Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/cabead-f08a-415d-9937-53a8619b42f5/1/WeE29Za3dmlq_LY5WDzyStxbQjA.roa
File:                     WeE29Za3dmlq_LY5WDzyStxbQjA.roa (raw, json)
Hash identifier:          vSfwmGoSN7JOYMpBmsRV2zfdDk3Nd0UMY8ia3f2X+GM=
Subject key identifier:   59:E1:36:F5:96:B7:76:69:6A:FC:B6:39:58:3C:F2:4A:DC:5B:42:30
Certificate issuer:       /CN=6797412ec4b0b8fb2de9d2df17a6ac7283ededb5
Certificate serial:       018FAA8A038A4197055051305AB416CF1A19
Authority key identifier: 67:97:41:2E:C4:B0:B8:FB:2D:E9:D2:DF:17:A6:AC:72:83:ED:ED:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5dBLsSwuPst6dLfF6ascoPt7bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/cabead-f08a-415d-9937-53a8619b42f5/1/WeE29Za3dmlq_LY5WDzyStxbQjA.roa
Signing time:             Fri 24 May 2024 12:18:42 +0000
ROA not before:           Fri 24 May 2024 12:18:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202878
IP address blocks:        2001:678:1a8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/cabead-f08a-415d-9937-53a8619b42f5/1/Z5dBLsSwuPst6dLfF6ascoPt7bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/cabead-f08a-415d-9937-53a8619b42f5/1/Z5dBLsSwuPst6dLfF6ascoPt7bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z5dBLsSwuPst6dLfF6ascoPt7bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:aa:8a:03:8a:41:97:05:50:51:30:5a:b4:16:cf:1a:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6797412ec4b0b8fb2de9d2df17a6ac7283ededb5
        Validity
            Not Before: May 24 12:18:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59e136f596b776696afcb639583cf24adc5b4230
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:8c:05:bd:df:ff:33:2e:21:ee:54:40:38:31:
                    4e:b4:c2:5d:0d:f1:1c:52:ee:3e:ef:2c:2d:bd:96:
                    a5:aa:3d:5e:62:a9:e5:a9:5f:69:a7:eb:c5:67:64:
                    50:26:de:24:bf:c4:56:e6:74:97:cd:46:e7:2d:44:
                    ad:b9:80:3f:91:d4:66:b4:34:d9:da:76:02:f0:88:
                    da:bc:1b:5e:da:25:98:6c:46:eb:29:12:b8:57:ea:
                    81:f1:17:05:7e:18:31:1d:2c:05:cb:a6:e8:53:62:
                    26:23:51:cd:9d:1e:b9:a7:90:9d:70:85:c8:ed:a4:
                    28:b5:1a:57:75:90:fb:87:50:b1:7f:a5:8c:17:0d:
                    11:6f:2a:02:8a:b8:85:47:f3:d4:05:2e:8e:fe:e9:
                    49:15:84:93:43:00:5a:90:6a:d4:b3:d6:db:0d:0b:
                    c5:a2:8a:5a:2a:b1:d4:db:b0:1f:07:4b:3c:f4:7a:
                    0a:51:fb:a6:d7:eb:95:b1:ef:66:7e:7b:57:24:dc:
                    22:fe:13:df:b0:a7:88:a5:9d:15:2e:34:0e:14:f8:
                    c7:87:6e:cb:43:ba:0d:7a:49:e2:94:2b:f6:47:38:
                    6f:9d:04:5a:d5:a4:a3:91:6e:08:3b:7a:c5:25:1b:
                    48:a6:c5:6d:ca:2d:be:fc:23:1c:e5:54:af:ae:a7:
                    24:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:E1:36:F5:96:B7:76:69:6A:FC:B6:39:58:3C:F2:4A:DC:5B:42:30
            X509v3 Authority Key Identifier:
                keyid:67:97:41:2E:C4:B0:B8:FB:2D:E9:D2:DF:17:A6:AC:72:83:ED:ED:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5dBLsSwuPst6dLfF6ascoPt7bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/cabead-f08a-415d-9937-53a8619b42f5/1/WeE29Za3dmlq_LY5WDzyStxbQjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/cabead-f08a-415d-9937-53a8619b42f5/1/Z5dBLsSwuPst6dLfF6ascoPt7bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1a8::/48

    Signature Algorithm: sha256WithRSAEncryption
         c6:a4:85:b8:96:df:86:73:b8:bb:41:77:b4:a7:1c:8c:23:08:
         b3:80:a8:8b:39:97:7e:4b:b0:be:4d:f8:17:b9:9d:ca:23:07:
         b3:68:91:bb:d8:9e:11:c8:c6:3c:c7:bf:c9:93:35:35:f2:51:
         99:de:63:0b:a4:83:8a:ed:5c:a1:52:86:68:1e:62:8a:b6:31:
         75:10:b8:44:84:3f:38:98:a8:3f:64:30:2e:d9:ee:49:e7:39:
         2d:b7:9e:3f:59:ac:00:c5:7e:7b:9f:da:a4:19:58:08:98:d0:
         fa:f9:ec:ed:04:52:fc:79:40:b2:2d:d6:d1:80:14:97:6e:fb:
         6c:19:a9:a9:ab:05:e7:1a:91:ad:73:ae:6e:33:07:df:b3:7a:
         07:16:03:53:d7:83:ef:26:9a:43:d0:59:05:c1:24:1d:7f:63:
         82:1f:7b:62:cf:08:98:ce:09:64:be:47:ed:7e:fc:5f:36:18:
         3b:eb:52:fa:37:d3:fd:16:9b:96:e4:7b:ae:a0:03:e4:3d:fc:
         a6:d4:c5:0e:9c:57:65:c4:14:cb:1e:43:cc:82:3c:c3:e6:44:
         0a:88:bf:3f:28:3a:cf:b6:1a:79:ad:a8:a9:e9:eb:7e:3e:56:
         b8:42:21:04:96:d8:2f:57:52:6d:39:99:35:60:b8:e6:07:6d:
         37:60:68:4f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY+qigOKQZcFUFEwWrQWzxoZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTc0MTJlYzRiMGI4ZmIyZGU5ZDJkZjE3YTZhYzcyODNl
ZGVkYjUwHhcNMjQwNTI0MTIxODQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWUxMzZmNTk2Yjc3NjY5NmFmY2I2Mzk1ODNjZjI0YWRjNWI0MjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIwFvd//My4h7lRAODFOtMJdDfEc
Uu4+7ywtvZalqj1eYqnlqV9pp+vFZ2RQJt4kv8RW5nSXzUbnLUStuYA/kdRmtDTZ
2nYC8IjavBte2iWYbEbrKRK4V+qB8RcFfhgxHSwFy6boU2ImI1HNnR65p5CdcIXI
7aQotRpXdZD7h1Cxf6WMFw0RbyoCiriFR/PUBS6O/ulJFYSTQwBakGrUs9bbDQvF
oopaKrHU27AfB0s89HoKUfum1+uVse9mfntXJNwi/hPfsKeIpZ0VLjQOFPjHh27L
Q7oNeknilCv2RzhvnQRa1aSjkW4IO3rFJRtIpsVtyi2+/CMc5VSvrqckowIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFnhNvWWt3Zpavy2OVg88krcW0IwMB8GA1UdIwQY
MBaAFGeXQS7EsLj7LenS3xemrHKD7e21MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVkQkxzU3d1UHN0NmRMZkY2YXNjb1B0N2JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni9jYWJlYWQtZjA4YS00MTVkLTk5Mzct
NTNhODYxOWI0MmY1LzEvV2VFMjlaYTNkbWxxX0xZNVdEenlTdHhiUWpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni9jYWJlYWQtZjA4YS00MTVkLTk5MzctNTNhODYxOWI0MmY1
LzEvWjVkQkxzU3d1UHN0NmRMZkY2YXNjb1B0N2JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAGo
MA0GCSqGSIb3DQEBCwUAA4IBAQDGpIW4lt+Gc7i7QXe0pxyMIwizgKiLOZd+S7C+
TfgXuZ3KIwezaJG72J4RyMY8x7/JkzU18lGZ3mMLpIOK7VyhUoZoHmKKtjF1ELhE
hD84mKg/ZDAu2e5J5zktt54/WawAxX57n9qkGVgImND6+eztBFL8eUCyLdbRgBSX
bvtsGampqwXnGpGtc65uMwffs3oHFgNT14PvJppD0FkFwSQdf2OCH3tizwiYzglk
vkftfvxfNhg761L6N9P9FpuW5HuuoAPkPfym1MUOnFdlxBTLHkPMgjzD5kQKiL8/
KDrPthp5raip6et+Pla4QiEEltgvV1JtOZk1YLjmB203YGhP
-----END CERTIFICATE-----