Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/8e35f5-97d3-4351-9bb0-fcb36d81254a/1/adKs0DiM7Ptiws9Jyisw0BNu4Uw.roa
File:                     adKs0DiM7Ptiws9Jyisw0BNu4Uw.roa (raw, json)
Hash identifier:          lu9C4P2OsNY3+OCBTnePacfQnujz0h8JDNLg2l5gviY=
Subject key identifier:   69:D2:AC:D0:38:8C:EC:FB:62:C2:CF:49:CA:2B:30:D0:13:6E:E1:4C
Certificate issuer:       /CN=12e64042b6e7288a485db270c551329b802fd8c4
Certificate serial:       018CC8710CBB08476EDE81A1A54053546130
Authority key identifier: 12:E6:40:42:B6:E7:28:8A:48:5D:B2:70:C5:51:32:9B:80:2F:D8:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EuZAQrbnKIpIXbJwxVEym4Av2MQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/8e35f5-97d3-4351-9bb0-fcb36d81254a/1/adKs0DiM7Ptiws9Jyisw0BNu4Uw.roa
Signing time:             Tue 02 Jan 2024 04:31:40 +0000
ROA not before:           Tue 02 Jan 2024 04:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24868
IP address blocks:        2001:678:4d4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/8e35f5-97d3-4351-9bb0-fcb36d81254a/1/EuZAQrbnKIpIXbJwxVEym4Av2MQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/8e35f5-97d3-4351-9bb0-fcb36d81254a/1/EuZAQrbnKIpIXbJwxVEym4Av2MQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EuZAQrbnKIpIXbJwxVEym4Av2MQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:0c:bb:08:47:6e:de:81:a1:a5:40:53:54:61:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12e64042b6e7288a485db270c551329b802fd8c4
        Validity
            Not Before: Jan  2 04:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69d2acd0388cecfb62c2cf49ca2b30d0136ee14c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:95:6d:26:e2:d2:13:db:11:b5:07:6c:0f:74:
                    9b:08:c2:ee:fc:ef:36:0b:90:f8:18:aa:4c:68:dd:
                    de:16:be:66:de:3e:0f:53:71:f6:d8:1c:e0:fb:80:
                    df:f4:7c:7f:22:b5:69:bc:a1:16:31:c6:ce:31:11:
                    81:70:93:cb:ee:ab:64:d3:19:5d:54:f4:23:7d:cf:
                    4a:9c:f8:d4:b8:87:ab:6c:a2:8b:71:39:8d:fd:4b:
                    6a:b6:b0:92:d9:3f:66:d7:d1:6e:61:db:4f:b1:87:
                    c4:93:bc:b3:7b:3a:f9:bb:89:c5:31:4c:2c:65:68:
                    12:14:41:5b:ba:67:1b:f5:1d:a6:66:96:46:96:64:
                    f1:9f:8b:1f:86:23:a9:45:87:d6:00:80:d6:81:b8:
                    d6:6f:3a:79:3a:98:56:26:07:d9:d8:63:b2:39:4f:
                    cc:d4:2d:52:4e:05:72:e7:49:a6:00:19:f9:77:5f:
                    25:73:18:80:2a:a1:7c:20:6e:7d:5d:ae:bf:32:a0:
                    73:5a:c5:e2:4f:63:7e:25:8c:0d:01:c9:d5:35:81:
                    a3:6e:db:6a:60:e7:ca:80:4a:e5:ef:5a:56:dd:d5:
                    95:cd:e2:0f:26:c4:39:af:a6:68:6f:7f:87:27:69:
                    32:87:9e:22:45:c5:2b:f2:88:f2:81:41:3b:68:b5:
                    5f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:D2:AC:D0:38:8C:EC:FB:62:C2:CF:49:CA:2B:30:D0:13:6E:E1:4C
            X509v3 Authority Key Identifier:
                keyid:12:E6:40:42:B6:E7:28:8A:48:5D:B2:70:C5:51:32:9B:80:2F:D8:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EuZAQrbnKIpIXbJwxVEym4Av2MQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8e35f5-97d3-4351-9bb0-fcb36d81254a/1/adKs0DiM7Ptiws9Jyisw0BNu4Uw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8e35f5-97d3-4351-9bb0-fcb36d81254a/1/EuZAQrbnKIpIXbJwxVEym4Av2MQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:4d4::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:cf:bb:3f:e2:73:05:e8:9b:ec:f4:9c:07:5e:da:f9:f6:21:
         e9:68:2c:31:99:64:5d:12:1e:5d:47:ee:8b:cd:f4:b6:f0:83:
         4e:cf:ab:73:32:9f:db:fa:f9:75:9a:1d:ea:30:2f:75:11:7a:
         7c:c4:ec:3d:45:fe:2b:85:ac:d1:45:e8:b7:82:52:fc:30:77:
         f9:6a:df:30:1e:56:69:0e:73:4d:7c:64:bd:ce:8b:83:15:9e:
         c2:99:89:53:4e:b9:cc:07:a1:ce:e9:35:47:89:62:8e:7d:70:
         78:c7:1f:ca:1c:1b:f5:3d:ca:1f:1e:9f:ae:48:66:1a:b9:77:
         37:7f:00:4b:fa:c9:2b:45:f4:b3:a5:07:5a:f2:ec:cb:9e:40:
         f7:d7:69:b1:86:0c:8f:c6:64:d2:24:fa:a1:37:31:7e:7e:32:
         95:b7:d4:77:47:1c:66:03:50:0f:70:84:28:5b:2b:f3:4a:bf:
         6d:53:1e:ce:94:8f:33:2f:37:54:a0:27:26:f4:b7:02:1d:d5:
         3a:35:97:40:41:6d:50:50:ba:cd:9f:ab:69:51:90:43:76:d7:
         87:1a:be:16:5a:f0:67:99:aa:d3:2f:0a:36:75:56:ac:0d:50:
         99:88:3a:98:86:40:62:f6:30:fb:42:36:e7:a2:e6:6b:2b:b9:
         8f:ac:c9:ec
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIcQy7CEdu3oGhpUBTVGEwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZTY0MDQyYjZlNzI4OGE0ODVkYjI3MGM1NTEzMjliODAy
ZmQ4YzQwHhcNMjQwMTAyMDQzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWQyYWNkMDM4OGNlY2ZiNjJjMmNmNDljYTJiMzBkMDEzNmVlMTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipVtJuLSE9sRtQdsD3SbCMLu/O82
C5D4GKpMaN3eFr5m3j4PU3H22Bzg+4Df9Hx/IrVpvKEWMcbOMRGBcJPL7qtk0xld
VPQjfc9KnPjUuIerbKKLcTmN/UtqtrCS2T9m19FuYdtPsYfEk7yzezr5u4nFMUws
ZWgSFEFbumcb9R2mZpZGlmTxn4sfhiOpRYfWAIDWgbjWbzp5OphWJgfZ2GOyOU/M
1C1STgVy50mmABn5d18lcxiAKqF8IG59Xa6/MqBzWsXiT2N+JYwNAcnVNYGjbttq
YOfKgErl71pW3dWVzeIPJsQ5r6Zob3+HJ2kyh54iRcUr8ojygUE7aLVfjwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGnSrNA4jOz7YsLPScorMNATbuFMMB8GA1UdIwQY
MBaAFBLmQEK25yiKSF2ycMVRMpuAL9jEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXVaQVFyYm5LSXBJWGJKd3hWRXltNEF2Mk1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS84ZTM1ZjUtOTdkMy00MzUxLTliYjAt
ZmNiMzZkODEyNTRhLzEvYWRLczBEaU03UHRpd3M5Snlpc3cwQk51NFV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS84ZTM1ZjUtOTdkMy00MzUxLTliYjAtZmNiMzZkODEyNTRh
LzEvRXVaQVFyYm5LSXBJWGJKd3hWRXltNEF2Mk1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeATU
MA0GCSqGSIb3DQEBCwUAA4IBAQAuz7s/4nMF6Jvs9JwHXtr59iHpaCwxmWRdEh5d
R+6LzfS28INOz6tzMp/b+vl1mh3qMC91EXp8xOw9Rf4rhazRRei3glL8MHf5at8w
HlZpDnNNfGS9zouDFZ7CmYlTTrnMB6HO6TVHiWKOfXB4xx/KHBv1PcofHp+uSGYa
uXc3fwBL+skrRfSzpQda8uzLnkD312mxhgyPxmTSJPqhNzF+fjKVt9R3RxxmA1AP
cIQoWyvzSr9tUx7OlI8zLzdUoCcm9LcCHdU6NZdAQW1QULrNn6tpUZBDdteHGr4W
WvBnmarTLwo2dVasDVCZiDqYhkBi9jD7QjbnouZrK7mPrMns
-----END CERTIFICATE-----