Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/hBdenIeugj7xZcq7WN6tP77fjac.roa
File:                     hBdenIeugj7xZcq7WN6tP77fjac.roa (raw, json)
Hash identifier:          otiboIMiO6AEdS2K0/bxPk1K6RnwVHZlL6Yr4OA17do=
Subject key identifier:   84:17:5E:9C:87:AE:82:3E:F1:65:CA:BB:58:DE:AD:3F:BE:DF:8D:A7
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018CC348975BF738E534CAEC67F62D2BE005
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/hBdenIeugj7xZcq7WN6tP77fjac.roa
Signing time:             Mon 01 Jan 2024 04:29:23 +0000
ROA not before:           Mon 01 Jan 2024 04:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210934
IP address blocks:        2a0d:2686::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:97:5b:f7:38:e5:34:ca:ec:67:f6:2d:2b:e0:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  1 04:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84175e9c87ae823ef165cabb58dead3fbedf8da7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:f2:c8:fe:1f:5e:83:9e:e3:25:62:8d:87:43:
                    79:33:2f:79:11:a1:ea:2a:d3:41:aa:34:bb:1b:2c:
                    08:6b:31:ec:e1:a1:b7:9a:c4:4d:d5:37:39:4b:be:
                    41:42:c2:a7:99:c1:ff:a8:0d:38:27:0e:b4:85:be:
                    3d:44:61:63:21:b4:77:14:1d:81:ec:42:b0:13:bc:
                    2b:8a:6b:70:c1:20:ec:32:4f:95:99:51:38:11:38:
                    ef:f4:09:72:79:a9:01:c8:05:c9:0d:ad:d6:30:61:
                    f4:18:67:78:5b:22:19:59:18:0e:bb:7f:8c:ad:78:
                    ef:85:9a:c5:9d:15:06:cb:7e:dd:df:82:79:3e:53:
                    53:7d:16:24:39:76:33:e5:0d:cf:77:10:76:6b:0a:
                    9b:0f:b5:f6:d5:9c:13:a2:79:9d:5c:36:77:aa:de:
                    ba:b3:12:50:0b:ae:05:43:64:2c:5b:48:5b:06:ef:
                    2e:e7:76:79:eb:fb:9f:28:0e:b3:08:17:e5:f2:38:
                    54:1a:d4:2e:cf:65:75:e8:12:aa:3b:6e:fe:5b:85:
                    f1:2d:83:f2:1c:e7:79:36:66:15:5f:94:9c:d3:b7:
                    64:b8:43:1b:0d:1a:56:a1:bc:7c:41:4a:8e:51:e8:
                    ef:32:d4:b5:c4:9b:88:3e:e7:9d:fd:19:3f:8d:24:
                    b2:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:17:5E:9C:87:AE:82:3E:F1:65:CA:BB:58:DE:AD:3F:BE:DF:8D:A7
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/hBdenIeugj7xZcq7WN6tP77fjac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2686::/32

    Signature Algorithm: sha256WithRSAEncryption
         b1:b1:ce:a2:41:4e:45:ee:3a:81:a9:c2:08:36:3c:83:d3:61:
         d0:2c:b2:64:da:62:40:bc:e6:bc:73:0f:0b:d8:96:b4:24:f2:
         be:f2:d9:a1:b3:5d:94:f2:66:c9:25:90:99:20:3f:b2:82:0a:
         7e:22:c5:14:74:63:7a:99:bf:ce:01:94:0a:5c:d3:05:2b:e7:
         0e:b7:54:31:e4:7d:d7:e3:b4:26:a1:75:fe:28:ba:eb:da:f9:
         ce:22:9e:00:d3:b1:d6:e6:b2:d9:16:69:af:65:7b:85:ad:21:
         5e:b6:4b:08:73:6f:9a:f3:fb:de:5d:90:dc:30:ee:7d:e1:4c:
         86:a1:8d:fc:ce:5b:0c:a0:5d:cb:ac:36:b1:51:e8:a6:29:97:
         02:63:ba:51:c8:32:80:8e:2a:a0:b9:6e:6f:5b:b3:de:1d:7d:
         8d:4a:7e:f8:70:6d:53:e0:3c:9e:45:94:43:1d:3e:d8:1f:d1:
         1b:50:df:3b:e7:82:e6:8a:4c:1e:ed:b3:c1:1b:51:78:c5:5f:
         f7:a3:eb:34:94:21:95:71:f4:62:06:c1:5b:02:7f:51:55:ab:
         32:ef:47:73:54:b0:52:45:66:34:a8:43:7a:9f:66:6b:06:e7:
         b3:f2:ff:a2:56:4b:67:cf:66:8b:67:49:af:26:e3:fa:88:49:
         cd:04:8c:c7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSJdb9zjlNMrsZ/YtK+AFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwMTAxMDQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDE3NWU5Yzg3YWU4MjNlZjE2NWNhYmI1OGRlYWQzZmJlZGY4ZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/LI/h9eg57jJWKNh0N5My95EaHq
KtNBqjS7GywIazHs4aG3msRN1Tc5S75BQsKnmcH/qA04Jw60hb49RGFjIbR3FB2B
7EKwE7wrimtwwSDsMk+VmVE4ETjv9AlyeakByAXJDa3WMGH0GGd4WyIZWRgOu3+M
rXjvhZrFnRUGy37d34J5PlNTfRYkOXYz5Q3PdxB2awqbD7X21ZwTonmdXDZ3qt66
sxJQC64FQ2QsW0hbBu8u53Z56/ufKA6zCBfl8jhUGtQuz2V16BKqO27+W4XxLYPy
HOd5NmYVX5Sc07dkuEMbDRpWobx8QUqOUejvMtS1xJuIPued/Rk/jSSySQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIQXXpyHroI+8WXKu1jerT++342nMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvaEJkZW5JZXVnajd4WmNxN1dONnRQNzdmamFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg0mhjAN
BgkqhkiG9w0BAQsFAAOCAQEAsbHOokFORe46ganCCDY8g9Nh0CyyZNpiQLzmvHMP
C9iWtCTyvvLZobNdlPJmySWQmSA/soIKfiLFFHRjepm/zgGUClzTBSvnDrdUMeR9
1+O0JqF1/ii669r5ziKeANOx1uay2RZpr2V7ha0hXrZLCHNvmvP73l2Q3DDufeFM
hqGN/M5bDKBdy6w2sVHopimXAmO6UcgygI4qoLlub1uz3h19jUp++HBtU+A8nkWU
Qx0+2B/RG1DfO+eC5opMHu2zwRtReMVf96PrNJQhlXH0YgbBWwJ/UVWrMu9Hc1Sw
UkVmNKhDep9mawbns/L/olZLZ89mi2dJrybj+ohJzQSMxw==
-----END CERTIFICATE-----