Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/b9a050-7726-4eb5-b403-7bf724056153/1/clKfbXO6Z1oyJLfehmQvP8eihCw.roa
File:                     clKfbXO6Z1oyJLfehmQvP8eihCw.roa (raw, json)
Hash identifier:          01QY0u8C86ao9SrIJFNmc2UsK2rgg16MSX8FU0CGy5E=
Subject key identifier:   72:52:9F:6D:73:BA:67:5A:32:24:B7:DE:86:64:2F:3F:C7:A2:84:2C
Certificate issuer:       /CN=4f22834c479747b0a8bd0a6129f9fe65f83026d0
Certificate serial:       0190BD075B238F53D824294EA84F4B4656E4
Authority key identifier: 4F:22:83:4C:47:97:47:B0:A8:BD:0A:61:29:F9:FE:65:F8:30:26:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TyKDTEeXR7CovQphKfn-ZfgwJtA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/b9a050-7726-4eb5-b403-7bf724056153/1/clKfbXO6Z1oyJLfehmQvP8eihCw.roa
Signing time:             Tue 16 Jul 2024 19:31:34 +0000
ROA not before:           Tue 16 Jul 2024 19:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214592
IP address blocks:        2001:678:60c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/b9a050-7726-4eb5-b403-7bf724056153/1/TyKDTEeXR7CovQphKfn-ZfgwJtA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/b9a050-7726-4eb5-b403-7bf724056153/1/TyKDTEeXR7CovQphKfn-ZfgwJtA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TyKDTEeXR7CovQphKfn-ZfgwJtA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bd:07:5b:23:8f:53:d8:24:29:4e:a8:4f:4b:46:56:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f22834c479747b0a8bd0a6129f9fe65f83026d0
        Validity
            Not Before: Jul 16 19:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72529f6d73ba675a3224b7de86642f3fc7a2842c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:03:27:22:93:48:e9:aa:ba:1e:60:08:72:87:
                    57:2a:52:2c:ff:13:a0:cd:dc:09:cd:db:f5:28:6f:
                    99:62:2c:d6:e9:b1:00:f1:42:df:ac:f9:ed:f7:92:
                    95:01:a4:46:4a:53:9f:62:69:e9:9d:fb:f8:bf:d7:
                    e5:03:17:29:8d:b9:0d:13:61:f8:5d:75:3c:ff:50:
                    6e:c9:61:ca:cc:f1:ef:c7:46:7e:13:2b:23:3d:4e:
                    1a:f6:3a:1c:90:b0:f9:1f:80:77:6b:ea:c4:4a:86:
                    16:1d:e6:ac:59:d3:a4:9a:73:9d:52:19:c5:aa:50:
                    31:1f:cb:38:58:84:51:f6:63:bb:6e:31:09:52:8b:
                    76:3b:9d:87:c8:d7:c0:02:ba:cc:69:58:27:a6:fe:
                    b4:bc:09:b9:bb:2d:92:5f:7c:dd:09:bb:bf:1d:eb:
                    b0:17:e8:47:ea:c9:16:12:3e:db:56:b7:44:ba:5a:
                    77:6f:bd:7a:1c:23:8a:f5:6a:27:60:4b:6b:04:45:
                    00:9d:f3:68:8e:85:20:d3:7a:23:c7:31:13:39:b4:
                    bb:6d:91:ad:4e:f4:1d:cd:bb:c5:fc:31:73:d2:25:
                    4e:f1:5c:35:6a:c5:41:e0:55:7b:16:19:9b:fb:3a:
                    1a:87:af:d2:58:e9:b9:33:06:71:65:1a:75:fe:7b:
                    9c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:52:9F:6D:73:BA:67:5A:32:24:B7:DE:86:64:2F:3F:C7:A2:84:2C
            X509v3 Authority Key Identifier:
                keyid:4F:22:83:4C:47:97:47:B0:A8:BD:0A:61:29:F9:FE:65:F8:30:26:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TyKDTEeXR7CovQphKfn-ZfgwJtA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/b9a050-7726-4eb5-b403-7bf724056153/1/clKfbXO6Z1oyJLfehmQvP8eihCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/b9a050-7726-4eb5-b403-7bf724056153/1/TyKDTEeXR7CovQphKfn-ZfgwJtA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:60c::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:54:d9:ae:6e:97:41:1d:99:23:e8:23:bb:cd:45:ab:e0:11:
         09:9c:c4:68:1a:70:86:ea:1a:04:83:b0:02:fd:02:28:a5:86:
         4e:18:ce:1f:af:d8:54:e5:0b:5e:46:87:78:7c:77:9f:35:51:
         e2:26:24:18:a7:4f:5a:b7:0e:de:76:25:18:83:66:11:05:0f:
         5d:ac:07:23:6c:09:f2:05:13:16:ad:d1:39:af:84:4c:9e:d7:
         7a:2d:82:e1:74:f6:56:87:5b:82:48:c7:4e:d5:77:01:ef:18:
         54:6d:3d:d7:db:23:e3:f6:23:ce:c2:07:4b:fe:62:95:02:1a:
         55:a8:44:f1:75:ab:05:89:53:57:10:c2:f8:12:66:ee:60:d1:
         ed:b1:5b:c1:10:da:3c:a7:d5:8e:2f:f9:83:80:c3:c3:ce:69:
         e8:f8:0d:59:52:9b:7f:a5:83:63:02:58:fd:12:f3:0a:44:38:
         c9:9c:e2:17:91:ca:04:4a:90:84:ec:4b:7e:e9:51:cf:61:6b:
         db:3f:b5:5c:e9:04:ef:45:91:25:ee:bc:27:c4:45:a0:ef:1f:
         bf:9a:34:c2:ba:d6:2c:cc:d4:20:b3:f7:ef:ee:30:a1:05:28:
         12:fb:f1:5f:3c:f4:3c:2f:ae:a2:d6:74:e4:72:3a:1e:eb:4d:
         60:7a:99:e0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZC9B1sjj1PYJClOqE9LRlbkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMjI4MzRjNDc5NzQ3YjBhOGJkMGE2MTI5ZjlmZTY1Zjgz
MDI2ZDAwHhcNMjQwNzE2MTkzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjUyOWY2ZDczYmE2NzVhMzIyNGI3ZGU4NjY0MmYzZmM3YTI4NDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAMnIpNI6aq6HmAIcodXKlIs/xOg
zdwJzdv1KG+ZYizW6bEA8ULfrPnt95KVAaRGSlOfYmnpnfv4v9flAxcpjbkNE2H4
XXU8/1BuyWHKzPHvx0Z+EysjPU4a9jockLD5H4B3a+rESoYWHeasWdOkmnOdUhnF
qlAxH8s4WIRR9mO7bjEJUot2O52HyNfAArrMaVgnpv60vAm5uy2SX3zdCbu/Heuw
F+hH6skWEj7bVrdEulp3b716HCOK9WonYEtrBEUAnfNojoUg03ojxzETObS7bZGt
TvQdzbvF/DFz0iVO8Vw1asVB4FV7Fhmb+zoah6/SWOm5MwZxZRp1/nucGwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHJSn21zumdaMiS33oZkLz/HooQsMB8GA1UdIwQY
MBaAFE8ig0xHl0ewqL0KYSn5/mX4MCbQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHlLRFRFZVhSN0NvdlFwaEtmbi1aZmd3SnRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9iOWEwNTAtNzcyNi00ZWI1LWI0MDMt
N2JmNzI0MDU2MTUzLzEvY2xLZmJYTzZaMW95SkxmZWhtUXZQOGVpaEN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9iOWEwNTAtNzcyNi00ZWI1LWI0MDMtN2JmNzI0MDU2MTUz
LzEvVHlLRFRFZVhSN0NvdlFwaEtmbi1aZmd3SnRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAYM
MA0GCSqGSIb3DQEBCwUAA4IBAQCVVNmubpdBHZkj6CO7zUWr4BEJnMRoGnCG6hoE
g7AC/QIopYZOGM4fr9hU5QteRod4fHefNVHiJiQYp09atw7ediUYg2YRBQ9drAcj
bAnyBRMWrdE5r4RMntd6LYLhdPZWh1uCSMdO1XcB7xhUbT3X2yPj9iPOwgdL/mKV
AhpVqETxdasFiVNXEML4EmbuYNHtsVvBENo8p9WOL/mDgMPDzmno+A1ZUpt/pYNj
Alj9EvMKRDjJnOIXkcoESpCE7Et+6VHPYWvbP7Vc6QTvRZEl7rwnxEWg7x+/mjTC
utYszNQgs/fv7jChBSgS+/FfPPQ8L66i1nTkcjoe601gepng
-----END CERTIFICATE-----