Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/45659b-24d7-4220-a118-93f4255f2b82/1/g8eGoKQ1UyGr8ZbCz1Yn-djlPuI.roa
File:                     g8eGoKQ1UyGr8ZbCz1Yn-djlPuI.roa (raw, json)
Hash identifier:          kt2ecdqAjZE1CTlkyhpXVd7ntcJOY+OWCNblGmMEIkM=
Subject key identifier:   83:C7:86:A0:A4:35:53:21:AB:F1:96:C2:CF:56:27:F9:D8:E5:3E:E2
Certificate issuer:       /CN=4502eb22ae5c0b4dcd39a0f9641a2570634471f9
Certificate serial:       018CC86F795C42C7575D693E54AD0676B9A5
Authority key identifier: 45:02:EB:22:AE:5C:0B:4D:CD:39:A0:F9:64:1A:25:70:63:44:71:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RQLrIq5cC03NOaD5ZBolcGNEcfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/45659b-24d7-4220-a118-93f4255f2b82/1/g8eGoKQ1UyGr8ZbCz1Yn-djlPuI.roa
Signing time:             Tue 02 Jan 2024 04:29:57 +0000
ROA not before:           Tue 02 Jan 2024 04:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50399
IP address blocks:        2001:678:9c8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/45659b-24d7-4220-a118-93f4255f2b82/1/RQLrIq5cC03NOaD5ZBolcGNEcfk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/45659b-24d7-4220-a118-93f4255f2b82/1/RQLrIq5cC03NOaD5ZBolcGNEcfk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RQLrIq5cC03NOaD5ZBolcGNEcfk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:79:5c:42:c7:57:5d:69:3e:54:ad:06:76:b9:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4502eb22ae5c0b4dcd39a0f9641a2570634471f9
        Validity
            Not Before: Jan  2 04:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83c786a0a4355321abf196c2cf5627f9d8e53ee2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:d0:0a:95:8a:77:b8:5a:55:13:ea:d7:07:8c:
                    a3:a3:65:ff:30:6f:f9:70:22:8a:1e:4d:e7:f6:9d:
                    be:40:84:78:6d:9a:cf:74:1b:35:c7:f8:02:1b:0c:
                    b4:70:f8:18:f9:01:a3:a4:4c:7e:a8:90:0f:8c:08:
                    2d:59:c7:9d:ad:e2:a1:6e:09:92:f0:b8:18:dd:4e:
                    f2:1d:62:66:4b:d9:d4:df:b7:27:aa:65:18:b0:52:
                    74:bf:9a:81:ef:13:5e:bc:d6:00:e4:7b:2e:6a:3d:
                    e7:6a:a5:74:d4:58:3a:43:ce:fd:c1:6e:f7:a9:4c:
                    96:e0:d3:9f:35:96:e2:c4:15:d7:c6:d3:4e:9f:c7:
                    68:34:b2:f8:29:d7:e8:17:74:db:1f:bf:0c:7a:fe:
                    bb:a0:4c:05:d1:8a:ae:f6:f6:47:f2:90:de:36:b3:
                    59:5d:ee:11:ba:26:43:da:93:40:2f:f7:13:32:9a:
                    52:37:21:f0:52:fd:f1:3f:5c:97:f4:77:94:cb:00:
                    95:15:c7:8e:4c:69:95:76:f6:ba:7a:be:c1:1e:b6:
                    82:c7:c4:ae:fd:ed:39:c0:d0:45:c2:76:9f:4d:59:
                    cb:bd:48:a3:3a:e0:ee:d0:89:83:b8:3c:cd:3a:d7:
                    e4:41:81:4e:9f:bd:3e:00:72:44:f2:f8:24:f3:6a:
                    02:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:C7:86:A0:A4:35:53:21:AB:F1:96:C2:CF:56:27:F9:D8:E5:3E:E2
            X509v3 Authority Key Identifier:
