Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/849e26-6472-4440-a038-7baa92a828ec/1/81NQEH4TBFXP7hoWtbGpob5wwyw.roa
File:                     81NQEH4TBFXP7hoWtbGpob5wwyw.roa (raw, json)
Hash identifier:          mW7VSWU+Gz4yCWeQXX93AJbIjK09D/ps8b3BWTQwcpU=
Subject key identifier:   F3:53:50:10:7E:13:04:55:CF:EE:1A:16:B5:B1:A9:A1:BE:70:C3:2C
Certificate issuer:       /CN=9f04c3a86338e170605e665d34d8a5c869948a05
Certificate serial:       018CC94E5114DF5CCCEBB77F588EA617FD3A
Authority key identifier: 9F:04:C3:A8:63:38:E1:70:60:5E:66:5D:34:D8:A5:C8:69:94:8A:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nwTDqGM44XBgXmZdNNilyGmUigU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/849e26-6472-4440-a038-7baa92a828ec/1/81NQEH4TBFXP7hoWtbGpob5wwyw.roa
Signing time:             Tue 02 Jan 2024 08:33:22 +0000
ROA not before:           Tue 02 Jan 2024 08:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199815
IP address blocks:        2001:678:870::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/849e26-6472-4440-a038-7baa92a828ec/1/nwTDqGM44XBgXmZdNNilyGmUigU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/849e26-6472-4440-a038-7baa92a828ec/1/nwTDqGM44XBgXmZdNNilyGmUigU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nwTDqGM44XBgXmZdNNilyGmUigU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:51:14:df:5c:cc:eb:b7:7f:58:8e:a6:17:fd:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f04c3a86338e170605e665d34d8a5c869948a05
        Validity
            Not Before: Jan  2 08:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f35350107e130455cfee1a16b5b1a9a1be70c32c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:cf:88:7b:6f:64:a9:0a:e7:9f:fd:96:a2:39:
                    b5:2f:58:d0:85:a0:a1:3e:fc:c3:28:3c:fa:68:a4:
                    3b:99:24:5e:69:ea:c6:62:6b:20:e6:b5:34:47:24:
                    64:eb:0e:24:0c:10:bc:50:ae:e9:a3:de:50:5d:00:
                    28:fa:16:08:36:cb:c4:eb:fb:48:8d:2c:91:9d:0b:
                    10:d8:25:9d:58:a4:fe:03:d0:c3:72:c8:cf:6c:79:
                    35:be:81:33:95:c5:70:88:88:8c:ba:5d:4e:33:f6:
                    22:95:ad:18:cd:0f:7e:0b:aa:cf:40:ff:4f:99:8a:
                    49:e6:38:b1:9e:ad:80:56:14:57:dc:dc:a5:c9:c7:
                    8a:6e:bc:51:f3:fa:21:00:34:ea:8a:94:d1:02:d8:
                    d2:1a:61:90:6d:ad:3e:06:41:5b:7f:c9:31:32:dc:
                    6c:59:ad:93:9a:4c:04:cb:c5:ef:4b:d1:c1:0a:67:
                    04:45:7f:83:a1:03:c2:6f:7f:d0:f5:f7:67:ef:b6:
                    54:c4:61:d3:d5:f1:99:30:4c:99:6f:1e:6c:b1:7f:
                    f0:6b:14:ab:02:cd:1a:75:23:68:c9:a5:6a:73:d1:
                    b7:77:56:90:bc:94:43:e3:07:04:e3:d3:e5:27:6d:
                    29:54:2c:d3:d3:65:7e:89:1a:2e:b2:f2:a7:54:8a:
                    de:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:53:50:10:7E:13:04:55:CF:EE:1A:16:B5:B1:A9:A1:BE:70:C3:2C
            X509v3 Authority Key Identifier:
                keyid:9F:04:C3:A8:63:38:E1:70:60:5E:66:5D:34:D8:A5:C8:69:94:8A:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nwTDqGM44XBgXmZdNNilyGmUigU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/849e26-6472-4440-a038-7baa92a828ec/1/81NQEH4TBFXP7hoWtbGpob5wwyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/849e26-6472-4440-a038-7baa92a828ec/1/nwTDqGM44XBgXmZdNNilyGmUigU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:870::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:a9:0a:76:b0:4d:1b:b9:ba:b0:87:43:d9:65:38:74:7f:73:
         03:59:a0:73:67:0c:58:57:bc:d3:67:74:44:6c:e1:eb:ab:de:
         06:86:50:03:8c:4f:fc:0c:fd:c8:6b:ff:c6:c4:9c:38:61:67:
         bb:63:0a:11:13:78:dc:9c:c6:8f:0d:fa:81:d4:63:88:72:37:
         19:7d:df:5b:ca:87:82:0e:ef:9e:d1:e0:a7:6b:00:c5:7e:65:
         d3:db:0a:4d:ba:de:2e:47:50:c5:f5:2d:70:8f:d5:22:29:be:
         a0:e3:f4:c8:76:4b:c7:82:86:dd:f8:a1:f6:8c:87:36:5f:e3:
         95:55:d8:4a:b5:fe:3c:96:37:d2:5d:c0:db:ed:c5:bc:79:71:
         cc:a3:ec:7a:c7:4b:2c:a2:2c:17:bf:17:bd:33:13:70:b1:81:
         1f:4d:18:dd:c2:b7:32:fb:99:35:f8:03:10:53:df:35:f3:71:
         5d:50:1b:53:9f:59:97:7e:6e:44:8c:9c:99:6c:f5:01:bf:e0:
         7b:67:05:85:77:d7:99:bb:16:40:07:ef:ac:f3:92:12:dc:38:
         df:c0:09:6f:29:e5:78:41:22:dd:1a:d6:bf:3a:04:88:66:b3:
         e8:13:15:21:68:c5:c5:a7:fa:5c:48:87:fb:fe:c5:b4:a8:54:
         77:eb:66:61
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTlEU31zM67d/WI6mF/06MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMDRjM2E4NjMzOGUxNzA2MDVlNjY1ZDM0ZDhhNWM4Njk5
NDhhMDUwHhcNMjQwMTAyMDgzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzUzNTAxMDdlMTMwNDU1Y2ZlZTFhMTZiNWIxYTlhMWJlNzBjMzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApM+Ie29kqQrnn/2Wojm1L1jQhaCh
PvzDKDz6aKQ7mSReaerGYmsg5rU0RyRk6w4kDBC8UK7po95QXQAo+hYINsvE6/tI
jSyRnQsQ2CWdWKT+A9DDcsjPbHk1voEzlcVwiIiMul1OM/Yila0YzQ9+C6rPQP9P
mYpJ5jixnq2AVhRX3NylyceKbrxR8/ohADTqipTRAtjSGmGQba0+BkFbf8kxMtxs
Wa2TmkwEy8XvS9HBCmcERX+DoQPCb3/Q9fdn77ZUxGHT1fGZMEyZbx5ssX/waxSr
As0adSNoyaVqc9G3d1aQvJRD4wcE49PlJ20pVCzT02V+iRousvKnVIrepQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPNTUBB+EwRVz+4aFrWxqaG+cMMsMB8GA1UdIwQY
MBaAFJ8Ew6hjOOFwYF5mXTTYpchplIoFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbndURHFHTTQ0WEJnWG1aZE5OaWx5R21VaWdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS84NDllMjYtNjQ3Mi00NDQwLWEwMzgt
N2JhYTkyYTgyOGVjLzEvODFOUUVINFRCRlhQN2hvV3RiR3BvYjV3d3l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS84NDllMjYtNjQ3Mi00NDQwLWEwMzgtN2JhYTkyYTgyOGVj
LzEvbndURHFHTTQ0WEJnWG1aZE5OaWx5R21VaWdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAhw
MA0GCSqGSIb3DQEBCwUAA4IBAQARqQp2sE0bubqwh0PZZTh0f3MDWaBzZwxYV7zT
Z3REbOHrq94GhlADjE/8DP3Ia//GxJw4YWe7YwoRE3jcnMaPDfqB1GOIcjcZfd9b
yoeCDu+e0eCnawDFfmXT2wpNut4uR1DF9S1wj9UiKb6g4/TIdkvHgobd+KH2jIc2
X+OVVdhKtf48ljfSXcDb7cW8eXHMo+x6x0ssoiwXvxe9MxNwsYEfTRjdwrcy+5k1
+AMQU98183FdUBtTn1mXfm5EjJyZbPUBv+B7ZwWFd9eZuxZAB++s85IS3DjfwAlv
KeV4QSLdGta/OgSIZrPoExUhaMXFp/pcSIf7/sW0qFR362Zh
-----END CERTIFICATE-----