Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/ac0923-7eb1-4a5f-9105-15b21a9b4325/1/rpBU-GDdeYZG3Wr_4lj2-nPM0OI.roa
File:                     rpBU-GDdeYZG3Wr_4lj2-nPM0OI.roa (raw, json)
Hash identifier:          Y1y2HqGP1fbRnLAYKD98Vpej3sSHbDws7it/3udxiKQ=
Subject key identifier:   AE:90:54:F8:60:DD:79:86:46:DD:6A:FF:E2:58:F6:FA:73:CC:D0:E2
Certificate issuer:       /CN=d62d7949e698441dbe9abc5609c49eaca73c9796
Certificate serial:       018CC649B7587DB25C0477EDF8B8B181ACCD
Authority key identifier: D6:2D:79:49:E6:98:44:1D:BE:9A:BC:56:09:C4:9E:AC:A7:3C:97:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1i15SeaYRB2-mrxWCcSerKc8l5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/ac0923-7eb1-4a5f-9105-15b21a9b4325/1/rpBU-GDdeYZG3Wr_4lj2-nPM0OI.roa
Signing time:             Mon 01 Jan 2024 18:29:28 +0000
ROA not before:           Mon 01 Jan 2024 18:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206128
IP address blocks:        2001:678:270::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/ac0923-7eb1-4a5f-9105-15b21a9b4325/1/1i15SeaYRB2-mrxWCcSerKc8l5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/ac0923-7eb1-4a5f-9105-15b21a9b4325/1/1i15SeaYRB2-mrxWCcSerKc8l5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1i15SeaYRB2-mrxWCcSerKc8l5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:b7:58:7d:b2:5c:04:77:ed:f8:b8:b1:81:ac:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d62d7949e698441dbe9abc5609c49eaca73c9796
        Validity
            Not Before: Jan  1 18:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae9054f860dd798646dd6affe258f6fa73ccd0e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:b9:ca:8b:3e:d3:1a:ce:81:4e:bd:fb:76:00:
                    e4:a2:82:b9:e4:bf:c0:07:f6:ae:a8:5b:2e:73:7e:
                    32:6f:d4:2a:2b:97:10:56:41:49:a6:cc:49:35:bf:
                    0b:24:5e:4e:0a:2c:0a:cc:fd:b6:4a:34:f0:c5:21:
                    04:44:29:f2:95:e9:17:d5:71:38:7e:17:02:5d:06:
                    12:7f:56:e7:00:75:db:e8:ee:f3:72:47:96:f2:0f:
                    39:2e:fc:0a:72:e2:29:5f:1b:26:1e:12:30:ab:ac:
                    92:a6:9d:2c:13:9d:f0:cb:6a:c3:c4:05:e7:87:07:
                    59:ed:5c:c1:f7:08:86:0a:63:45:63:37:7f:ef:ec:
                    d3:37:97:9c:d9:59:38:ae:0b:c8:f1:2a:3e:50:4e:
                    2f:b0:17:01:4a:77:8c:4c:99:78:52:36:f3:69:7b:
                    51:88:9d:79:2c:c8:7e:00:9b:15:04:6a:48:d5:64:
                    4d:31:df:09:82:16:c5:b8:be:2c:b8:44:9b:aa:51:
                    21:86:63:e5:fb:33:ef:7c:8b:7e:9b:49:0d:94:4d:
                    e9:d3:43:1f:dd:d8:88:f7:d8:a1:fc:40:82:41:0a:
                    39:84:a7:0e:ab:7f:c8:f9:13:87:4e:71:06:a0:4e:
                    70:06:62:6f:6d:45:f1:83:92:a9:3d:28:59:1d:81:
                    9f:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:90:54:F8:60:DD:79:86:46:DD:6A:FF:E2:58:F6:FA:73:CC:D0:E2
            X509v3 Authority Key Identifier:
