Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/77774a-fc07-4002-94f9-12dc94ddedcd/1/cG8WVLOKi0tnVixVAdz0CRtUP88.roa
File:                     cG8WVLOKi0tnVixVAdz0CRtUP88.roa (raw, json)
Hash identifier:          Vnk0OVRkDIclRSUY+XFEgywSvGznTKqjMHe4JKyI+rk=
Subject key identifier:   70:6F:16:54:B3:8A:8B:4B:67:56:2C:55:01:DC:F4:09:1B:54:3F:CF
Certificate issuer:       /CN=bae7fa77f724bb467325ad59d7dbfc63399c6e79
Certificate serial:       018CC2DB2B1A8869DCE2F2523A9952FAD47A
Authority key identifier: BA:E7:FA:77:F7:24:BB:46:73:25:AD:59:D7:DB:FC:63:39:9C:6E:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uuf6d_cku0ZzJa1Z19v8Yzmcbnk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/77774a-fc07-4002-94f9-12dc94ddedcd/1/cG8WVLOKi0tnVixVAdz0CRtUP88.roa
Signing time:             Mon 01 Jan 2024 02:29:52 +0000
ROA not before:           Mon 01 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206477
IP address blocks:        2001:678:ccc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/77774a-fc07-4002-94f9-12dc94ddedcd/1/uuf6d_cku0ZzJa1Z19v8Yzmcbnk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/77774a-fc07-4002-94f9-12dc94ddedcd/1/uuf6d_cku0ZzJa1Z19v8Yzmcbnk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uuf6d_cku0ZzJa1Z19v8Yzmcbnk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2b:1a:88:69:dc:e2:f2:52:3a:99:52:fa:d4:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bae7fa77f724bb467325ad59d7dbfc63399c6e79
        Validity
            Not Before: Jan  1 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=706f1654b38a8b4b67562c5501dcf4091b543fcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:8f:a9:2c:23:95:29:82:a4:d6:72:6d:d7:af:
                    17:eb:f3:2e:70:41:35:e8:8f:23:e7:f2:75:b7:04:
                    90:db:93:4d:25:b4:19:16:bb:21:83:e6:84:22:26:
                    e5:56:93:c2:71:99:54:b4:fa:bf:36:55:4e:c9:47:
                    49:24:68:19:f8:01:e6:cc:15:f4:80:e7:99:42:77:
                    dc:98:d0:d6:24:41:d7:93:90:53:b5:cc:8c:73:ac:
                    a1:a8:7d:a1:b0:33:e5:17:9b:c7:24:78:ad:c4:2e:
                    f2:ea:83:77:8a:de:6b:59:39:7c:39:de:08:58:fe:
                    11:a8:c3:7c:dd:82:b2:92:4b:b7:ba:0f:23:b9:95:
                    2f:60:e6:c3:73:90:3a:bf:dc:d8:2b:83:79:3e:bf:
                    8b:c0:c3:66:74:05:d2:3e:87:09:06:7f:ae:69:b4:
                    94:df:27:fe:b7:59:98:16:0b:eb:43:70:2c:f9:23:
                    47:92:db:c0:18:f6:c4:98:80:0b:56:22:7c:28:25:
                    4f:87:7e:6d:58:a9:37:ea:1b:59:53:fe:8e:fa:68:
                    41:4a:d2:13:75:17:78:93:32:12:c0:5e:c2:b8:a6:
                    2d:4d:5e:a3:d0:94:fc:93:18:7e:8a:16:6a:85:a6:
                    83:ba:b8:6f:65:78:b1:81:fc:a0:c9:48:94:d5:78:
                    03:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:6F:16:54:B3:8A:8B:4B:67:56:2C:55:01:DC:F4:09:1B:54:3F:CF
            X509v3 Authority Key Identifier:
                keyid:BA:E7:FA:77:F7:24:BB:46:73:25:AD:59:D7:DB:FC:63:39:9C:6E:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uuf6d_cku0ZzJa1Z19v8Yzmcbnk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/77774a-fc07-4002-94f9-12dc94ddedcd/1/cG8WVLOKi0tnVixVAdz0CRtUP88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/77774a-fc07-4002-94f9-12dc94ddedcd/1/uuf6d_cku0ZzJa1Z19v8Yzmcbnk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:ccc::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:31:53:f4:3a:21:da:d2:e9:6c:e6:b9:9d:2f:86:f7:da:4b:
         b8:6f:64:d9:ed:1e:9e:b4:4a:d5:fe:fc:2c:e0:49:b2:c4:f6:
         81:49:c7:05:ca:be:4e:ca:65:89:59:62:47:dc:2e:7e:8b:e1:
         fc:85:a4:1e:87:77:fa:40:ea:a6:80:da:64:4a:86:dc:10:80:
         80:08:6a:0f:de:ec:a9:1d:c4:01:0a:7a:5d:92:7a:c9:fe:f5:
         0e:c3:af:55:97:40:ae:00:70:4f:43:07:c1:c3:1f:ca:c1:15:
         50:85:b6:53:18:a8:7b:7a:a6:72:9f:c1:23:35:b1:63:91:b2:
         ff:d9:03:00:e0:2c:62:e5:fb:34:34:df:56:1b:4b:87:3a:ce:
         fc:ef:91:ba:9f:5b:d4:88:9f:7e:f7:22:fb:a7:95:6c:6e:eb:
         2a:15:d2:42:54:00:76:c4:fb:52:ac:b2:e0:91:2a:03:29:17:
         cb:c6:4e:87:5a:c9:26:6c:c4:73:83:e3:fb:2b:a0:29:bf:74:
         07:19:4c:9d:be:7f:6e:f7:1a:00:cc:eb:73:50:e5:e3:0a:ba:
         2d:41:44:90:ad:eb:33:f9:f9:a9:64:af:fe:ce:ed:52:25:21:
         60:17:8f:bd:c0:47:ef:c0:85:d1:af:87:c2:30:d3:51:68:aa:
         29:90:33:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2ysaiGnc4vJSOplS+tR6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhZTdmYTc3ZjcyNGJiNDY3MzI1YWQ1OWQ3ZGJmYzYzMzk5
YzZlNzkwHhcNMjQwMTAxMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDZmMTY1NGIzOGE4YjRiNjc1NjJjNTUwMWRjZjQwOTFiNTQzZmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmY+pLCOVKYKk1nJt168X6/MucEE1
6I8j5/J1twSQ25NNJbQZFrshg+aEIiblVpPCcZlUtPq/NlVOyUdJJGgZ+AHmzBX0
gOeZQnfcmNDWJEHXk5BTtcyMc6yhqH2hsDPlF5vHJHitxC7y6oN3it5rWTl8Od4I
WP4RqMN83YKykku3ug8juZUvYObDc5A6v9zYK4N5Pr+LwMNmdAXSPocJBn+uabSU
3yf+t1mYFgvrQ3As+SNHktvAGPbEmIALViJ8KCVPh35tWKk36htZU/6O+mhBStIT
dRd4kzISwF7CuKYtTV6j0JT8kxh+ihZqhaaDurhvZXixgfygyUiU1XgDIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHBvFlSziotLZ1YsVQHc9AkbVD/PMB8GA1UdIwQY
MBaAFLrn+nf3JLtGcyWtWdfb/GM5nG55MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXVmNmRfY2t1MFp6SmExWjE5djhZem1jYm5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi83Nzc3NGEtZmMwNy00MDAyLTk0Zjkt
MTJkYzk0ZGRlZGNkLzEvY0c4V1ZMT0tpMHRuVml4VkFkejBDUnRVUDg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi83Nzc3NGEtZmMwNy00MDAyLTk0ZjktMTJkYzk0ZGRlZGNk
LzEvdXVmNmRfY2t1MFp6SmExWjE5djhZem1jYm5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAzM
MA0GCSqGSIb3DQEBCwUAA4IBAQBuMVP0OiHa0uls5rmdL4b32ku4b2TZ7R6etErV
/vws4EmyxPaBSccFyr5OymWJWWJH3C5+i+H8haQeh3f6QOqmgNpkSobcEICACGoP
3uypHcQBCnpdknrJ/vUOw69Vl0CuAHBPQwfBwx/KwRVQhbZTGKh7eqZyn8EjNbFj
kbL/2QMA4Cxi5fs0NN9WG0uHOs7875G6n1vUiJ9+9yL7p5VsbusqFdJCVAB2xPtS
rLLgkSoDKRfLxk6HWskmbMRzg+P7K6Apv3QHGUydvn9u9xoAzOtzUOXjCrotQUSQ
resz+fmpZK/+zu1SJSFgF4+9wEfvwIXRr4fCMNNRaKopkDMJ
-----END CERTIFICATE-----