Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0bda4a-5c10-44db-8f62-ae4fa7f17f9c/1/6xd7OZsqpXRPw4REw0WkAl0kl3Y.roa
File:                     6xd7OZsqpXRPw4REw0WkAl0kl3Y.roa (raw, json)
Hash identifier:          j0atNmUQolhrCpYQ80wO9d4X4RG5z5CDN0vXDNWHhaA=
Subject key identifier:   EB:17:7B:39:9B:2A:A5:74:4F:C3:84:44:C3:45:A4:02:5D:24:97:76
Certificate issuer:       /CN=e709f762e082ead3d6d7e4cae29efbb4d12f575e
Certificate serial:       018CC492F0FB1D0A3F760E72F2BD6BB8D742
Authority key identifier: E7:09:F7:62:E0:82:EA:D3:D6:D7:E4:CA:E2:9E:FB:B4:D1:2F:57:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5wn3YuCC6tPW1-TK4p77tNEvV14.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/0bda4a-5c10-44db-8f62-ae4fa7f17f9c/1/6xd7OZsqpXRPw4REw0WkAl0kl3Y.roa
Signing time:             Mon 01 Jan 2024 10:30:13 +0000
ROA not before:           Mon 01 Jan 2024 10:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62080
IP address blocks:        2001:678:310::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/0bda4a-5c10-44db-8f62-ae4fa7f17f9c/1/5wn3YuCC6tPW1-TK4p77tNEvV14.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/0bda4a-5c10-44db-8f62-ae4fa7f17f9c/1/5wn3YuCC6tPW1-TK4p77tNEvV14.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5wn3YuCC6tPW1-TK4p77tNEvV14.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:f0:fb:1d:0a:3f:76:0e:72:f2:bd:6b:b8:d7:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e709f762e082ead3d6d7e4cae29efbb4d12f575e
        Validity
            Not Before: Jan  1 10:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb177b399b2aa5744fc38444c345a4025d249776
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c2:df:ff:34:28:99:36:f9:b4:1b:63:c7:52:
                    c0:93:08:e9:2a:47:3e:fb:e0:dc:86:ad:41:67:ea:
                    eb:86:cd:1d:b5:bf:75:d7:9b:78:01:bf:8f:bd:3d:
                    64:9e:17:f1:fb:31:fd:e5:b2:40:49:36:a7:e4:68:
                    54:93:d3:f8:3b:7d:f5:b2:3b:cb:c6:6a:7e:bd:6a:
                    1b:db:fc:cf:56:33:c7:aa:fa:01:bb:f0:9d:6e:b0:
                    cc:d2:cf:15:3d:19:ff:da:2f:7f:e3:48:ca:11:dd:
                    b6:b4:f1:fe:7c:96:50:f5:00:10:46:af:eb:e9:a5:
                    5a:ab:98:a7:6e:4e:e6:5e:fe:de:09:7f:03:c0:dc:
                    0f:45:0c:ca:e8:c7:83:68:b4:82:e3:c8:0e:17:d0:
                    72:5d:ae:0b:e1:c4:96:c5:8d:5a:8f:b8:f4:70:6f:
                    52:fe:a6:45:7d:45:c1:5b:ff:32:5a:a5:5a:99:9c:
                    f2:fc:76:f3:1e:e9:02:3a:e7:a1:68:1d:4e:1f:72:
                    7d:d2:a0:fe:98:02:68:24:2b:d1:11:ca:63:e1:a3:
                    75:d4:4f:e3:da:62:38:c6:f7:91:3f:b0:81:c8:23:
                    07:bd:64:86:fd:62:be:18:87:c1:d6:0a:b1:45:e9:
                    d9:91:d5:46:b3:48:13:b8:3f:a3:76:51:a4:04:eb:
                    cd:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:17:7B:39:9B:2A:A5:74:4F:C3:84:44:C3:45:A4:02:5D:24:97:76
            X509v3 Authority Key Identifier:
