Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/a8f742-ab9b-4b29-8ad4-6e912db02f5d/1/Rcsqsu0CrsGGFQpcew17hfqvqB8.roa
File:                     Rcsqsu0CrsGGFQpcew17hfqvqB8.roa (raw, json)
Hash identifier:          2ksuhNFMNK9dsEDcmWsgaRI/foAd+6MbBcuFvZCgZz4=
Subject key identifier:   45:CB:2A:B2:ED:02:AE:C1:86:15:0A:5C:7B:0D:7B:85:FA:AF:A8:1F
Certificate issuer:       /CN=f3fb2efb4ec1e9b6f6c6d0ba260747a9c3e0adca
Certificate serial:       0190DA10C0E324D808BB9163AFEED1675D49
Authority key identifier: F3:FB:2E:FB:4E:C1:E9:B6:F6:C6:D0:BA:26:07:47:A9:C3:E0:AD:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8_su-07B6bb2xtC6JgdHqcPgrco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/a8f742-ab9b-4b29-8ad4-6e912db02f5d/1/Rcsqsu0CrsGGFQpcew17hfqvqB8.roa
Signing time:             Mon 22 Jul 2024 10:50:49 +0000
ROA not before:           Mon 22 Jul 2024 10:50:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200924
IP address blocks:        2001:678:5dc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/a8f742-ab9b-4b29-8ad4-6e912db02f5d/1/8_su-07B6bb2xtC6JgdHqcPgrco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/a8f742-ab9b-4b29-8ad4-6e912db02f5d/1/8_su-07B6bb2xtC6JgdHqcPgrco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8_su-07B6bb2xtC6JgdHqcPgrco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:da:10:c0:e3:24:d8:08:bb:91:63:af:ee:d1:67:5d:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3fb2efb4ec1e9b6f6c6d0ba260747a9c3e0adca
        Validity
            Not Before: Jul 22 10:50:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45cb2ab2ed02aec186150a5c7b0d7b85faafa81f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:2f:10:00:73:82:09:2a:76:0c:11:5f:ed:63:
                    1e:de:8b:f4:ba:f1:c5:5c:cf:53:5a:d9:ee:f2:ff:
                    73:60:b3:bd:13:c3:59:a4:1d:43:5f:82:07:bd:d3:
                    24:25:c7:a7:d1:24:26:23:3f:bb:bf:15:ae:60:16:
                    ed:c0:fe:46:48:c2:6f:5b:ab:71:00:83:18:ed:ec:
                    7b:b8:f7:0e:c4:d3:79:b5:27:df:41:a4:ab:fb:c3:
                    eb:4d:ea:39:11:5e:44:63:ac:81:e1:b6:02:e8:1c:
                    51:57:aa:cc:50:d9:bd:39:89:30:8b:31:e7:73:b9:
                    35:8c:f8:14:2b:dc:c6:ad:70:6f:2e:b1:cc:41:49:
                    41:22:ca:46:13:fd:00:3f:15:12:52:6c:5c:05:1d:
                    77:df:05:e3:8a:a5:af:7b:95:df:46:3e:f4:17:f3:
                    4b:cb:4b:64:1d:c6:79:cb:69:8b:18:61:45:36:8f:
                    93:f0:36:1c:eb:41:aa:03:b5:cd:84:79:2b:c5:6b:
                    c7:4f:6f:57:c8:6c:84:11:6d:50:4e:fd:fc:cb:9e:
                    66:49:3a:86:6c:b5:23:65:c4:95:95:06:44:ed:6f:
                    3a:eb:ce:9f:41:0b:8e:36:28:ee:35:d3:90:79:85:
                    09:9a:84:33:16:38:5f:80:46:1d:57:92:1d:56:64:
                    18:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:CB:2A:B2:ED:02:AE:C1:86:15:0A:5C:7B:0D:7B:85:FA:AF:A8:1F
            X509v3 Authority Key Identifier:
                keyid:F3:FB:2E:FB:4E:C1:E9:B6:F6:C6:D0:BA:26:07:47:A9:C3:E0:AD:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8_su-07B6bb2xtC6JgdHqcPgrco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/a8f742-ab9b-4b29-8ad4-6e912db02f5d/1/Rcsqsu0CrsGGFQpcew17hfqvqB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/a8f742-ab9b-4b29-8ad4-6e912db02f5d/1/8_su-07B6bb2xtC6JgdHqcPgrco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:5dc::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:47:10:4c:8b:26:c2:ec:25:ce:ca:8a:b5:86:fd:48:bb:b5:
         68:38:8c:f1:cc:33:e0:09:1e:c7:3e:a9:3e:4b:d8:8b:92:21:
         54:9b:ec:4f:1d:c5:93:8d:6a:17:82:ed:33:bf:1b:ca:38:99:
         bf:0c:9a:d2:06:c0:ff:02:6d:4f:19:45:89:f2:95:1d:91:f4:
         d5:42:45:84:b8:4d:d8:2b:42:71:b9:de:6c:a8:c0:78:ce:f1:
         e9:db:d1:07:4b:b6:c6:c4:44:ef:b6:be:0c:f3:5c:3a:42:eb:
         d3:6d:5b:14:37:c8:d8:a8:20:0f:9d:70:69:d5:01:56:bc:5a:
         b2:f8:bc:ee:a3:0b:a9:2c:db:20:cc:6d:55:f4:c6:f5:2a:88:
         c1:d5:d8:26:e7:9f:a1:53:e8:ae:5b:69:3b:b3:80:97:c3:9d:
         78:fa:06:35:c7:ad:08:04:40:84:11:6c:2e:d2:d7:a4:c4:e3:
         2d:44:fb:9d:fa:c1:2c:32:7c:90:5e:bf:bc:fa:06:54:6a:62:
         81:41:a8:4c:28:6d:f0:12:37:be:a0:2b:14:54:eb:51:88:af:
         a2:08:de:54:d2:9a:8c:22:3e:b1:69:47:f8:59:91:b8:b0:74:
         69:e8:5e:b0:4c:97:c3:05:28:12:ec:b8:1c:e9:b8:37:a2:6c:
         6d:24:eb:b0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZDaEMDjJNgIu5Fjr+7RZ11JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzZmIyZWZiNGVjMWU5YjZmNmM2ZDBiYTI2MDc0N2E5YzNl
MGFkY2EwHhcNMjQwNzIyMTA1MDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWNiMmFiMmVkMDJhZWMxODYxNTBhNWM3YjBkN2I4NWZhYWZhODFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvy8QAHOCCSp2DBFf7WMe3ov0uvHF
XM9TWtnu8v9zYLO9E8NZpB1DX4IHvdMkJcen0SQmIz+7vxWuYBbtwP5GSMJvW6tx
AIMY7ex7uPcOxNN5tSffQaSr+8PrTeo5EV5EY6yB4bYC6BxRV6rMUNm9OYkwizHn
c7k1jPgUK9zGrXBvLrHMQUlBIspGE/0APxUSUmxcBR133wXjiqWve5XfRj70F/NL
y0tkHcZ5y2mLGGFFNo+T8DYc60GqA7XNhHkrxWvHT29XyGyEEW1QTv38y55mSTqG
bLUjZcSVlQZE7W86686fQQuONijuNdOQeYUJmoQzFjhfgEYdV5IdVmQYaQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEXLKrLtAq7BhhUKXHsNe4X6r6gfMB8GA1UdIwQY
MBaAFPP7LvtOwem29sbQuiYHR6nD4K3KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOF9zdS0wN0I2YmIyeHRDNkpnZEhxY1BncmNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9hOGY3NDItYWI5Yi00YjI5LThhZDQt
NmU5MTJkYjAyZjVkLzEvUmNzcXN1MENyc0dHRlFwY2V3MTdoZnF2cUI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9hOGY3NDItYWI5Yi00YjI5LThhZDQtNmU5MTJkYjAyZjVk
LzEvOF9zdS0wN0I2YmIyeHRDNkpnZEhxY1BncmNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAXc
MA0GCSqGSIb3DQEBCwUAA4IBAQCCRxBMiybC7CXOyoq1hv1Iu7VoOIzxzDPgCR7H
Pqk+S9iLkiFUm+xPHcWTjWoXgu0zvxvKOJm/DJrSBsD/Am1PGUWJ8pUdkfTVQkWE
uE3YK0Jxud5sqMB4zvHp29EHS7bGxETvtr4M81w6QuvTbVsUN8jYqCAPnXBp1QFW
vFqy+LzuowupLNsgzG1V9Mb1KojB1dgm55+hU+iuW2k7s4CXw514+gY1x60IBECE
EWwu0tekxOMtRPud+sEsMnyQXr+8+gZUamKBQahMKG3wEje+oCsUVOtRiK+iCN5U
0pqMIj6xaUf4WZG4sHRp6F6wTJfDBSgS7Lgc6bg3omxtJOuw
-----END CERTIFICATE-----