Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/d48090-2dbf-4b84-8596-98ce146f1824/1/XeIbEIJ5n1x9qFIts17XqM5mNO4.roa
File:                     XeIbEIJ5n1x9qFIts17XqM5mNO4.roa (raw, json)
Hash identifier:          m5W6bDniMdkmBe0Juf7pmWk4Ay4MJwpHjLVqjPNPKnU=
Subject key identifier:   5D:E2:1B:10:82:79:9F:5C:7D:A8:52:2D:B3:5E:D7:A8:CE:66:34:EE
Certificate issuer:       /CN=1e4c32086e1e984505691b01f5985df7a36b24ae
Certificate serial:       018CCA2B2EAD045A351B2D0A197EA6C06BC9
Authority key identifier: 1E:4C:32:08:6E:1E:98:45:05:69:1B:01:F5:98:5D:F7:A3:6B:24:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HkwyCG4emEUFaRsB9Zhd96NrJK4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/d48090-2dbf-4b84-8596-98ce146f1824/1/XeIbEIJ5n1x9qFIts17XqM5mNO4.roa
Signing time:             Tue 02 Jan 2024 12:34:36 +0000
ROA not before:           Tue 02 Jan 2024 12:34:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57277
IP address blocks:        2001:678:74c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/d48090-2dbf-4b84-8596-98ce146f1824/1/HkwyCG4emEUFaRsB9Zhd96NrJK4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/d48090-2dbf-4b84-8596-98ce146f1824/1/HkwyCG4emEUFaRsB9Zhd96NrJK4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HkwyCG4emEUFaRsB9Zhd96NrJK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:2e:ad:04:5a:35:1b:2d:0a:19:7e:a6:c0:6b:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e4c32086e1e984505691b01f5985df7a36b24ae
        Validity
            Not Before: Jan  2 12:34:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5de21b1082799f5c7da8522db35ed7a8ce6634ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:12:01:c8:d4:99:56:c8:b0:c9:15:9a:5e:84:
                    9b:0a:4b:4f:f1:c0:9e:0e:50:fa:32:05:cb:16:5b:
                    9a:21:0a:a5:fd:f0:de:37:f3:be:05:31:69:9c:b6:
                    b1:90:47:7d:06:cb:ad:70:d2:0e:5a:6d:41:b0:25:
                    cd:39:18:65:89:cf:c4:db:c8:55:b6:d6:aa:e4:2f:
                    a1:9c:e0:8f:92:5b:02:88:1c:23:f1:77:b5:d8:21:
                    c5:69:bf:74:82:9c:7a:eb:52:e5:9f:5b:2b:b1:55:
                    2a:48:05:23:80:d5:b3:0e:51:c2:7c:ea:0c:e1:61:
                    10:15:d1:a6:49:d7:1b:7c:22:a0:62:4a:b5:0c:8b:
                    b2:4a:2a:48:94:0c:62:e5:c8:89:45:07:b7:83:4f:
                    71:36:a3:24:60:a9:33:1f:2f:13:a2:f1:e0:1b:01:
                    73:78:47:ee:c2:7d:b7:21:6e:37:eb:87:27:a2:a1:
                    60:a3:a5:d5:cc:4f:ed:e7:01:9f:9d:e2:e0:fa:d9:
                    05:71:72:8d:ca:05:ab:8b:9a:01:c7:26:31:16:bc:
                    88:0c:6a:d1:e3:25:67:8d:ec:cb:d4:60:23:13:28:
                    f4:7d:25:f8:51:00:cc:7b:2f:89:09:dc:a6:e8:c8:
                    5d:a7:98:1b:36:92:49:75:91:f9:0e:23:9f:69:68:
                    63:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:E2:1B:10:82:79:9F:5C:7D:A8:52:2D:B3:5E:D7:A8:CE:66:34:EE
            X509v3 Authority Key Identifier:
