Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/3c4b53-eca3-4599-9d94-d71fc90c7b16/1/xODRiu7LJF7dUOfDZz2ItY_9vbY.roa
File:                     xODRiu7LJF7dUOfDZz2ItY_9vbY.roa (raw, json)
Hash identifier:          pOqs08if8uAeQ2VViy6bzyDVIT2c7BFB4v71m908NpM=
Subject key identifier:   C4:E0:D1:8A:EE:CB:24:5E:DD:50:E7:C3:67:3D:88:B5:8F:FD:BD:B6
Certificate issuer:       /CN=1fb5c1bbaed44c8b6ae3f2b566d01cc258dfc2ce
Certificate serial:       018CC793FD9E611A6EB05AB61DC7BA441258
Authority key identifier: 1F:B5:C1:BB:AE:D4:4C:8B:6A:E3:F2:B5:66:D0:1C:C2:58:DF:C2:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H7XBu67UTItq4_K1ZtAcwljfws4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/3c4b53-eca3-4599-9d94-d71fc90c7b16/1/xODRiu7LJF7dUOfDZz2ItY_9vbY.roa
Signing time:             Tue 02 Jan 2024 00:30:13 +0000
ROA not before:           Tue 02 Jan 2024 00:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211638
IP address blocks:        2001:678:f0c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/3c4b53-eca3-4599-9d94-d71fc90c7b16/1/H7XBu67UTItq4_K1ZtAcwljfws4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/3c4b53-eca3-4599-9d94-d71fc90c7b16/1/H7XBu67UTItq4_K1ZtAcwljfws4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H7XBu67UTItq4_K1ZtAcwljfws4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:fd:9e:61:1a:6e:b0:5a:b6:1d:c7:ba:44:12:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fb5c1bbaed44c8b6ae3f2b566d01cc258dfc2ce
        Validity
            Not Before: Jan  2 00:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4e0d18aeecb245edd50e7c3673d88b58ffdbdb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:20:10:d1:5b:f3:61:c1:a6:f4:75:86:51:68:
                    bc:79:11:67:a8:98:ad:07:25:5d:27:88:a2:30:59:
                    69:2f:75:e2:d1:fe:04:77:cd:19:93:af:14:9f:c1:
                    55:a8:7d:03:d9:5b:06:63:2f:44:3f:30:5b:08:af:
                    79:74:9a:52:fa:7d:02:73:d6:7d:f1:87:d1:35:48:
                    41:32:e4:46:57:0a:f6:72:a9:8b:43:b7:aa:44:2b:
                    17:d2:2a:dc:7c:b1:cf:20:b4:7e:fe:fa:65:c3:08:
                    13:71:0d:7a:af:3c:0b:19:84:b1:e4:01:a2:17:e0:
                    34:fb:73:76:49:f2:65:ac:37:52:b3:06:85:0f:c4:
                    9e:92:ca:05:13:ad:43:4a:8f:ca:c8:7f:87:e8:e1:
                    67:95:1a:c1:a9:35:d8:13:76:c1:c6:2a:5c:47:b9:
                    ed:58:0b:be:33:89:e8:fa:44:d9:72:ca:d8:a4:a9:
                    a6:5b:64:33:d1:8b:07:16:7c:9c:d4:d9:6b:d4:7b:
                    20:19:e2:f0:87:68:c4:ce:ab:11:29:ca:ab:be:e8:
                    47:9a:ec:c7:df:06:27:3e:2b:b8:58:60:93:37:da:
                    ee:b5:03:d3:c8:a0:b9:a8:43:b9:de:ba:47:65:83:
                    81:ce:76:cc:e2:40:b1:1c:5e:76:55:00:f5:a6:2c:
                    d8:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:E0:D1:8A:EE:CB:24:5E:DD:50:E7:C3:67:3D:88:B5:8F:FD:BD:B6
            X509v3 Authority Key Identifier:
                keyid:1F:B5:C1:BB:AE:D4:4C:8B:6A:E3:F2:B5:66:D0:1C:C2:58:DF:C2:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H7XBu67UTItq4_K1ZtAcwljfws4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/3c4b53-eca3-4599-9d94-d71fc90c7b16/1/xODRiu7LJF7dUOfDZz2ItY_9vbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/3c4b53-eca3-4599-9d94-d71fc90c7b16/1/H7XBu67UTItq4_K1ZtAcwljfws4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f0c::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:85:02:53:3e:c1:43:90:eb:27:56:fe:e6:52:5c:05:57:df:
         73:82:49:89:be:44:94:0a:74:69:72:22:04:66:88:6e:dc:0e:
         90:fe:77:32:65:5e:55:6e:d7:72:7b:33:32:b0:86:62:88:f8:
         2f:7c:e2:fb:34:c6:87:b3:d6:7b:fa:d1:66:b7:b5:c1:f6:eb:
         a4:b0:66:ea:68:fb:25:37:5c:3a:5e:87:9f:a8:1e:a7:0b:86:
         b4:a4:9c:3e:7f:f3:e6:15:88:42:c2:c1:16:98:6b:da:de:e4:
         27:e0:46:02:81:90:50:b1:b9:d0:47:23:43:72:f7:f6:02:26:
         62:77:3f:fc:59:0e:d3:e1:b7:93:75:24:8a:39:99:86:ab:fd:
         ce:e9:61:4c:96:96:a6:f9:77:96:fe:c4:b8:e8:c5:86:48:89:
         24:8a:29:6d:a0:21:e0:54:e1:9b:99:39:48:58:ad:4a:5d:70:
         04:f2:98:2c:85:53:42:b4:71:b2:b8:d1:ec:a4:48:35:ac:31:
         44:76:19:b1:1c:bf:86:65:51:77:dc:19:87:ce:d3:30:d1:1b:
         bf:d9:51:38:ad:e5:50:70:3c:3f:de:29:49:8e:83:8c:32:d7:
         3b:ed:e2:15:b5:a4:3f:69:17:3d:a4:04:30:5d:dd:94:ec:b6:
         b5:4b:fc:6e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHk/2eYRpusFq2Hce6RBJYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmYjVjMWJiYWVkNDRjOGI2YWUzZjJiNTY2ZDAxY2MyNThk
ZmMyY2UwHhcNMjQwMTAyMDAzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGUwZDE4YWVlY2IyNDVlZGQ1MGU3YzM2NzNkODhiNThmZmRiZGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjiAQ0VvzYcGm9HWGUWi8eRFnqJit
ByVdJ4iiMFlpL3Xi0f4Ed80Zk68Un8FVqH0D2VsGYy9EPzBbCK95dJpS+n0Cc9Z9
8YfRNUhBMuRGVwr2cqmLQ7eqRCsX0ircfLHPILR+/vplwwgTcQ16rzwLGYSx5AGi
F+A0+3N2SfJlrDdSswaFD8SeksoFE61DSo/KyH+H6OFnlRrBqTXYE3bBxipcR7nt
WAu+M4no+kTZcsrYpKmmW2Qz0YsHFnyc1Nlr1HsgGeLwh2jEzqsRKcqrvuhHmuzH
3wYnPiu4WGCTN9rutQPTyKC5qEO53rpHZYOBznbM4kCxHF52VQD1pizYAwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMTg0YruyyRe3VDnw2c9iLWP/b22MB8GA1UdIwQY
MBaAFB+1wbuu1EyLauPytWbQHMJY38LOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDdYQnU2N1VUSXRxNF9LMVp0QWN3bGpmd3M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8zYzRiNTMtZWNhMy00NTk5LTlkOTQt
ZDcxZmM5MGM3YjE2LzEveE9EUml1N0xKRjdkVU9mRFp6Mkl0WV85dmJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8zYzRiNTMtZWNhMy00NTk5LTlkOTQtZDcxZmM5MGM3YjE2
LzEvSDdYQnU2N1VUSXRxNF9LMVp0QWN3bGpmd3M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA8M
MA0GCSqGSIb3DQEBCwUAA4IBAQA6hQJTPsFDkOsnVv7mUlwFV99zgkmJvkSUCnRp
ciIEZohu3A6Q/ncyZV5VbtdyezMysIZiiPgvfOL7NMaHs9Z7+tFmt7XB9uuksGbq
aPslN1w6XoefqB6nC4a0pJw+f/PmFYhCwsEWmGva3uQn4EYCgZBQsbnQRyNDcvf2
AiZidz/8WQ7T4beTdSSKOZmGq/3O6WFMlpam+XeW/sS46MWGSIkkiiltoCHgVOGb
mTlIWK1KXXAE8pgshVNCtHGyuNHspEg1rDFEdhmxHL+GZVF33BmHztMw0Ru/2VE4
reVQcDw/3ilJjoOMMtc77eIVtaQ/aRc9pAQwXd2U7La1S/xu
-----END CERTIFICATE-----