Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/7113df-e0e8-440e-a118-8beadaaad0b1/1/am8hP4m0ND60Md7Nwew3bygO_KY.roa
File:                     am8hP4m0ND60Md7Nwew3bygO_KY.roa (raw, json)
Hash identifier:          aRBGzYoECmVPIYmKOBs+x+eQMCfDNaC/NgoP29UC/no=
Subject key identifier:   6A:6F:21:3F:89:B4:34:3E:B4:31:DE:CD:C1:EC:37:6F:28:0E:FC:A6
Certificate issuer:       /CN=251e7871fd38f2df918242dda1c6fc35688423ca
Certificate serial:       018CC5DC222CBB0E0D15221853E58A9F87E9
Authority key identifier: 25:1E:78:71:FD:38:F2:DF:91:82:42:DD:A1:C6:FC:35:68:84:23:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JR54cf048t-RgkLdocb8NWiEI8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/7113df-e0e8-440e-a118-8beadaaad0b1/1/am8hP4m0ND60Md7Nwew3bygO_KY.roa
Signing time:             Mon 01 Jan 2024 16:29:47 +0000
ROA not before:           Mon 01 Jan 2024 16:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25151
IP address blocks:        2001:678:c50::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/7113df-e0e8-440e-a118-8beadaaad0b1/1/JR54cf048t-RgkLdocb8NWiEI8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/7113df-e0e8-440e-a118-8beadaaad0b1/1/JR54cf048t-RgkLdocb8NWiEI8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JR54cf048t-RgkLdocb8NWiEI8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:22:2c:bb:0e:0d:15:22:18:53:e5:8a:9f:87:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=251e7871fd38f2df918242dda1c6fc35688423ca
        Validity
            Not Before: Jan  1 16:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a6f213f89b4343eb431decdc1ec376f280efca6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:07:f5:3f:3d:73:2d:d0:92:05:5f:c5:5a:53:
                    1e:83:3a:64:6b:24:10:55:6e:11:7b:38:29:70:29:
                    e3:83:96:c2:1a:7e:cd:31:98:fa:2b:95:e0:da:76:
                    4c:f4:e0:c5:75:d1:45:4c:9d:54:18:23:54:28:f0:
                    75:7e:5b:17:84:04:4e:83:0d:27:15:14:f3:28:62:
                    ba:77:24:53:57:a2:de:84:da:83:83:a7:f1:a1:8b:
                    c0:18:1f:ac:4c:f2:df:f5:e7:a7:3b:d5:92:b0:46:
                    cd:86:81:37:e8:51:84:bd:2e:06:9b:df:49:79:f2:
                    5a:3d:46:ca:f9:6f:04:67:72:08:37:16:c4:4d:7b:
                    b1:72:83:24:2e:5e:7b:fb:ec:0a:84:ea:2a:67:f5:
                    5e:31:a9:06:40:e5:76:5b:62:d1:d2:64:cc:1d:88:
                    69:fa:73:00:ec:b5:c0:73:60:86:77:93:59:33:1e:
                    5a:71:1a:8c:c8:92:54:fe:2d:4f:ec:68:13:58:76:
                    64:bb:e3:12:2a:d7:16:27:4c:4d:de:c5:b7:f5:72:
                    38:ff:9c:cb:ee:1e:92:a3:83:c1:96:c1:3c:16:bb:
                    ed:b5:65:d5:f5:a8:e7:c2:82:64:43:d4:91:35:57:
                    af:b3:80:60:84:c5:fb:8b:9e:c0:5b:f9:24:93:87:
                    2f:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:6F:21:3F:89:B4:34:3E:B4:31:DE:CD:C1:EC:37:6F:28:0E:FC:A6
            X509v3 Authority Key Identifier:
