Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/f7f53d-068c-444e-ad1e-b7c2696bae50/1/RjO51fT85r-koYTpXjlshbHXHog.roa
File:                     RjO51fT85r-koYTpXjlshbHXHog.roa (raw, json)
Hash identifier:          Kek8kyydn6ZpOGEQ2USAxtTtJg4+0Dslg7BUFp4RMxU=
Subject key identifier:   46:33:B9:D5:F4:FC:E6:BF:A4:A1:84:E9:5E:39:6C:85:B1:D7:1E:88
Certificate issuer:       /CN=34d0ec7ac4c391e4ecba9d0a3749191b18ebf934
Certificate serial:       018CC86F197DA0CC7324F3FB2B5A8189D7A0
Authority key identifier: 34:D0:EC:7A:C4:C3:91:E4:EC:BA:9D:0A:37:49:19:1B:18:EB:F9:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NNDsesTDkeTsup0KN0kZGxjr-TQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/f7f53d-068c-444e-ad1e-b7c2696bae50/1/RjO51fT85r-koYTpXjlshbHXHog.roa
Signing time:             Tue 02 Jan 2024 04:29:33 +0000
ROA not before:           Tue 02 Jan 2024 04:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34083
IP address blocks:        178.219.48.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/f7f53d-068c-444e-ad1e-b7c2696bae50/1/NNDsesTDkeTsup0KN0kZGxjr-TQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/f7f53d-068c-444e-ad1e-b7c2696bae50/1/NNDsesTDkeTsup0KN0kZGxjr-TQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NNDsesTDkeTsup0KN0kZGxjr-TQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:19:7d:a0:cc:73:24:f3:fb:2b:5a:81:89:d7:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34d0ec7ac4c391e4ecba9d0a3749191b18ebf934
        Validity
            Not Before: Jan  2 04:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4633b9d5f4fce6bfa4a184e95e396c85b1d71e88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:7e:50:12:e5:c6:c2:8e:fc:3f:72:11:c9:29:
                    9f:eb:ed:4a:84:7e:6a:1a:ea:37:af:69:62:5b:12:
                    e8:7f:bf:6a:3b:ff:cb:78:90:a1:6f:ad:53:05:bf:
                    08:7d:e3:00:84:2b:0c:dd:25:bf:bb:2b:4e:de:24:
                    7e:bb:61:a8:fc:55:50:c0:ad:22:5c:20:02:a6:80:
                    4a:25:a1:ff:ab:c5:ee:f9:4e:27:a0:e3:f2:0d:6c:
                    20:8e:ff:9b:36:21:a2:fe:09:a9:98:fb:59:50:f6:
                    cb:a8:a0:03:b4:d3:3b:d7:13:77:d3:ec:93:67:6b:
                    71:89:03:15:9d:ae:65:b9:88:02:77:bf:f5:51:69:
                    64:a6:22:55:ce:55:0e:cb:f0:d9:11:4c:38:95:62:
                    3c:7a:6e:b5:58:20:fb:98:57:d1:ab:dd:10:df:84:
                    cd:e0:23:1c:00:1b:e3:1f:82:67:60:b6:d5:aa:71:
                    71:23:d1:39:9e:47:d4:90:e2:cd:ff:13:e6:27:51:
                    95:03:73:b9:99:74:f4:b1:1f:12:e0:47:50:5c:56:
                    f1:11:b1:44:9b:23:36:24:d8:d4:f7:4b:64:9d:21:
                    77:da:15:22:d4:5b:30:fd:62:a5:e0:fb:aa:49:11:
                    84:f8:06:ab:ff:be:97:6c:ed:22:6b:7c:ec:d4:cc:
                    a4:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:33:B9:D5:F4:FC:E6:BF:A4:A1:84:E9:5E:39:6C:85:B1:D7:1E:88
            X509v3 Authority Key Identifier:
                keyid:34:D0:EC:7A:C4:C3:91:E4:EC:BA:9D:0A:37:49:19:1B:18:EB:F9:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NNDsesTDkeTsup0KN0kZGxjr-TQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/f7f53d-068c-444e-ad1e-b7c2696bae50/1/RjO51fT85r-koYTpXjlshbHXHog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/f7f53d-068c-444e-ad1e-b7c2696bae50/1/NNDsesTDkeTsup0KN0kZGxjr-TQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.219.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3b:ce:1f:be:e7:4e:2a:15:e5:53:9f:6b:a2:da:0b:ae:e5:bb:
         f2:06:d9:63:61:bb:1c:7b:51:f1:b4:63:f2:34:b8:71:1b:ce:
         fb:d0:f2:52:e6:b5:ed:47:8f:66:ac:62:25:29:f4:b7:34:fc:
         94:ee:ad:c2:ca:14:52:b2:af:4e:09:e6:ea:ec:5b:df:7f:fc:
         d6:1d:5b:0e:93:b4:b5:c8:35:8e:1c:7a:58:30:50:15:08:6b:
         aa:06:a1:57:ff:e3:5b:96:52:59:17:74:f5:54:73:89:ad:f0:
         7a:62:9e:63:05:7a:bc:e0:fe:af:b4:75:c3:9c:6d:66:ef:4a:
         71:ea:f0:22:fd:09:d8:1c:f2:ad:76:0a:f1:22:f3:e6:2a:45:
         9b:c2:ef:6f:82:c8:76:1c:d2:18:6e:27:2b:5c:16:0c:94:43:
         55:e5:3c:2d:78:11:bc:02:88:ec:3b:27:8a:41:30:c3:32:4a:
         39:f5:93:40:78:e4:1e:d2:76:67:64:6b:ab:b6:ca:cf:80:73:
         85:4d:42:68:b5:4d:01:ab:40:cc:c2:8c:73:d2:a6:01:ae:06:
         b8:bf:96:bb:d2:4e:00:9c:24:03:3e:3a:71:e7:dc:b9:5e:65:
         b7:12:9f:2c:c3:d7:fe:34:7f:49:cc:5e:86:9a:c4:9a:59:69:
         32:9e:80:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbxl9oMxzJPP7K1qBidegMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZDBlYzdhYzRjMzkxZTRlY2JhOWQwYTM3NDkxOTFiMThl
YmY5MzQwHhcNMjQwMTAyMDQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjMzYjlkNWY0ZmNlNmJmYTRhMTg0ZTk1ZTM5NmM4NWIxZDcxZTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgX5QEuXGwo78P3IRySmf6+1KhH5q
Guo3r2liWxLof79qO//LeJChb61TBb8IfeMAhCsM3SW/uytO3iR+u2Go/FVQwK0i
XCACpoBKJaH/q8Xu+U4noOPyDWwgjv+bNiGi/gmpmPtZUPbLqKADtNM71xN30+yT
Z2txiQMVna5luYgCd7/1UWlkpiJVzlUOy/DZEUw4lWI8em61WCD7mFfRq90Q34TN
4CMcABvjH4JnYLbVqnFxI9E5nkfUkOLN/xPmJ1GVA3O5mXT0sR8S4EdQXFbxEbFE
myM2JNjU90tknSF32hUi1Fsw/WKl4PuqSRGE+Aar/76XbO0ia3zs1Myk9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYzudX0/Oa/pKGE6V45bIWx1x6IMB8GA1UdIwQY
MBaAFDTQ7HrEw5Hk7LqdCjdJGRsY6/k0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTk5Ec2VzVERrZVRzdXAwS04wa1pHeGpyLVRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9mN2Y1M2QtMDY4Yy00NDRlLWFkMWUt
YjdjMjY5NmJhZTUwLzEvUmpPNTFmVDg1ci1rb1lUcFhqbHNoYkhYSG9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9mN2Y1M2QtMDY4Yy00NDRlLWFkMWUtYjdjMjY5NmJhZTUw
LzEvTk5Ec2VzVERrZVRzdXAwS04wa1pHeGpyLVRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstswMA0G
CSqGSIb3DQEBCwUAA4IBAQA7zh++504qFeVTn2ui2guu5bvyBtljYbsce1HxtGPy
NLhxG8770PJS5rXtR49mrGIlKfS3NPyU7q3CyhRSsq9OCebq7Fvff/zWHVsOk7S1
yDWOHHpYMFAVCGuqBqFX/+NbllJZF3T1VHOJrfB6Yp5jBXq84P6vtHXDnG1m70px
6vAi/QnYHPKtdgrxIvPmKkWbwu9vgsh2HNIYbicrXBYMlENV5TwteBG8AojsOyeK
QTDDMko59ZNAeOQe0nZnZGurtsrPgHOFTUJotU0Bq0DMwoxz0qYBrga4v5a70k4A
nCQDPjpx59y5XmW3Ep8sw9f+NH9JzF6GmsSaWWkynoCF
-----END CERTIFICATE-----