                keyid:D6:2D:79:49:E6:98:44:1D:BE:9A:BC:56:09:C4:9E:AC:A7:3C:97:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1i15SeaYRB2-mrxWCcSerKc8l5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ac0923-7eb1-4a5f-9105-15b21a9b4325/1/rpBU-GDdeYZG3Wr_4lj2-nPM0OI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ac0923-7eb1-4a5f-9105-15b21a9b4325/1/1i15SeaYRB2-mrxWCcSerKc8l5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:270::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:fb:2b:c9:9e:a9:f4:c9:ec:c7:8f:e7:fd:47:10:25:2c:3d:
         89:de:e1:fb:2b:d7:9b:67:b7:75:42:a5:d0:d8:21:06:1f:c0:
         4c:ac:2c:a3:fc:e1:5d:f4:b5:ce:5d:e2:65:ad:d9:02:87:87:
         51:9f:14:f9:6c:ec:b5:96:4b:45:71:54:ba:98:6a:fc:11:00:
         cb:33:9a:d2:3c:98:ff:1a:1c:14:b7:44:fa:dd:2d:44:30:f5:
         a1:93:97:f9:66:21:3e:52:64:74:7d:d5:69:65:1c:8f:c7:f3:
         29:95:af:5b:68:74:4e:55:46:9d:5b:37:bf:e4:6a:5a:b4:f4:
         4d:6d:0e:58:29:5d:d9:41:2a:da:00:f2:68:5d:13:b5:a3:2b:
         79:0b:bd:6d:28:82:59:b6:c2:3f:db:e1:a0:f6:94:8c:57:51:
         12:28:20:27:67:aa:34:9e:9e:eb:43:3d:c1:5f:90:82:f0:80:
         d7:bc:e1:65:a4:55:cf:ac:bd:1c:d8:69:f6:b3:b2:eb:c0:ca:
         6a:97:3f:59:54:97:71:36:51:66:83:6f:48:b4:e9:b8:91:16:
         f5:ea:b5:1c:7e:27:78:5d:22:e0:b8:47:29:58:38:c0:e4:1f:
         be:6e:68:fd:70:1a:f2:77:bf:b6:f6:bb:06:97:1d:67:da:fd:
         b6:bd:04:15
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSbdYfbJcBHft+LixgazNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MmQ3OTQ5ZTY5ODQ0MWRiZTlhYmM1NjA5YzQ5ZWFjYTcz
Yzk3OTYwHhcNMjQwMTAxMTgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTkwNTRmODYwZGQ3OTg2NDZkZDZhZmZlMjU4ZjZmYTczY2NkMGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrnKiz7TGs6BTr37dgDkooK55L/A
B/auqFsuc34yb9QqK5cQVkFJpsxJNb8LJF5OCiwKzP22SjTwxSEERCnylekX1XE4
fhcCXQYSf1bnAHXb6O7zckeW8g85LvwKcuIpXxsmHhIwq6ySpp0sE53wy2rDxAXn
hwdZ7VzB9wiGCmNFYzd/7+zTN5ec2Vk4rgvI8So+UE4vsBcBSneMTJl4UjbzaXtR
iJ15LMh+AJsVBGpI1WRNMd8JghbFuL4suESbqlEhhmPl+zPvfIt+m0kNlE3p00Mf
3diI99ih/ECCQQo5hKcOq3/I+ROHTnEGoE5wBmJvbUXxg5KpPShZHYGf/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK6QVPhg3XmGRt1q/+JY9vpzzNDiMB8GA1UdIwQY
MBaAFNYteUnmmEQdvpq8VgnEnqynPJeWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWkxNVNlYVlSQjItbXJ4V0NjU2VyS2M4bDVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9hYzA5MjMtN2ViMS00YTVmLTkxMDUt
MTViMjFhOWI0MzI1LzEvcnBCVS1HRGRlWVpHM1dyXzRsajItblBNME9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9hYzA5MjMtN2ViMS00YTVmLTkxMDUtMTViMjFhOWI0MzI1
LzEvMWkxNVNlYVlSQjItbXJ4V0NjU2VyS2M4bDVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAJw
MA0GCSqGSIb3DQEBCwUAA4IBAQAK+yvJnqn0yezHj+f9RxAlLD2J3uH7K9ebZ7d1
QqXQ2CEGH8BMrCyj/OFd9LXOXeJlrdkCh4dRnxT5bOy1lktFcVS6mGr8EQDLM5rS
PJj/GhwUt0T63S1EMPWhk5f5ZiE+UmR0fdVpZRyPx/Mpla9baHROVUadWze/5Gpa
tPRNbQ5YKV3ZQSraAPJoXRO1oyt5C71tKIJZtsI/2+Gg9pSMV1ESKCAnZ6o0np7r
Qz3BX5CC8IDXvOFlpFXPrL0c2Gn2s7LrwMpqlz9ZVJdxNlFmg29ItOm4kRb16rUc
fid4XSLguEcpWDjA5B++bmj9cBryd7+29rsGlx1n2v22vQQV
-----END CERTIFICATE-----