Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c06937-93b3-442e-8676-fc43391988f7/1/NR5RvUV1SgP502VnLx5i8eOskRc.roa
File:                     NR5RvUV1SgP502VnLx5i8eOskRc.roa (raw, json)
Hash identifier:          VjDnHHaNhtNvOmxAkIjBZLf9rrdtK30GbGIDY1gyvHk=
Subject key identifier:   35:1E:51:BD:45:75:4A:03:F9:D3:65:67:2F:1E:62:F1:E3:AC:91:17
Certificate issuer:       /CN=e278c4aaa021bed8b926e3591fdf50c8df6bc172
Certificate serial:       018CCA288302E474AB2ED258A43D7BFF2EA8
Authority key identifier: E2:78:C4:AA:A0:21:BE:D8:B9:26:E3:59:1F:DF:50:C8:DF:6B:C1:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4njEqqAhvti5JuNZH99QyN9rwXI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c06937-93b3-442e-8676-fc43391988f7/1/NR5RvUV1SgP502VnLx5i8eOskRc.roa
Signing time:             Tue 02 Jan 2024 12:31:41 +0000
ROA not before:           Tue 02 Jan 2024 12:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207824
IP address blocks:        2001:678:ba4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c06937-93b3-442e-8676-fc43391988f7/1/4njEqqAhvti5JuNZH99QyN9rwXI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c06937-93b3-442e-8676-fc43391988f7/1/4njEqqAhvti5JuNZH99QyN9rwXI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4njEqqAhvti5JuNZH99QyN9rwXI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 01:03:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:83:02:e4:74:ab:2e:d2:58:a4:3d:7b:ff:2e:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e278c4aaa021bed8b926e3591fdf50c8df6bc172
        Validity
            Not Before: Jan  2 12:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=351e51bd45754a03f9d365672f1e62f1e3ac9117
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:0c:3e:db:4e:2a:ef:52:19:6d:a6:53:bf:6a:
                    3f:33:1c:13:4e:92:cd:fd:e3:e1:18:37:c2:73:75:
                    da:3f:a8:d4:8e:ef:50:ff:f7:65:cd:0d:b9:85:e1:
                    e0:bb:18:64:de:d2:aa:30:fc:db:9d:56:6c:bb:91:
                    71:df:d7:ed:93:ac:ec:37:92:d1:94:97:c2:c7:5a:
                    52:21:55:a7:d2:9e:ac:e6:55:29:06:c1:e1:5a:12:
                    bb:91:05:f0:8b:16:21:21:3c:fe:83:6e:84:54:c3:
                    98:02:28:90:b2:b8:4b:d2:d1:ae:31:27:16:48:fd:
                    82:e1:ce:35:1b:f0:bf:94:90:06:f8:ce:a2:d7:27:
                    88:51:24:c3:0b:19:e7:b6:83:13:4e:95:f1:47:6c:
                    13:ad:d0:5f:54:ae:d3:18:6a:03:e2:74:24:21:10:
                    67:3d:9b:91:77:86:d6:37:7c:d5:f0:4c:35:5a:2c:
                    5c:09:75:26:b8:d8:2b:b1:a2:13:6e:93:c6:76:a3:
                    b8:0f:7e:a1:93:a1:55:56:c9:3c:3c:c8:8a:8a:70:
                    c5:d2:c0:94:9a:34:3a:4b:21:98:ef:6b:c6:51:58:
                    68:14:71:65:42:11:f8:51:95:f1:04:0b:ab:f9:93:
                    1b:4d:03:4b:d6:c4:ff:98:75:88:3a:16:82:f7:f2:
                    ee:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:1E:51:BD:45:75:4A:03:F9:D3:65:67:2F:1E:62:F1:E3:AC:91:17
            X509v3 Authority Key Identifier:
