Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/7da79d-60f4-47a8-813a-99957df4997e/1/UPuik-ow8ItaTzb_W4LHg2dMNIM.roa
File:                     UPuik-ow8ItaTzb_W4LHg2dMNIM.roa (raw, json)
Hash identifier:          SIZCE3igrb5N8MZ80UtQhJ9QI2nmdHpGelrfxXnj5l4=
Subject key identifier:   50:FB:A2:93:EA:30:F0:8B:5A:4F:36:FF:5B:82:C7:83:67:4C:34:83
Certificate issuer:       /CN=1e8c77336d66f7b0238e6c184c64fa4f24d09f01
Certificate serial:       018CC26CFD5F0E8DA1C091E0D69FB4F5339D
Authority key identifier: 1E:8C:77:33:6D:66:F7:B0:23:8E:6C:18:4C:64:FA:4F:24:D0:9F:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hox3M21m97AjjmwYTGT6TyTQnwE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/7da79d-60f4-47a8-813a-99957df4997e/1/UPuik-ow8ItaTzb_W4LHg2dMNIM.roa
Signing time:             Mon 01 Jan 2024 00:29:31 +0000
ROA not before:           Mon 01 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59474
IP address blocks:        2001:678:24c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/7da79d-60f4-47a8-813a-99957df4997e/1/Hox3M21m97AjjmwYTGT6TyTQnwE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/7da79d-60f4-47a8-813a-99957df4997e/1/Hox3M21m97AjjmwYTGT6TyTQnwE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hox3M21m97AjjmwYTGT6TyTQnwE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:fd:5f:0e:8d:a1:c0:91:e0:d6:9f:b4:f5:33:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e8c77336d66f7b0238e6c184c64fa4f24d09f01
        Validity
            Not Before: Jan  1 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50fba293ea30f08b5a4f36ff5b82c783674c3483
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:2e:b7:d5:8e:92:85:c9:11:41:a4:a3:7c:ef:
                    db:80:49:a6:02:23:91:a8:02:f2:2d:7e:0c:ce:4e:
                    5f:d0:0c:95:62:1a:eb:a9:cc:37:86:6d:3b:12:6b:
                    45:4c:4b:04:43:ee:e1:d7:81:7c:ce:21:0f:76:6c:
                    6e:1e:47:ff:8f:f5:ec:74:b2:f6:8c:d8:99:c2:a6:
                    2b:41:94:1f:0e:6f:12:8f:35:fd:59:b6:6b:d5:24:
                    77:68:57:b7:ec:54:da:99:e3:8a:1f:5d:6c:56:e3:
                    73:18:7d:14:d1:e5:4d:95:a0:a3:71:de:ca:95:6b:
                    21:fb:55:11:d9:f4:35:53:aa:e1:0e:a6:f9:8e:b9:
                    8f:52:67:df:42:57:c8:e9:44:21:56:92:e1:71:e9:
                    d6:3f:bc:89:5c:98:c3:89:67:bc:53:09:ca:27:e1:
                    8d:8d:10:3a:61:29:3e:09:5b:28:ca:69:cc:50:66:
                    03:f6:f1:65:e8:37:4f:a5:be:e6:28:62:55:eb:09:
                    11:9c:47:76:f2:c7:49:68:b3:fb:db:13:95:e5:ad:
                    d5:11:ee:c4:50:1c:4a:ea:a6:5e:8d:e1:44:f4:a0:
                    4c:07:3d:a4:b0:67:c2:b8:e5:3b:aa:c9:d3:c0:bd:
                    68:36:f7:40:c7:14:d2:b3:80:27:9d:39:94:5a:71:
                    34:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:FB:A2:93:EA:30:F0:8B:5A:4F:36:FF:5B:82:C7:83:67:4C:34:83
            X509v3 Authority Key Identifier:
                keyid:1E:8C:77:33:6D:66:F7:B0:23:8E:6C:18:4C:64:FA:4F:24:D0:9F:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hox3M21m97AjjmwYTGT6TyTQnwE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/7da79d-60f4-47a8-813a-99957df4997e/1/UPuik-ow8ItaTzb_W4LHg2dMNIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/7da79d-60f4-47a8-813a-99957df4997e/1/Hox3M21m97AjjmwYTGT6TyTQnwE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:24c::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:3c:c4:2e:a7:b1:77:66:b5:27:1d:33:68:a6:f0:68:74:1f:
         7e:a8:a2:68:5e:2e:eb:1a:7b:9f:73:09:53:1a:eb:6d:8a:6e:
         8d:00:28:19:2d:0e:a3:ef:ea:4e:33:b8:be:8e:f4:09:74:2a:
         31:a0:dc:ec:e9:ad:c7:c7:b2:3a:9c:a6:eb:47:84:42:8b:fe:
         01:d0:2f:2f:fa:61:27:6a:35:5c:4f:c3:aa:ce:33:6f:ad:e8:
         95:22:a8:ab:72:8d:9d:93:31:7b:89:f4:8c:e4:66:35:97:33:
         3b:ab:15:55:d0:bd:f4:21:34:dc:2e:a5:17:d0:b3:cd:a8:09:
         ae:72:19:5e:2c:9e:ec:c8:94:60:b9:7d:b4:79:95:1b:e9:38:
         ef:04:a9:6e:75:c5:83:bd:af:7d:66:8e:d3:b6:96:f8:f6:32:
         20:ae:f9:de:77:e2:3c:6b:2f:31:42:6e:34:96:c5:38:c3:f2:
         ad:33:4f:b6:65:47:ee:5f:31:79:ff:e1:bc:69:8c:fb:42:fd:
         11:0b:a9:d0:ab:68:ca:ac:75:b2:68:ae:34:57:db:73:38:9e:
         1c:ce:cb:3d:b9:55:d9:e6:2e:01:20:f1:28:43:c1:84:59:c5:
         ae:4c:fe:68:16:c0:c6:54:63:5d:56:71:0a:27:84:b5:7a:d3:
         af:ef:0a:0e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbP1fDo2hwJHg1p+09TOdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOGM3NzMzNmQ2NmY3YjAyMzhlNmMxODRjNjRmYTRmMjRk
MDlmMDEwHhcNMjQwMTAxMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGZiYTI5M2VhMzBmMDhiNWE0ZjM2ZmY1YjgyYzc4MzY3NGMzNDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkC631Y6ShckRQaSjfO/bgEmmAiOR
qALyLX4Mzk5f0AyVYhrrqcw3hm07EmtFTEsEQ+7h14F8ziEPdmxuHkf/j/XsdLL2
jNiZwqYrQZQfDm8SjzX9WbZr1SR3aFe37FTameOKH11sVuNzGH0U0eVNlaCjcd7K
lWsh+1UR2fQ1U6rhDqb5jrmPUmffQlfI6UQhVpLhcenWP7yJXJjDiWe8UwnKJ+GN
jRA6YSk+CVsoymnMUGYD9vFl6DdPpb7mKGJV6wkRnEd28sdJaLP72xOV5a3VEe7E
UBxK6qZejeFE9KBMBz2ksGfCuOU7qsnTwL1oNvdAxxTSs4AnnTmUWnE0jwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFD7opPqMPCLWk82/1uCx4NnTDSDMB8GA1UdIwQY
MBaAFB6MdzNtZvewI45sGExk+k8k0J8BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG94M00yMW05N0Fqam13WVRHVDZUeVRRbndFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC83ZGE3OWQtNjBmNC00N2E4LTgxM2Et
OTk5NTdkZjQ5OTdlLzEvVVB1aWstb3c4SXRhVHpiX1c0TEhnMmRNTklNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC83ZGE3OWQtNjBmNC00N2E4LTgxM2EtOTk5NTdkZjQ5OTdl
LzEvSG94M00yMW05N0Fqam13WVRHVDZUeVRRbndFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAJM
MA0GCSqGSIb3DQEBCwUAA4IBAQBLPMQup7F3ZrUnHTNopvBodB9+qKJoXi7rGnuf
cwlTGuttim6NACgZLQ6j7+pOM7i+jvQJdCoxoNzs6a3Hx7I6nKbrR4RCi/4B0C8v
+mEnajVcT8OqzjNvreiVIqirco2dkzF7ifSM5GY1lzM7qxVV0L30ITTcLqUX0LPN
qAmuchleLJ7syJRguX20eZUb6TjvBKludcWDva99Zo7Ttpb49jIgrvned+I8ay8x
Qm40lsU4w/KtM0+2ZUfuXzF5/+G8aYz7Qv0RC6nQq2jKrHWyaK40V9tzOJ4czss9
uVXZ5i4BIPEoQ8GEWcWuTP5oFsDGVGNdVnEKJ4S1etOv7woO
-----END CERTIFICATE-----