Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/v-IL4Q8lhALNUdh4m8z2jquHdNE.roa
File:                     v-IL4Q8lhALNUdh4m8z2jquHdNE.roa (raw, json)
Hash identifier:          yo1+6BdaBQgOwYdtpsOm6chIcsUCNP0J1OtImVPeHA4=
Subject key identifier:   BF:E2:0B:E1:0F:25:84:02:CD:51:D8:78:9B:CC:F6:8E:AB:87:74:D1
Certificate issuer:       /CN=3026806a6b8dac68c2a32b65849229524fc33da7
Certificate serial:       018E3257E63A3BC3F1C82C7639B1EEC963CC
Authority key identifier: 30:26:80:6A:6B:8D:AC:68:C2:A3:2B:65:84:92:29:52:4F:C3:3D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MCaAamuNrGjCoytlhJIpUk_DPac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/v-IL4Q8lhALNUdh4m8z2jquHdNE.roa
Signing time:             Tue 12 Mar 2024 11:06:45 +0000
ROA not before:           Tue 12 Mar 2024 11:06:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49697
IP address blocks:        2001:678:964::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/MCaAamuNrGjCoytlhJIpUk_DPac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/MCaAamuNrGjCoytlhJIpUk_DPac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MCaAamuNrGjCoytlhJIpUk_DPac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:32:57:e6:3a:3b:c3:f1:c8:2c:76:39:b1:ee:c9:63:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3026806a6b8dac68c2a32b65849229524fc33da7
        Validity
            Not Before: Mar 12 11:06:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfe20be10f258402cd51d8789bccf68eab8774d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d7:3d:07:3e:0a:22:4d:13:e9:17:f4:05:4a:
                    86:ff:c0:27:d0:0b:cf:50:aa:73:e8:55:42:ae:10:
                    45:a8:e4:bf:5c:1b:75:60:53:74:f1:00:4b:6c:b1:
                    82:3b:74:25:cd:c2:0f:80:9d:f5:81:3f:6c:d4:38:
                    f6:80:fe:32:16:6d:46:18:b5:ff:c1:08:50:94:4c:
                    05:8b:5c:d8:fc:cd:28:5f:32:0a:a9:08:dc:22:34:
                    43:3f:5c:61:4e:a3:29:ff:fc:77:d6:de:86:b7:93:
                    98:d2:67:68:46:b3:90:de:b2:4a:8f:d3:7b:99:c3:
                    31:82:d1:b9:8a:d8:bd:db:c5:ad:9e:3f:17:ba:dc:
                    66:2f:d7:96:16:e7:02:03:68:a0:64:59:9f:63:7e:
                    57:ec:88:46:64:23:a2:c3:a2:01:98:8e:8d:74:15:
                    97:38:13:0a:f5:3a:5b:93:e2:79:df:58:2e:dc:0b:
                    be:49:f3:f7:09:07:e5:b8:3b:29:e8:07:34:4f:f5:
                    c0:ea:18:91:73:e0:7c:70:52:12:20:44:05:06:39:
                    ce:24:e5:a7:23:2a:82:c9:d6:43:d1:49:7c:6f:93:
                    51:b3:00:75:e1:46:5f:01:5d:78:53:5b:12:0b:bd:
                    57:77:6e:d6:27:4d:8c:3b:1e:a2:1c:a9:e2:97:db:
                    6c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:E2:0B:E1:0F:25:84:02:CD:51:D8:78:9B:CC:F6:8E:AB:87:74:D1
            X509v3 Authority Key Identifier:
                keyid:30:26:80:6A:6B:8D:AC:68:C2:A3:2B:65:84:92:29:52:4F:C3:3D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MCaAamuNrGjCoytlhJIpUk_DPac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/v-IL4Q8lhALNUdh4m8z2jquHdNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/MCaAamuNrGjCoytlhJIpUk_DPac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:964::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:42:37:07:31:f4:9d:a4:15:97:00:03:0c:e9:cc:da:e3:53:
         d5:86:02:d7:e5:15:51:bb:15:21:ef:65:99:44:cd:ec:39:7d:
         ca:c2:58:f6:95:ea:66:c1:b9:1d:90:13:5a:44:b0:cb:0f:0a:
         f1:95:d2:c0:31:d2:35:f3:79:e4:e4:05:32:fc:46:b5:6f:fb:
         3d:58:cc:3a:17:88:97:eb:56:1a:98:34:25:a3:a4:61:4a:3b:
         df:ea:d2:5b:a7:26:62:aa:dc:0b:6c:7d:bf:7d:66:bd:cb:4e:
         a2:5e:81:ac:72:c1:f4:50:77:c7:b2:f2:aa:b9:5a:c6:85:fe:
         22:f4:46:80:4a:c5:0d:9c:92:af:e6:b2:e9:41:36:82:ed:20:
         61:11:7f:66:32:81:37:4d:98:39:29:ed:bd:98:f7:79:bb:1e:
         2e:f8:d8:97:f5:7c:c5:b2:02:65:3f:67:bd:74:1a:30:93:46:
         0c:3e:16:79:39:d9:e4:01:99:79:eb:fd:75:c5:c6:78:c3:1d:
         f6:b7:4f:2e:57:d6:2a:1d:ea:0f:ee:aa:e8:c0:da:97:94:5d:
         8c:f2:5f:9e:f4:ca:d5:4b:8e:6a:96:cb:2f:7a:99:c4:16:8a:
         32:b0:35:eb:8d:c5:da:59:a6:1f:97:6e:70:84:a1:31:36:e7:
         a0:f9:b1:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY4yV+Y6O8PxyCx2ObHuyWPMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMjY4MDZhNmI4ZGFjNjhjMmEzMmI2NTg0OTIyOTUyNGZj
MzNkYTcwHhcNMjQwMzEyMTEwNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmUyMGJlMTBmMjU4NDAyY2Q1MWQ4Nzg5YmNjZjY4ZWFiODc3NGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9c9Bz4KIk0T6Rf0BUqG/8An0AvP
UKpz6FVCrhBFqOS/XBt1YFN08QBLbLGCO3QlzcIPgJ31gT9s1Dj2gP4yFm1GGLX/
wQhQlEwFi1zY/M0oXzIKqQjcIjRDP1xhTqMp//x31t6Gt5OY0mdoRrOQ3rJKj9N7
mcMxgtG5iti928Wtnj8XutxmL9eWFucCA2igZFmfY35X7IhGZCOiw6IBmI6NdBWX
OBMK9Tpbk+J531gu3Au+SfP3CQfluDsp6Ac0T/XA6hiRc+B8cFISIEQFBjnOJOWn
IyqCydZD0Ul8b5NRswB14UZfAV14U1sSC71Xd27WJ02MOx6iHKnil9tsbwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL/iC+EPJYQCzVHYeJvM9o6rh3TRMB8GA1UdIwQY
MBaAFDAmgGprjaxowqMrZYSSKVJPwz2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUNhQWFtdU5yR2pDb3l0bGhKSXBVa19EUGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi85ZGNhMGUtYTQxYi00OTcyLWJiYjUt
MDhlMmIxMDE3OTI3LzEvdi1JTDRROGxoQUxOVWRoNG04ejJqcXVIZE5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi85ZGNhMGUtYTQxYi00OTcyLWJiYjUtMDhlMmIxMDE3OTI3
LzEvTUNhQWFtdU5yR2pDb3l0bGhKSXBVa19EUGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAlk
MA0GCSqGSIb3DQEBCwUAA4IBAQAwQjcHMfSdpBWXAAMM6cza41PVhgLX5RVRuxUh
72WZRM3sOX3Kwlj2lepmwbkdkBNaRLDLDwrxldLAMdI183nk5AUy/Ea1b/s9WMw6
F4iX61YamDQlo6RhSjvf6tJbpyZiqtwLbH2/fWa9y06iXoGscsH0UHfHsvKquVrG
hf4i9EaASsUNnJKv5rLpQTaC7SBhEX9mMoE3TZg5Ke29mPd5ux4u+NiX9XzFsgJl
P2e9dBowk0YMPhZ5OdnkAZl56/11xcZ4wx32t08uV9YqHeoP7qrowNqXlF2M8l+e
9MrVS45qlssvepnEFooysDXrjcXaWaYfl25whKExNueg+bFD
-----END CERTIFICATE-----