                keyid:E7:09:F7:62:E0:82:EA:D3:D6:D7:E4:CA:E2:9E:FB:B4:D1:2F:57:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5wn3YuCC6tPW1-TK4p77tNEvV14.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0bda4a-5c10-44db-8f62-ae4fa7f17f9c/1/6xd7OZsqpXRPw4REw0WkAl0kl3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0bda4a-5c10-44db-8f62-ae4fa7f17f9c/1/5wn3YuCC6tPW1-TK4p77tNEvV14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:310::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:f0:76:b4:de:80:c1:85:5c:82:4b:d1:8f:ed:df:3f:f9:d5:
         e1:77:74:18:4c:42:6f:7e:52:3e:44:21:9f:d0:31:2d:20:5d:
         74:f5:ea:98:2f:80:69:59:e2:85:73:88:49:73:60:a4:4d:c5:
         3f:e4:7d:97:33:66:5a:e2:c4:91:d6:d6:9d:f4:28:43:89:06:
         41:d1:27:ed:1e:a0:01:0d:55:f2:a9:2c:12:c0:7e:45:48:af:
         9d:bc:62:9c:0b:bd:19:e6:e8:e2:09:1c:8e:fa:ed:4e:56:09:
         e3:17:a9:42:09:af:16:d6:53:4a:00:57:bf:45:74:1f:52:20:
         66:13:e0:f0:20:14:0f:f2:1e:5f:13:20:6c:4b:67:3f:1c:cd:
         f8:b6:22:76:07:6b:48:cb:0d:8e:aa:42:0b:c2:22:86:e4:d1:
         34:4f:f0:18:eb:ab:7c:09:e7:1a:e8:6b:d5:9d:27:be:30:d2:
         1e:4e:52:59:d3:af:cb:54:76:fc:2d:84:5f:c5:cb:ff:22:61:
         b4:95:5c:7f:b7:9c:42:9e:98:71:4d:04:b4:2f:b1:3e:4f:d7:
         ad:80:d3:60:a9:ed:90:39:af:8e:bd:1a:e5:d5:3b:58:5b:ea:
         e4:7d:2e:3f:c8:19:3e:0e:9a:a2:8a:7e:54:11:94:d4:66:a9:
         6b:2f:16:b1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkvD7HQo/dg5y8r1ruNdCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MDlmNzYyZTA4MmVhZDNkNmQ3ZTRjYWUyOWVmYmI0ZDEy
ZjU3NWUwHhcNMjQwMTAxMTAzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjE3N2IzOTliMmFhNTc0NGZjMzg0NDRjMzQ1YTQwMjVkMjQ5Nzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcLf/zQomTb5tBtjx1LAkwjpKkc+
++Dchq1BZ+rrhs0dtb9115t4Ab+PvT1knhfx+zH95bJASTan5GhUk9P4O331sjvL
xmp+vWob2/zPVjPHqvoBu/CdbrDM0s8VPRn/2i9/40jKEd22tPH+fJZQ9QAQRq/r
6aVaq5inbk7mXv7eCX8DwNwPRQzK6MeDaLSC48gOF9ByXa4L4cSWxY1aj7j0cG9S
/qZFfUXBW/8yWqVamZzy/HbzHukCOuehaB1OH3J90qD+mAJoJCvREcpj4aN11E/j
2mI4xveRP7CByCMHvWSG/WK+GIfB1gqxRenZkdVGs0gTuD+jdlGkBOvN6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOsXezmbKqV0T8OERMNFpAJdJJd2MB8GA1UdIwQY
MBaAFOcJ92LggurT1tfkyuKe+7TRL1deMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXduM1l1Q0M2dFBXMS1USzRwNzd0TkV2VjE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8wYmRhNGEtNWMxMC00NGRiLThmNjIt
YWU0ZmE3ZjE3ZjljLzEvNnhkN09ac3FwWFJQdzRSRXcwV2tBbDBrbDNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8wYmRhNGEtNWMxMC00NGRiLThmNjItYWU0ZmE3ZjE3Zjlj
LzEvNXduM1l1Q0M2dFBXMS1USzRwNzd0TkV2VjE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAMQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCJ8Ha03oDBhVyCS9GP7d8/+dXhd3QYTEJvflI+
RCGf0DEtIF109eqYL4BpWeKFc4hJc2CkTcU/5H2XM2Za4sSR1tad9ChDiQZB0Sft
HqABDVXyqSwSwH5FSK+dvGKcC70Z5ujiCRyO+u1OVgnjF6lCCa8W1lNKAFe/RXQf
UiBmE+DwIBQP8h5fEyBsS2c/HM34tiJ2B2tIyw2OqkILwiKG5NE0T/AY66t8Ceca
6GvVnSe+MNIeTlJZ06/LVHb8LYRfxcv/ImG0lVx/t5xCnphxTQS0L7E+T9etgNNg
qe2QOa+OvRrl1TtYW+rkfS4/yBk+Dpqiin5UEZTUZqlrLxax
-----END CERTIFICATE-----