Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/0a96c9-18ea-4753-a2c5-ac9acd352842/1/y5EVzuXhyXUUcU6ZVSjIkOjXGow.roa
File:                     y5EVzuXhyXUUcU6ZVSjIkOjXGow.roa (raw, json)
Hash identifier:          sMahEblKOPT6bwL8hM/7cEaTI1p9ziIqD5dMKvMGteE=
Subject key identifier:   CB:91:15:CE:E5:E1:C9:75:14:71:4E:99:55:28:C8:90:E8:D7:1A:8C
Certificate issuer:       /CN=b81bb21b5c1889030d365a549f21d5b426f9dda8
Certificate serial:       018CC8010AB3403E738706F73358DF1B0966
Authority key identifier: B8:1B:B2:1B:5C:18:89:03:0D:36:5A:54:9F:21:D5:B4:26:F9:DD:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uBuyG1wYiQMNNlpUnyHVtCb53ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/0a96c9-18ea-4753-a2c5-ac9acd352842/1/y5EVzuXhyXUUcU6ZVSjIkOjXGow.roa
Signing time:             Tue 02 Jan 2024 02:29:20 +0000
ROA not before:           Tue 02 Jan 2024 02:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29551
IP address blocks:        2001:678:4a8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/0a96c9-18ea-4753-a2c5-ac9acd352842/1/uBuyG1wYiQMNNlpUnyHVtCb53ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/0a96c9-18ea-4753-a2c5-ac9acd352842/1/uBuyG1wYiQMNNlpUnyHVtCb53ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uBuyG1wYiQMNNlpUnyHVtCb53ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:0a:b3:40:3e:73:87:06:f7:33:58:df:1b:09:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b81bb21b5c1889030d365a549f21d5b426f9dda8
        Validity
            Not Before: Jan  2 02:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb9115cee5e1c97514714e995528c890e8d71a8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:12:87:a3:e6:b4:86:cd:c3:a1:de:15:cf:33:
                    0e:7e:c2:93:80:5c:37:c0:54:6d:96:c7:cf:7d:2d:
                    d2:4c:46:6f:96:f6:09:b6:00:0b:cd:69:2d:a4:9b:
                    5f:37:e1:9f:0d:90:7e:47:a1:8c:a3:3f:1c:75:c2:
                    ee:2f:9f:0e:c0:23:1a:30:70:75:32:e8:64:70:15:
                    6e:46:3c:75:b0:60:cc:8f:0b:77:c5:0c:ef:27:e9:
                    cc:b3:3a:3d:e4:7c:45:1f:a3:18:4d:40:f1:02:cb:
                    86:1e:68:cc:e7:af:f7:43:26:bf:8c:a1:6c:a7:ab:
                    bc:e4:12:0d:c8:bc:4d:b8:38:ea:83:e2:87:73:91:
                    d8:27:b7:89:98:34:5d:22:06:e5:00:c7:93:2e:ab:
                    49:0e:a9:aa:ca:4d:84:a6:72:f8:5a:25:30:bf:23:
                    22:13:ac:c1:e2:d1:97:40:3c:52:fe:56:97:b2:b3:
                    76:ad:ac:83:ac:39:fd:c9:b7:5d:b0:84:e5:0d:e7:
                    c6:b2:96:34:8a:e2:e0:9e:f6:53:6b:57:56:46:32:
                    0c:28:2e:a4:4c:a6:e5:8f:e1:93:7d:e4:22:0e:d4:
                    32:62:79:89:97:dd:46:cb:0c:27:22:db:96:7d:4a:
                    1d:c8:7c:b0:1d:32:19:a9:2f:d2:7b:18:76:1c:c9:
                    f9:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:91:15:CE:E5:E1:C9:75:14:71:4E:99:55:28:C8:90:E8:D7:1A:8C
            X509v3 Authority Key Identifier:
                keyid:B8:1B:B2:1B:5C:18:89:03:0D:36:5A:54:9F:21:D5:B4:26:F9:DD:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uBuyG1wYiQMNNlpUnyHVtCb53ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/0a96c9-18ea-4753-a2c5-ac9acd352842/1/y5EVzuXhyXUUcU6ZVSjIkOjXGow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/0a96c9-18ea-4753-a2c5-ac9acd352842/1/uBuyG1wYiQMNNlpUnyHVtCb53ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:4a8::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:21:43:73:21:46:99:e3:bd:1f:73:1a:d9:7e:2e:c9:eb:d0:
         46:a3:c1:de:95:98:81:72:b7:78:ea:94:20:ce:0b:fe:98:22:
         0c:fd:90:80:2b:7f:6c:26:db:74:3f:a9:01:b8:65:34:bb:2a:
         f1:d3:2c:dd:f9:0c:f5:34:f9:72:96:84:b0:80:1b:9d:2d:83:
         a6:62:36:06:11:0c:00:b7:94:0d:06:2e:a5:37:ed:1c:18:cb:
         45:03:59:bb:1f:43:fc:cb:b9:fe:4c:7a:92:57:eb:c0:aa:b5:
         3b:7f:3c:34:38:27:49:6d:3c:bb:fd:89:53:6d:a4:fb:7c:37:
         c7:e4:58:ea:b4:a8:08:3a:6a:46:2a:25:f0:30:fd:41:78:69:
         6c:39:c8:b1:e2:a4:12:33:29:d6:65:d0:80:bf:60:45:cb:5d:
         9c:d1:8f:0c:4a:c5:83:31:0a:95:70:f6:75:e0:54:a3:08:31:
         4b:b6:b6:15:7a:7f:e5:b3:9a:2f:3f:fc:04:12:60:e4:78:5b:
         e6:a0:42:91:9c:3b:1a:7e:55:47:0a:9e:15:2c:af:74:ab:86:
         07:3f:75:2b:07:2e:92:bb:66:f3:25:85:0f:fc:6a:fd:dd:31:
         5e:15:d0:5a:61:4e:9d:43:31:45:e0:cc:75:62:13:0a:ba:f2:
         cb:0a:fd:88
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAQqzQD5zhwb3M1jfGwlmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MWJiMjFiNWMxODg5MDMwZDM2NWE1NDlmMjFkNWI0MjZm
OWRkYTgwHhcNMjQwMTAyMDIyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjkxMTVjZWU1ZTFjOTc1MTQ3MTRlOTk1NTI4Yzg5MGU4ZDcxYThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRKHo+a0hs3Dod4VzzMOfsKTgFw3
wFRtlsfPfS3STEZvlvYJtgALzWktpJtfN+GfDZB+R6GMoz8cdcLuL58OwCMaMHB1
MuhkcBVuRjx1sGDMjwt3xQzvJ+nMszo95HxFH6MYTUDxAsuGHmjM56/3Qya/jKFs
p6u85BINyLxNuDjqg+KHc5HYJ7eJmDRdIgblAMeTLqtJDqmqyk2EpnL4WiUwvyMi
E6zB4tGXQDxS/laXsrN2rayDrDn9ybddsITlDefGspY0iuLgnvZTa1dWRjIMKC6k
TKblj+GTfeQiDtQyYnmJl91GywwnItuWfUodyHywHTIZqS/Sexh2HMn5XwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMuRFc7l4cl1FHFOmVUoyJDo1xqMMB8GA1UdIwQY
MBaAFLgbshtcGIkDDTZaVJ8h1bQm+d2oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUJ1eUcxd1lpUU1OTmxwVW55SFZ0Q2I1M2FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8wYTk2YzktMThlYS00NzUzLWEyYzUt
YWM5YWNkMzUyODQyLzEveTVFVnp1WGh5WFVVY1U2WlZTaklrT2pYR293LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8wYTk2YzktMThlYS00NzUzLWEyYzUtYWM5YWNkMzUyODQy
LzEvdUJ1eUcxd1lpUU1OTmxwVW55SFZ0Q2I1M2FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeASo
MA0GCSqGSIb3DQEBCwUAA4IBAQC0IUNzIUaZ470fcxrZfi7J69BGo8HelZiBcrd4
6pQgzgv+mCIM/ZCAK39sJtt0P6kBuGU0uyrx0yzd+Qz1NPlyloSwgBudLYOmYjYG
EQwAt5QNBi6lN+0cGMtFA1m7H0P8y7n+THqSV+vAqrU7fzw0OCdJbTy7/YlTbaT7
fDfH5FjqtKgIOmpGKiXwMP1BeGlsOcix4qQSMynWZdCAv2BFy12c0Y8MSsWDMQqV
cPZ14FSjCDFLtrYVen/ls5ovP/wEEmDkeFvmoEKRnDsaflVHCp4VLK90q4YHP3Ur
By6Su2bzJYUP/Gr93TFeFdBaYU6dQzFF4Mx1YhMKuvLLCv2I
-----END CERTIFICATE-----