Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/32491b-4fc6-4033-9bda-2510ad32c2b4/1/5KtVHlrE0zCIuVgWEip58qC4WyA.roa
File:                     5KtVHlrE0zCIuVgWEip58qC4WyA.roa (raw, json)
Hash identifier:          tAqqoNCBb1RL0M4KuvAHHxcUOcTmSB9bzXAj+DwiIFk=
Subject key identifier:   E4:AB:55:1E:5A:C4:D3:30:88:B9:58:16:12:2A:79:F2:A0:B8:5B:20
Certificate issuer:       /CN=81413f5afc6443e8d2343518ac0b19fd30ba3c12
Certificate serial:       018CC42548F7B1D325EB5EDCD4E1DFBEF8F9
Authority key identifier: 81:41:3F:5A:FC:64:43:E8:D2:34:35:18:AC:0B:19:FD:30:BA:3C:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gUE_WvxkQ-jSNDUYrAsZ_TC6PBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/32491b-4fc6-4033-9bda-2510ad32c2b4/1/5KtVHlrE0zCIuVgWEip58qC4WyA.roa
Signing time:             Mon 01 Jan 2024 08:30:27 +0000
ROA not before:           Mon 01 Jan 2024 08:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     999999
IP address blocks:        2001:678:d44:2::/64 maxlen: 64
                          2001:678:d44:100::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/32491b-4fc6-4033-9bda-2510ad32c2b4/1/gUE_WvxkQ-jSNDUYrAsZ_TC6PBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/32491b-4fc6-4033-9bda-2510ad32c2b4/1/gUE_WvxkQ-jSNDUYrAsZ_TC6PBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gUE_WvxkQ-jSNDUYrAsZ_TC6PBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:48:f7:b1:d3:25:eb:5e:dc:d4:e1:df:be:f8:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81413f5afc6443e8d2343518ac0b19fd30ba3c12
        Validity
            Not Before: Jan  1 08:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4ab551e5ac4d33088b95816122a79f2a0b85b20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:2b:c5:d0:c5:bd:84:ef:7d:56:a2:53:2b:d4:
                    87:a4:a4:06:58:44:7d:b2:41:db:17:9c:b0:44:92:
                    bb:0e:b9:e0:d3:f1:8a:2b:d6:ac:71:7f:7e:ac:7b:
                    52:9f:59:de:55:6c:e7:eb:76:16:46:23:63:38:45:
                    fa:a1:90:24:53:85:19:73:29:f0:c6:25:86:33:9d:
                    3b:69:ef:00:37:23:fc:66:5e:c4:41:5a:ff:8a:83:
                    9b:ae:03:5e:9b:ea:a9:2b:be:30:02:ae:29:21:21:
                    5a:8f:f1:a1:cc:b4:eb:48:b6:e6:df:c6:1e:59:f9:
                    62:a1:e3:dc:f9:4e:43:93:d2:1d:4f:f8:3f:c0:3d:
                    43:bf:e3:c8:06:aa:0d:9b:17:95:75:64:2d:da:62:
                    92:17:ef:fd:e4:1d:57:78:58:79:7f:18:33:4d:78:
                    14:ad:56:9a:f2:7b:21:81:8d:84:86:91:75:18:cd:
                    ef:13:f4:9b:48:a6:c8:ee:46:21:a7:d5:20:9c:94:
                    9f:c8:1d:e2:6c:d1:44:4b:89:3a:f4:83:89:a1:61:
                    0a:41:78:e9:fb:4b:a4:e1:15:07:29:e8:00:3d:55:
                    58:43:d6:4b:46:80:2e:1e:dd:9c:b1:a7:68:82:e3:
                    35:1b:a8:a5:eb:5e:83:91:7c:aa:eb:e6:80:92:67:
                    28:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:AB:55:1E:5A:C4:D3:30:88:B9:58:16:12:2A:79:F2:A0:B8:5B:20
            X509v3 Authority Key Identifier:
