Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/16d4b5-76bb-4324-9a86-705197507a59/1/fAhEGn-vd-HRQRLyyF0xYKoddB0.roa
File:                     fAhEGn-vd-HRQRLyyF0xYKoddB0.roa (raw, json)
Hash identifier:          XVuVMRQgIqjOGGXKmnkdaSaLSN+fGBYCWcjGaNttZ0o=
Subject key identifier:   7C:08:44:1A:7F:AF:77:E1:D1:41:12:F2:C8:5D:31:60:AA:1D:74:1D
Certificate issuer:       /CN=24b660a611980c68273139e32affb74b454a9d32
Certificate serial:       018CC3B6C7C937C44CA0EFA247952DED87A5
Authority key identifier: 24:B6:60:A6:11:98:0C:68:27:31:39:E3:2A:FF:B7:4B:45:4A:9D:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JLZgphGYDGgnMTnjKv-3S0VKnTI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/16d4b5-76bb-4324-9a86-705197507a59/1/fAhEGn-vd-HRQRLyyF0xYKoddB0.roa
Signing time:             Mon 01 Jan 2024 06:29:44 +0000
ROA not before:           Mon 01 Jan 2024 06:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        2001:678:d10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/16d4b5-76bb-4324-9a86-705197507a59/1/JLZgphGYDGgnMTnjKv-3S0VKnTI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/16d4b5-76bb-4324-9a86-705197507a59/1/JLZgphGYDGgnMTnjKv-3S0VKnTI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JLZgphGYDGgnMTnjKv-3S0VKnTI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c7:c9:37:c4:4c:a0:ef:a2:47:95:2d:ed:87:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24b660a611980c68273139e32affb74b454a9d32
        Validity
            Not Before: Jan  1 06:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c08441a7faf77e1d14112f2c85d3160aa1d741d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c8:1f:45:2c:fe:12:af:6f:9d:2f:29:34:1c:
                    f3:ac:6c:2c:ee:c0:a1:35:24:38:76:75:9a:a6:b0:
                    a7:1c:d8:f8:f2:89:f8:2e:0d:60:46:f5:00:66:11:
                    cc:d8:c7:25:02:0d:cd:68:08:c3:1d:41:ac:3b:b3:
                    27:a5:fb:c0:1b:25:58:b0:b8:73:c3:ae:1d:a5:7b:
                    c7:fb:f0:ff:dc:85:2d:3a:e9:d9:5d:73:db:c0:b3:
                    75:15:6a:b6:a9:cb:8f:4d:8b:78:43:b1:69:55:34:
                    c9:7b:b9:7f:e0:07:c7:f1:51:37:81:c7:c6:a3:0c:
                    c5:4a:76:11:03:1b:68:82:db:c7:74:41:19:f9:b5:
                    e0:9c:ad:d6:3f:1f:24:f2:71:fc:ac:2a:d0:e4:7c:
                    32:1d:07:87:0d:55:60:c5:6c:69:46:aa:8c:50:b9:
                    c9:bb:37:53:02:7c:4a:91:d7:d2:8c:d5:cc:1b:39:
                    b7:40:59:61:c9:6a:6c:16:83:c9:10:eb:73:53:73:
                    60:c1:01:54:0d:5f:66:85:80:53:aa:4f:4f:35:0d:
                    83:fb:07:4e:5f:1e:2d:f2:d3:9c:53:32:41:a4:ff:
                    55:13:46:be:05:77:3c:1d:82:47:21:d0:3b:68:09:
                    13:79:e1:00:d9:98:a0:58:eb:a4:34:6f:8e:3d:76:
                    dd:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:08:44:1A:7F:AF:77:E1:D1:41:12:F2:C8:5D:31:60:AA:1D:74:1D
            X509v3 Authority Key Identifier:
                keyid:24:B6:60:A6:11:98:0C:68:27:31:39:E3:2A:FF:B7:4B:45:4A:9D:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JLZgphGYDGgnMTnjKv-3S0VKnTI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/16d4b5-76bb-4324-9a86-705197507a59/1/fAhEGn-vd-HRQRLyyF0xYKoddB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/16d4b5-76bb-4324-9a86-705197507a59/1/JLZgphGYDGgnMTnjKv-3S0VKnTI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d10::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:cf:e7:12:55:dd:af:9e:17:ca:65:44:25:5f:48:00:88:84:
         96:52:7c:96:0d:b4:b4:c2:0d:41:98:41:bb:c9:98:a2:8d:1d:
         08:a5:d1:e5:61:b5:1a:11:65:85:1d:44:07:6f:16:9d:75:ba:
         61:43:6c:b6:fe:cd:22:a9:f5:5c:ae:85:49:ce:0c:d1:9d:98:
         05:63:e7:84:70:c0:59:68:e5:da:6e:03:ed:43:91:ae:06:d8:
         5b:8b:d9:b0:fd:3b:3f:85:2e:51:d8:0c:af:76:fb:49:c9:6f:
         1b:f8:a5:d4:b2:bb:47:e4:e3:5e:51:a9:e2:0c:d1:f8:d6:31:
         93:cd:bd:de:a4:52:3b:95:49:c4:a3:c6:f4:9d:d2:b1:52:3c:
         48:f1:7a:2d:e9:8b:9d:40:83:ec:b5:29:12:34:c3:0f:73:a5:
         d0:bc:4f:43:12:0e:67:6b:d9:69:5d:a6:ac:93:5e:dd:24:f5:
         62:4f:ad:dd:d3:11:6b:5d:34:fb:86:49:16:03:ec:86:6b:ec:
         49:24:68:d8:09:53:69:c9:6d:07:03:21:41:65:24:07:9f:bb:
         aa:10:4d:10:ca:4a:45:fa:98:43:36:57:b0:31:62:18:74:a1:
         fd:93:90:33:33:a4:fa:a3:93:f7:31:8e:ef:31:bc:ef:d5:ec:
         e4:32:af:89
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtsfJN8RMoO+iR5Ut7YelMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0YjY2MGE2MTE5ODBjNjgyNzMxMzllMzJhZmZiNzRiNDU0
YTlkMzIwHhcNMjQwMTAxMDYyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzA4NDQxYTdmYWY3N2UxZDE0MTEyZjJjODVkMzE2MGFhMWQ3NDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMgfRSz+Eq9vnS8pNBzzrGws7sCh
NSQ4dnWaprCnHNj48on4Lg1gRvUAZhHM2MclAg3NaAjDHUGsO7MnpfvAGyVYsLhz
w64dpXvH+/D/3IUtOunZXXPbwLN1FWq2qcuPTYt4Q7FpVTTJe7l/4AfH8VE3gcfG
owzFSnYRAxtogtvHdEEZ+bXgnK3WPx8k8nH8rCrQ5HwyHQeHDVVgxWxpRqqMULnJ
uzdTAnxKkdfSjNXMGzm3QFlhyWpsFoPJEOtzU3NgwQFUDV9mhYBTqk9PNQ2D+wdO
Xx4t8tOcUzJBpP9VE0a+BXc8HYJHIdA7aAkTeeEA2ZigWOukNG+OPXbdMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHwIRBp/r3fh0UES8shdMWCqHXQdMB8GA1UdIwQY
MBaAFCS2YKYRmAxoJzE54yr/t0tFSp0yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkxaZ3BoR1lER2duTVRuakt2LTNTMFZLblRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNmQ0YjUtNzZiYi00MzI0LTlhODYt
NzA1MTk3NTA3YTU5LzEvZkFoRUduLXZkLUhSUVJMeXlGMHhZS29kZEIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNmQ0YjUtNzZiYi00MzI0LTlhODYtNzA1MTk3NTA3YTU5
LzEvSkxaZ3BoR1lER2duTVRuakt2LTNTMFZLblRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA0Q
MA0GCSqGSIb3DQEBCwUAA4IBAQAtz+cSVd2vnhfKZUQlX0gAiISWUnyWDbS0wg1B
mEG7yZiijR0IpdHlYbUaEWWFHUQHbxaddbphQ2y2/s0iqfVcroVJzgzRnZgFY+eE
cMBZaOXabgPtQ5GuBthbi9mw/Ts/hS5R2AyvdvtJyW8b+KXUsrtH5ONeUaniDNH4
1jGTzb3epFI7lUnEo8b0ndKxUjxI8Xot6YudQIPstSkSNMMPc6XQvE9DEg5na9lp
Xaask17dJPViT63d0xFrXTT7hkkWA+yGa+xJJGjYCVNpyW0HAyFBZSQHn7uqEE0Q
ykpF+phDNlewMWIYdKH9k5AzM6T6o5P3MY7vMbzv1ezkMq+J
-----END CERTIFICATE-----