                keyid:25:1E:78:71:FD:38:F2:DF:91:82:42:DD:A1:C6:FC:35:68:84:23:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JR54cf048t-RgkLdocb8NWiEI8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/7113df-e0e8-440e-a118-8beadaaad0b1/1/am8hP4m0ND60Md7Nwew3bygO_KY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/7113df-e0e8-440e-a118-8beadaaad0b1/1/JR54cf048t-RgkLdocb8NWiEI8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:c50::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:76:da:2e:ce:cd:fb:db:98:41:34:5a:d8:5f:c7:fb:28:76:
         1f:ca:1a:ec:b2:ae:2a:f1:ef:15:02:18:38:9f:74:15:91:98:
         2c:95:b6:27:28:29:34:74:c4:c7:cd:48:d3:93:8f:94:fa:0a:
         c2:83:a4:69:5b:e7:68:88:c7:ab:35:bb:48:57:92:2c:cc:11:
         48:23:82:77:87:17:f5:1b:e5:0d:bd:46:de:35:5c:0d:f4:72:
         43:83:86:ed:ee:34:bc:dc:7e:78:d9:2d:38:81:40:92:7a:35:
         0f:d6:de:c7:ed:3f:cc:cb:77:ca:d6:cb:19:2c:6e:15:80:1a:
         5f:ec:bf:a2:af:d9:67:8a:36:38:60:c5:fc:0b:59:76:2d:5e:
         08:01:36:71:90:a6:55:09:e3:e1:c2:80:49:c5:da:2c:05:19:
         8c:4c:95:12:22:ef:d1:95:cf:f2:51:0f:e4:4b:e4:1e:b4:6f:
         36:74:a9:fb:66:3c:eb:60:3f:ef:4d:60:73:fe:08:16:d7:e8:
         c0:90:8f:f0:a5:28:7d:c2:ff:bf:52:eb:09:bb:ed:7e:bb:77:
         c2:e9:54:87:b4:4b:ba:c4:7c:75:73:f5:1f:19:6d:fc:7a:f0:
         01:cb:3e:50:f1:e9:69:cb:b0:d6:59:59:f2:e4:f7:59:82:46:
         c3:7c:6a:c1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3CIsuw4NFSIYU+WKn4fpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1MWU3ODcxZmQzOGYyZGY5MTgyNDJkZGExYzZmYzM1Njg4
NDIzY2EwHhcNMjQwMTAxMTYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTZmMjEzZjg5YjQzNDNlYjQzMWRlY2RjMWVjMzc2ZjI4MGVmY2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQf1Pz1zLdCSBV/FWlMegzpkayQQ
VW4RezgpcCnjg5bCGn7NMZj6K5Xg2nZM9ODFddFFTJ1UGCNUKPB1flsXhAROgw0n
FRTzKGK6dyRTV6LehNqDg6fxoYvAGB+sTPLf9eenO9WSsEbNhoE36FGEvS4Gm99J
efJaPUbK+W8EZ3IINxbETXuxcoMkLl57++wKhOoqZ/VeMakGQOV2W2LR0mTMHYhp
+nMA7LXAc2CGd5NZMx5acRqMyJJU/i1P7GgTWHZku+MSKtcWJ0xN3sW39XI4/5zL
7h6So4PBlsE8FrvttWXV9ajnwoJkQ9SRNVevs4BghMX7i57AW/kkk4cvAwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGpvIT+JtDQ+tDHezcHsN28oDvymMB8GA1UdIwQY
MBaAFCUeeHH9OPLfkYJC3aHG/DVohCPKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlI1NGNmMDQ4dC1SZ2tMZG9jYjhOV2lFSThvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC83MTEzZGYtZTBlOC00NDBlLWExMTgt
OGJlYWRhYWFkMGIxLzEvYW04aFA0bTBORDYwTWQ3TndldzNieWdPX0tZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC83MTEzZGYtZTBlOC00NDBlLWExMTgtOGJlYWRhYWFkMGIx
LzEvSlI1NGNmMDQ4dC1SZ2tMZG9jYjhOV2lFSThvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAxQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBwdtouzs3725hBNFrYX8f7KHYfyhrssq4q8e8V
Ahg4n3QVkZgslbYnKCk0dMTHzUjTk4+U+grCg6RpW+doiMerNbtIV5IszBFII4J3
hxf1G+UNvUbeNVwN9HJDg4bt7jS83H542S04gUCSejUP1t7H7T/My3fK1ssZLG4V
gBpf7L+ir9lnijY4YMX8C1l2LV4IATZxkKZVCePhwoBJxdosBRmMTJUSIu/Rlc/y
UQ/kS+QetG82dKn7ZjzrYD/vTWBz/ggW1+jAkI/wpSh9wv+/UusJu+1+u3fC6VSH
tEu6xHx1c/UfGW38evAByz5Q8elpy7DWWVny5PdZgkbDfGrB
-----END CERTIFICATE-----