Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/d0c38d-9f02-418b-96b2-fb3111dbd1ca/1/mtpPext4h5WVwiDrn_IgP8t7gfQ.roa
File:                     mtpPext4h5WVwiDrn_IgP8t7gfQ.roa (raw, json)
Hash identifier:          x7KnjNNpx0Vut4YWO8+HdBQU9lgI+mn6Aw07SpwTTGk=
Subject key identifier:   9A:DA:4F:7B:1B:78:87:95:95:C2:20:EB:9F:F2:20:3F:CB:7B:81:F4
Certificate issuer:       /CN=8b6f4880038d55ab98d7cb66dfcfa897b7ba11e8
Certificate serial:       018FAA8C1363E8057258DA1C6303976FAC8C
Authority key identifier: 8B:6F:48:80:03:8D:55:AB:98:D7:CB:66:DF:CF:A8:97:B7:BA:11:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i29IgAONVauY18tm38-ol7e6Eeg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/d0c38d-9f02-418b-96b2-fb3111dbd1ca/1/mtpPext4h5WVwiDrn_IgP8t7gfQ.roa
Signing time:             Fri 24 May 2024 12:20:57 +0000
ROA not before:           Fri 24 May 2024 12:20:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203045
IP address blocks:        2001:678:140::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/d0c38d-9f02-418b-96b2-fb3111dbd1ca/1/i29IgAONVauY18tm38-ol7e6Eeg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/d0c38d-9f02-418b-96b2-fb3111dbd1ca/1/i29IgAONVauY18tm38-ol7e6Eeg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i29IgAONVauY18tm38-ol7e6Eeg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 21:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:aa:8c:13:63:e8:05:72:58:da:1c:63:03:97:6f:ac:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6f4880038d55ab98d7cb66dfcfa897b7ba11e8
        Validity
            Not Before: May 24 12:20:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ada4f7b1b78879595c220eb9ff2203fcb7b81f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:48:41:d0:31:e1:cb:4e:7e:68:91:63:43:80:
                    24:ba:cf:58:92:44:d7:89:9a:3b:65:3e:96:b8:fc:
                    8c:7b:11:ba:1c:cb:32:01:cf:be:c3:d7:2b:e3:5d:
                    42:a7:19:14:6d:1e:fb:d7:78:45:c2:84:b8:7c:b4:
                    33:2b:f9:f3:41:f7:d7:ca:0d:28:25:a3:25:79:25:
                    11:7d:dd:6d:62:29:5f:1c:c1:aa:10:d0:5b:4a:08:
                    76:1b:cc:e5:6d:1d:fb:df:2f:a3:df:80:2f:cc:37:
                    db:2d:b8:f4:b7:ac:ce:63:4c:ba:7e:55:01:3a:73:
                    7d:d2:11:8a:0d:1e:3e:74:3c:84:89:ba:c9:e0:d1:
                    7e:dc:8a:a6:53:ca:6e:fb:99:8c:a7:a9:ee:1d:e7:
                    7e:b6:31:19:17:17:c4:bf:09:03:33:87:63:82:ad:
                    48:ec:20:f3:7e:35:b2:b4:b1:95:f0:2a:3d:52:16:
                    7e:31:b6:d4:70:79:76:93:80:a1:18:31:c7:e7:ac:
                    8c:74:01:91:ff:e5:94:a0:92:f4:c2:83:76:6f:ec:
                    2b:40:71:a1:ef:4a:75:18:84:f6:eb:fb:4a:06:72:
                    ba:c9:8d:3c:bb:31:ab:4f:6b:6d:ca:38:29:e9:0b:
                    15:22:5d:5e:0e:49:4c:2c:e1:48:9f:79:09:9a:48:
                    18:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:DA:4F:7B:1B:78:87:95:95:C2:20:EB:9F:F2:20:3F:CB:7B:81:F4
            X509v3 Authority Key Identifier:
