Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/R97jbDClDwirngVeOoRL2E0K1CM.roa
File:                     R97jbDClDwirngVeOoRL2E0K1CM.roa (raw, json)
Hash identifier:          wn8JzCnNTtOF0BIVn7ibC/QoApox5yX7jNneSXUVmNo=
Subject key identifier:   47:DE:E3:6C:30:A5:0F:08:AB:9E:05:5E:3A:84:4B:D8:4D:0A:D4:23
Certificate issuer:       /CN=5a6f9295521df30a158f506ba7cb873ab9529dc3
Certificate serial:       018CC348F3823F7DD738813B82B038841C05
Authority key identifier: 5A:6F:92:95:52:1D:F3:0A:15:8F:50:6B:A7:CB:87:3A:B9:52:9D:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/R97jbDClDwirngVeOoRL2E0K1CM.roa
Signing time:             Mon 01 Jan 2024 04:29:47 +0000
ROA not before:           Mon 01 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8278
IP address blocks:        2001:648:2960::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f3:82:3f:7d:d7:38:81:3b:82:b0:38:84:1c:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a6f9295521df30a158f506ba7cb873ab9529dc3
        Validity
            Not Before: Jan  1 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47dee36c30a50f08ab9e055e3a844bd84d0ad423
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:43:c3:e0:70:39:3a:6e:60:86:1b:54:2e:49:
                    f0:8c:f9:31:d5:e3:e7:3b:a9:69:93:14:e1:4a:1c:
                    60:31:e1:89:72:86:97:30:16:4b:e4:bf:ff:d6:a0:
                    d6:2c:27:ac:e3:ce:71:f9:cf:f6:9c:6f:d6:b8:aa:
                    94:cc:18:37:ea:88:8d:15:8e:f5:66:4e:e8:81:88:
                    fc:10:39:ac:71:ff:0e:8c:4d:75:e5:80:0d:a5:ec:
                    b2:ac:72:cc:04:44:1a:4a:3d:9c:ad:8e:18:d5:4b:
                    6a:ed:ed:1b:d8:de:3d:a2:11:54:39:ea:e7:04:6b:
                    4c:22:28:02:b0:fc:44:19:a9:5d:19:d2:b0:ee:bb:
                    ee:55:6c:4c:d4:e2:b4:ab:54:bb:49:4b:6c:dc:ed:
                    29:bd:78:75:91:03:7d:81:22:07:d0:e5:a7:97:9c:
                    63:ff:38:ac:95:59:ce:20:cc:f1:d5:4c:a4:be:81:
                    84:7e:1f:69:62:1a:f7:68:3d:74:35:11:42:e9:c7:
                    37:e4:be:ab:cb:46:ae:37:b2:21:67:74:02:7b:f6:
                    68:3d:8e:60:8a:79:42:6f:c5:77:d7:15:84:a8:60:
                    9e:40:09:31:d4:c1:b6:0f:3b:85:a0:56:19:ae:69:
                    3d:fa:9e:62:a2:96:e0:f7:4e:0a:21:ee:0b:75:3d:
                    62:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:DE:E3:6C:30:A5:0F:08:AB:9E:05:5E:3A:84:4B:D8:4D:0A:D4:23
            X509v3 Authority Key Identifier:
                keyid:5A:6F:92:95:52:1D:F3:0A:15:8F:50:6B:A7:CB:87:3A:B9:52:9D:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/R97jbDClDwirngVeOoRL2E0K1CM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:648:2960::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:a9:3e:0c:e6:b3:19:a4:db:eb:53:05:d0:24:86:70:3e:82:
         e5:b5:9e:bb:7b:c6:e1:0a:a1:f8:bf:8f:bf:52:10:24:9d:ac:
         36:80:60:6b:13:3e:33:d8:7a:29:59:32:f0:f0:2f:0d:77:4f:
         39:02:41:74:75:31:6d:0c:a6:b3:a4:a0:ea:53:8f:5d:d8:f0:
         69:55:72:be:42:35:f6:4f:b0:e9:4c:c1:1f:cd:b7:d0:69:59:
         02:d2:95:e5:db:22:c2:92:ed:b6:12:a0:06:51:95:e5:5a:2d:
         40:df:98:c4:28:6f:7b:58:d2:13:b2:2c:d1:67:ff:5d:dc:b4:
         c1:a0:a0:9f:df:25:f4:31:40:ce:28:2f:c4:bb:73:36:e3:d7:
         9f:b3:80:48:96:28:eb:8f:d3:9d:f8:71:14:a0:80:87:6e:a9:
         4a:ff:82:8d:ea:67:c7:67:70:aa:34:93:ee:e8:46:3e:4e:9a:
         91:fd:a6:a8:e0:66:d3:29:d6:0c:8c:4f:54:fa:80:5a:25:05:
         b3:9f:74:af:4b:82:af:4e:29:ef:10:63:70:51:03:9c:23:eb:
         25:b3:6e:2d:be:d3:13:8a:f7:ea:6a:be:39:39:d6:b4:53:76:
         b5:41:04:43:05:6b:06:5e:77:c4:2d:95:c9:e2:ef:1f:fb:86:
         9a:5f:9e:5d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSPOCP33XOIE7grA4hBwFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNmY5Mjk1NTIxZGYzMGExNThmNTA2YmE3Y2I4NzNhYjk1
MjlkYzMwHhcNMjQwMTAxMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2RlZTM2YzMwYTUwZjA4YWI5ZTA1NWUzYTg0NGJkODRkMGFkNDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEPD4HA5Om5ghhtULknwjPkx1ePn
O6lpkxThShxgMeGJcoaXMBZL5L//1qDWLCes485x+c/2nG/WuKqUzBg36oiNFY71
Zk7ogYj8EDmscf8OjE115YANpeyyrHLMBEQaSj2crY4Y1Utq7e0b2N49ohFUOern
BGtMIigCsPxEGaldGdKw7rvuVWxM1OK0q1S7SUts3O0pvXh1kQN9gSIH0OWnl5xj
/zislVnOIMzx1UykvoGEfh9pYhr3aD10NRFC6cc35L6ry0auN7IhZ3QCe/ZoPY5g
inlCb8V31xWEqGCeQAkx1MG2DzuFoFYZrmk9+p5iopbg904KIe4LdT1isQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEfe42wwpQ8Iq54FXjqES9hNCtQjMB8GA1UdIwQY
MBaAFFpvkpVSHfMKFY9Qa6fLhzq5Up3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV20tU2xWSWQ4d29WajFCcnA4dUhPcmxTbmNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWY5M2ItYmUzMS00NWNmLWFhN2Ut
YWFhNDU1M2QyYWJkLzEvUjk3amJEQ2xEd2lybmdWZU9vUkwyRTBLMUNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWY5M2ItYmUzMS00NWNmLWFhN2UtYWFhNDU1M2QyYWJk
LzEvV20tU2xWSWQ4d29WajFCcnA4dUhPcmxTbmNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGSClg
MA0GCSqGSIb3DQEBCwUAA4IBAQBnqT4M5rMZpNvrUwXQJIZwPoLltZ67e8bhCqH4
v4+/UhAknaw2gGBrEz4z2HopWTLw8C8Nd085AkF0dTFtDKazpKDqU49d2PBpVXK+
QjX2T7DpTMEfzbfQaVkC0pXl2yLCku22EqAGUZXlWi1A35jEKG97WNITsizRZ/9d
3LTBoKCf3yX0MUDOKC/Eu3M249efs4BIlijrj9Od+HEUoICHbqlK/4KN6mfHZ3Cq
NJPu6EY+TpqR/aao4GbTKdYMjE9U+oBaJQWzn3SvS4KvTinvEGNwUQOcI+sls24t
vtMTivfqar45Oda0U3a1QQRDBWsGXnfELZXJ4u8f+4aaX55d
-----END CERTIFICATE-----