Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/dfa9ee-8924-4b95-a9dd-0b1802184b09/1/IsYV5KFjV1eMtUFF78omQ671c-4.roa
File:                     IsYV5KFjV1eMtUFF78omQ671c-4.roa (raw, json)
Hash identifier:          l3eeBhvF3ltPJ6fCJ5QTHsALNO/HMhtGk+nuwqJsHzc=
Subject key identifier:   22:C6:15:E4:A1:63:57:57:8C:B5:41:45:EF:CA:26:43:AE:F5:73:EE
Certificate issuer:       /CN=ca4d141f3af71a8bcf852ca761fcb4dec01578e4
Certificate serial:       018FC172364E12DF846082ABC723A04B6B1E
Authority key identifier: CA:4D:14:1F:3A:F7:1A:8B:CF:85:2C:A7:61:FC:B4:DE:C0:15:78:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yk0UHzr3GovPhSynYfy03sAVeOQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/dfa9ee-8924-4b95-a9dd-0b1802184b09/1/IsYV5KFjV1eMtUFF78omQ671c-4.roa
Signing time:             Tue 28 May 2024 23:03:58 +0000
ROA not before:           Tue 28 May 2024 23:03:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205684
IP address blocks:        2001:678:d04::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/dfa9ee-8924-4b95-a9dd-0b1802184b09/1/yk0UHzr3GovPhSynYfy03sAVeOQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/dfa9ee-8924-4b95-a9dd-0b1802184b09/1/yk0UHzr3GovPhSynYfy03sAVeOQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yk0UHzr3GovPhSynYfy03sAVeOQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c1:72:36:4e:12:df:84:60:82:ab:c7:23:a0:4b:6b:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca4d141f3af71a8bcf852ca761fcb4dec01578e4
        Validity
            Not Before: May 28 23:03:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22c615e4a16357578cb54145efca2643aef573ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:bd:55:23:6b:c0:4d:0c:3a:ab:93:a6:e5:2e:
                    87:17:47:51:6d:5d:72:a6:fc:0f:56:42:d5:c2:13:
                    71:4b:07:fc:59:56:9a:90:58:c7:13:8c:e2:5a:05:
                    72:b7:5c:17:c9:5d:12:b1:f3:71:e1:97:d6:d0:7a:
                    e2:3c:37:13:9d:f3:36:1e:40:99:8a:a0:c8:a7:57:
                    85:1e:c0:ff:9a:c5:35:05:1b:c6:39:fd:91:5c:67:
                    b5:5f:e2:a0:ee:a6:a7:12:d7:10:0c:92:92:52:71:
                    02:fb:4f:b4:e8:95:7b:8b:dc:e0:a2:91:5d:b9:db:
                    8f:47:ee:f0:67:f2:ac:b7:ab:dc:2f:16:67:fd:b3:
                    91:0a:34:42:85:93:a0:15:d6:03:3d:8b:d4:81:36:
                    95:bb:55:48:a5:52:3a:9b:ea:44:c9:d4:39:63:23:
                    77:a3:34:93:23:b1:59:dc:1b:1d:f2:05:5e:d2:a4:
                    88:1a:3a:7a:82:b4:a1:1c:d8:02:35:9c:83:a6:d2:
                    25:9c:ff:86:b0:1f:06:29:0b:08:da:60:75:88:cf:
                    50:85:49:a8:7f:02:e5:9a:a4:34:a6:24:33:8f:d8:
                    0f:41:a4:5c:ca:ac:39:ea:07:50:86:0f:e0:ce:77:
                    3b:94:ae:cf:5d:0b:79:de:62:2c:8b:a9:0a:14:0c:
                    6a:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:C6:15:E4:A1:63:57:57:8C:B5:41:45:EF:CA:26:43:AE:F5:73:EE
            X509v3 Authority Key Identifier:
                keyid:CA:4D:14:1F:3A:F7:1A:8B:CF:85:2C:A7:61:FC:B4:DE:C0:15:78:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yk0UHzr3GovPhSynYfy03sAVeOQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/dfa9ee-8924-4b95-a9dd-0b1802184b09/1/IsYV5KFjV1eMtUFF78omQ671c-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/dfa9ee-8924-4b95-a9dd-0b1802184b09/1/yk0UHzr3GovPhSynYfy03sAVeOQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d04::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:e2:de:ab:24:5c:05:11:c5:a1:f3:f4:cb:b9:b8:e3:6f:c7:
         b7:8b:b3:5e:68:f0:6a:c6:84:f6:c1:ac:07:22:eb:76:76:db:
         81:a1:c0:de:96:1e:89:6f:02:d6:f0:2e:26:ec:7a:b8:98:2f:
         d9:4d:2a:ea:27:f8:86:08:1f:2e:e5:f9:5d:12:5f:fe:36:77:
         b2:3d:4a:14:49:07:41:43:96:d3:7b:fc:8a:88:35:23:9e:2f:
         f3:8b:c1:a3:b2:a5:77:db:7e:7a:54:a6:eb:36:08:a7:1a:69:
         7f:3f:7c:17:7e:71:c0:43:6f:78:34:0d:b5:ee:4f:c8:fe:e6:
         22:0b:88:34:2c:2a:24:57:3d:d7:46:fa:1a:3a:9f:8a:d0:21:
         cd:67:43:a4:43:3a:6f:0e:76:45:83:bd:2e:3c:af:35:8e:97:
         16:08:2e:81:41:0f:f4:30:36:17:73:87:e4:81:68:20:47:a3:
         9d:90:1d:9b:03:2b:66:c1:41:72:68:0a:d9:80:7a:fa:00:b7:
         9d:d7:25:ed:ae:e2:31:a7:53:e5:41:87:b9:a4:ce:e6:ac:ec:
         70:f1:1d:6f:46:d7:c1:1b:e2:5c:f5:9a:62:db:42:27:70:82:
         5a:44:51:86:e1:5d:47:00:08:76:73:e1:c1:64:60:58:b1:d6:
         e1:98:f8:ea
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY/BcjZOEt+EYIKrxyOgS2seMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNGQxNDFmM2FmNzFhOGJjZjg1MmNhNzYxZmNiNGRlYzAx
NTc4ZTQwHhcNMjQwNTI4MjMwMzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmM2MTVlNGExNjM1NzU3OGNiNTQxNDVlZmNhMjY0M2FlZjU3M2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqL1VI2vATQw6q5Om5S6HF0dRbV1y
pvwPVkLVwhNxSwf8WVaakFjHE4ziWgVyt1wXyV0SsfNx4ZfW0HriPDcTnfM2HkCZ
iqDIp1eFHsD/msU1BRvGOf2RXGe1X+Kg7qanEtcQDJKSUnEC+0+06JV7i9zgopFd
uduPR+7wZ/Kst6vcLxZn/bORCjRChZOgFdYDPYvUgTaVu1VIpVI6m+pEydQ5YyN3
ozSTI7FZ3Bsd8gVe0qSIGjp6grShHNgCNZyDptIlnP+GsB8GKQsI2mB1iM9QhUmo
fwLlmqQ0piQzj9gPQaRcyqw56gdQhg/gznc7lK7PXQt53mIsi6kKFAxqdQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCLGFeShY1dXjLVBRe/KJkOu9XPuMB8GA1UdIwQY
MBaAFMpNFB869xqLz4Usp2H8tN7AFXjkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWswVUh6cjNHb3ZQaFN5bllmeTAzc0FWZU9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9kZmE5ZWUtODkyNC00Yjk1LWE5ZGQt
MGIxODAyMTg0YjA5LzEvSXNZVjVLRmpWMWVNdFVGRjc4b21RNjcxYy00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9kZmE5ZWUtODkyNC00Yjk1LWE5ZGQtMGIxODAyMTg0YjA5
LzEveWswVUh6cjNHb3ZQaFN5bllmeTAzc0FWZU9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA0E
MA0GCSqGSIb3DQEBCwUAA4IBAQBU4t6rJFwFEcWh8/TLubjjb8e3i7NeaPBqxoT2
wawHIut2dtuBocDelh6JbwLW8C4m7Hq4mC/ZTSrqJ/iGCB8u5fldEl/+NneyPUoU
SQdBQ5bTe/yKiDUjni/zi8GjsqV32356VKbrNginGml/P3wXfnHAQ294NA217k/I
/uYiC4g0LCokVz3XRvoaOp+K0CHNZ0OkQzpvDnZFg70uPK81jpcWCC6BQQ/0MDYX
c4fkgWggR6OdkB2bAytmwUFyaArZgHr6ALed1yXtruIxp1PlQYe5pM7mrOxw8R1v
RtfBG+Jc9Zpi20IncIJaRFGG4V1HAAh2c+HBZGBYsdbhmPjq
-----END CERTIFICATE-----