Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/fd17a1-bc5f-49cd-8aed-cb727b4fc379/1/S8eZ8_EllPBLuavLP30QXiczTuU.roa
File:                     S8eZ8_EllPBLuavLP30QXiczTuU.roa (raw, json)
Hash identifier:          1lZJbBTrwCHuk2FE39UuaNqcdxMpgjCQ1Zdlb3uaF28=
Subject key identifier:   4B:C7:99:F3:F1:25:94:F0:4B:B9:AB:CB:3F:7D:10:5E:27:33:4E:E5
Certificate issuer:       /CN=6bc4b3b741bb5b5b61721ad306c71147c4df2bc1
Certificate serial:       018CC9BC08783EB5B24C7C94616DC404CCD7
Authority key identifier: 6B:C4:B3:B7:41:BB:5B:5B:61:72:1A:D3:06:C7:11:47:C4:DF:2B:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a8Szt0G7W1thchrTBscRR8TfK8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/fd17a1-bc5f-49cd-8aed-cb727b4fc379/1/S8eZ8_EllPBLuavLP30QXiczTuU.roa
Signing time:             Tue 02 Jan 2024 10:33:12 +0000
ROA not before:           Tue 02 Jan 2024 10:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209933
IP address blocks:        2001:678:888::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/fd17a1-bc5f-49cd-8aed-cb727b4fc379/1/a8Szt0G7W1thchrTBscRR8TfK8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/fd17a1-bc5f-49cd-8aed-cb727b4fc379/1/a8Szt0G7W1thchrTBscRR8TfK8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a8Szt0G7W1thchrTBscRR8TfK8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:08:78:3e:b5:b2:4c:7c:94:61:6d:c4:04:cc:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6bc4b3b741bb5b5b61721ad306c71147c4df2bc1
        Validity
            Not Before: Jan  2 10:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4bc799f3f12594f04bb9abcb3f7d105e27334ee5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ba:be:cc:45:ef:45:41:4a:bd:63:55:53:57:
                    e4:e5:5f:d6:87:ee:f7:7f:e5:e4:05:96:b0:fa:da:
                    b0:c9:76:95:99:17:16:74:1f:b2:88:e4:dd:e3:18:
                    07:e0:0e:12:c6:fb:23:2f:38:93:d5:9c:b8:b3:25:
                    6c:5d:0d:45:cd:6b:6a:dc:40:83:f5:86:66:45:b6:
                    bb:a8:a8:b1:91:78:32:5e:c6:66:d2:12:76:72:d1:
                    a7:7e:c9:f6:fe:b8:60:1a:07:08:81:e2:dc:24:03:
                    83:29:16:71:38:8f:0d:da:29:72:1e:2e:71:85:a9:
                    4a:70:6a:3c:d0:82:de:7b:60:1e:a9:eb:46:72:a9:
                    f3:8f:e4:b4:0c:7f:2e:8b:e9:e4:48:09:e0:88:d1:
                    f7:11:8d:06:69:ff:6a:b5:42:eb:34:1a:3e:4d:f4:
                    a0:7c:40:43:7d:9d:dd:e6:76:18:ea:e0:86:1a:86:
                    92:61:b9:c3:74:9f:28:27:2f:fa:52:e7:dd:3e:4e:
                    d4:93:62:ba:37:f0:92:c0:d5:76:a3:85:eb:da:e4:
                    68:40:46:02:f7:cd:98:ea:af:48:b0:82:51:b0:f8:
                    6b:97:60:46:e3:40:93:98:94:42:11:db:2c:80:0e:
                    dd:6e:ee:ce:4b:92:34:ba:c4:7f:9f:f3:e6:e6:b9:
                    e7:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:C7:99:F3:F1:25:94:F0:4B:B9:AB:CB:3F:7D:10:5E:27:33:4E:E5
            X509v3 Authority Key Identifier:
