Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/8336b0-cbe4-4da2-841b-1cefd1fa10a6/1/KqvCBR_OfxfV90bSn6xTFsoRuKY.roa
File:                     KqvCBR_OfxfV90bSn6xTFsoRuKY.roa (raw, json)
Hash identifier:          ZrGwG6AEEuAUzzu+ZZVgafuXEuBHLj/0MO93YGSo890=
Subject key identifier:   2A:AB:C2:05:1F:CE:7F:17:D5:F7:46:D2:9F:AC:53:16:CA:11:B8:A6
Certificate issuer:       /CN=53855c8ece9bd6f8e3940202212ce09b05f5f8a0
Certificate serial:       018CC94AC92ED605DD22DDB87F66922148E3
Authority key identifier: 53:85:5C:8E:CE:9B:D6:F8:E3:94:02:02:21:2C:E0:9B:05:F5:F8:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U4Vcjs6b1vjjlAICISzgmwX1-KA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/8336b0-cbe4-4da2-841b-1cefd1fa10a6/1/KqvCBR_OfxfV90bSn6xTFsoRuKY.roa
Signing time:             Tue 02 Jan 2024 08:29:30 +0000
ROA not before:           Tue 02 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        2001:678:868::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/8336b0-cbe4-4da2-841b-1cefd1fa10a6/1/U4Vcjs6b1vjjlAICISzgmwX1-KA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/8336b0-cbe4-4da2-841b-1cefd1fa10a6/1/U4Vcjs6b1vjjlAICISzgmwX1-KA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U4Vcjs6b1vjjlAICISzgmwX1-KA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 08:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:c9:2e:d6:05:dd:22:dd:b8:7f:66:92:21:48:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53855c8ece9bd6f8e3940202212ce09b05f5f8a0
        Validity
            Not Before: Jan  2 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2aabc2051fce7f17d5f746d29fac5316ca11b8a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:58:14:ca:3c:d1:09:72:6f:3a:c2:b2:48:46:
                    6e:d3:0e:54:ab:13:f0:f0:d8:09:6f:7d:9b:9d:70:
                    66:77:69:cd:28:d3:e8:a0:5a:5b:ba:37:02:18:f7:
                    3f:1e:0a:b2:15:5e:27:29:44:17:df:49:4c:52:c8:
                    09:fc:0c:67:90:27:f5:4f:64:19:15:d8:2c:98:b3:
                    de:dc:72:01:16:28:83:10:93:34:3b:4d:d9:6b:59:
                    dc:66:c3:5b:cd:f9:82:db:64:f3:a4:9d:8c:18:3d:
                    d4:dd:0b:27:f3:26:5c:b7:3a:a5:0a:0c:01:24:5f:
                    22:68:3e:76:10:b1:80:43:16:fa:81:aa:ee:d2:34:
                    21:b3:ac:20:ae:f8:21:ad:50:1c:34:ed:76:3e:fb:
                    a5:cc:cd:e7:8e:6a:a8:ea:ca:fe:59:d5:34:56:d6:
                    19:9e:2b:d7:f3:76:bc:4e:7c:72:a4:1f:c8:a5:87:
                    0f:c0:16:57:db:7e:35:80:95:21:7b:6f:89:79:64:
                    7b:22:d3:d9:c2:3a:45:e7:ce:79:41:7e:b4:df:40:
                    da:cb:e0:c9:5e:c6:33:a8:21:10:7a:d6:0b:f5:3a:
                    25:86:8a:a0:28:d0:43:a7:ac:59:f9:3c:61:28:ad:
                    b2:f5:79:a9:96:1c:49:f7:5f:9d:48:92:37:0d:da:
                    04:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:AB:C2:05:1F:CE:7F:17:D5:F7:46:D2:9F:AC:53:16:CA:11:B8:A6
            X509v3 Authority Key Identifier:
                keyid:53:85:5C:8E:CE:9B:D6:F8:E3:94:02:02:21:2C:E0:9B:05:F5:F8:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U4Vcjs6b1vjjlAICISzgmwX1-KA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/8336b0-cbe4-4da2-841b-1cefd1fa10a6/1/KqvCBR_OfxfV90bSn6xTFsoRuKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/8336b0-cbe4-4da2-841b-1cefd1fa10a6/1/U4Vcjs6b1vjjlAICISzgmwX1-KA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:868::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:94:39:ff:36:7e:8b:69:13:b5:26:cd:48:c9:26:19:09:9f:
         f0:a7:f6:7a:41:73:be:1f:47:a7:ee:27:9a:ce:2b:6d:c4:20:
         36:ce:6d:e9:ee:42:ff:e7:a8:fd:75:32:29:bc:60:02:27:1a:
         69:8e:64:7f:08:69:70:8e:98:39:5c:81:2e:d9:18:1b:ac:60:
         97:be:46:fd:f6:c2:17:66:33:39:66:d0:f8:4c:c8:b0:c4:0f:
         fa:b4:1f:cf:a2:87:13:61:ca:04:68:2a:81:8d:e1:ec:07:f3:
         67:64:ea:f3:65:6a:ba:30:ed:47:53:1c:4b:2a:90:87:c7:41:
         53:9e:68:c3:56:0e:5e:a9:e6:0b:27:d8:d4:b4:ed:db:e9:52:
         75:10:6b:7f:bd:f8:f4:b6:4b:76:9f:e7:46:14:d2:95:81:2d:
         be:84:43:55:f5:86:97:72:b3:b0:e6:42:aa:16:f9:1c:a5:3d:
         59:a3:48:d2:dd:5f:6e:91:43:fe:4f:e6:38:0a:88:53:97:34:
         3e:1d:0e:b6:b4:0c:20:be:ec:76:a1:88:ce:3d:20:2f:98:03:
         80:be:aa:93:85:4a:b0:ae:cc:48:c3:3d:c2:a9:1b:b3:e4:01:
         25:fa:73:62:b8:5e:c5:c0:2f:bd:cb:e4:a2:5c:e9:63:6f:21:
         df:e8:dc:51
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJSsku1gXdIt24f2aSIUjjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzODU1YzhlY2U5YmQ2ZjhlMzk0MDIwMjIxMmNlMDliMDVm
NWY4YTAwHhcNMjQwMTAyMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWFiYzIwNTFmY2U3ZjE3ZDVmNzQ2ZDI5ZmFjNTMxNmNhMTFiOGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFgUyjzRCXJvOsKySEZu0w5UqxPw
8NgJb32bnXBmd2nNKNPooFpbujcCGPc/HgqyFV4nKUQX30lMUsgJ/AxnkCf1T2QZ
FdgsmLPe3HIBFiiDEJM0O03Za1ncZsNbzfmC22TzpJ2MGD3U3Qsn8yZctzqlCgwB
JF8iaD52ELGAQxb6garu0jQhs6wgrvghrVAcNO12PvulzM3njmqo6sr+WdU0VtYZ
nivX83a8TnxypB/IpYcPwBZX2341gJUhe2+JeWR7ItPZwjpF5855QX6030Day+DJ
XsYzqCEQetYL9TolhoqgKNBDp6xZ+TxhKK2y9XmplhxJ91+dSJI3DdoEKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCqrwgUfzn8X1fdG0p+sUxbKEbimMB8GA1UdIwQY
MBaAFFOFXI7Om9b445QCAiEs4JsF9figMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTRWY2pzNmIxdmpqbEFJQ0lTemdtd1gxLUtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi84MzM2YjAtY2JlNC00ZGEyLTg0MWIt
MWNlZmQxZmExMGE2LzEvS3F2Q0JSX09meGZWOTBiU242eFRGc29SdUtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi84MzM2YjAtY2JlNC00ZGEyLTg0MWItMWNlZmQxZmExMGE2
LzEvVTRWY2pzNmIxdmpqbEFJQ0lTemdtd1gxLUtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAho
MA0GCSqGSIb3DQEBCwUAA4IBAQAxlDn/Nn6LaRO1Js1IySYZCZ/wp/Z6QXO+H0en
7ieazittxCA2zm3p7kL/56j9dTIpvGACJxppjmR/CGlwjpg5XIEu2RgbrGCXvkb9
9sIXZjM5ZtD4TMiwxA/6tB/PoocTYcoEaCqBjeHsB/NnZOrzZWq6MO1HUxxLKpCH
x0FTnmjDVg5eqeYLJ9jUtO3b6VJ1EGt/vfj0tkt2n+dGFNKVgS2+hENV9YaXcrOw
5kKqFvkcpT1Zo0jS3V9ukUP+T+Y4CohTlzQ+HQ62tAwgvux2oYjOPSAvmAOAvqqT
hUqwrsxIwz3CqRuz5AEl+nNiuF7FwC+9y+SiXOljbyHf6NxR
-----END CERTIFICATE-----