                keyid:81:41:3F:5A:FC:64:43:E8:D2:34:35:18:AC:0B:19:FD:30:BA:3C:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gUE_WvxkQ-jSNDUYrAsZ_TC6PBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/32491b-4fc6-4033-9bda-2510ad32c2b4/1/5KtVHlrE0zCIuVgWEip58qC4WyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/32491b-4fc6-4033-9bda-2510ad32c2b4/1/gUE_WvxkQ-jSNDUYrAsZ_TC6PBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d44:2::/64
                  2001:678:d44:100::/64

    Signature Algorithm: sha256WithRSAEncryption
         0c:a0:3c:16:07:16:82:b9:13:28:61:c4:62:f0:bf:b9:34:19:
         5c:9d:e1:58:a4:ee:0d:20:14:3e:ed:6d:50:c6:94:b5:39:5a:
         63:b4:83:08:79:11:aa:3d:73:1c:ab:74:39:ee:0d:ae:cc:4e:
         00:22:24:be:1d:a5:4b:5e:86:01:88:df:a8:5b:4f:56:30:3e:
         be:f7:38:0f:be:75:6a:93:15:2e:af:17:95:b9:08:d1:96:6e:
         45:2d:a8:d7:b5:77:69:b4:51:55:25:ea:af:a9:cd:17:2c:ec:
         ed:ac:94:14:c8:73:17:c0:fd:51:6e:c3:3e:52:b0:0b:05:58:
         e1:59:3b:67:93:b1:0a:48:e4:e7:99:17:07:61:7f:bd:b9:1f:
         0c:f5:a4:e6:74:26:b8:39:33:6a:ce:6f:81:a4:95:61:c5:de:
         5c:a7:1f:a6:1b:72:65:22:a5:e1:52:3b:cc:30:4a:f5:58:08:
         e8:4c:a8:6a:46:68:68:93:81:fb:14:f6:d4:a3:74:2d:23:f1:
         ee:cf:5c:4e:05:4f:4a:62:b2:c6:99:c8:82:69:51:5d:d5:fe:
         0b:ed:b1:60:9b:70:52:b0:4d:3d:f9:49:d4:3d:4e:bc:d7:49:
         3e:03:8f:d2:24:a1:ec:e1:81:d0:6c:d3:f9:10:26:e7:a3:a6:
         b3:d6:18:4b
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzEJUj3sdMl617c1OHfvvj5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNDEzZjVhZmM2NDQzZThkMjM0MzUxOGFjMGIxOWZkMzBi
YTNjMTIwHhcNMjQwMTAxMDgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGFiNTUxZTVhYzRkMzMwODhiOTU4MTYxMjJhNzlmMmEwYjg1YjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCvF0MW9hO99VqJTK9SHpKQGWER9
skHbF5ywRJK7Drng0/GKK9ascX9+rHtSn1neVWzn63YWRiNjOEX6oZAkU4UZcynw
xiWGM507ae8ANyP8Zl7EQVr/ioObrgNem+qpK74wAq4pISFaj/GhzLTrSLbm38Ye
WflioePc+U5Dk9IdT/g/wD1Dv+PIBqoNmxeVdWQt2mKSF+/95B1XeFh5fxgzTXgU
rVaa8nshgY2EhpF1GM3vE/SbSKbI7kYhp9UgnJSfyB3ibNFES4k69IOJoWEKQXjp
+0uk4RUHKegAPVVYQ9ZLRoAuHt2csadoguM1G6il616DkXyq6+aAkmcoaQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFOSrVR5axNMwiLlYFhIqefKguFsgMB8GA1UdIwQY
MBaAFIFBP1r8ZEPo0jQ1GKwLGf0wujwSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1VFX1d2eGtRLWpTTkRVWXJBc1pfVEM2UEJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8zMjQ5MWItNGZjNi00MDMzLTliZGEt
MjUxMGFkMzJjMmI0LzEvNUt0VkhsckUwekNJdVZnV0VpcDU4cUM0V3lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8zMjQ5MWItNGZjNi00MDMzLTliZGEtMjUxMGFkMzJjMmI0
LzEvZ1VFX1d2eGtRLWpTTkRVWXJBc1pfVEM2UEJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAcBAIAAjAWAwkAIAEGeA1E
AAIDCQAgAQZ4DUQBADANBgkqhkiG9w0BAQsFAAOCAQEADKA8FgcWgrkTKGHEYvC/
uTQZXJ3hWKTuDSAUPu1tUMaUtTlaY7SDCHkRqj1zHKt0Oe4NrsxOACIkvh2lS16G
AYjfqFtPVjA+vvc4D751apMVLq8XlbkI0ZZuRS2o17V3abRRVSXqr6nNFyzs7ayU
FMhzF8D9UW7DPlKwCwVY4Vk7Z5OxCkjk55kXB2F/vbkfDPWk5nQmuDkzas5vgaSV
YcXeXKcfphtyZSKl4VI7zDBK9VgI6EyoakZoaJOB+xT21KN0LSPx7s9cTgVPSmKy
xpnIgmlRXdX+C+2xYJtwUrBNPflJ1D1OvNdJPgOP0iSh7OGB0GzT+RAm56Oms9YY
Sw==
-----END CERTIFICATE-----