Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/e9cbf3-3a5d-4b74-86d3-cb0f2455cbd6/1/gjpaWHy_aoG7fcjR0I5YsKvvBtQ.roa
File:                     gjpaWHy_aoG7fcjR0I5YsKvvBtQ.roa (raw, json)
Hash identifier:          52e8y+yjm9dF/Vqmh/XhQszaQGGzbQVws34daBJ+vGM=
Subject key identifier:   82:3A:5A:58:7C:BF:6A:81:BB:7D:C8:D1:D0:8E:58:B0:AB:EF:06:D4
Certificate issuer:       /CN=d2bb66fbdeaafff43b9650b1f6cbe4f29edaf58c
Certificate serial:       018CC8DF688CD748CD1C641411E7376C4794
Authority key identifier: D2:BB:66:FB:DE:AA:FF:F4:3B:96:50:B1:F6:CB:E4:F2:9E:DA:F5:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0rtm-96q__Q7llCx9svk8p7a9Yw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/e9cbf3-3a5d-4b74-86d3-cb0f2455cbd6/1/gjpaWHy_aoG7fcjR0I5YsKvvBtQ.roa
Signing time:             Tue 02 Jan 2024 06:32:13 +0000
ROA not before:           Tue 02 Jan 2024 06:32:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8873
IP address blocks:        2001:678:848::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/e9cbf3-3a5d-4b74-86d3-cb0f2455cbd6/1/0rtm-96q__Q7llCx9svk8p7a9Yw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/e9cbf3-3a5d-4b74-86d3-cb0f2455cbd6/1/0rtm-96q__Q7llCx9svk8p7a9Yw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0rtm-96q__Q7llCx9svk8p7a9Yw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:68:8c:d7:48:cd:1c:64:14:11:e7:37:6c:47:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2bb66fbdeaafff43b9650b1f6cbe4f29edaf58c
        Validity
            Not Before: Jan  2 06:32:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=823a5a587cbf6a81bb7dc8d1d08e58b0abef06d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ca:0e:7f:33:ae:f5:d0:7c:4b:d3:26:37:08:
                    02:dc:cf:46:75:b8:6f:2e:33:1d:a6:ad:00:b8:d5:
                    a6:62:f5:5f:88:e7:11:ff:8f:b8:45:ce:b7:77:d2:
                    12:fa:cc:7f:44:d4:2e:70:18:22:36:1b:96:ef:57:
                    2f:64:63:5b:fa:b4:82:c1:6c:2e:8f:35:be:69:e7:
                    0d:f4:8f:50:88:61:27:c5:55:08:4d:80:c3:99:c9:
                    53:2f:4b:93:d3:60:a7:04:0f:48:2c:5f:d6:f2:fc:
                    e7:23:4b:b9:9e:cd:73:1c:d2:4d:27:94:6a:50:56:
                    04:b9:38:e1:af:9c:db:1e:30:dd:9b:76:f6:82:fa:
                    b8:ac:91:68:4f:b6:8a:86:17:d7:79:4d:34:98:08:
                    c0:6d:b2:3d:56:f1:c4:88:5c:75:b0:96:f4:4e:bc:
                    a1:89:52:3e:c6:1c:98:d2:b8:a1:02:a6:26:de:b2:
                    6d:d2:be:b5:f5:38:22:52:83:a8:18:65:53:e9:f5:
                    59:37:05:f3:14:a5:a9:e4:97:06:c4:c5:8c:7a:fd:
                    18:90:1b:6f:d8:3d:a9:3c:51:a4:0b:fc:fb:7c:f8:
                    c7:5b:f1:47:ea:2e:65:cd:71:ee:b5:3b:5d:e3:e1:
                    99:80:61:57:72:68:d0:fa:4e:ae:6b:c4:3a:d6:b6:
                    36:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:3A:5A:58:7C:BF:6A:81:BB:7D:C8:D1:D0:8E:58:B0:AB:EF:06:D4
            X509v3 Authority Key Identifier:
                keyid:D2:BB:66:FB:DE:AA:FF:F4:3B:96:50:B1:F6:CB:E4:F2:9E:DA:F5:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0rtm-96q__Q7llCx9svk8p7a9Yw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/e9cbf3-3a5d-4b74-86d3-cb0f2455cbd6/1/gjpaWHy_aoG7fcjR0I5YsKvvBtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/e9cbf3-3a5d-4b74-86d3-cb0f2455cbd6/1/0rtm-96q__Q7llCx9svk8p7a9Yw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:848::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:14:d9:e2:bd:40:3e:5a:c3:04:38:76:88:a7:64:fc:6c:cf:
         66:2e:07:a7:ec:72:e5:a8:e8:03:65:5c:8f:36:d2:4a:fc:25:
         65:79:81:43:fa:76:45:d0:b1:2d:02:c6:d5:ce:c7:96:3e:65:
         ce:9b:1c:c0:9a:b1:ae:16:14:c6:00:46:78:7b:42:6d:71:ae:
         03:ed:41:80:ac:52:b4:7d:23:7c:20:01:6a:80:31:39:3a:c3:
         69:89:f9:b4:3b:b7:d5:e3:58:fb:05:58:6e:a3:0f:80:89:ff:
         50:ef:ed:b2:d1:ea:18:65:49:6d:6f:7a:49:3d:a7:3d:4f:a7:
         16:6f:86:e9:af:fe:e1:18:66:5a:e9:c3:af:4b:c6:2e:ce:fc:
         0a:c9:1e:ca:cc:4a:d8:6d:a3:5d:ad:a7:6c:20:3f:d8:9a:ee:
         ac:76:81:57:76:75:ae:67:13:75:ba:9b:98:69:62:65:cb:48:
         03:fb:5e:15:80:47:a2:20:db:46:be:6f:82:0a:d0:f6:b7:73:
         e4:37:dc:8a:2d:1a:47:4a:96:83:ec:7f:42:de:06:34:dc:4b:
         9e:d0:71:02:65:8e:61:0c:0e:e7:9b:cd:f8:b1:9f:19:24:c9:
         f5:06:6e:2b:6c:38:2e:78:67:1c:e8:c5:7f:e8:e8:1e:b7:44:
         de:90:e5:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI32iM10jNHGQUEec3bEeUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYmI2NmZiZGVhYWZmZjQzYjk2NTBiMWY2Y2JlNGYyOWVk
YWY1OGMwHhcNMjQwMTAyMDYzMjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjNhNWE1ODdjYmY2YTgxYmI3ZGM4ZDFkMDhlNThiMGFiZWYwNmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8oOfzOu9dB8S9MmNwgC3M9Gdbhv
LjMdpq0AuNWmYvVfiOcR/4+4Rc63d9IS+sx/RNQucBgiNhuW71cvZGNb+rSCwWwu
jzW+aecN9I9QiGEnxVUITYDDmclTL0uT02CnBA9ILF/W8vznI0u5ns1zHNJNJ5Rq
UFYEuTjhr5zbHjDdm3b2gvq4rJFoT7aKhhfXeU00mAjAbbI9VvHEiFx1sJb0Tryh
iVI+xhyY0rihAqYm3rJt0r619TgiUoOoGGVT6fVZNwXzFKWp5JcGxMWMev0YkBtv
2D2pPFGkC/z7fPjHW/FH6i5lzXHutTtd4+GZgGFXcmjQ+k6ua8Q61rY2FQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFII6Wlh8v2qBu33I0dCOWLCr7wbUMB8GA1UdIwQY
MBaAFNK7Zvveqv/0O5ZQsfbL5PKe2vWMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHJ0bS05NnFfX1E3bGxDeDlzdms4cDdhOVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9lOWNiZjMtM2E1ZC00Yjc0LTg2ZDMt
Y2IwZjI0NTVjYmQ2LzEvZ2pwYVdIeV9hb0c3ZmNqUjBJNVlzS3Z2QnRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9lOWNiZjMtM2E1ZC00Yjc0LTg2ZDMtY2IwZjI0NTVjYmQ2
LzEvMHJ0bS05NnFfX1E3bGxDeDlzdms4cDdhOVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAhI
MA0GCSqGSIb3DQEBCwUAA4IBAQC/FNnivUA+WsMEOHaIp2T8bM9mLgen7HLlqOgD
ZVyPNtJK/CVleYFD+nZF0LEtAsbVzseWPmXOmxzAmrGuFhTGAEZ4e0Jtca4D7UGA
rFK0fSN8IAFqgDE5OsNpifm0O7fV41j7BVhuow+Aif9Q7+2y0eoYZUltb3pJPac9
T6cWb4bpr/7hGGZa6cOvS8YuzvwKyR7KzErYbaNdradsID/Ymu6sdoFXdnWuZxN1
upuYaWJly0gD+14VgEeiINtGvm+CCtD2t3PkN9yKLRpHSpaD7H9C3gY03Eue0HEC
ZY5hDA7nm834sZ8ZJMn1Bm4rbDgueGcc6MV/6Oget0TekOWM
-----END CERTIFICATE-----