Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/bNrn5HGb_VX0rjpJEW9hFZvMlBg.roa
File:                     bNrn5HGb_VX0rjpJEW9hFZvMlBg.roa (raw, json)
Hash identifier:          KmofimGQKOT76rtIiLYsfqKcze5mMUSov32ZPrC6IrE=
Subject key identifier:   6C:DA:E7:E4:71:9B:FD:55:F4:AE:3A:49:11:6F:61:15:9B:CC:94:18
Certificate issuer:       /CN=2b003e583bdb2511ff57ab7a32fce741334b343b
Certificate serial:       018CCA9985A36377D4365063DF3669B79064
Authority key identifier: 2B:00:3E:58:3B:DB:25:11:FF:57:AB:7A:32:FC:E7:41:33:4B:34:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KwA-WDvbJRH_V6t6MvznQTNLNDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/bNrn5HGb_VX0rjpJEW9hFZvMlBg.roa
Signing time:             Tue 02 Jan 2024 14:35:07 +0000
ROA not before:           Tue 02 Jan 2024 14:35:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42
IP address blocks:        2001:678:94::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/KwA-WDvbJRH_V6t6MvznQTNLNDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/KwA-WDvbJRH_V6t6MvznQTNLNDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KwA-WDvbJRH_V6t6MvznQTNLNDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 10:02:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:85:a3:63:77:d4:36:50:63:df:36:69:b7:90:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b003e583bdb2511ff57ab7a32fce741334b343b
        Validity
            Not Before: Jan  2 14:35:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cdae7e4719bfd55f4ae3a49116f61159bcc9418
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:89:ac:cb:91:85:b7:85:67:89:c2:68:77:d0:
                    cf:3d:0d:4a:ef:4b:a6:af:a6:8c:39:68:67:ce:9d:
                    b1:7c:7d:93:65:b6:2b:c2:7c:9d:e9:f0:f7:ee:75:
                    32:33:f4:8c:40:93:d7:57:6b:b0:c6:ec:c8:ab:66:
                    09:3f:41:03:94:f6:f1:2b:2b:d0:e5:dd:cb:9b:77:
                    fc:d6:17:20:12:46:db:8e:0d:fe:ed:87:5b:40:6d:
                    0a:bd:a7:5d:26:9f:3e:8e:4a:8d:37:63:87:c8:65:
                    ec:68:a0:67:05:22:7d:15:24:09:5a:60:50:75:ad:
                    01:d9:2f:90:ee:50:3e:b5:90:27:d0:7d:d9:c8:d9:
                    e6:2e:45:a6:4b:fc:b0:5c:95:d8:9f:51:b1:7f:37:
                    3e:a7:47:56:09:b8:34:f3:24:75:e5:18:e5:38:f9:
                    74:d5:2e:78:da:6b:c6:ac:79:7f:9b:63:d3:24:98:
                    10:4c:b7:7d:70:ef:86:bb:2f:a6:fc:6e:b7:e3:c4:
                    2a:80:b5:54:80:e9:24:7f:5b:27:42:ac:45:46:13:
                    cc:c6:7b:21:0d:0f:6d:d5:ae:29:d4:e4:0f:cf:de:
                    27:4f:31:5b:21:8e:e2:57:e2:91:40:36:2a:a1:81:
                    ad:55:18:86:cf:6a:47:df:3b:8a:41:66:59:e7:4d:
                    99:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:DA:E7:E4:71:9B:FD:55:F4:AE:3A:49:11:6F:61:15:9B:CC:94:18
            X509v3 Authority Key Identifier:
