Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/5c9bd9-09ad-4fac-bbbc-3f15f8836dbb/1/iBekzwBerB8Kha4gnuUWqpyYRac.roa
File:                     iBekzwBerB8Kha4gnuUWqpyYRac.roa (raw, json)
Hash identifier:          VBLTyNeMCZdYkxBDpwinANf9uwQNP3y86x4TyImoPPc=
Subject key identifier:   88:17:A4:CF:00:5E:AC:1F:0A:85:AE:20:9E:E5:16:AA:9C:98:45:A7
Certificate issuer:       /CN=8d337c0c856946b8fbdaf285f52caddcf38ad0a8
Certificate serial:       018CC9BCC3E320927B7E7899EA68F2E719C8
Authority key identifier: 8D:33:7C:0C:85:69:46:B8:FB:DA:F2:85:F5:2C:AD:DC:F3:8A:D0:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jTN8DIVpRrj72vKF9Syt3POK0Kg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/5c9bd9-09ad-4fac-bbbc-3f15f8836dbb/1/iBekzwBerB8Kha4gnuUWqpyYRac.roa
Signing time:             Tue 02 Jan 2024 10:34:00 +0000
ROA not before:           Tue 02 Jan 2024 10:34:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213092
IP address blocks:        2001:678:d90::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/5c9bd9-09ad-4fac-bbbc-3f15f8836dbb/1/jTN8DIVpRrj72vKF9Syt3POK0Kg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/5c9bd9-09ad-4fac-bbbc-3f15f8836dbb/1/jTN8DIVpRrj72vKF9Syt3POK0Kg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jTN8DIVpRrj72vKF9Syt3POK0Kg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c3:e3:20:92:7b:7e:78:99:ea:68:f2:e7:19:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d337c0c856946b8fbdaf285f52caddcf38ad0a8
        Validity
            Not Before: Jan  2 10:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8817a4cf005eac1f0a85ae209ee516aa9c9845a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:1d:04:10:62:ae:4d:ea:22:2c:67:7c:30:c1:
                    5c:88:15:0b:3e:bf:8d:94:59:db:4d:d5:98:8b:29:
                    6b:79:d9:ec:35:47:36:43:4e:3b:ce:ca:29:ff:0b:
                    16:d4:57:e2:b8:05:57:d4:fc:1d:2e:e4:e2:37:9a:
                    4c:bd:08:ad:df:9e:51:27:e7:4a:87:57:45:85:e5:
                    f3:d6:e0:35:d4:9d:a5:dc:dc:3c:ba:5a:77:7a:ce:
                    00:5f:ef:87:3a:09:5f:3a:74:cd:2a:44:44:c3:e3:
                    63:86:3f:3c:b5:c3:76:31:51:bc:58:47:bd:95:19:
                    22:75:58:e3:8d:9a:00:24:7a:6f:bc:91:03:48:85:
                    c4:ef:0c:56:d7:76:5b:c2:be:ea:2d:40:44:5e:34:
                    97:5d:a7:b0:4d:0f:13:75:58:11:a5:29:1a:ce:b8:
                    37:ed:dd:9d:9d:1e:38:91:01:0e:69:7d:54:16:07:
                    36:db:3a:37:14:81:93:ef:88:04:1f:7e:b3:4f:be:
                    b0:f2:02:ea:cb:b1:e2:0a:46:47:c5:aa:5f:19:b9:
                    0c:e8:5e:b4:41:02:0c:b3:18:bd:cd:c2:91:93:5b:
                    2a:a6:fe:4a:11:db:68:4c:f3:34:45:98:3e:9b:90:
                    ea:d1:12:16:f1:e1:81:a7:35:ae:bd:ce:12:de:44:
                    22:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:17:A4:CF:00:5E:AC:1F:0A:85:AE:20:9E:E5:16:AA:9C:98:45:A7
            X509v3 Authority Key Identifier:
                keyid:8D:33:7C:0C:85:69:46:B8:FB:DA:F2:85:F5:2C:AD:DC:F3:8A:D0:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jTN8DIVpRrj72vKF9Syt3POK0Kg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/5c9bd9-09ad-4fac-bbbc-3f15f8836dbb/1/iBekzwBerB8Kha4gnuUWqpyYRac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/5c9bd9-09ad-4fac-bbbc-3f15f8836dbb/1/jTN8DIVpRrj72vKF9Syt3POK0Kg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d90::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:59:da:ef:85:be:98:15:07:83:0f:35:41:45:d8:25:49:95:
         a3:94:fb:e9:dc:2e:82:7c:a1:88:7c:bb:73:a5:9a:cd:72:73:
         28:fa:a7:af:d2:c3:f4:85:c8:b0:83:e8:4f:39:52:28:96:21:
         78:2b:a6:d2:70:76:e3:f7:fc:38:b7:71:f8:ad:16:47:39:c8:
         c2:c2:8e:ab:a6:b9:08:bc:de:80:50:82:c1:94:6c:12:ba:71:
         24:9f:ad:f9:a0:a6:f6:17:bf:b5:30:32:5b:71:ee:43:d1:62:
         70:73:22:c8:9d:a5:4a:4c:54:cb:59:a8:d8:9e:71:82:d9:43:
         83:65:7f:4f:09:ea:d5:ca:99:53:26:a5:57:8a:ec:9e:5e:26:
         0e:e6:ea:e0:6c:15:23:29:be:2a:fe:7e:dd:72:ee:24:ac:bb:
         d7:cc:2d:5c:46:aa:29:79:5f:30:47:3b:2f:85:89:7c:ea:35:
         93:cc:1d:11:e1:5a:f8:4f:ab:e8:10:cf:06:bc:e5:6a:7b:06:
         5a:8b:6c:67:e4:e1:4f:fa:77:cb:7a:31:29:f8:ee:1c:09:d0:
         2d:b9:3f:7c:49:10:94:e4:5b:69:47:17:7a:79:3e:f1:1f:e6:
         4b:6b:26:3e:2c:3b:b7:d9:93:21:48:61:2c:13:ff:dc:3d:3a:
         87:f7:5e:ad
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvMPjIJJ7fniZ6mjy5xnIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMzM3YzBjODU2OTQ2YjhmYmRhZjI4NWY1MmNhZGRjZjM4
YWQwYTgwHhcNMjQwMTAyMTAzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODE3YTRjZjAwNWVhYzFmMGE4NWFlMjA5ZWU1MTZhYTljOTg0NWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjx0EEGKuTeoiLGd8MMFciBULPr+N
lFnbTdWYiylrednsNUc2Q047zsop/wsW1FfiuAVX1PwdLuTiN5pMvQit355RJ+dK
h1dFheXz1uA11J2l3Nw8ulp3es4AX++HOglfOnTNKkREw+Njhj88tcN2MVG8WEe9
lRkidVjjjZoAJHpvvJEDSIXE7wxW13Zbwr7qLUBEXjSXXaewTQ8TdVgRpSkazrg3
7d2dnR44kQEOaX1UFgc22zo3FIGT74gEH36zT76w8gLqy7HiCkZHxapfGbkM6F60
QQIMsxi9zcKRk1sqpv5KEdtoTPM0RZg+m5Dq0RIW8eGBpzWuvc4S3kQiVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIgXpM8AXqwfCoWuIJ7lFqqcmEWnMB8GA1UdIwQY
MBaAFI0zfAyFaUa4+9ryhfUsrdzzitCoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalROOERJVnBScmo3MnZLRjlTeXQzUE9LMEtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni81YzliZDktMDlhZC00ZmFjLWJiYmMt
M2YxNWY4ODM2ZGJiLzEvaUJla3p3QmVyQjhLaGE0Z251VVdxcHlZUmFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni81YzliZDktMDlhZC00ZmFjLWJiYmMtM2YxNWY4ODM2ZGJi
LzEvalROOERJVnBScmo3MnZLRjlTeXQzUE9LMEtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA2Q
MA0GCSqGSIb3DQEBCwUAA4IBAQAUWdrvhb6YFQeDDzVBRdglSZWjlPvp3C6CfKGI
fLtzpZrNcnMo+qev0sP0hciwg+hPOVIoliF4K6bScHbj9/w4t3H4rRZHOcjCwo6r
prkIvN6AUILBlGwSunEkn635oKb2F7+1MDJbce5D0WJwcyLInaVKTFTLWajYnnGC
2UODZX9PCerVyplTJqVXiuyeXiYO5urgbBUjKb4q/n7dcu4krLvXzC1cRqopeV8w
RzsvhYl86jWTzB0R4Vr4T6voEM8GvOVqewZai2xn5OFP+nfLejEp+O4cCdAtuT98
SRCU5FtpRxd6eT7xH+ZLayY+LDu32ZMhSGEsE//cPTqH916t
-----END CERTIFICATE-----