Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bb19bc-8da1-4729-8686-fcce147c327a/1/qkXWPg5ppzzsVfgnFjM1VYXrADU.roa
File:                     qkXWPg5ppzzsVfgnFjM1VYXrADU.roa (raw, json)
Hash identifier:          z4Jwf28zPNTmZDGLpM9rALOWSr9heiVRt/6z3pVGEEs=
Subject key identifier:   AA:45:D6:3E:0E:69:A7:3C:EC:55:F8:27:16:33:35:55:85:EB:00:35
Certificate issuer:       /CN=c0166e216c360c36e0f75b0d39123dbad42264e9
Certificate serial:       018CC9BC65C586F18A599AFDB9F625C4A9AF
Authority key identifier: C0:16:6E:21:6C:36:0C:36:E0:F7:5B:0D:39:12:3D:BA:D4:22:64:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wBZuIWw2DDbg91sNORI9utQiZOk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bb19bc-8da1-4729-8686-fcce147c327a/1/qkXWPg5ppzzsVfgnFjM1VYXrADU.roa
Signing time:             Tue 02 Jan 2024 10:33:36 +0000
ROA not before:           Tue 02 Jan 2024 10:33:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209075
IP address blocks:        2001:678:a5c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/bb19bc-8da1-4729-8686-fcce147c327a/1/wBZuIWw2DDbg91sNORI9utQiZOk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/bb19bc-8da1-4729-8686-fcce147c327a/1/wBZuIWw2DDbg91sNORI9utQiZOk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wBZuIWw2DDbg91sNORI9utQiZOk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:65:c5:86:f1:8a:59:9a:fd:b9:f6:25:c4:a9:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0166e216c360c36e0f75b0d39123dbad42264e9
        Validity
            Not Before: Jan  2 10:33:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa45d63e0e69a73cec55f8271633355585eb0035
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:fb:2d:35:be:5e:ce:af:53:bd:20:e8:3a:ba:
                    16:df:e3:51:eb:13:83:df:61:d7:c5:0d:63:39:e1:
                    98:13:94:76:b3:74:65:4b:9c:a6:bc:4c:75:95:22:
                    b0:e6:d9:74:ba:45:00:41:84:31:b8:f9:d9:bc:33:
                    9c:98:f0:91:89:e6:dc:74:6e:f8:c6:6c:8c:fa:7f:
                    59:c1:37:eb:80:c3:25:fe:b6:9c:81:5b:a0:33:59:
                    93:86:72:a1:4d:0e:33:ab:24:e2:60:f0:e7:2a:ec:
                    50:02:3a:39:bd:31:5b:33:63:b1:f7:1f:e6:90:24:
                    52:db:ca:66:b1:8b:ec:4c:b0:44:2e:81:81:55:7c:
                    03:89:a8:a2:9b:db:b0:e6:f3:49:51:98:0d:ce:74:
                    78:f2:9a:5f:47:8f:4c:9d:20:6c:3f:e6:59:02:cb:
                    d5:47:86:2d:38:a1:fd:33:c2:a0:4b:f3:f3:86:03:
                    88:94:bf:8b:da:56:a5:46:0c:30:3e:ac:1c:24:9f:
                    e9:eb:a9:e3:5c:63:6e:e1:36:93:69:97:2c:37:22:
                    ac:e9:b2:5f:19:52:b0:7a:0d:57:a9:41:64:43:57:
                    80:e1:1a:1f:51:c7:08:5a:3e:b0:14:23:75:5c:6f:
                    42:f1:74:8c:95:0c:88:da:30:85:3d:95:5f:89:cc:
                    cb:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:45:D6:3E:0E:69:A7:3C:EC:55:F8:27:16:33:35:55:85:EB:00:35
            X509v3 Authority Key Identifier:
