Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/dlRM58llXYh72ParP1vTdHCIZvs.roa
File:                     dlRM58llXYh72ParP1vTdHCIZvs.roa (raw, json)
Hash identifier:          UAn2M2P38JTdw3XGCkspdwYU84sPY+nWZzZUNynNIbU=
Subject key identifier:   76:54:4C:E7:C9:65:5D:88:7B:D8:F6:AB:3F:5B:D3:74:70:88:66:FB
Certificate issuer:       /CN=8f8685dbadffb01ddcce6c4d82a97f33c040ed2d
Certificate serial:       018CC80119030520345CEE53F0133B086C55
Authority key identifier: 8F:86:85:DB:AD:FF:B0:1D:DC:CE:6C:4D:82:A9:7F:33:C0:40:ED:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j4aF263_sB3czmxNgql_M8BA7S0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/dlRM58llXYh72ParP1vTdHCIZvs.roa
Signing time:             Tue 02 Jan 2024 02:29:24 +0000
ROA not before:           Tue 02 Jan 2024 02:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41948
IP address blocks:        2001:678:4c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/j4aF263_sB3czmxNgql_M8BA7S0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/j4aF263_sB3czmxNgql_M8BA7S0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j4aF263_sB3czmxNgql_M8BA7S0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:19:03:05:20:34:5c:ee:53:f0:13:3b:08:6c:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f8685dbadffb01ddcce6c4d82a97f33c040ed2d
        Validity
            Not Before: Jan  2 02:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76544ce7c9655d887bd8f6ab3f5bd374708866fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:eb:76:94:16:d6:fb:2e:d4:3f:ee:15:b4:be:
                    ae:58:6b:4a:3b:55:4e:7f:94:bb:1b:f8:90:c7:91:
                    f7:49:64:fb:ff:55:70:9e:06:13:04:95:74:1a:e2:
                    05:ca:b0:be:d1:9f:9b:7a:d2:ae:ff:3a:d6:f6:99:
                    6d:13:98:d2:8c:9c:f4:8d:3a:ea:27:a6:06:1d:af:
                    ac:4b:82:ab:b3:c9:1b:cb:80:a2:73:a0:f8:29:56:
                    37:15:1d:8e:7b:ae:dc:9d:e7:dd:c0:63:dc:0b:38:
                    c7:83:0d:dd:4f:b3:f0:6f:14:d8:8a:40:dd:64:2d:
                    6e:24:34:99:68:55:0e:cc:6e:01:aa:1a:b9:15:fe:
                    0f:ad:84:f5:06:fd:15:fd:06:62:1b:d9:a1:4e:39:
                    ba:de:6b:0f:a2:b1:06:5d:a0:5e:73:8f:2b:33:d1:
                    25:97:cc:cc:11:2a:33:d0:65:24:ff:d3:21:88:94:
                    a0:4d:dd:c5:6c:d5:72:32:be:95:54:aa:ec:1f:1d:
                    a6:d8:2e:cb:73:56:03:97:6b:40:33:ce:57:86:c2:
                    8f:f1:5f:a5:cc:1a:e7:7d:5a:d8:23:08:ee:68:56:
                    eb:55:da:f9:71:c6:40:36:9a:d7:61:e7:80:04:be:
                    c3:53:0a:ce:b1:78:33:f4:ac:de:62:cc:23:ee:49:
                    d5:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:54:4C:E7:C9:65:5D:88:7B:D8:F6:AB:3F:5B:D3:74:70:88:66:FB
            X509v3 Authority Key Identifier:
                keyid:8F:86:85:DB:AD:FF:B0:1D:DC:CE:6C:4D:82:A9:7F:33:C0:40:ED:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j4aF263_sB3czmxNgql_M8BA7S0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/dlRM58llXYh72ParP1vTdHCIZvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/j4aF263_sB3czmxNgql_M8BA7S0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:4c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:a3:21:82:1a:20:72:17:6e:1f:63:72:4b:3f:da:e6:7b:18:
         e6:f5:ae:8f:75:0c:05:d5:d2:f6:af:9c:0d:99:4f:5f:84:51:
         c0:cf:d2:44:fe:4e:e5:60:f8:80:03:bd:d3:2d:5a:3f:63:66:
         21:ec:bb:ef:48:cf:f1:11:f8:9d:46:d1:e4:36:5d:e6:b2:44:
         53:db:02:a6:9a:23:36:d3:a3:a7:c9:d2:49:5e:55:6d:22:65:
         55:e5:b4:13:24:4c:22:01:65:09:e7:42:0d:9b:f2:d5:14:bb:
         07:82:12:57:7a:46:af:9b:f3:4b:38:d8:c6:2c:81:b8:6f:47:
         d7:28:d0:b2:59:b3:84:69:77:03:66:37:c7:8b:76:39:60:68:
         fa:d0:65:c8:5d:19:44:8e:51:b1:36:04:34:cf:0f:bd:05:24:
         d1:7f:c2:7c:c5:0a:8b:cc:c3:73:a9:37:a2:9e:85:ea:11:33:
         6a:3e:0e:1b:a4:48:ad:3f:e5:1c:cf:ad:e5:0e:14:a7:49:df:
         97:e6:c8:f7:13:8d:73:22:88:3b:2e:20:97:17:07:e3:44:37:
         a3:5e:3b:50:f0:fd:8c:32:78:24:7f:a2:68:83:65:34:25:aa:
         7e:2c:b4:3b:5e:5a:69:c1:d8:c2:10:16:9a:cf:14:86:97:65:
         8b:2c:36:fd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIARkDBSA0XO5T8BM7CGxVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmODY4NWRiYWRmZmIwMWRkY2NlNmM0ZDgyYTk3ZjMzYzA0
MGVkMmQwHhcNMjQwMTAyMDIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjU0NGNlN2M5NjU1ZDg4N2JkOGY2YWIzZjViZDM3NDcwODg2NmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+t2lBbW+y7UP+4VtL6uWGtKO1VO
f5S7G/iQx5H3SWT7/1VwngYTBJV0GuIFyrC+0Z+betKu/zrW9pltE5jSjJz0jTrq
J6YGHa+sS4Krs8kby4Cic6D4KVY3FR2Oe67cnefdwGPcCzjHgw3dT7PwbxTYikDd
ZC1uJDSZaFUOzG4Bqhq5Ff4PrYT1Bv0V/QZiG9mhTjm63msPorEGXaBec48rM9El
l8zMESoz0GUk/9MhiJSgTd3FbNVyMr6VVKrsHx2m2C7Lc1YDl2tAM85XhsKP8V+l
zBrnfVrYIwjuaFbrVdr5ccZANprXYeeABL7DUwrOsXgz9KzeYswj7knVqQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHZUTOfJZV2Ie9j2qz9b03RwiGb7MB8GA1UdIwQY
MBaAFI+Ghdut/7Ad3M5sTYKpfzPAQO0tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajRhRjI2M19zQjNjem14TmdxbF9NOEJBN1MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS83MTJmMDMtYWZlOS00ZjY1LWFjZWMt
NjdjZmUzMDY3YjJhLzEvZGxSTTU4bGxYWWg3MlBhclAxdlRkSENJWnZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS83MTJmMDMtYWZlOS00ZjY1LWFjZWMtNjdjZmUzMDY3YjJh
LzEvajRhRjI2M19zQjNjem14TmdxbF9NOEJBN1MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeATA
MA0GCSqGSIb3DQEBCwUAA4IBAQBvoyGCGiByF24fY3JLP9rmexjm9a6PdQwF1dL2
r5wNmU9fhFHAz9JE/k7lYPiAA73TLVo/Y2Yh7LvvSM/xEfidRtHkNl3mskRT2wKm
miM206OnydJJXlVtImVV5bQTJEwiAWUJ50INm/LVFLsHghJXekavm/NLONjGLIG4
b0fXKNCyWbOEaXcDZjfHi3Y5YGj60GXIXRlEjlGxNgQ0zw+9BSTRf8J8xQqLzMNz
qTeinoXqETNqPg4bpEitP+Ucz63lDhSnSd+X5sj3E41zIog7LiCXFwfjRDejXjtQ
8P2MMngkf6Jog2U0Jap+LLQ7XlppwdjCEBaazxSGl2WLLDb9
-----END CERTIFICATE-----