Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/lNo-NLyjF0REjXxH6hFbDHeVcX8.roa
File:                     lNo-NLyjF0REjXxH6hFbDHeVcX8.roa (raw, json)
Hash identifier:          keEqP3dRcPr2X0XAjhdHL75hoG76hfIa+714fKeTm+o=
Subject key identifier:   94:DA:3E:34:BC:A3:17:44:44:8D:7C:47:EA:11:5B:0C:77:95:71:7F
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018CC348937B8073AD14328C7CCC80CDB162
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/lNo-NLyjF0REjXxH6hFbDHeVcX8.roa
Signing time:             Mon 01 Jan 2024 04:29:22 +0000
ROA not before:           Mon 01 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199684
IP address blocks:        2a0d:2683:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:93:7b:80:73:ad:14:32:8c:7c:cc:80:cd:b1:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  1 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94da3e34bca31744448d7c47ea115b0c7795717f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:9c:8a:62:d0:21:b9:1d:2a:5d:30:fc:a9:a4:
                    ba:41:6a:a4:e9:35:70:22:2b:2c:0c:ef:42:a7:5a:
                    52:f4:13:aa:7d:1f:1d:50:c6:ff:22:32:96:d7:b9:
                    c5:da:d2:73:e7:0c:20:3f:30:23:f6:85:22:8d:1c:
                    d6:5a:54:36:7e:32:9b:5a:37:59:cc:63:c8:f9:11:
                    e1:62:57:b8:ba:a4:2c:65:05:91:97:44:34:9e:5f:
                    43:53:52:74:a8:8e:b1:5a:ff:43:d2:d5:d7:e4:e3:
                    77:8e:1d:cb:4e:ca:ac:20:b7:11:c1:5b:0a:fc:09:
                    e9:fe:3d:a7:e4:1a:dc:6c:dd:7b:8e:ab:7a:db:b1:
                    49:7c:dc:f0:d2:e8:03:0b:8c:40:7a:23:34:cf:d7:
                    1d:c1:77:71:d7:f3:4f:64:7d:1f:b8:12:b3:81:1a:
                    80:5b:a5:e3:83:74:7d:b5:e9:6f:dd:98:22:8a:8e:
                    d2:53:fd:16:b4:fb:1c:36:9f:b7:56:14:55:d2:55:
                    f9:a3:f8:ae:4d:75:28:2f:54:84:30:48:36:d3:85:
                    67:53:1e:4a:25:1e:4e:a6:ec:b9:e6:64:60:e3:79:
                    67:dd:a3:b9:4b:66:1b:55:01:fb:86:26:6c:39:98:
                    a7:78:66:71:72:1f:f1:dc:b2:67:ab:82:9b:bc:9a:
                    2e:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:DA:3E:34:BC:A3:17:44:44:8D:7C:47:EA:11:5B:0C:77:95:71:7F
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/lNo-NLyjF0REjXxH6hFbDHeVcX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2683:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:cd:44:2d:b3:05:4d:e0:c7:02:06:16:c1:86:c7:77:95:9a:
         44:e3:50:36:05:db:f5:e0:37:64:d7:66:30:c3:36:47:12:ca:
         56:4f:f4:50:68:9b:c9:55:5d:7e:63:53:19:a3:30:09:63:65:
         36:13:c0:1c:18:01:79:13:33:fb:ea:72:fa:0c:7a:c1:2e:aa:
         41:db:61:3b:07:c0:a4:88:a4:ae:e3:58:df:e8:79:ef:02:ec:
         b5:fb:68:82:ed:66:d9:13:63:86:01:b4:53:07:41:96:df:f4:
         4b:ba:c3:f0:cb:2d:cb:70:84:5c:63:f2:54:2f:bf:c8:6a:21:
         1c:99:37:e6:b4:a4:12:7a:85:17:db:ab:9e:1e:ad:7c:b8:06:
         f3:4d:5e:39:95:d0:b7:4e:03:ba:ab:e8:2c:ed:25:59:41:76:
         90:c9:63:20:4b:d4:3b:7f:a4:6b:32:57:6d:17:11:03:ad:0b:
         09:6d:24:75:3e:27:44:c5:b2:73:60:ad:2b:dc:3c:e8:3c:31:
         b3:b2:8b:7f:c3:b1:24:12:dd:e4:6f:ac:07:fa:cc:6e:a9:da:
         f0:56:5e:3e:ef:2a:f3:e6:c5:66:89:c6:c3:e2:1a:7c:b9:4f:
         4a:af:b7:3b:28:46:42:dc:11:8a:dc:dc:2b:11:c7:e1:36:8a:
         5b:f8:c0:10
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSJN7gHOtFDKMfMyAzbFiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwMTAxMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGRhM2UzNGJjYTMxNzQ0NDQ4ZDdjNDdlYTExNWIwYzc3OTU3MTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA65yKYtAhuR0qXTD8qaS6QWqk6TVw
IissDO9Cp1pS9BOqfR8dUMb/IjKW17nF2tJz5wwgPzAj9oUijRzWWlQ2fjKbWjdZ
zGPI+RHhYle4uqQsZQWRl0Q0nl9DU1J0qI6xWv9D0tXX5ON3jh3LTsqsILcRwVsK
/Anp/j2n5BrcbN17jqt627FJfNzw0ugDC4xAeiM0z9cdwXdx1/NPZH0fuBKzgRqA
W6Xjg3R9telv3Zgiio7SU/0WtPscNp+3VhRV0lX5o/iuTXUoL1SEMEg204VnUx5K
JR5Opuy55mRg43ln3aO5S2YbVQH7hiZsOZineGZxch/x3LJnq4KbvJou6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJTaPjS8oxdERI18R+oRWwx3lXF/MB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvbE5vLU5MeWpGMFJFalh4SDZoRmJESGVWY1g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg0mgwAC
MA0GCSqGSIb3DQEBCwUAA4IBAQA/zUQtswVN4McCBhbBhsd3lZpE41A2Bdv14Ddk
12YwwzZHEspWT/RQaJvJVV1+Y1MZozAJY2U2E8AcGAF5EzP76nL6DHrBLqpB22E7
B8CkiKSu41jf6HnvAuy1+2iC7WbZE2OGAbRTB0GW3/RLusPwyy3LcIRcY/JUL7/I
aiEcmTfmtKQSeoUX26ueHq18uAbzTV45ldC3TgO6q+gs7SVZQXaQyWMgS9Q7f6Rr
MldtFxEDrQsJbSR1PidExbJzYK0r3DzoPDGzsot/w7EkEt3kb6wH+sxuqdrwVl4+
7yrz5sVmicbD4hp8uU9Kr7c7KEZC3BGK3NwrEcfhNopb+MAQ
-----END CERTIFICATE-----