Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/51f699-a0a2-434b-89b8-5339f37ffc77/1/DlNth4WDDnp_cYUUCN_K7LkBW9E.roa
File:                     DlNth4WDDnp_cYUUCN_K7LkBW9E.roa (raw, json)
Hash identifier:          OGpkpSV6rU+yQpISzF8Kg33mzYERO6m8OhJ2g7bFAMo=
Subject key identifier:   0E:53:6D:87:85:83:0E:7A:7F:71:85:14:08:DF:CA:EC:B9:01:5B:D1
Certificate issuer:       /CN=9b5841b07ccf6399799b3586a1b22885923df8bf
Certificate serial:       018CC86F66E16318104C854FA6CD68DA8994
Authority key identifier: 9B:58:41:B0:7C:CF:63:99:79:9B:35:86:A1:B2:28:85:92:3D:F8:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m1hBsHzPY5l5mzWGobIohZI9-L8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/51f699-a0a2-434b-89b8-5339f37ffc77/1/DlNth4WDDnp_cYUUCN_K7LkBW9E.roa
Signing time:             Tue 02 Jan 2024 04:29:53 +0000
ROA not before:           Tue 02 Jan 2024 04:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42135
IP address blocks:        2001:678:494::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/51f699-a0a2-434b-89b8-5339f37ffc77/1/m1hBsHzPY5l5mzWGobIohZI9-L8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/51f699-a0a2-434b-89b8-5339f37ffc77/1/m1hBsHzPY5l5mzWGobIohZI9-L8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m1hBsHzPY5l5mzWGobIohZI9-L8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:66:e1:63:18:10:4c:85:4f:a6:cd:68:da:89:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b5841b07ccf6399799b3586a1b22885923df8bf
        Validity
            Not Before: Jan  2 04:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e536d8785830e7a7f71851408dfcaecb9015bd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:23:af:bd:54:cf:af:b0:5d:a6:df:1a:0c:c3:
                    f7:bc:e0:ce:46:e4:b3:2c:65:e5:66:58:48:cc:39:
                    af:41:da:b3:da:6b:ac:a9:0e:fb:0d:eb:b8:00:98:
                    bf:b0:a8:83:f5:68:ce:f8:b0:1e:c3:58:79:fa:04:
                    1b:eb:ad:71:c7:c2:72:7d:95:49:c4:45:53:39:af:
                    44:36:8f:66:3d:1c:ee:1b:75:b2:f5:88:c3:0f:cf:
                    db:08:4b:c3:58:33:78:8d:f0:65:3f:4c:d0:7a:58:
                    8d:60:83:0c:6a:fd:56:5a:66:e4:64:ec:b3:3a:fb:
                    87:44:c8:29:f0:ef:5a:ba:f8:e0:13:c2:72:33:8a:
                    41:82:d7:b5:81:d5:0c:0c:fb:94:8b:20:e6:69:2f:
                    a8:09:8d:01:33:53:19:ca:5d:4e:27:16:fc:25:2d:
                    f4:f7:17:99:a4:37:8b:0b:7a:16:20:2b:1e:98:9f:
                    55:b4:71:d1:ed:20:b3:e0:60:8e:4e:44:c8:60:96:
                    b4:b5:40:1e:60:08:fc:e1:9e:59:c4:4b:e8:b4:a0:
                    2b:4b:e8:5f:58:f6:31:f6:bd:7d:bb:50:0e:4e:7c:
                    3f:9c:40:22:a5:8a:12:d4:62:07:59:d3:09:01:38:
                    68:b1:e1:04:f6:93:f8:2e:2e:ca:dd:3b:96:db:1f:
                    59:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:53:6D:87:85:83:0E:7A:7F:71:85:14:08:DF:CA:EC:B9:01:5B:D1
            X509v3 Authority Key Identifier:
                keyid:9B:58:41:B0:7C:CF:63:99:79:9B:35:86:A1:B2:28:85:92:3D:F8:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m1hBsHzPY5l5mzWGobIohZI9-L8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/51f699-a0a2-434b-89b8-5339f37ffc77/1/DlNth4WDDnp_cYUUCN_K7LkBW9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/51f699-a0a2-434b-89b8-5339f37ffc77/1/m1hBsHzPY5l5mzWGobIohZI9-L8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:494::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:49:84:90:38:d7:08:c7:30:97:89:1d:ef:25:98:92:18:b1:
         d1:b0:9a:06:68:b7:14:ca:62:f5:86:0e:87:47:0f:b5:1a:96:
         37:39:83:a4:f7:8f:97:95:d8:99:3d:7f:e6:d9:e0:6c:0e:c8:
         2c:ad:93:72:d0:42:d5:24:eb:64:a6:20:a4:75:20:30:03:65:
         13:2c:eb:f1:0c:7c:6a:3f:3d:9f:3a:a5:82:0e:49:88:3c:ad:
         7d:4e:50:e5:12:53:c6:69:ff:96:ce:c9:62:6b:ed:7e:bd:54:
         45:0a:30:06:6c:91:59:af:f2:fc:bb:47:5d:cc:10:23:c9:c7:
         3f:ab:34:5d:a4:11:b3:c2:ea:bf:c1:a3:c3:2c:1a:00:c8:b6:
         6d:ed:3e:f1:03:95:47:a6:18:8b:09:25:6e:34:9e:a5:7f:60:
         ff:39:2e:73:82:6b:eb:e3:8d:b3:84:68:a2:8d:50:4d:8c:e9:
         c0:e8:40:15:12:f7:30:b1:b4:11:3f:83:74:47:db:ec:16:94:
         7f:79:6b:36:74:54:87:00:d8:6f:af:2e:65:12:3f:8e:93:ed:
         9b:44:a5:77:da:ad:56:e5:9d:d9:a0:0c:bf:ef:19:cb:d3:b0:
         27:f8:c1:dd:83:3c:a9:79:a1:1c:3c:e6:cb:19:72:3d:92:18:
         f5:a4:d1:6a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb2bhYxgQTIVPps1o2omUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNTg0MWIwN2NjZjYzOTk3OTliMzU4NmExYjIyODg1OTIz
ZGY4YmYwHhcNMjQwMTAyMDQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTUzNmQ4Nzg1ODMwZTdhN2Y3MTg1MTQwOGRmY2FlY2I5MDE1YmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCOvvVTPr7Bdpt8aDMP3vODORuSz
LGXlZlhIzDmvQdqz2musqQ77Deu4AJi/sKiD9WjO+LAew1h5+gQb661xx8JyfZVJ
xEVTOa9ENo9mPRzuG3Wy9YjDD8/bCEvDWDN4jfBlP0zQeliNYIMMav1WWmbkZOyz
OvuHRMgp8O9auvjgE8JyM4pBgte1gdUMDPuUiyDmaS+oCY0BM1MZyl1OJxb8JS30
9xeZpDeLC3oWICsemJ9VtHHR7SCz4GCOTkTIYJa0tUAeYAj84Z5ZxEvotKArS+hf
WPYx9r19u1AOTnw/nEAipYoS1GIHWdMJAThoseEE9pP4Li7K3TuW2x9ZBwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA5TbYeFgw56f3GFFAjfyuy5AVvRMB8GA1UdIwQY
MBaAFJtYQbB8z2OZeZs1hqGyKIWSPfi/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTFoQnNIelBZNWw1bXpXR29iSW9oWkk5LUw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi81MWY2OTktYTBhMi00MzRiLTg5Yjgt
NTMzOWYzN2ZmYzc3LzEvRGxOdGg0V0REbnBfY1lVVUNOX0s3TGtCVzlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi81MWY2OTktYTBhMi00MzRiLTg5YjgtNTMzOWYzN2ZmYzc3
LzEvbTFoQnNIelBZNWw1bXpXR29iSW9oWkk5LUw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeASU
MA0GCSqGSIb3DQEBCwUAA4IBAQAGSYSQONcIxzCXiR3vJZiSGLHRsJoGaLcUymL1
hg6HRw+1GpY3OYOk94+XldiZPX/m2eBsDsgsrZNy0ELVJOtkpiCkdSAwA2UTLOvx
DHxqPz2fOqWCDkmIPK19TlDlElPGaf+Wzslia+1+vVRFCjAGbJFZr/L8u0ddzBAj
ycc/qzRdpBGzwuq/waPDLBoAyLZt7T7xA5VHphiLCSVuNJ6lf2D/OS5zgmvr442z
hGiijVBNjOnA6EAVEvcwsbQRP4N0R9vsFpR/eWs2dFSHANhvry5lEj+Ok+2bRKV3
2q1W5Z3ZoAy/7xnL07An+MHdgzypeaEcPObLGXI9khj1pNFq
-----END CERTIFICATE-----