Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/3b2bfd-60eb-4cbf-9f7f-136257e3076e/1/_GFq6_JzVkuyU3mMeBbtNXzof5A.roa
File:                     _GFq6_JzVkuyU3mMeBbtNXzof5A.roa (raw, json)
Hash identifier:          vQcJplLjciWLhznSDKFDs7ZylSTcUwjVj4JTywwYeVk=
Subject key identifier:   FC:61:6A:EB:F2:73:56:4B:B2:53:79:8C:78:16:ED:35:7C:E8:7F:90
Certificate issuer:       /CN=4bfc5a29410f1ffcf4de2a5a7058f51620b30b79
Certificate serial:       018CC8019F6AA612E195FC2598D0EE21A633
Authority key identifier: 4B:FC:5A:29:41:0F:1F:FC:F4:DE:2A:5A:70:58:F5:16:20:B3:0B:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S_xaKUEPH_z03ipacFj1FiCzC3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/3b2bfd-60eb-4cbf-9f7f-136257e3076e/1/_GFq6_JzVkuyU3mMeBbtNXzof5A.roa
Signing time:             Tue 02 Jan 2024 02:29:58 +0000
ROA not before:           Tue 02 Jan 2024 02:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212998
IP address blocks:        2001:678:dd4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/3b2bfd-60eb-4cbf-9f7f-136257e3076e/1/S_xaKUEPH_z03ipacFj1FiCzC3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/3b2bfd-60eb-4cbf-9f7f-136257e3076e/1/S_xaKUEPH_z03ipacFj1FiCzC3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S_xaKUEPH_z03ipacFj1FiCzC3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:9f:6a:a6:12:e1:95:fc:25:98:d0:ee:21:a6:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4bfc5a29410f1ffcf4de2a5a7058f51620b30b79
        Validity
            Not Before: Jan  2 02:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc616aebf273564bb253798c7816ed357ce87f90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d8:95:90:9b:40:53:2c:af:fb:85:2a:2c:dc:
                    a1:41:4f:0f:b3:c5:9e:f8:aa:30:b1:98:03:4d:c7:
                    1a:bc:67:9f:77:e5:a9:ef:0b:a2:7f:f3:85:4a:48:
                    ea:d8:80:22:c1:93:61:36:54:2d:6b:c7:6f:66:d6:
                    40:47:b7:98:d0:47:70:12:a3:9c:e4:a5:bc:09:53:
                    af:11:a1:a7:15:32:92:2b:14:4e:cf:c1:a4:2e:82:
                    f0:ab:eb:21:ba:39:a6:49:29:8c:98:76:3e:f0:e9:
                    78:07:4f:46:42:e4:70:14:73:be:29:cd:a2:4f:b3:
                    57:12:76:ce:62:26:13:22:48:54:cf:27:17:75:9e:
                    61:21:b3:84:3f:d0:45:b5:cd:33:51:6a:f0:1b:b9:
                    53:76:02:42:87:fa:71:a6:92:90:94:59:6b:25:64:
                    d1:6a:37:c4:0d:6c:85:5f:1b:86:95:ec:fa:03:1b:
                    b9:00:3a:ce:2f:f1:c7:9e:24:ff:3f:a0:c7:0a:d4:
                    c4:13:7b:f6:c0:ec:1a:00:7e:c8:97:3d:5b:48:d5:
                    5c:72:77:a4:ad:a6:e6:62:15:31:ea:1c:01:38:af:
                    9b:8d:64:5d:25:de:c7:1d:4c:09:ba:c8:cb:14:e6:
                    6c:84:26:38:42:70:20:bf:96:2c:32:c7:1d:dc:0c:
                    82:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:61:6A:EB:F2:73:56:4B:B2:53:79:8C:78:16:ED:35:7C:E8:7F:90
            X509v3 Authority Key Identifier:
                keyid:4B:FC:5A:29:41:0F:1F:FC:F4:DE:2A:5A:70:58:F5:16:20:B3:0B:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S_xaKUEPH_z03ipacFj1FiCzC3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/3b2bfd-60eb-4cbf-9f7f-136257e3076e/1/_GFq6_JzVkuyU3mMeBbtNXzof5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/3b2bfd-60eb-4cbf-9f7f-136257e3076e/1/S_xaKUEPH_z03ipacFj1FiCzC3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:dd4::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:a4:e1:9e:97:49:ee:5e:46:44:54:85:36:7f:01:35:c5:77:
         6a:51:a3:c0:4d:ff:95:8e:24:93:f6:80:b7:c2:88:06:47:b9:
         9a:e5:29:76:d6:ee:61:49:ba:a7:cb:9d:c8:ca:0e:22:e5:52:
         d4:52:af:22:6a:32:75:e9:9a:cb:48:30:78:bf:2a:24:02:ea:
         68:2c:a6:78:14:ef:81:2a:b2:d0:68:3f:b2:bb:bc:bc:29:94:
         9b:83:68:11:22:47:12:82:c3:5c:7b:d5:02:5b:ff:78:e1:c6:
         f1:09:0f:05:98:fa:8e:25:7d:5b:b1:3b:b9:aa:d8:ce:d6:ec:
         33:40:4d:da:59:47:55:f4:cd:1e:bf:e8:76:34:68:9d:3c:7d:
         bf:fa:62:55:93:84:a0:4c:bb:f2:ff:29:b2:12:be:a1:d3:83:
         dd:a0:51:e2:3c:03:d2:16:81:44:63:b4:a0:3e:33:64:42:01:
         d9:b4:4b:bd:bc:b8:36:2b:f4:18:f2:a9:48:d2:4e:4a:3e:5e:
         39:6c:d0:35:99:9a:ef:e2:3b:87:ca:3f:c6:ca:70:38:43:87:
         b4:3d:9c:b2:62:2d:9e:a6:43:00:99:1f:7f:a4:1d:4b:fa:25:
         61:40:27:33:98:f9:72:0d:d4:69:6c:00:ae:d8:0e:19:a6:41:
         ac:79:17:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAZ9qphLhlfwlmNDuIaYzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZmM1YTI5NDEwZjFmZmNmNGRlMmE1YTcwNThmNTE2MjBi
MzBiNzkwHhcNMjQwMTAyMDIyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzYxNmFlYmYyNzM1NjRiYjI1Mzc5OGM3ODE2ZWQzNTdjZTg3ZjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdiVkJtAUyyv+4UqLNyhQU8Ps8We
+KowsZgDTccavGefd+Wp7wuif/OFSkjq2IAiwZNhNlQta8dvZtZAR7eY0EdwEqOc
5KW8CVOvEaGnFTKSKxROz8GkLoLwq+shujmmSSmMmHY+8Ol4B09GQuRwFHO+Kc2i
T7NXEnbOYiYTIkhUzycXdZ5hIbOEP9BFtc0zUWrwG7lTdgJCh/pxppKQlFlrJWTR
ajfEDWyFXxuGlez6Axu5ADrOL/HHniT/P6DHCtTEE3v2wOwaAH7Ilz1bSNVccnek
rabmYhUx6hwBOK+bjWRdJd7HHUwJusjLFOZshCY4QnAgv5YsMscd3AyCUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPxhauvyc1ZLslN5jHgW7TV86H+QMB8GA1UdIwQY
MBaAFEv8WilBDx/89N4qWnBY9RYgswt5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU194YUtVRVBIX3owM2lwYWNGajFGaUN6QzNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8zYjJiZmQtNjBlYi00Y2JmLTlmN2Yt
MTM2MjU3ZTMwNzZlLzEvX0dGcTZfSnpWa3V5VTNtTWVCYnROWHpvZjVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8zYjJiZmQtNjBlYi00Y2JmLTlmN2YtMTM2MjU3ZTMwNzZl
LzEvU194YUtVRVBIX3owM2lwYWNGajFGaUN6QzNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA3U
MA0GCSqGSIb3DQEBCwUAA4IBAQBApOGel0nuXkZEVIU2fwE1xXdqUaPATf+VjiST
9oC3wogGR7ma5Sl21u5hSbqny53Iyg4i5VLUUq8iajJ16ZrLSDB4vyokAupoLKZ4
FO+BKrLQaD+yu7y8KZSbg2gRIkcSgsNce9UCW/944cbxCQ8FmPqOJX1bsTu5qtjO
1uwzQE3aWUdV9M0ev+h2NGidPH2/+mJVk4SgTLvy/ymyEr6h04PdoFHiPAPSFoFE
Y7SgPjNkQgHZtEu9vLg2K/QY8qlI0k5KPl45bNA1mZrv4juHyj/GynA4Q4e0PZyy
Yi2epkMAmR9/pB1L+iVhQCczmPlyDdRpbACu2A4ZpkGseRce
-----END CERTIFICATE-----