Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/8336b0-cbe4-4da2-841b-1cefd1fa10a6/1/F1LbGv2MkXWWefxkT_CtpriNBr4.roa
File:                     F1LbGv2MkXWWefxkT_CtpriNBr4.roa (raw, json)
Hash identifier:          RRHmy9X/CGJW+TnFMQF3NirLVJyyI3P64OOzvqQr238=
Subject key identifier:   17:52:DB:1A:FD:8C:91:75:96:79:FC:64:4F:F0:AD:A6:B8:8D:06:BE
Certificate issuer:       /CN=53855c8ece9bd6f8e3940202212ce09b05f5f8a0
Certificate serial:       0194221F9AD238E25555BB617B2364E1F47F
Authority key identifier: 53:85:5C:8E:CE:9B:D6:F8:E3:94:02:02:21:2C:E0:9B:05:F5:F8:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U4Vcjs6b1vjjlAICISzgmwX1-KA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/8336b0-cbe4-4da2-841b-1cefd1fa10a6/1/F1LbGv2MkXWWefxkT_CtpriNBr4.roa
Signing time:             Wed 01 Jan 2025 13:48:04 +0000
ROA not before:           Wed 01 Jan 2025 13:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8220
IP address blocks:        2001:678:868::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/8336b0-cbe4-4da2-841b-1cefd1fa10a6/1/U4Vcjs6b1vjjlAICISzgmwX1-KA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/8336b0-cbe4-4da2-841b-1cefd1fa10a6/1/U4Vcjs6b1vjjlAICISzgmwX1-KA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U4Vcjs6b1vjjlAICISzgmwX1-KA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:9a:d2:38:e2:55:55:bb:61:7b:23:64:e1:f4:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53855c8ece9bd6f8e3940202212ce09b05f5f8a0
        Validity
            Not Before: Jan  1 13:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1752db1afd8c91759679fc644ff0ada6b88d06be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:4c:6b:d0:70:05:a5:bb:d1:05:b5:d6:83:7f:
                    39:70:b8:13:39:21:66:71:93:f3:b2:95:ca:b6:e4:
                    53:7a:80:1d:6a:44:e5:a0:3c:52:3b:20:fa:0b:0b:
                    20:f6:63:1b:9b:fc:68:e0:0f:80:59:ec:58:07:56:
                    d8:f1:ce:e1:76:ac:c0:a9:71:4b:c0:6e:fb:5f:79:
                    f7:e9:cd:37:87:af:6f:51:cc:68:f8:ce:91:d5:83:
                    d8:80:32:2c:ae:be:73:7d:a2:42:4a:71:3d:b3:75:
                    a7:53:da:bd:74:0f:f6:9e:78:97:6e:50:8c:58:7d:
                    4f:dd:55:97:89:00:1d:f3:71:95:68:53:5c:4b:ab:
                    58:f9:08:fc:ac:89:46:12:e5:af:a0:48:05:bd:47:
                    e9:e8:b8:5f:2c:db:7e:82:53:68:b5:1b:72:8d:d8:
                    d3:09:f2:61:aa:38:5e:40:a9:74:be:4b:62:a7:05:
                    4a:77:ee:7a:4a:98:d7:6c:e5:b1:09:7f:69:86:26:
                    f0:e1:9a:8c:2b:56:84:dc:a4:a6:4f:f0:39:4a:d8:
                    d4:81:0e:88:16:b8:bd:2f:1f:4c:83:62:21:85:7a:
                    2d:1c:1d:c3:8f:00:36:3e:d3:bb:57:af:c2:43:c9:
                    9b:50:c4:21:c8:a5:3e:1e:41:c7:cf:f1:71:12:61:
                    78:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:52:DB:1A:FD:8C:91:75:96:79:FC:64:4F:F0:AD:A6:B8:8D:06:BE
            X509v3 Authority Key Identifier:
                keyid:53:85:5C:8E:CE:9B:D6:F8:E3:94:02:02:21:2C:E0:9B:05:F5:F8:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U4Vcjs6b1vjjlAICISzgmwX1-KA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/8336b0-cbe4-4da2-841b-1cefd1fa10a6/1/F1LbGv2MkXWWefxkT_CtpriNBr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/8336b0-cbe4-4da2-841b-1cefd1fa10a6/1/U4Vcjs6b1vjjlAICISzgmwX1-KA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:868::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:aa:fc:10:60:6a:c6:f2:06:d8:b6:6a:49:c9:a7:11:d0:0a:
         ea:a7:cd:26:82:50:42:74:8a:84:a7:cd:93:8b:a9:c2:8a:46:
         a1:31:6b:80:86:ca:a9:04:81:a1:61:ff:a4:61:48:cc:92:c9:
         d1:2f:e8:11:56:f4:89:2f:d1:4d:b5:fe:cd:c3:3d:cb:2f:78:
         64:2e:72:ae:fa:5c:c4:c3:0e:00:5d:14:47:b4:37:8c:13:c8:
         13:1a:0e:b0:6d:ab:0d:ad:ec:0d:40:67:72:68:d0:af:88:8b:
         e6:7d:ab:36:a4:ff:be:4c:27:6d:51:1f:3d:1c:ed:9d:b8:60:
         67:78:be:e5:59:61:38:7e:b2:af:a8:f1:dd:2c:ac:e2:d0:62:
         4d:51:84:e7:95:29:6d:f1:75:26:0e:d0:fc:8c:fc:53:18:0b:
         96:95:ac:1e:70:0f:dd:58:78:66:c6:6f:88:50:e8:58:61:46:
         e1:73:2a:4c:00:f1:b4:6d:38:37:cd:64:31:42:a3:f2:44:9d:
         f5:f3:bd:42:85:54:91:47:e9:f6:46:1f:e5:93:97:35:68:f2:
         15:11:2d:37:52:ce:19:49:4a:70:23:3c:63:21:62:ca:60:3a:
         41:32:db:2e:6f:bf:53:7d:a7:ff:36:8d:70:3c:82:03:6e:d2:
         ba:8b:01:e8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH5rSOOJVVbtheyNk4fR/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzODU1YzhlY2U5YmQ2ZjhlMzk0MDIwMjIxMmNlMDliMDVm
NWY4YTAwHhcNMjUwMTAxMTM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzUyZGIxYWZkOGM5MTc1OTY3OWZjNjQ0ZmYwYWRhNmI4OGQwNmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkxr0HAFpbvRBbXWg385cLgTOSFm
cZPzspXKtuRTeoAdakTloDxSOyD6Cwsg9mMbm/xo4A+AWexYB1bY8c7hdqzAqXFL
wG77X3n36c03h69vUcxo+M6R1YPYgDIsrr5zfaJCSnE9s3WnU9q9dA/2nniXblCM
WH1P3VWXiQAd83GVaFNcS6tY+Qj8rIlGEuWvoEgFvUfp6LhfLNt+glNotRtyjdjT
CfJhqjheQKl0vktipwVKd+56SpjXbOWxCX9phibw4ZqMK1aE3KSmT/A5StjUgQ6I
Fri9Lx9Mg2IhhXotHB3DjwA2PtO7V6/CQ8mbUMQhyKU+HkHHz/FxEmF45QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBdS2xr9jJF1lnn8ZE/wraa4jQa+MB8GA1UdIwQY
MBaAFFOFXI7Om9b445QCAiEs4JsF9figMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTRWY2pzNmIxdmpqbEFJQ0lTemdtd1gxLUtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi84MzM2YjAtY2JlNC00ZGEyLTg0MWIt
MWNlZmQxZmExMGE2LzEvRjFMYkd2Mk1rWFdXZWZ4a1RfQ3RwcmlOQnI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi84MzM2YjAtY2JlNC00ZGEyLTg0MWItMWNlZmQxZmExMGE2
LzEvVTRWY2pzNmIxdmpqbEFJQ0lTemdtd1gxLUtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAho
MA0GCSqGSIb3DQEBCwUAA4IBAQBuqvwQYGrG8gbYtmpJyacR0Arqp80mglBCdIqE
p82Ti6nCikahMWuAhsqpBIGhYf+kYUjMksnRL+gRVvSJL9FNtf7Nwz3LL3hkLnKu
+lzEww4AXRRHtDeME8gTGg6wbasNrewNQGdyaNCviIvmfas2pP++TCdtUR89HO2d
uGBneL7lWWE4frKvqPHdLKzi0GJNUYTnlSlt8XUmDtD8jPxTGAuWlawecA/dWHhm
xm+IUOhYYUbhcypMAPG0bTg3zWQxQqPyRJ31871ChVSRR+n2Rh/lk5c1aPIVES03
Us4ZSUpwIzxjIWLKYDpBMtsub79Tfaf/No1wPIIDbtK6iwHo
-----END CERTIFICATE-----