                keyid:45:02:EB:22:AE:5C:0B:4D:CD:39:A0:F9:64:1A:25:70:63:44:71:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RQLrIq5cC03NOaD5ZBolcGNEcfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/45659b-24d7-4220-a118-93f4255f2b82/1/g8eGoKQ1UyGr8ZbCz1Yn-djlPuI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/45659b-24d7-4220-a118-93f4255f2b82/1/RQLrIq5cC03NOaD5ZBolcGNEcfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:9c8::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:b4:cc:cf:33:28:a0:fb:99:c3:50:b7:8e:27:c9:36:5f:c8:
         1b:81:8e:16:79:11:be:d0:b4:08:84:c0:b7:b2:85:95:de:1d:
         7f:dc:9b:ec:28:60:99:f0:0a:33:96:18:22:06:61:94:f3:be:
         d3:54:fb:49:8f:76:be:dc:9a:32:ec:4a:86:2b:50:97:95:5c:
         69:a4:f4:83:3f:fc:0b:a7:8a:30:56:07:76:c8:da:18:c2:ff:
         59:f9:c0:4b:38:ac:a1:1d:92:57:8e:58:0a:16:40:f1:43:c3:
         4d:cf:42:af:db:60:d9:85:54:1f:0f:73:25:71:0e:3b:f0:e1:
         0d:b3:35:59:73:08:88:51:83:5a:75:03:73:29:d9:51:6e:0b:
         dd:48:20:72:a8:af:8e:56:45:69:d1:2a:eb:06:61:eb:a4:85:
         e9:36:7f:97:a8:09:1c:9a:28:40:2c:50:64:15:6f:d3:30:e1:
         88:fa:47:4c:d3:ff:d4:7c:87:7f:8b:a4:db:bc:d6:af:af:b5:
         60:b5:22:15:8a:e7:0c:87:e3:f5:c9:33:ee:a0:a9:44:7e:90:
         5b:70:7a:95:01:4b:4e:be:8f:58:8a:1a:d8:db:38:74:7a:53:
         68:3c:dc:18:16:ff:78:73:7c:17:06:bb:85:ff:ea:3e:93:be:
         c6:23:98:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb3lcQsdXXWk+VK0GdrmlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1MDJlYjIyYWU1YzBiNGRjZDM5YTBmOTY0MWEyNTcwNjM0
NDcxZjkwHhcNMjQwMTAyMDQyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2M3ODZhMGE0MzU1MzIxYWJmMTk2YzJjZjU2MjdmOWQ4ZTUzZWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1tAKlYp3uFpVE+rXB4yjo2X/MG/5
cCKKHk3n9p2+QIR4bZrPdBs1x/gCGwy0cPgY+QGjpEx+qJAPjAgtWcedreKhbgmS
8LgY3U7yHWJmS9nU37cnqmUYsFJ0v5qB7xNevNYA5Hsuaj3naqV01Fg6Q879wW73
qUyW4NOfNZbixBXXxtNOn8doNLL4KdfoF3TbH78Mev67oEwF0Yqu9vZH8pDeNrNZ
Xe4RuiZD2pNAL/cTMppSNyHwUv3xP1yX9HeUywCVFceOTGmVdva6er7BHraCx8Su
/e05wNBFwnafTVnLvUijOuDu0ImDuDzNOtfkQYFOn70+AHJE8vgk82oClQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIPHhqCkNVMhq/GWws9WJ/nY5T7iMB8GA1UdIwQY
MBaAFEUC6yKuXAtNzTmg+WQaJXBjRHH5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlFMcklxNWNDMDNOT2FENVpCb2xjR05FY2ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS80NTY1OWItMjRkNy00MjIwLWExMTgt
OTNmNDI1NWYyYjgyLzEvZzhlR29LUTFVeUdyOFpiQ3oxWW4tZGpsUHVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS80NTY1OWItMjRkNy00MjIwLWExMTgtOTNmNDI1NWYyYjgy
LzEvUlFMcklxNWNDMDNOT2FENVpCb2xjR05FY2ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAnI
MA0GCSqGSIb3DQEBCwUAA4IBAQCQtMzPMyig+5nDULeOJ8k2X8gbgY4WeRG+0LQI
hMC3soWV3h1/3JvsKGCZ8AozlhgiBmGU877TVPtJj3a+3Joy7EqGK1CXlVxppPSD
P/wLp4owVgd2yNoYwv9Z+cBLOKyhHZJXjlgKFkDxQ8NNz0Kv22DZhVQfD3MlcQ47
8OENszVZcwiIUYNadQNzKdlRbgvdSCByqK+OVkVp0SrrBmHrpIXpNn+XqAkcmihA
LFBkFW/TMOGI+kdM0//UfId/i6TbvNavr7VgtSIViucMh+P1yTPuoKlEfpBbcHqV
AUtOvo9YihrY2zh0elNoPNwYFv94c3wXBruF/+o+k77GI5gF
-----END CERTIFICATE-----