Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/a1d2fd-4dbd-4362-ac7b-7a3ffb00b716/1/uVZdSHbnmnk8Ek_0tU4bWUh5e1g.roa
File:                     uVZdSHbnmnk8Ek_0tU4bWUh5e1g.roa (raw, json)
Hash identifier:          NmTTVbO7r1PcNPaADlquWt61ePuzNGoyW8tB4CnfDo8=
Subject key identifier:   B9:56:5D:48:76:E7:9A:79:3C:12:4F:F4:B5:4E:1B:59:48:79:7B:58
Certificate issuer:       /CN=f56769a42e44266f037ecb390d4115febe3861a4
Certificate serial:       018CC5DC4509AC6034735E763AAF284BC828
Authority key identifier: F5:67:69:A4:2E:44:26:6F:03:7E:CB:39:0D:41:15:FE:BE:38:61:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9WdppC5EJm8Dfss5DUEV_r44YaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/a1d2fd-4dbd-4362-ac7b-7a3ffb00b716/1/uVZdSHbnmnk8Ek_0tU4bWUh5e1g.roa
Signing time:             Mon 01 Jan 2024 16:29:56 +0000
ROA not before:           Mon 01 Jan 2024 16:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8283
IP address blocks:        2001:678:688::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/a1d2fd-4dbd-4362-ac7b-7a3ffb00b716/1/9WdppC5EJm8Dfss5DUEV_r44YaQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/a1d2fd-4dbd-4362-ac7b-7a3ffb00b716/1/9WdppC5EJm8Dfss5DUEV_r44YaQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9WdppC5EJm8Dfss5DUEV_r44YaQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:45:09:ac:60:34:73:5e:76:3a:af:28:4b:c8:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f56769a42e44266f037ecb390d4115febe3861a4
        Validity
            Not Before: Jan  1 16:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9565d4876e79a793c124ff4b54e1b5948797b58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:27:dd:b0:70:5f:5e:b9:40:4a:1c:36:58:5f:
                    14:74:4f:75:36:d9:42:c1:39:fc:0a:70:c2:bc:bf:
                    b0:ad:36:4f:73:a6:9c:f0:7f:e4:09:89:b0:bd:cf:
                    c9:3c:4f:97:ec:e4:60:38:37:ec:b6:f1:a5:f5:4d:
                    25:41:e6:dc:71:03:9b:95:32:d6:65:c4:0d:6e:87:
                    4e:4d:6c:25:32:6e:b2:8b:7e:c2:5c:0b:6e:15:24:
                    81:4b:f6:4d:7e:6f:ce:1c:c1:5a:99:43:c4:46:c2:
                    6a:81:21:6c:bc:37:ff:a7:22:b4:42:f5:a5:3c:03:
                    0d:4f:f3:e8:b7:e9:d3:96:ae:fe:7d:c0:7a:6d:97:
                    63:ee:dd:e0:d0:eb:47:cc:15:5f:fd:46:13:f7:b9:
                    a5:72:a2:e9:85:30:df:0b:22:64:f0:ab:a5:84:e2:
                    c0:f8:a6:ba:57:9b:94:d3:bb:92:d2:4e:5c:f8:e4:
                    be:7d:cf:86:1d:5b:87:e0:de:31:ae:da:a2:50:4d:
                    07:34:dc:a1:14:0d:48:f7:d2:5c:bc:33:62:9f:4d:
                    48:55:f4:5c:ba:f6:0d:a5:7a:7c:f1:2b:39:b4:c6:
                    7b:5f:c3:95:83:3b:cc:20:40:39:ad:4d:91:0f:1d:
                    65:8a:ce:6d:37:d2:74:27:94:45:c4:c4:b7:2b:cf:
                    f9:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:56:5D:48:76:E7:9A:79:3C:12:4F:F4:B5:4E:1B:59:48:79:7B:58
            X509v3 Authority Key Identifier:
                keyid:F5:67:69:A4:2E:44:26:6F:03:7E:CB:39:0D:41:15:FE:BE:38:61:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9WdppC5EJm8Dfss5DUEV_r44YaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1d2fd-4dbd-4362-ac7b-7a3ffb00b716/1/uVZdSHbnmnk8Ek_0tU4bWUh5e1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1d2fd-4dbd-4362-ac7b-7a3ffb00b716/1/9WdppC5EJm8Dfss5DUEV_r44YaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:688::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:05:43:e3:8c:3c:77:0b:b7:35:54:44:33:fa:37:86:98:cd:
         b3:2a:98:e3:4c:e9:24:44:73:d8:e6:74:91:f8:88:b9:64:6d:
         9f:4c:25:d1:f2:d2:a9:8c:ad:0f:cb:84:e1:c6:d1:14:f6:25:
         9a:ca:f2:36:b6:e1:e1:11:9d:8c:14:f8:5e:f2:54:15:01:a1:
         b2:ba:24:e6:2b:dc:b0:c4:bb:07:49:ac:f9:f1:80:09:4f:8b:
         f0:62:01:a2:7b:c6:21:75:c4:76:6c:af:6b:8c:1c:86:f1:4b:
         96:83:7a:0a:94:b3:42:4e:ca:89:d6:3b:a8:72:5b:46:fc:6c:
         fa:4e:b6:00:7d:2c:dc:2f:e0:fc:a5:1f:ae:e2:48:a9:8a:68:
         31:20:2d:83:8b:4e:19:0c:8a:0a:7f:c1:34:e9:06:06:2b:e3:
         37:dc:9c:66:c8:57:0d:59:eb:db:43:60:24:fe:3b:1f:00:d0:
         9d:30:e3:55:23:e6:f6:b8:b9:f3:66:a8:a0:9e:2f:64:bf:0c:
         5d:18:6c:50:6b:6d:f6:34:c8:bc:00:19:de:6c:27:4b:9d:b8:
         8f:64:d6:d0:96:86:32:88:cc:4e:ed:f9:18:fd:5a:ff:d3:85:
         0e:fb:0e:4a:9c:8b:40:e6:43:77:96:14:ff:14:7a:8c:b7:84:
         e8:e1:c1:e2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3EUJrGA0c152Oq8oS8goMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1Njc2OWE0MmU0NDI2NmYwMzdlY2IzOTBkNDExNWZlYmUz
ODYxYTQwHhcNMjQwMTAxMTYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTU2NWQ0ODc2ZTc5YTc5M2MxMjRmZjRiNTRlMWI1OTQ4Nzk3YjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjifdsHBfXrlAShw2WF8UdE91NtlC
wTn8CnDCvL+wrTZPc6ac8H/kCYmwvc/JPE+X7ORgODfstvGl9U0lQebccQOblTLW
ZcQNbodOTWwlMm6yi37CXAtuFSSBS/ZNfm/OHMFamUPERsJqgSFsvDf/pyK0QvWl
PAMNT/Pot+nTlq7+fcB6bZdj7t3g0OtHzBVf/UYT97mlcqLphTDfCyJk8KulhOLA
+Ka6V5uU07uS0k5c+OS+fc+GHVuH4N4xrtqiUE0HNNyhFA1I99JcvDNin01IVfRc
uvYNpXp88Ss5tMZ7X8OVgzvMIEA5rU2RDx1lis5tN9J0J5RFxMS3K8/5GwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLlWXUh255p5PBJP9LVOG1lIeXtYMB8GA1UdIwQY
MBaAFPVnaaQuRCZvA37LOQ1BFf6+OGGkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVdkcHBDNUVKbThEZnNzNURVRVZfcjQ0WWFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9hMWQyZmQtNGRiZC00MzYyLWFjN2It
N2EzZmZiMDBiNzE2LzEvdVZaZFNIYm5tbms4RWtfMHRVNGJXVWg1ZTFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9hMWQyZmQtNGRiZC00MzYyLWFjN2ItN2EzZmZiMDBiNzE2
LzEvOVdkcHBDNUVKbThEZnNzNURVRVZfcjQ0WWFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAaI
MA0GCSqGSIb3DQEBCwUAA4IBAQCTBUPjjDx3C7c1VEQz+jeGmM2zKpjjTOkkRHPY
5nSR+Ii5ZG2fTCXR8tKpjK0Py4ThxtEU9iWayvI2tuHhEZ2MFPhe8lQVAaGyuiTm
K9ywxLsHSaz58YAJT4vwYgGie8YhdcR2bK9rjByG8UuWg3oKlLNCTsqJ1juocltG
/Gz6TrYAfSzcL+D8pR+u4kipimgxIC2Di04ZDIoKf8E06QYGK+M33JxmyFcNWevb
Q2Ak/jsfANCdMONVI+b2uLnzZqigni9kvwxdGGxQa232NMi8ABnebCdLnbiPZNbQ
loYyiMxO7fkY/Vr/04UO+w5KnItA5kN3lhT/FHqMt4To4cHi
-----END CERTIFICATE-----