Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/9f8fbe-b2e8-472d-9ebc-0b9885863ebf/1/AyrlrU9FCfjE122RXxJWU6t9VcI.roa
File:                     AyrlrU9FCfjE122RXxJWU6t9VcI.roa (raw, json)
Hash identifier:          fnUCkOcwBrSEYqVKQsy+oDc1CrWILr36yq+YRD87zQU=
Subject key identifier:   03:2A:E5:AD:4F:45:09:F8:C4:D7:6D:91:5F:12:56:53:AB:7D:55:C2
Certificate issuer:       /CN=18f4ee88584d6dfd9e3aa9bc201c50f44e353d9c
Certificate serial:       018CC3490C2EF7D57A31E203CF4D36918199
Authority key identifier: 18:F4:EE:88:58:4D:6D:FD:9E:3A:A9:BC:20:1C:50:F4:4E:35:3D:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GPTuiFhNbf2eOqm8IBxQ9E41PZw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/9f8fbe-b2e8-472d-9ebc-0b9885863ebf/1/AyrlrU9FCfjE122RXxJWU6t9VcI.roa
Signing time:             Mon 01 Jan 2024 04:29:53 +0000
ROA not before:           Mon 01 Jan 2024 04:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6939
IP address blocks:        2001:678:a90::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/9f8fbe-b2e8-472d-9ebc-0b9885863ebf/1/GPTuiFhNbf2eOqm8IBxQ9E41PZw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/9f8fbe-b2e8-472d-9ebc-0b9885863ebf/1/GPTuiFhNbf2eOqm8IBxQ9E41PZw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GPTuiFhNbf2eOqm8IBxQ9E41PZw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 08:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:0c:2e:f7:d5:7a:31:e2:03:cf:4d:36:91:81:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18f4ee88584d6dfd9e3aa9bc201c50f44e353d9c
        Validity
            Not Before: Jan  1 04:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=032ae5ad4f4509f8c4d76d915f125653ab7d55c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:86:67:e1:1d:f3:e2:c7:fa:45:7b:40:54:99:
                    a2:ec:9a:25:29:42:b7:34:fd:35:c3:30:af:48:b9:
                    e9:37:8e:8c:64:ed:b1:7c:cc:a9:6a:21:45:28:b2:
                    f3:b2:2e:57:4e:4d:cc:56:9f:01:b7:f0:38:34:3e:
                    12:df:e6:6e:e8:7f:46:8c:75:0d:0b:dd:3f:8a:c0:
                    53:7d:df:2b:73:28:56:a8:bf:e3:a9:89:15:ad:1e:
                    6f:e6:65:83:df:49:38:a1:3f:91:3b:92:e5:31:be:
                    50:81:df:c5:85:dd:24:04:01:cc:5d:3a:f1:cb:9d:
                    23:0f:06:cb:40:7d:56:1f:44:c7:8f:78:f9:4d:7b:
                    78:99:97:31:4b:2c:b1:09:2f:d5:b2:0e:a1:fd:27:
                    0c:ca:68:cd:f4:f8:96:b0:05:f7:c0:74:07:24:a4:
                    c0:b2:a9:e5:a1:40:45:89:08:67:9d:62:10:10:a1:
                    47:9a:0a:00:3e:50:6a:58:0e:88:ea:b6:a6:42:f3:
                    c0:1d:f1:7a:d7:6d:58:54:88:43:75:a4:98:fd:2f:
                    3f:ba:0a:77:25:e4:23:ae:0f:c6:7f:5b:6a:a9:fd:
                    51:8f:a5:ec:c6:59:42:2c:e0:71:18:5b:62:31:56:
                    03:a8:62:ba:f9:71:c7:02:bf:30:a8:d1:64:57:03:
                    d0:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:2A:E5:AD:4F:45:09:F8:C4:D7:6D:91:5F:12:56:53:AB:7D:55:C2
            X509v3 Authority Key Identifier:
                keyid:18:F4:EE:88:58:4D:6D:FD:9E:3A:A9:BC:20:1C:50:F4:4E:35:3D:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GPTuiFhNbf2eOqm8IBxQ9E41PZw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/9f8fbe-b2e8-472d-9ebc-0b9885863ebf/1/AyrlrU9FCfjE122RXxJWU6t9VcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/9f8fbe-b2e8-472d-9ebc-0b9885863ebf/1/GPTuiFhNbf2eOqm8IBxQ9E41PZw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:a90::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:66:4a:7f:c1:2d:32:0a:88:fb:58:46:42:89:0f:a8:2a:50:
         aa:4c:bc:6d:00:31:8b:df:6b:c6:48:ef:da:b9:c9:37:ed:f0:
         84:8d:db:13:e0:bd:d3:c0:be:98:28:3a:0d:b2:65:e8:9d:bf:
         1d:e6:bc:72:00:b6:09:d6:84:71:b7:6b:9a:0b:00:39:75:2c:
         e5:e3:13:79:bf:3c:66:4e:7a:31:a1:12:c1:eb:fd:f3:6e:fd:
         b6:d9:35:5e:2c:75:0c:37:52:0f:2f:f9:55:2c:18:be:d5:04:
         fc:7d:74:a4:b5:b0:ac:9c:7b:e4:5b:48:3d:78:30:92:ec:49:
         d4:d4:ea:5b:0e:a6:0c:59:ee:05:2e:43:91:29:d0:5f:3d:86:
         70:62:5c:84:6d:28:78:aa:c9:63:88:16:d5:6e:26:02:53:71:
         fb:9f:e8:79:63:a8:d7:9a:af:df:49:c4:48:2e:c3:87:42:6e:
         47:da:06:68:f3:92:0c:36:7d:95:85:63:53:51:a5:69:9f:53:
         ef:9d:cf:87:ef:05:80:b9:02:11:8b:ed:5c:d1:1d:ae:d1:f9:
         86:a7:40:0a:87:7d:ab:ff:a3:2a:6c:22:5e:64:30:d1:85:53:
         ca:d1:62:07:2c:c9:8e:cb:90:3c:f3:35:9a:0d:de:ce:52:c4:
         88:d6:35:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSQwu99V6MeIDz002kYGZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ZjRlZTg4NTg0ZDZkZmQ5ZTNhYTliYzIwMWM1MGY0NGUz
NTNkOWMwHhcNMjQwMTAxMDQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzJhZTVhZDRmNDUwOWY4YzRkNzZkOTE1ZjEyNTY1M2FiN2Q1NWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIZn4R3z4sf6RXtAVJmi7JolKUK3
NP01wzCvSLnpN46MZO2xfMypaiFFKLLzsi5XTk3MVp8Bt/A4ND4S3+Zu6H9GjHUN
C90/isBTfd8rcyhWqL/jqYkVrR5v5mWD30k4oT+RO5LlMb5Qgd/Fhd0kBAHMXTrx
y50jDwbLQH1WH0THj3j5TXt4mZcxSyyxCS/Vsg6h/ScMymjN9PiWsAX3wHQHJKTA
sqnloUBFiQhnnWIQEKFHmgoAPlBqWA6I6ramQvPAHfF6121YVIhDdaSY/S8/ugp3
JeQjrg/Gf1tqqf1Rj6XsxllCLOBxGFtiMVYDqGK6+XHHAr8wqNFkVwPQiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAMq5a1PRQn4xNdtkV8SVlOrfVXCMB8GA1UdIwQY
MBaAFBj07ohYTW39njqpvCAcUPRONT2cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1BUdWlGaE5iZjJlT3FtOElCeFE5RTQxUFp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC85ZjhmYmUtYjJlOC00NzJkLTllYmMt
MGI5ODg1ODYzZWJmLzEvQXlybHJVOUZDZmpFMTIyUlh4SldVNnQ5VmNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC85ZjhmYmUtYjJlOC00NzJkLTllYmMtMGI5ODg1ODYzZWJm
LzEvR1BUdWlGaE5iZjJlT3FtOElCeFE5RTQxUFp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAqQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB4Zkp/wS0yCoj7WEZCiQ+oKlCqTLxtADGL32vG
SO/auck37fCEjdsT4L3TwL6YKDoNsmXonb8d5rxyALYJ1oRxt2uaCwA5dSzl4xN5
vzxmTnoxoRLB6/3zbv222TVeLHUMN1IPL/lVLBi+1QT8fXSktbCsnHvkW0g9eDCS
7EnU1OpbDqYMWe4FLkORKdBfPYZwYlyEbSh4qsljiBbVbiYCU3H7n+h5Y6jXmq/f
ScRILsOHQm5H2gZo85IMNn2VhWNTUaVpn1Pvnc+H7wWAuQIRi+1c0R2u0fmGp0AK
h32r/6MqbCJeZDDRhVPK0WIHLMmOy5A88zWaDd7OUsSI1jWb
-----END CERTIFICATE-----