                keyid:8B:6F:48:80:03:8D:55:AB:98:D7:CB:66:DF:CF:A8:97:B7:BA:11:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i29IgAONVauY18tm38-ol7e6Eeg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d0c38d-9f02-418b-96b2-fb3111dbd1ca/1/mtpPext4h5WVwiDrn_IgP8t7gfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d0c38d-9f02-418b-96b2-fb3111dbd1ca/1/i29IgAONVauY18tm38-ol7e6Eeg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:140::/48

    Signature Algorithm: sha256WithRSAEncryption
         b5:7d:08:db:1b:09:91:85:86:3b:88:8a:61:ce:b8:e0:90:1f:
         c8:7a:21:6d:cb:17:6d:4d:a2:12:fa:94:c6:ab:da:dd:2f:87:
         e3:5d:31:a0:77:49:00:2d:61:9a:fd:3e:3b:06:51:a3:85:c6:
         bc:83:83:2d:da:27:46:27:58:27:e5:60:48:c9:65:70:b0:a0:
         2c:a3:12:1d:fb:af:b6:d0:01:b0:e7:6d:8c:62:f4:a4:f9:0e:
         f6:ed:56:33:57:9b:e1:6b:1d:b1:10:cf:2a:cb:a4:ba:eb:86:
         16:ba:cf:d3:f0:83:96:d3:00:e6:62:a6:09:3f:c0:b2:be:5f:
         88:9b:cf:31:e9:49:4d:12:9b:f7:fb:7d:e0:1c:a7:bb:53:ea:
         28:fa:6c:10:32:93:e3:f3:7d:83:43:c0:38:15:48:c6:0b:df:
         8a:a0:99:a2:32:f3:c9:39:f2:da:c4:2f:39:e7:62:8d:cc:ae:
         a3:21:87:b1:3a:2f:28:d6:36:85:9f:63:32:48:a2:5f:0b:39:
         46:53:4e:8d:f5:49:f5:95:6e:73:ba:8b:56:1b:0a:60:78:45:
         bf:f5:5c:64:d3:75:c2:dc:6d:7d:08:a9:26:fd:be:0d:1e:19:
         a6:23:7d:cc:1c:79:19:5b:ad:52:b2:70:57:0f:8d:98:76:f9:
         8e:21:b1:0f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY+qjBNj6AVyWNocYwOXb6yMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNmY0ODgwMDM4ZDU1YWI5OGQ3Y2I2NmRmY2ZhODk3Yjdi
YTExZTgwHhcNMjQwNTI0MTIyMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWRhNGY3YjFiNzg4Nzk1OTVjMjIwZWI5ZmYyMjAzZmNiN2I4MWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEhB0DHhy05+aJFjQ4Akus9YkkTX
iZo7ZT6WuPyMexG6HMsyAc++w9cr411CpxkUbR7713hFwoS4fLQzK/nzQffXyg0o
JaMleSURfd1tYilfHMGqENBbSgh2G8zlbR373y+j34AvzDfbLbj0t6zOY0y6flUB
OnN90hGKDR4+dDyEibrJ4NF+3IqmU8pu+5mMp6nuHed+tjEZFxfEvwkDM4djgq1I
7CDzfjWytLGV8Co9UhZ+MbbUcHl2k4ChGDHH56yMdAGR/+WUoJL0woN2b+wrQHGh
70p1GIT26/tKBnK6yY08uzGrT2ttyjgp6QsVIl1eDklMLOFIn3kJmkgYiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJraT3sbeIeVlcIg65/yID/Le4H0MB8GA1UdIwQY
MBaAFItvSIADjVWrmNfLZt/PqJe3uhHoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTI5SWdBT05WYXVZMTh0bTM4LW9sN2U2RWVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9kMGMzOGQtOWYwMi00MThiLTk2YjIt
ZmIzMTExZGJkMWNhLzEvbXRwUGV4dDRoNVdWd2lEcm5fSWdQOHQ3Z2ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9kMGMzOGQtOWYwMi00MThiLTk2YjItZmIzMTExZGJkMWNh
LzEvaTI5SWdBT05WYXVZMTh0bTM4LW9sN2U2RWVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAFA
MA0GCSqGSIb3DQEBCwUAA4IBAQC1fQjbGwmRhYY7iIphzrjgkB/IeiFtyxdtTaIS
+pTGq9rdL4fjXTGgd0kALWGa/T47BlGjhca8g4Mt2idGJ1gn5WBIyWVwsKAsoxId
+6+20AGw522MYvSk+Q727VYzV5vhax2xEM8qy6S664YWus/T8IOW0wDmYqYJP8Cy
vl+Im88x6UlNEpv3+33gHKe7U+oo+mwQMpPj832DQ8A4FUjGC9+KoJmiMvPJOfLa
xC8552KNzK6jIYexOi8o1jaFn2MySKJfCzlGU06N9Un1lW5zuotWGwpgeEW/9Vxk
03XC3G19CKkm/b4NHhmmI33MHHkZW61SsnBXD42YdvmOIbEP
-----END CERTIFICATE-----