                keyid:1E:4C:32:08:6E:1E:98:45:05:69:1B:01:F5:98:5D:F7:A3:6B:24:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HkwyCG4emEUFaRsB9Zhd96NrJK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/d48090-2dbf-4b84-8596-98ce146f1824/1/XeIbEIJ5n1x9qFIts17XqM5mNO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/d48090-2dbf-4b84-8596-98ce146f1824/1/HkwyCG4emEUFaRsB9Zhd96NrJK4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:74c::/48

    Signature Algorithm: sha256WithRSAEncryption
         c7:b4:6e:a7:03:d4:e6:a6:9b:e2:db:84:b0:72:08:a6:72:57:
         b0:af:03:e7:30:27:b0:c3:5e:b0:1e:c3:81:3f:83:80:05:3c:
         8a:e6:aa:0b:91:c7:87:b0:13:c7:ce:fe:8c:1e:8e:34:b2:6f:
         c8:f2:52:00:bc:09:88:b9:0e:73:53:ca:ff:65:98:e0:35:cf:
         10:a6:95:97:64:d2:6d:4f:88:23:27:fa:cc:8f:47:c8:0a:24:
         7c:36:ca:72:88:5f:fa:04:aa:66:fb:60:f1:60:07:f7:42:65:
         e8:3d:3a:37:c8:4c:e5:94:38:6c:60:46:8e:a2:99:9b:2e:80:
         21:2a:43:a5:62:39:5f:cf:86:5e:2c:b0:bb:aa:0d:e9:9b:30:
         68:e0:80:fd:3e:3f:20:c6:93:f2:b1:ea:29:8f:ad:e2:76:1f:
         b8:f6:01:4c:04:e6:31:90:a7:c7:eb:1e:c8:84:49:3c:b2:6b:
         38:b4:ef:cd:02:02:e1:ce:13:25:7f:75:45:fa:1e:04:59:cc:
         9a:2b:d6:b0:a7:3c:12:e9:90:36:de:49:2e:d0:58:cb:35:1f:
         91:3f:ca:de:74:f6:b5:7c:fb:70:15:6f:27:3e:8c:6e:b5:d0:
         ff:77:02:1a:2c:ba:a2:0e:77:66:12:85:84:b7:90:00:5f:26:
         d2:f9:c1:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKy6tBFo1Gy0KGX6mwGvJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNGMzMjA4NmUxZTk4NDUwNTY5MWIwMWY1OTg1ZGY3YTM2
YjI0YWUwHhcNMjQwMTAyMTIzNDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGUyMWIxMDgyNzk5ZjVjN2RhODUyMmRiMzVlZDdhOGNlNjYzNGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhIByNSZVsiwyRWaXoSbCktP8cCe
DlD6MgXLFluaIQql/fDeN/O+BTFpnLaxkEd9BsutcNIOWm1BsCXNORhlic/E28hV
ttaq5C+hnOCPklsCiBwj8Xe12CHFab90gpx661Lln1srsVUqSAUjgNWzDlHCfOoM
4WEQFdGmSdcbfCKgYkq1DIuySipIlAxi5ciJRQe3g09xNqMkYKkzHy8TovHgGwFz
eEfuwn23IW4364cnoqFgo6XVzE/t5wGfneLg+tkFcXKNygWri5oBxyYxFryIDGrR
4yVnjezL1GAjEyj0fSX4UQDMey+JCdym6Mhdp5gbNpJJdZH5DiOfaWhjQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF3iGxCCeZ9cfahSLbNe16jOZjTuMB8GA1UdIwQY
MBaAFB5MMghuHphFBWkbAfWYXfejaySuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGt3eUNHNGVtRVVGYVJzQjlaaGQ5Nk5ySks0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9kNDgwOTAtMmRiZi00Yjg0LTg1OTYt
OThjZTE0NmYxODI0LzEvWGVJYkVJSjVuMXg5cUZJdHMxN1hxTTVtTk80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9kNDgwOTAtMmRiZi00Yjg0LTg1OTYtOThjZTE0NmYxODI0
LzEvSGt3eUNHNGVtRVVGYVJzQjlaaGQ5Nk5ySks0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAdM
MA0GCSqGSIb3DQEBCwUAA4IBAQDHtG6nA9Tmppvi24SwcgimclewrwPnMCeww16w
HsOBP4OABTyK5qoLkceHsBPHzv6MHo40sm/I8lIAvAmIuQ5zU8r/ZZjgNc8QppWX
ZNJtT4gjJ/rMj0fICiR8NspyiF/6BKpm+2DxYAf3QmXoPTo3yEzllDhsYEaOopmb
LoAhKkOlYjlfz4ZeLLC7qg3pmzBo4ID9Pj8gxpPyseopj63idh+49gFMBOYxkKfH
6x7IhEk8sms4tO/NAgLhzhMlf3VF+h4EWcyaK9awpzwS6ZA23kku0FjLNR+RP8re
dPa1fPtwFW8nPoxutdD/dwIaLLqiDndmEoWEt5AAXybS+cFD
-----END CERTIFICATE-----