                keyid:2B:00:3E:58:3B:DB:25:11:FF:57:AB:7A:32:FC:E7:41:33:4B:34:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KwA-WDvbJRH_V6t6MvznQTNLNDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/bNrn5HGb_VX0rjpJEW9hFZvMlBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/KwA-WDvbJRH_V6t6MvznQTNLNDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:94::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:9b:12:b6:47:d3:3b:83:7a:7b:c1:b7:47:2b:f1:00:89:b8:
         ae:5e:80:2d:2f:9b:77:9b:bb:62:01:da:d9:c0:13:6f:42:75:
         b1:41:30:44:07:3c:73:fc:c7:d6:f7:84:f4:39:5a:1f:6c:f5:
         e6:32:e2:12:53:80:40:74:c1:cb:04:51:fd:0c:39:16:a7:98:
         f4:c9:98:c1:09:b3:b8:aa:78:9d:ba:af:a9:3f:17:e8:e0:75:
         48:0d:79:ce:34:15:51:ed:c2:fb:cb:48:e8:8b:32:c1:09:b6:
         a2:a3:dd:46:af:60:f3:13:c0:0d:46:ae:83:89:6b:9a:d5:3b:
         71:d1:a3:33:e0:cc:63:f9:ca:57:75:16:6c:f6:f9:13:5b:06:
         2b:0f:fe:b9:3f:c6:a0:16:54:98:f2:cb:c8:f5:6e:85:dd:1a:
         a4:a5:bd:e1:57:c7:3d:7d:d1:a2:b7:9c:4e:3e:55:f7:7d:e7:
         1d:f5:1c:43:14:9a:19:54:50:34:7e:68:f4:d1:7d:1f:72:0b:
         c4:20:30:25:ac:ab:c7:92:20:89:7c:3d:c9:84:4e:89:b4:69:
         45:f4:63:41:7c:6f:7d:19:09:0f:f5:66:bb:40:f6:7f:59:d9:
         ef:3b:17:dc:89:00:a3:8a:6a:f5:45:85:d7:d7:f0:ff:53:50:
         6f:5b:ee:77
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKmYWjY3fUNlBj3zZpt5BkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMDAzZTU4M2JkYjI1MTFmZjU3YWI3YTMyZmNlNzQxMzM0
YjM0M2IwHhcNMjQwMTAyMTQzNTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2RhZTdlNDcxOWJmZDU1ZjRhZTNhNDkxMTZmNjExNTliY2M5NDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkImsy5GFt4VnicJod9DPPQ1K70um
r6aMOWhnzp2xfH2TZbYrwnyd6fD37nUyM/SMQJPXV2uwxuzIq2YJP0EDlPbxKyvQ
5d3Lm3f81hcgEkbbjg3+7YdbQG0KvaddJp8+jkqNN2OHyGXsaKBnBSJ9FSQJWmBQ
da0B2S+Q7lA+tZAn0H3ZyNnmLkWmS/ywXJXYn1Gxfzc+p0dWCbg08yR15RjlOPl0
1S542mvGrHl/m2PTJJgQTLd9cO+Guy+m/G6348QqgLVUgOkkf1snQqxFRhPMxnsh
DQ9t1a4p1OQPz94nTzFbIY7iV+KRQDYqoYGtVRiGz2pH3zuKQWZZ502ZHwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGza5+Rxm/1V9K46SRFvYRWbzJQYMB8GA1UdIwQY
MBaAFCsAPlg72yUR/1erejL850EzSzQ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3dBLVdEdmJKUkhfVjZ0Nk12em5RVE5MTkRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC8xOTRmMjItODY4OS00ZmRiLTljNDEt
MDU4YmJmOWQ1ZTI3LzEvYk5ybjVIR2JfVlgwcmpwSkVXOWhGWnZNbEJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC8xOTRmMjItODY4OS00ZmRiLTljNDEtMDU4YmJmOWQ1ZTI3
LzEvS3dBLVdEdmJKUkhfVjZ0Nk12em5RVE5MTkRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeACU
MA0GCSqGSIb3DQEBCwUAA4IBAQBcmxK2R9M7g3p7wbdHK/EAibiuXoAtL5t3m7ti
AdrZwBNvQnWxQTBEBzxz/MfW94T0OVofbPXmMuISU4BAdMHLBFH9DDkWp5j0yZjB
CbO4qniduq+pPxfo4HVIDXnONBVR7cL7y0joizLBCbaio91Gr2DzE8ANRq6DiWua
1Ttx0aMz4Mxj+cpXdRZs9vkTWwYrD/65P8agFlSY8svI9W6F3Rqkpb3hV8c9fdGi
t5xOPlX3fecd9RxDFJoZVFA0fmj00X0fcgvEIDAlrKvHkiCJfD3JhE6JtGlF9GNB
fG99GQkP9Wa7QPZ/WdnvOxfciQCjimr1RYXX1/D/U1BvW+53
-----END CERTIFICATE-----