Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/0dc489-e028-4f37-a972-509f44e92022/1/g4MgD88t8-z1Z_DioI03S8s4SF0.roa
File:                     g4MgD88t8-z1Z_DioI03S8s4SF0.roa (raw, json)
Hash identifier:          oYKdTMSlQcqqmJ+ZFi6SGw3LvYYJ6r4rKS91JQMqT+k=
Subject key identifier:   83:83:20:0F:CF:2D:F3:EC:F5:67:F0:E2:A0:8D:37:4B:CB:38:48:5D
Certificate issuer:       /CN=fb480c73354305cc40f8faba9e5402ef37de2eaa
Certificate serial:       018CC64A34B8CA4B02FB924F83E2ECBD5F52
Authority key identifier: FB:48:0C:73:35:43:05:CC:40:F8:FA:BA:9E:54:02:EF:37:DE:2E:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-0gMczVDBcxA-Pq6nlQC7zfeLqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/0dc489-e028-4f37-a972-509f44e92022/1/g4MgD88t8-z1Z_DioI03S8s4SF0.roa
Signing time:             Mon 01 Jan 2024 18:30:01 +0000
ROA not before:           Mon 01 Jan 2024 18:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208391
IP address blocks:        2001:678:aec::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/0dc489-e028-4f37-a972-509f44e92022/1/1-0gMczVDBcxA-Pq6nlQC7zfeLqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/0dc489-e028-4f37-a972-509f44e92022/1/1-0gMczVDBcxA-Pq6nlQC7zfeLqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-0gMczVDBcxA-Pq6nlQC7zfeLqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:34:b8:ca:4b:02:fb:92:4f:83:e2:ec:bd:5f:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb480c73354305cc40f8faba9e5402ef37de2eaa
        Validity
            Not Before: Jan  1 18:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8383200fcf2df3ecf567f0e2a08d374bcb38485d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:3a:26:aa:50:1f:de:81:20:5a:06:df:2f:e2:
                    85:9d:b3:2b:d5:b2:d2:0c:ee:96:cd:cc:86:85:ba:
                    69:c4:e2:72:97:e3:36:e8:3f:39:ae:b7:ad:01:b0:
                    30:0a:e2:21:2d:4a:54:52:cb:68:2e:53:fe:6d:db:
                    93:e0:93:08:b1:bc:8e:eb:85:97:f9:4c:c0:35:ce:
                    c8:91:c8:21:52:d1:4a:f0:f9:bb:a3:90:4c:15:92:
                    7e:92:e2:1e:1b:78:bd:05:f4:51:8c:67:7c:14:09:
                    79:dc:6e:04:bf:7e:e7:cb:e3:5a:b4:8d:f0:14:f4:
                    2a:80:10:6e:a3:5d:41:0f:d4:aa:be:2b:bb:5f:fb:
                    46:ee:fd:51:dc:ba:b4:a4:6b:48:0d:6a:37:a9:cb:
                    19:79:96:53:ce:1b:a4:35:ea:cd:bd:bc:47:14:d0:
                    97:ff:15:6c:dc:d0:3c:9c:13:b3:f8:a4:0b:a4:b2:
                    09:52:71:f8:63:92:6f:c0:db:67:14:97:b1:b8:c0:
                    3e:3b:05:97:b0:86:69:23:b5:71:c6:23:20:40:1e:
                    e1:16:d9:a0:fe:76:2e:64:70:81:60:b7:3a:50:53:
                    bb:69:4d:e1:b3:97:34:e6:d7:40:18:e7:97:1b:72:
                    d8:2d:2e:25:bb:cc:d5:98:0d:b5:00:2f:d0:84:5a:
                    0b:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:83:20:0F:CF:2D:F3:EC:F5:67:F0:E2:A0:8D:37:4B:CB:38:48:5D
            X509v3 Authority Key Identifier:
