4e:fb:71:81:c4:16:
                    6b:5f:81:de:c9:2a:67:a4:74:4d:47:c4:5b:3a:17:
                    14:4a:6d:0d:e8:03:e6:14:01:d6:72:01:95:10:35:
                    3a:48:80:d4:5f:71:ac:ce:52:d7:d3:b1:8e:93:64:
                    12:44:7b:ad:c5:15:03:3c:0d:a0:03:28:2d:59:73:
                    5c:4e:fa:32:17:43:de:09:87:0e:b9:62:2a:4c:39:
                    08:53:f4:91:a3:8e:ce:00:a8:f9:ba:5a:5e:be:ff:
                    6c:e3:35:a5:84:89:fd:52:f5:f6:73:50:9e:de:0d:
                    bf:bb:87:5f:35:7a:5a:d5:67:aa:76:de:e7:0c:c6:
                    ef:e2:b0:bd:2e:80:36:d1:fe:45:2c:64:11:b6:34:
                    df:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:D3:89:52:3C:91:16:3E:C5:17:D6:FB:56:96:A0:9B:C1:BA:7A:47
            X509v3 Authority Key Identifier:
                keyid:1D:90:34:4D:CA:FF:BD:33:E6:8D:84:89:5D:87:D8:AB:F5:3C:74:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HZA0Tcr_vTPmjYSJXYfYq_U8dKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/9c3d28-05d6-47b0-91ef-e5064db21b20/1/l9OJUjyRFj7FF9b7Vpagm8G6ekc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/9c3d28-05d6-47b0-91ef-e5064db21b20/1/HZA0Tcr_vTPmjYSJXYfYq_U8dKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:ca0::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:11:fb:5d:da:5d:16:4e:a3:65:a7:11:5b:ab:73:37:05:4c:
         2a:3c:19:de:19:c9:59:cb:a1:ea:f8:7f:46:d9:47:36:2c:08:
         8a:be:9d:28:fd:e4:fe:c4:ab:cc:36:cd:53:2d:86:b7:b5:7b:
         b4:a9:1f:8a:a5:3b:10:3e:91:87:11:95:35:bc:25:8c:26:65:
         a9:1a:fd:b3:b2:8e:2e:b3:a9:50:e3:5a:4f:97:bb:01:46:53:
         4e:5a:d2:bd:7e:b8:4e:cb:e3:ab:c9:6f:ed:23:5b:7f:7b:3b:
         45:0b:4d:84:ee:22:ee:4c:0c:16:3b:75:f7:f1:e6:c3:ca:8d:
         62:3b:b3:78:f4:62:6f:3b:28:c1:f2:1d:82:0a:b5:66:95:9a:
         0d:45:d7:37:f1:7d:2e:9e:00:7a:eb:fc:19:c7:c9:fb:bf:40:
         c5:5f:3b:c3:4c:2d:54:b6:31:4e:d9:ba:b8:3e:b2:eb:56:f3:
         36:82:b3:17:a3:be:52:38:9c:0d:58:64:b5:01:13:c1:85:b4:
         84:3a:fb:cd:75:d4:20:66:6b:db:02:a1:b0:cf:24:a9:ab:8c:
         4f:ff:17:0d:78:b6:4a:fc:31:2e:f8:39:90:b3:04:e3:13:80:
         94:75:f8:e8:22:c5:16:53:fa:48:19:33:dc:4a:da:6e:b7:60:
         cb:42:61:de
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSzF14VitCp++CM5Dt0pLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkOTAzNDRkY2FmZmJkMzNlNjhkODQ4OTVkODdkOGFiZjUz
Yzc0YTMwHhcNMjQwMTAxMTgzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2QzODk1MjNjOTExNjNlYzUxN2Q2ZmI1Njk2YTA5YmMxYmE3YTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkbiFq0M5JkHqcPGIG9BUAMY4N5Z/
KXa7SKUVIWHHfjbsQT2xAyGBiVk+StpT16exq0JorUzjGAr9b7ftW4dHifpQ06ZE
/gtkik9cZkHfSDCooYFL7QnSHYdCmp5RFJb2tzhmD50CahOgd94jeqwMOMxO+3GB
xBZrX4HeySpnpHRNR8RbOhcUSm0N6APmFAHWcgGVEDU6SIDUX3GszlLX07GOk2QS
RHutxRUDPA2gAygtWXNcTvoyF0PeCYcOuWIqTDkIU/SRo47OAKj5ulpevv9s4zWl
hIn9UvX2c1Ce3g2/u4dfNXpa1Weqdt7nDMbv4rC9LoA20f5FLGQRtjTfsQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJfTiVI8kRY+xRfW+1aWoJvBunpHMB8GA1UdIwQY
MBaAFB2QNE3K/70z5o2EiV2H2Kv1PHSjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFpBMFRjcl92VFBtallTSlhZZllxX1U4ZEtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi85YzNkMjgtMDVkNi00N2IwLTkxZWYt
ZTUwNjRkYjIxYjIwLzEvbDlPSlVqeVJGajdGRjliN1ZwYWdtOEc2ZWtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi85YzNkMjgtMDVkNi00N2IwLTkxZWYtZTUwNjRkYjIxYjIw
LzEvSFpBMFRjcl92VFBtallTSlhZZllxX1U4ZEtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAyg
MA0GCSqGSIb3DQEBCwUAA4IBAQAoEftd2l0WTqNlpxFbq3M3BUwqPBneGclZy6Hq
+H9G2Uc2LAiKvp0o/eT+xKvMNs1TLYa3tXu0qR+KpTsQPpGHEZU1vCWMJmWpGv2z
so4us6lQ41pPl7sBRlNOWtK9frhOy+OryW/tI1t/eztFC02E7iLuTAwWO3X38ebD
yo1iO7N49GJvOyjB8h2CCrVmlZoNRdc38X0ungB66/wZx8n7v0DFXzvDTC1UtjFO
2bq4PrLrVvM2grMXo75SOJwNWGS1ARPBhbSEOvvNddQgZmvbAqGwzySpq4xP/xcN
eLZK/DEu+DmQswTjE4CUdfjoIsUWU/pIGTPcStput2DLQmHe
-----END CERTIFICATE-----