                keyid:E2:78:C4:AA:A0:21:BE:D8:B9:26:E3:59:1F:DF:50:C8:DF:6B:C1:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4njEqqAhvti5JuNZH99QyN9rwXI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c06937-93b3-442e-8676-fc43391988f7/1/NR5RvUV1SgP502VnLx5i8eOskRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c06937-93b3-442e-8676-fc43391988f7/1/4njEqqAhvti5JuNZH99QyN9rwXI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:ba4::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:0b:18:24:fb:0e:f5:92:7a:25:fb:b7:ed:dd:53:ba:11:fb:
         a3:e0:8e:b2:6b:88:65:94:76:b6:a8:3a:d7:8c:20:cd:b4:d4:
         7f:51:8c:6d:56:a0:96:92:84:e9:25:32:4a:fe:a4:dc:05:7c:
         49:18:86:c3:0c:ef:89:61:8f:51:27:ca:b5:9a:86:15:89:da:
         df:0a:82:70:56:84:82:a3:17:69:c3:9d:bc:1a:77:a4:d1:e7:
         e8:c5:5e:73:1f:85:46:e9:5d:db:3b:ef:9f:9e:c2:2a:e8:b8:
         50:ba:b9:60:22:db:39:3e:38:21:6d:94:b9:9e:3a:3c:e0:80:
         ee:3e:21:c0:e9:23:39:5f:e4:6f:51:01:07:c5:96:ff:5a:70:
         7e:f6:aa:ee:00:f1:60:38:8b:ee:5b:e2:c0:6e:6e:1a:a8:2a:
         9d:a8:8a:a7:74:87:29:10:18:11:fc:b5:1b:01:5f:3b:e1:d9:
         d2:81:99:be:33:04:70:9c:24:1a:9a:41:2c:5e:36:0c:35:f4:
         82:06:f5:ea:14:77:ef:b1:a5:22:c4:b3:8a:57:10:fd:01:3d:
         c6:a8:04:e7:b4:d1:b4:3b:bd:fd:ce:e0:1e:dd:3a:b6:0f:6f:
         94:d4:6d:7b:71:1e:02:77:9b:29:81:30:12:87:65:50:b0:61:
         85:db:fd:84
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKIMC5HSrLtJYpD17/y6oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyNzhjNGFhYTAyMWJlZDhiOTI2ZTM1OTFmZGY1MGM4ZGY2
YmMxNzIwHhcNMjQwMTAyMTIzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTFlNTFiZDQ1NzU0YTAzZjlkMzY1NjcyZjFlNjJmMWUzYWM5MTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiww+204q71IZbaZTv2o/MxwTTpLN
/ePhGDfCc3XaP6jUju9Q//dlzQ25heHguxhk3tKqMPzbnVZsu5Fx39ftk6zsN5LR
lJfCx1pSIVWn0p6s5lUpBsHhWhK7kQXwixYhITz+g26EVMOYAiiQsrhL0tGuMScW
SP2C4c41G/C/lJAG+M6i1yeIUSTDCxnntoMTTpXxR2wTrdBfVK7TGGoD4nQkIRBn
PZuRd4bWN3zV8Ew1WixcCXUmuNgrsaITbpPGdqO4D36hk6FVVsk8PMiKinDF0sCU
mjQ6SyGY72vGUVhoFHFlQhH4UZXxBAur+ZMbTQNL1sT/mHWIOhaC9/LuUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDUeUb1FdUoD+dNlZy8eYvHjrJEXMB8GA1UdIwQY
MBaAFOJ4xKqgIb7YuSbjWR/fUMjfa8FyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNG5qRXFxQWh2dGk1SnVOWkg5OVF5Tjlyd1hJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jMDY5MzctOTNiMy00NDJlLTg2NzYt
ZmM0MzM5MTk4OGY3LzEvTlI1UnZVVjFTZ1A1MDJWbkx4NWk4ZU9za1JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jMDY5MzctOTNiMy00NDJlLTg2NzYtZmM0MzM5MTk4OGY3
LzEvNG5qRXFxQWh2dGk1SnVOWkg5OVF5Tjlyd1hJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAuk
MA0GCSqGSIb3DQEBCwUAA4IBAQAOCxgk+w71knol+7ft3VO6Efuj4I6ya4hllHa2
qDrXjCDNtNR/UYxtVqCWkoTpJTJK/qTcBXxJGIbDDO+JYY9RJ8q1moYVidrfCoJw
VoSCoxdpw528Gnek0efoxV5zH4VG6V3bO++fnsIq6LhQurlgIts5PjghbZS5njo8
4IDuPiHA6SM5X+RvUQEHxZb/WnB+9qruAPFgOIvuW+LAbm4aqCqdqIqndIcpEBgR
/LUbAV874dnSgZm+MwRwnCQamkEsXjYMNfSCBvXqFHfvsaUixLOKVxD9AT3GqATn
tNG0O739zuAe3Tq2D2+U1G17cR4Cd5spgTASh2VQsGGF2/2E
-----END CERTIFICATE-----