                keyid:FB:48:0C:73:35:43:05:CC:40:F8:FA:BA:9E:54:02:EF:37:DE:2E:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-0gMczVDBcxA-Pq6nlQC7zfeLqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0dc489-e028-4f37-a972-509f44e92022/1/g4MgD88t8-z1Z_DioI03S8s4SF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0dc489-e028-4f37-a972-509f44e92022/1/1-0gMczVDBcxA-Pq6nlQC7zfeLqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:aec::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:39:43:6d:bf:5a:20:d1:1b:f4:f7:9d:3c:a5:9b:2f:4d:4d:
         31:3a:e8:87:38:f8:b9:f0:fc:dc:d0:4c:cc:2d:0e:dd:32:ad:
         a4:8e:99:31:fc:25:5d:a5:f4:01:38:79:f4:69:63:a2:b2:ad:
         8d:49:61:1b:79:8b:7b:6f:e6:80:74:80:8e:e9:26:21:6f:44:
         66:61:c5:45:ed:aa:68:52:9e:66:98:b5:22:c3:d2:49:dd:91:
         e4:04:c5:b7:92:c1:43:c2:5f:ee:20:63:16:15:e2:e0:28:d6:
         97:ce:a2:84:b0:ec:fc:ab:a7:7c:3f:15:24:ce:22:f6:cb:33:
         6d:80:d3:c6:ee:2f:f4:c6:42:26:81:f3:2f:ae:e9:0d:ae:98:
         d9:15:7f:6b:2a:f3:7d:15:12:ea:c1:2f:dc:4e:fd:b5:97:fd:
         90:31:31:a8:4a:75:a3:01:0f:50:92:00:05:75:51:7f:2e:32:
         f6:54:09:ea:37:3e:02:e3:1d:6d:1c:89:b5:0a:a8:80:a5:d4:
         9c:c7:8c:fc:d5:94:30:ef:71:9b:89:d9:80:8a:58:be:58:31:
         bb:9e:74:8d:58:26:db:15:86:0d:63:18:45:3e:51:e2:3d:0d:
         c2:60:8a:83:67:94:8e:90:01:01:47:4b:26:b1:ca:a3:48:74:
         b1:c1:00:96
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzGSjS4yksC+5JPg+LsvV9SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiNDgwYzczMzU0MzA1Y2M0MGY4ZmFiYTllNTQwMmVmMzdk
ZTJlYWEwHhcNMjQwMTAxMTgzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzgzMjAwZmNmMmRmM2VjZjU2N2YwZTJhMDhkMzc0YmNiMzg0ODVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijomqlAf3oEgWgbfL+KFnbMr1bLS
DO6WzcyGhbppxOJyl+M26D85rretAbAwCuIhLUpUUstoLlP+bduT4JMIsbyO64WX
+UzANc7IkcghUtFK8Pm7o5BMFZJ+kuIeG3i9BfRRjGd8FAl53G4Ev37ny+NatI3w
FPQqgBBuo11BD9Sqviu7X/tG7v1R3Lq0pGtIDWo3qcsZeZZTzhukNerNvbxHFNCX
/xVs3NA8nBOz+KQLpLIJUnH4Y5JvwNtnFJexuMA+OwWXsIZpI7VxxiMgQB7hFtmg
/nYuZHCBYLc6UFO7aU3hs5c05tdAGOeXG3LYLS4lu8zVmA21AC/QhFoLpQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFIODIA/PLfPs9Wfw4qCNN0vLOEhdMB8GA1UdIwQY
MBaAFPtIDHM1QwXMQPj6up5UAu833i6qMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0wZ01jelZEQmN4QS1QcTZubFFDN3pmZUxxby5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUvMGRjNDg5LWUwMjgtNGYzNy1hOTcy
LTUwOWY0NGU5MjAyMi8xL2c0TWdEODh0OC16MVpfRGlvSTAzUzhzNFNGMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzUvMGRjNDg5LWUwMjgtNGYzNy1hOTcyLTUwOWY0NGU5MjAy
Mi8xLzEtMGdNY3pWREJjeEEtUHE2bmxRQzd6ZmVMcW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQZ4
CuwwDQYJKoZIhvcNAQELBQADggEBAG85Q22/WiDRG/T3nTylmy9NTTE66Ic4+Lnw
/NzQTMwtDt0yraSOmTH8JV2l9AE4efRpY6KyrY1JYRt5i3tv5oB0gI7pJiFvRGZh
xUXtqmhSnmaYtSLD0kndkeQExbeSwUPCX+4gYxYV4uAo1pfOooSw7Pyrp3w/FSTO
IvbLM22A08buL/TGQiaB8y+u6Q2umNkVf2sq830VEurBL9xO/bWX/ZAxMahKdaMB
D1CSAAV1UX8uMvZUCeo3PgLjHW0cibUKqICl1JzHjPzVlDDvcZuJ2YCKWL5YMbue
dI1YJtsVhg1jGEU+UeI9DcJgioNnlI6QAQFHSyaxyqNIdLHBAJY=
-----END CERTIFICATE-----