                keyid:C0:16:6E:21:6C:36:0C:36:E0:F7:5B:0D:39:12:3D:BA:D4:22:64:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wBZuIWw2DDbg91sNORI9utQiZOk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bb19bc-8da1-4729-8686-fcce147c327a/1/qkXWPg5ppzzsVfgnFjM1VYXrADU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bb19bc-8da1-4729-8686-fcce147c327a/1/wBZuIWw2DDbg91sNORI9utQiZOk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:a5c::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:a6:85:d0:30:9b:b9:9a:f5:fa:3e:aa:35:fe:49:1d:5c:d4:
         30:a6:90:9d:ea:f8:ec:59:17:88:8e:b4:46:b0:b6:4d:0d:ed:
         36:74:92:4c:bb:eb:2d:1a:6d:f2:3e:ce:11:0d:58:24:f9:10:
         5f:30:dd:c2:c0:1c:2e:62:db:6a:19:c1:ef:2e:a8:4d:be:b9:
         a1:3a:c0:64:a0:64:1b:2c:ae:69:d7:d3:70:bd:60:73:08:de:
         90:f4:a0:e0:5a:d6:52:2f:8b:d5:b4:7d:33:49:96:7f:5f:3f:
         b0:0f:32:ec:86:37:0a:6c:5a:f0:02:8d:c2:33:c7:9f:ad:f4:
         62:5a:bc:81:c3:b6:0d:49:01:eb:00:ea:cb:74:34:b4:32:e6:
         dc:b9:47:54:98:e0:24:b7:d3:63:47:e2:e6:3a:f5:ff:6f:b5:
         3a:b3:5c:05:49:f7:6e:da:e0:83:67:5a:fb:d7:17:a6:c8:9a:
         21:5c:f6:29:f9:60:cd:c7:40:af:75:0b:31:b8:25:ca:d5:3a:
         c7:7b:9b:e6:28:58:53:0b:ca:74:f9:1f:4a:11:cb:11:00:6d:
         ed:b6:6c:11:ca:cd:34:2a:36:c9:36:c7:2b:14:9c:d2:51:f3:
         f6:b6:1a:21:20:89:42:ad:5a:8a:ad:02:33:76:ef:d6:68:46:
         b6:eb:d8:64
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvGXFhvGKWZr9ufYlxKmvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwMTY2ZTIxNmMzNjBjMzZlMGY3NWIwZDM5MTIzZGJhZDQy
MjY0ZTkwHhcNMjQwMTAyMTAzMzM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTQ1ZDYzZTBlNjlhNzNjZWM1NWY4MjcxNjMzMzU1NTg1ZWIwMDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvstNb5ezq9TvSDoOroW3+NR6xOD
32HXxQ1jOeGYE5R2s3RlS5ymvEx1lSKw5tl0ukUAQYQxuPnZvDOcmPCRiebcdG74
xmyM+n9ZwTfrgMMl/racgVugM1mThnKhTQ4zqyTiYPDnKuxQAjo5vTFbM2Ox9x/m
kCRS28pmsYvsTLBELoGBVXwDiaiim9uw5vNJUZgNznR48ppfR49MnSBsP+ZZAsvV
R4YtOKH9M8KgS/PzhgOIlL+L2lalRgwwPqwcJJ/p66njXGNu4TaTaZcsNyKs6bJf
GVKweg1XqUFkQ1eA4RofUccIWj6wFCN1XG9C8XSMlQyI2jCFPZVficzLsQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKpF1j4Oaac87FX4JxYzNVWF6wA1MB8GA1UdIwQY
MBaAFMAWbiFsNgw24PdbDTkSPbrUImTpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0JadUlXdzJERGJnOTFzTk9SSTl1dFFpWk9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iYjE5YmMtOGRhMS00NzI5LTg2ODYt
ZmNjZTE0N2MzMjdhLzEvcWtYV1BnNXBwenpzVmZnbkZqTTFWWVhyQURVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iYjE5YmMtOGRhMS00NzI5LTg2ODYtZmNjZTE0N2MzMjdh
LzEvd0JadUlXdzJERGJnOTFzTk9SSTl1dFFpWk9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeApc
MA0GCSqGSIb3DQEBCwUAA4IBAQCypoXQMJu5mvX6Pqo1/kkdXNQwppCd6vjsWReI
jrRGsLZNDe02dJJMu+stGm3yPs4RDVgk+RBfMN3CwBwuYttqGcHvLqhNvrmhOsBk
oGQbLK5p19NwvWBzCN6Q9KDgWtZSL4vVtH0zSZZ/Xz+wDzLshjcKbFrwAo3CM8ef
rfRiWryBw7YNSQHrAOrLdDS0MubcuUdUmOAkt9NjR+LmOvX/b7U6s1wFSfdu2uCD
Z1r71xemyJohXPYp+WDNx0CvdQsxuCXK1TrHe5vmKFhTC8p0+R9KEcsRAG3ttmwR
ys00KjbJNscrFJzSUfP2thohIIlCrVqKrQIzdu/WaEa269hk
-----END CERTIFICATE-----