                keyid:6B:C4:B3:B7:41:BB:5B:5B:61:72:1A:D3:06:C7:11:47:C4:DF:2B:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8Szt0G7W1thchrTBscRR8TfK8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/fd17a1-bc5f-49cd-8aed-cb727b4fc379/1/S8eZ8_EllPBLuavLP30QXiczTuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/fd17a1-bc5f-49cd-8aed-cb727b4fc379/1/a8Szt0G7W1thchrTBscRR8TfK8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:888::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:96:81:2b:a5:c6:4c:e6:a3:14:79:2d:44:93:f3:e8:2c:ae:
         8a:74:20:6c:ac:5d:c8:10:76:81:27:6e:e5:de:cf:de:01:d6:
         b4:8d:46:8d:6a:1c:ef:7b:ab:3d:10:81:c5:13:66:f3:77:26:
         11:d0:84:d1:ce:c9:c7:ff:78:15:82:f5:e3:1c:80:f9:82:54:
         2b:1c:52:54:6c:72:4b:84:a1:c6:73:ef:4b:eb:b8:91:d4:62:
         16:7e:b3:0a:da:a1:cd:86:ff:9e:db:4f:2a:88:63:8b:de:dd:
         b3:c5:45:82:7d:2d:20:38:e7:75:88:6d:71:fb:21:25:36:c7:
         0e:9a:42:d7:78:93:5a:93:be:e3:af:ad:a4:2b:e9:b2:ba:99:
         73:15:88:e4:0f:bc:1b:ab:77:14:b5:08:3a:f7:a6:a5:c1:20:
         a2:72:26:ad:0a:ae:e1:7e:bd:d9:be:62:78:b5:02:62:23:c3:
         7e:9b:8c:5c:e9:48:e0:29:f3:b6:e4:19:b1:76:aa:3c:58:51:
         4c:b7:96:d6:42:eb:0d:59:46:bc:c9:5a:cd:ec:99:a8:f9:e8:
         ba:7d:89:8b:74:fd:52:9c:44:1e:7b:64:fd:3e:e2:da:eb:e7:
         07:b7:54:fe:cb:80:ed:68:98:f5:d8:db:0b:35:85:41:43:29:
         af:81:21:e2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvAh4PrWyTHyUYW3EBMzXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYzRiM2I3NDFiYjViNWI2MTcyMWFkMzA2YzcxMTQ3YzRk
ZjJiYzEwHhcNMjQwMTAyMTAzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmM3OTlmM2YxMjU5NGYwNGJiOWFiY2IzZjdkMTA1ZTI3MzM0ZWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7q+zEXvRUFKvWNVU1fk5V/Wh+73
f+XkBZaw+tqwyXaVmRcWdB+yiOTd4xgH4A4SxvsjLziT1Zy4syVsXQ1FzWtq3ECD
9YZmRba7qKixkXgyXsZm0hJ2ctGnfsn2/rhgGgcIgeLcJAODKRZxOI8N2ilyHi5x
halKcGo80ILee2AeqetGcqnzj+S0DH8ui+nkSAngiNH3EY0Gaf9qtULrNBo+TfSg
fEBDfZ3d5nYY6uCGGoaSYbnDdJ8oJy/6UufdPk7Uk2K6N/CSwNV2o4Xr2uRoQEYC
982Y6q9IsIJRsPhrl2BG40CTmJRCEdssgA7dbu7OS5I0usR/n/Pm5rnnKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEvHmfPxJZTwS7mryz99EF4nM07lMB8GA1UdIwQY
MBaAFGvEs7dBu1tbYXIa0wbHEUfE3yvBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYThTenQwRzdXMXRoY2hyVEJzY1JSOFRmSzhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9mZDE3YTEtYmM1Zi00OWNkLThhZWQt
Y2I3MjdiNGZjMzc5LzEvUzhlWjhfRWxsUEJMdWF2TFAzMFFYaWN6VHVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9mZDE3YTEtYmM1Zi00OWNkLThhZWQtY2I3MjdiNGZjMzc5
LzEvYThTenQwRzdXMXRoY2hyVEJzY1JSOFRmSzhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAiI
MA0GCSqGSIb3DQEBCwUAA4IBAQAxloErpcZM5qMUeS1Ek/PoLK6KdCBsrF3IEHaB
J27l3s/eAda0jUaNahzve6s9EIHFE2bzdyYR0ITRzsnH/3gVgvXjHID5glQrHFJU
bHJLhKHGc+9L67iR1GIWfrMK2qHNhv+e208qiGOL3t2zxUWCfS0gOOd1iG1x+yEl
NscOmkLXeJNak77jr62kK+myuplzFYjkD7wbq3cUtQg696alwSCiciatCq7hfr3Z
vmJ4tQJiI8N+m4xc6UjgKfO25Bmxdqo8WFFMt5bWQusNWUa8yVrN7Jmo+ei6fYmL
dP1SnEQee2T9PuLa6+cHt1T+y4DtaJj12NsLNYVBQymvgSHi
-----END CERTIFICATE-----