Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/32491b-4fc6-4033-9bda-2510ad32c2b4/1/X8U1fXTvmTmSg8BFeD-IZRK9JYk.roa
File:                     X8U1fXTvmTmSg8BFeD-IZRK9JYk.roa (raw, json)
Hash identifier:          Js4YjK71/RMeazKPVdm8wxLoz+u/XKl6k8BTbY+3pJc=
Subject key identifier:   5F:C5:35:7D:74:EF:99:39:92:83:C0:45:78:3F:88:65:12:BD:25:89
Certificate issuer:       /CN=81413f5afc6443e8d2343518ac0b19fd30ba3c12
Certificate serial:       018CC42548D21D913449C3FEB028595827C3
Authority key identifier: 81:41:3F:5A:FC:64:43:E8:D2:34:35:18:AC:0B:19:FD:30:BA:3C:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gUE_WvxkQ-jSNDUYrAsZ_TC6PBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/32491b-4fc6-4033-9bda-2510ad32c2b4/1/X8U1fXTvmTmSg8BFeD-IZRK9JYk.roa
Signing time:             Mon 01 Jan 2024 08:30:26 +0000
ROA not before:           Mon 01 Jan 2024 08:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213279
IP address blocks:        2001:678:d44::/48 maxlen: 48
                          2001:678:d44:1::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/32491b-4fc6-4033-9bda-2510ad32c2b4/1/gUE_WvxkQ-jSNDUYrAsZ_TC6PBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/32491b-4fc6-4033-9bda-2510ad32c2b4/1/gUE_WvxkQ-jSNDUYrAsZ_TC6PBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gUE_WvxkQ-jSNDUYrAsZ_TC6PBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 04:37:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:48:d2:1d:91:34:49:c3:fe:b0:28:59:58:27:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81413f5afc6443e8d2343518ac0b19fd30ba3c12
        Validity
            Not Before: Jan  1 08:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5fc5357d74ef99399283c045783f886512bd2589
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:ac:24:c9:c6:e8:eb:5d:f6:2c:83:95:c1:93:
                    6d:05:b2:a6:1a:d6:89:5b:fe:f0:a9:e9:63:ff:65:
                    a1:d6:ec:6c:98:7d:1e:c0:c3:c0:e2:0c:95:92:ee:
                    bd:56:6c:50:fa:3a:e8:3a:33:17:8e:83:d4:c6:39:
                    54:a4:82:82:99:c5:38:ef:3c:b0:03:22:97:1b:80:
                    e4:3f:37:ac:21:a5:e2:b1:8c:95:08:fd:a0:87:a5:
                    01:04:b0:4d:6f:6d:6e:e6:7b:ca:c4:36:c4:1d:b8:
                    2f:99:d9:e6:0b:be:20:90:85:a4:8f:40:78:a5:fb:
                    00:e1:28:f0:34:e4:13:ab:f0:56:57:06:41:ef:cf:
                    d3:f0:a7:a6:7b:f7:cd:bb:b3:fc:3f:d9:fb:ee:d4:
                    8b:36:e1:6f:1c:5c:30:f9:15:4d:2c:41:31:9f:3a:
                    6a:59:25:03:86:a6:be:47:a3:cd:0b:05:99:66:bd:
                    dd:db:57:d6:79:ab:9f:0d:1d:07:bd:31:cb:02:4b:
                    ef:71:93:ee:07:05:db:d4:26:5f:a5:4c:ae:cf:97:
                    7a:39:4a:c6:41:c2:39:fe:c4:ca:c9:d4:d4:63:ce:
                    69:8c:a2:4a:74:e0:1a:71:e6:cc:ba:ab:97:76:a2:
                    2c:00:59:60:27:ec:d2:b2:fd:7f:03:d9:e3:c2:02:
                    98:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:C5:35:7D:74:EF:99:39:92:83:C0:45:78:3F:88:65:12:BD:25:89
            X509v3 Authority Key Identifier:
                keyid:81:41:3F:5A:FC:64:43:E8:D2:34:35:18:AC:0B:19:FD:30:BA:3C:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gUE_WvxkQ-jSNDUYrAsZ_TC6PBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/32491b-4fc6-4033-9bda-2510ad32c2b4/1/X8U1fXTvmTmSg8BFeD-IZRK9JYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/32491b-4fc6-4033-9bda-2510ad32c2b4/1/gUE_WvxkQ-jSNDUYrAsZ_TC6PBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d44::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:ae:22:8e:5b:96:7c:bc:0b:98:3e:a7:9a:60:a0:02:94:19:
         42:a4:5e:5b:1d:4b:46:f4:67:24:64:d1:06:2a:35:40:f7:03:
         d5:dc:8f:61:63:01:a1:d0:e9:51:e9:be:d3:ea:d1:2f:51:7c:
         ad:ff:d9:b3:41:9c:c3:db:39:31:9a:85:14:c8:ae:bc:ca:3a:
         f2:9a:bb:ea:b3:0b:cd:de:0e:d3:6d:0c:47:33:a8:a8:27:41:
         b3:98:fb:2c:c6:e2:6e:d2:d0:ab:19:1a:6c:9e:3e:7e:85:87:
         e4:0b:e2:44:cd:79:c3:5f:5c:ab:34:64:95:4c:a3:d2:2f:f0:
         7f:de:6a:ce:8d:86:49:61:5c:a5:2f:7d:fe:ca:91:ee:60:1c:
         aa:24:d0:09:ea:ee:09:82:9a:93:fb:96:51:e3:bc:20:17:14:
         3c:59:bd:ea:51:82:06:ac:c2:86:80:09:96:e1:8e:5c:cf:bf:
         42:09:df:2d:fc:85:7a:32:a8:81:05:9e:35:f6:98:26:95:61:
         78:1d:d4:c4:cb:e0:2a:b0:a5:d1:da:b0:c7:9c:56:34:2e:91:
         d5:87:1a:a8:0b:28:a0:15:1f:3d:25:cd:ad:c8:b6:eb:cf:e8:
         0e:bb:a8:40:e8:49:e0:6b:c2:ca:e7:32:59:23:8b:22:f1:09:
         bc:88:62:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJUjSHZE0ScP+sChZWCfDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNDEzZjVhZmM2NDQzZThkMjM0MzUxOGFjMGIxOWZkMzBi
YTNjMTIwHhcNMjQwMTAxMDgzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmM1MzU3ZDc0ZWY5OTM5OTI4M2MwNDU3ODNmODg2NTEyYmQyNTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36wkycbo6132LIOVwZNtBbKmGtaJ
W/7wqelj/2Wh1uxsmH0ewMPA4gyVku69VmxQ+jroOjMXjoPUxjlUpIKCmcU47zyw
AyKXG4DkPzesIaXisYyVCP2gh6UBBLBNb21u5nvKxDbEHbgvmdnmC74gkIWkj0B4
pfsA4SjwNOQTq/BWVwZB78/T8Keme/fNu7P8P9n77tSLNuFvHFww+RVNLEExnzpq
WSUDhqa+R6PNCwWZZr3d21fWeaufDR0HvTHLAkvvcZPuBwXb1CZfpUyuz5d6OUrG
QcI5/sTKydTUY85pjKJKdOAacebMuquXdqIsAFlgJ+zSsv1/A9njwgKYOQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF/FNX1075k5koPARXg/iGUSvSWJMB8GA1UdIwQY
MBaAFIFBP1r8ZEPo0jQ1GKwLGf0wujwSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1VFX1d2eGtRLWpTTkRVWXJBc1pfVEM2UEJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8zMjQ5MWItNGZjNi00MDMzLTliZGEt
MjUxMGFkMzJjMmI0LzEvWDhVMWZYVHZtVG1TZzhCRmVELUlaUks5SllrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8zMjQ5MWItNGZjNi00MDMzLTliZGEtMjUxMGFkMzJjMmI0
LzEvZ1VFX1d2eGtRLWpTTkRVWXJBc1pfVEM2UEJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA1E
MA0GCSqGSIb3DQEBCwUAA4IBAQBWriKOW5Z8vAuYPqeaYKAClBlCpF5bHUtG9Gck
ZNEGKjVA9wPV3I9hYwGh0OlR6b7T6tEvUXyt/9mzQZzD2zkxmoUUyK68yjrymrvq
swvN3g7TbQxHM6ioJ0GzmPssxuJu0tCrGRpsnj5+hYfkC+JEzXnDX1yrNGSVTKPS
L/B/3mrOjYZJYVylL33+ypHuYByqJNAJ6u4JgpqT+5ZR47wgFxQ8Wb3qUYIGrMKG
gAmW4Y5cz79CCd8t/IV6MqiBBZ419pgmlWF4HdTEy+AqsKXR2rDHnFY0LpHVhxqo
CyigFR89Jc2tyLbrz+gOu6hA6Enga8LK5zJZI4si8Qm8iGJy
-----END CERTIFICATE-----