Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/41fda9-9702-458d-982f-8d11257d4af6/1/yIbJVCVbceavbwhNN_pujFBKNYk.roa
File:                     yIbJVCVbceavbwhNN_pujFBKNYk.roa (raw, json)
Hash identifier:          bBUvDWps0FP53tJVupbku+OGA8hTX2OP/N8waY4Uq44=
Subject key identifier:   C8:86:C9:54:25:5B:71:E6:AF:6F:08:4D:37:FA:6E:8C:50:4A:35:89
Certificate issuer:       /CN=386ab970bfb6947597e97cefb916ec76a0c56858
Certificate serial:       018CC9BB203BB358B6704C9BF2ADAAAB09FF
Authority key identifier: 38:6A:B9:70:BF:B6:94:75:97:E9:7C:EF:B9:16:EC:76:A0:C5:68:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OGq5cL-2lHWX6XzvuRbsdqDFaFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/41fda9-9702-458d-982f-8d11257d4af6/1/yIbJVCVbceavbwhNN_pujFBKNYk.roa
Signing time:             Tue 02 Jan 2024 10:32:13 +0000
ROA not before:           Tue 02 Jan 2024 10:32:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206725
IP address blocks:        2001:678:134::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/41fda9-9702-458d-982f-8d11257d4af6/1/OGq5cL-2lHWX6XzvuRbsdqDFaFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/41fda9-9702-458d-982f-8d11257d4af6/1/OGq5cL-2lHWX6XzvuRbsdqDFaFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OGq5cL-2lHWX6XzvuRbsdqDFaFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:20:3b:b3:58:b6:70:4c:9b:f2:ad:aa:ab:09:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=386ab970bfb6947597e97cefb916ec76a0c56858
        Validity
            Not Before: Jan  2 10:32:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c886c954255b71e6af6f084d37fa6e8c504a3589
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:69:27:8f:22:22:e7:dc:85:13:83:32:7c:53:
                    b3:81:5e:45:cf:2c:83:84:19:30:06:ed:15:66:d2:
                    61:ea:d3:82:b4:92:81:f0:53:9c:96:0b:f4:6e:da:
                    d5:7d:7c:31:07:7f:04:77:c3:42:1b:fe:f3:c4:7c:
                    6b:48:06:64:e5:12:23:d7:76:0e:dc:e5:cb:b3:4a:
                    33:8a:0a:8f:47:04:a3:4c:62:8d:6e:b9:d7:74:59:
                    37:58:d0:fa:b7:6f:7e:27:f4:b9:14:a0:60:f8:db:
                    54:b5:4c:0d:88:88:b2:f7:a5:fa:ac:1a:d6:96:fe:
                    ea:f1:fa:0e:b1:43:99:10:f4:27:4b:8d:ce:11:80:
                    33:81:89:fe:75:81:86:93:49:d3:f2:ae:ff:9d:03:
                    86:3b:d9:72:f1:94:b3:f7:04:7e:d8:d4:31:95:59:
                    a1:84:fb:72:de:09:4f:d4:6e:14:1b:6d:fc:4f:12:
                    50:05:89:79:0d:d2:1d:c1:5e:f7:10:ff:c7:ba:73:
                    46:8e:d8:75:77:aa:b8:e9:33:cc:47:5f:fc:da:ac:
                    7e:ae:ef:1a:f1:39:80:e2:7a:19:24:25:52:dd:5c:
                    af:c7:4a:cf:8a:71:e5:27:07:9e:96:27:7e:00:7b:
                    20:4c:a9:50:0e:7a:fe:8c:cb:ce:9a:a5:0b:63:80:
                    42:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:86:C9:54:25:5B:71:E6:AF:6F:08:4D:37:FA:6E:8C:50:4A:35:89
            X509v3 Authority Key Identifier:
                keyid:38:6A:B9:70:BF:B6:94:75:97:E9:7C:EF:B9:16:EC:76:A0:C5:68:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OGq5cL-2lHWX6XzvuRbsdqDFaFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/41fda9-9702-458d-982f-8d11257d4af6/1/yIbJVCVbceavbwhNN_pujFBKNYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/41fda9-9702-458d-982f-8d11257d4af6/1/OGq5cL-2lHWX6XzvuRbsdqDFaFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:134::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:2e:d4:b9:52:c2:8f:26:20:30:b7:aa:85:cb:54:09:d7:f2:
         7a:2b:3a:f5:60:f8:e9:72:ca:29:3d:db:ae:b8:b3:b6:fb:61:
         da:c4:05:21:2a:9e:80:5a:41:ed:fa:57:da:a4:d9:c6:82:e7:
         d3:d2:83:11:ba:11:70:60:2f:5f:0f:59:36:98:f3:9b:9e:81:
         49:b2:c0:dd:35:57:ea:1e:4a:69:8b:85:ff:2c:51:4d:39:b3:
         2e:aa:4d:49:db:20:bc:fc:2b:60:b3:79:1b:d3:3a:eb:22:ca:
         63:38:d3:1f:45:26:49:6e:79:bc:ca:e8:b4:c3:4b:f4:cc:ff:
         63:f6:76:6a:b7:29:4f:97:ec:db:9f:93:ad:65:6a:74:a6:6c:
         24:da:3d:6b:72:e2:dd:f2:bf:7e:34:52:aa:80:bb:5d:03:16:
         07:05:d4:07:d9:5d:57:4d:3a:d3:a4:52:b2:14:7a:a8:19:0c:
         76:55:8d:6c:8c:c4:c1:1e:c0:ad:09:dd:5f:40:bd:bd:ce:7f:
         49:8f:09:0b:3f:9d:14:ff:0e:9c:ef:2d:e5:84:a9:b7:77:e7:
         38:be:01:ac:55:a3:9f:38:66:3c:23:ae:48:d5:38:c1:50:0f:
         83:e4:43:33:91:0b:c7:be:ac:c0:04:44:88:d0:b9:21:72:4a:
         3e:d0:fb:54
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJuyA7s1i2cEyb8q2qqwn/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4NmFiOTcwYmZiNjk0NzU5N2U5N2NlZmI5MTZlYzc2YTBj
NTY4NTgwHhcNMjQwMTAyMTAzMjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODg2Yzk1NDI1NWI3MWU2YWY2ZjA4NGQzN2ZhNmU4YzUwNGEzNTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgWknjyIi59yFE4MyfFOzgV5FzyyD
hBkwBu0VZtJh6tOCtJKB8FOclgv0btrVfXwxB38Ed8NCG/7zxHxrSAZk5RIj13YO
3OXLs0ozigqPRwSjTGKNbrnXdFk3WND6t29+J/S5FKBg+NtUtUwNiIiy96X6rBrW
lv7q8foOsUOZEPQnS43OEYAzgYn+dYGGk0nT8q7/nQOGO9ly8ZSz9wR+2NQxlVmh
hPty3glP1G4UG238TxJQBYl5DdIdwV73EP/HunNGjth1d6q46TPMR1/82qx+ru8a
8TmA4noZJCVS3Vyvx0rPinHlJweelid+AHsgTKlQDnr+jMvOmqULY4BCawIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMiGyVQlW3Hmr28ITTf6boxQSjWJMB8GA1UdIwQY
MBaAFDhquXC/tpR1l+l877kW7HagxWhYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0dxNWNMLTJsSFdYNlh6dnVSYnNkcURGYUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC80MWZkYTktOTcwMi00NThkLTk4MmYt
OGQxMTI1N2Q0YWY2LzEveUliSlZDVmJjZWF2YndoTk5fcHVqRkJLTllrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC80MWZkYTktOTcwMi00NThkLTk4MmYtOGQxMTI1N2Q0YWY2
LzEvT0dxNWNMLTJsSFdYNlh6dnVSYnNkcURGYUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAE0
MA0GCSqGSIb3DQEBCwUAA4IBAQBFLtS5UsKPJiAwt6qFy1QJ1/J6Kzr1YPjpcsop
PduuuLO2+2HaxAUhKp6AWkHt+lfapNnGgufT0oMRuhFwYC9fD1k2mPObnoFJssDd
NVfqHkppi4X/LFFNObMuqk1J2yC8/Ctgs3kb0zrrIspjONMfRSZJbnm8yui0w0v0
zP9j9nZqtylPl+zbn5OtZWp0pmwk2j1rcuLd8r9+NFKqgLtdAxYHBdQH2V1XTTrT
pFKyFHqoGQx2VY1sjMTBHsCtCd1fQL29zn9JjwkLP50U/w6c7y3lhKm3d+c4vgGs
VaOfOGY8I65I1TjBUA+D5EMzkQvHvqzABESI0Lkhcko+0PtU
-----END CERTIFICATE-----