Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/5ca07a-b242-4144-a264-7d547ec84114/1/c5jDyf2T7cmmTjlDP2qfuovcf1s.roa
File:                     c5jDyf2T7cmmTjlDP2qfuovcf1s.roa (raw, json)
Hash identifier:          /7k6+n4yQd+lKw16GLBaRdTjEqeg/oz37Losv0vXuEc=
Subject key identifier:   73:98:C3:C9:FD:93:ED:C9:A6:4E:39:43:3F:6A:9F:BA:8B:DC:7F:5B
Certificate issuer:       /CN=e6bb4b9e8df6d664efcb77b410415c834a617782
Certificate serial:       0190BD116D16989C80813C6CA23DD5E896CB
Authority key identifier: E6:BB:4B:9E:8D:F6:D6:64:EF:CB:77:B4:10:41:5C:83:4A:61:77:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5rtLno321mTvy3e0EEFcg0phd4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/5ca07a-b242-4144-a264-7d547ec84114/1/c5jDyf2T7cmmTjlDP2qfuovcf1s.roa
Signing time:             Tue 16 Jul 2024 19:42:34 +0000
ROA not before:           Tue 16 Jul 2024 19:42:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214517
IP address blocks:        2001:678:3b4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/5ca07a-b242-4144-a264-7d547ec84114/1/5rtLno321mTvy3e0EEFcg0phd4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/5ca07a-b242-4144-a264-7d547ec84114/1/5rtLno321mTvy3e0EEFcg0phd4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5rtLno321mTvy3e0EEFcg0phd4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bd:11:6d:16:98:9c:80:81:3c:6c:a2:3d:d5:e8:96:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6bb4b9e8df6d664efcb77b410415c834a617782
        Validity
            Not Before: Jul 16 19:42:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7398c3c9fd93edc9a64e39433f6a9fba8bdc7f5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:bb:f4:62:9e:20:ab:4c:16:4c:03:6a:ec:10:
                    8d:f3:70:64:72:86:b8:99:c1:83:6f:a7:1c:c5:d7:
                    28:d7:77:13:23:76:b4:27:92:3c:25:0c:00:48:27:
                    d1:42:33:dc:1b:ee:3a:dc:b4:90:ce:c4:13:35:b9:
                    5e:d6:5d:f6:8a:1c:71:f1:98:47:59:bf:be:28:ea:
                    9f:31:56:57:3f:77:a0:5d:09:71:cb:85:d2:5f:13:
                    08:4e:fb:8e:1e:4a:73:4b:fd:50:f6:85:d5:b9:16:
                    d0:4b:01:8e:9b:21:d2:b7:79:29:78:1b:ef:62:6f:
                    c7:77:da:6f:fd:2c:ce:75:44:c0:75:c1:6c:5a:93:
                    de:60:59:a4:0f:94:a7:42:5e:20:dc:3f:12:65:f0:
                    ed:28:4e:01:f3:cc:3f:1c:85:4d:5e:7e:b8:8f:77:
                    da:26:89:18:a9:f7:bd:33:0c:f6:7b:6c:de:4c:ed:
                    d9:84:88:8f:8e:a8:49:f7:f7:91:1a:6c:9e:6c:17:
                    01:8f:04:ba:02:a6:72:25:b4:7f:4b:54:61:22:c8:
                    34:5f:a1:e2:8e:f4:19:2a:4c:57:ba:e8:65:a3:81:
                    b3:03:bf:75:19:9e:6f:44:71:27:8c:23:6c:37:ba:
                    12:85:75:f1:de:94:14:94:d4:ce:f2:c8:27:19:5c:
                    82:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:98:C3:C9:FD:93:ED:C9:A6:4E:39:43:3F:6A:9F:BA:8B:DC:7F:5B
            X509v3 Authority Key Identifier:
                keyid:E6:BB:4B:9E:8D:F6:D6:64:EF:CB:77:B4:10:41:5C:83:4A:61:77:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5rtLno321mTvy3e0EEFcg0phd4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/5ca07a-b242-4144-a264-7d547ec84114/1/c5jDyf2T7cmmTjlDP2qfuovcf1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/5ca07a-b242-4144-a264-7d547ec84114/1/5rtLno321mTvy3e0EEFcg0phd4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:3b4::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:b6:a6:13:b3:d4:ed:43:98:89:0d:70:d8:34:3c:11:b8:ab:
         ae:8c:7a:d3:6e:be:80:b6:09:0f:5c:39:d0:f2:41:46:2a:47:
         16:24:ba:f7:40:8b:7c:6f:dd:07:9d:8a:b0:7a:55:57:fc:ad:
         27:fa:3c:cf:c0:b5:36:94:31:f9:d7:d6:a9:a3:c2:1f:00:72:
         f7:b1:22:6f:fa:f1:d2:7c:0d:57:b9:2e:aa:5d:6b:d4:aa:47:
         3b:7e:7a:58:3c:03:7c:59:13:86:5d:25:45:ce:dd:20:8c:54:
         62:72:27:ee:3b:15:39:4b:2d:29:ff:83:37:7c:9c:e1:4f:f9:
         a0:30:7e:ab:9b:78:7c:27:e2:2b:98:7f:53:a6:f0:4e:be:28:
         cb:d5:54:fe:d9:eb:ed:23:13:95:5b:4f:f9:49:f9:eb:20:1c:
         91:39:6f:70:6c:2b:6f:27:33:68:69:b2:4b:ba:80:9b:f7:c7:
         9d:7d:de:fa:33:7c:53:ed:c4:6d:3f:96:eb:ae:dc:69:87:bb:
         fe:0c:30:cc:fa:af:4d:f1:0a:dc:dc:5f:81:64:be:2e:7e:8a:
         e6:42:28:f1:2b:59:79:14:38:2f:a4:69:f1:cc:54:d3:45:fa:
         40:29:b6:9e:71:d2:54:27:2b:95:b6:fd:26:7c:47:6d:04:09:
         52:41:fa:45
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZC9EW0WmJyAgTxsoj3V6JbLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2YmI0YjllOGRmNmQ2NjRlZmNiNzdiNDEwNDE1YzgzNGE2
MTc3ODIwHhcNMjQwNzE2MTk0MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mzk4YzNjOWZkOTNlZGM5YTY0ZTM5NDMzZjZhOWZiYThiZGM3ZjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rv0Yp4gq0wWTANq7BCN83Bkcoa4
mcGDb6ccxdco13cTI3a0J5I8JQwASCfRQjPcG+463LSQzsQTNble1l32ihxx8ZhH
Wb++KOqfMVZXP3egXQlxy4XSXxMITvuOHkpzS/1Q9oXVuRbQSwGOmyHSt3kpeBvv
Ym/Hd9pv/SzOdUTAdcFsWpPeYFmkD5SnQl4g3D8SZfDtKE4B88w/HIVNXn64j3fa
JokYqfe9Mwz2e2zeTO3ZhIiPjqhJ9/eRGmyebBcBjwS6AqZyJbR/S1RhIsg0X6Hi
jvQZKkxXuuhlo4GzA791GZ5vRHEnjCNsN7oShXXx3pQUlNTO8sgnGVyC0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHOYw8n9k+3Jpk45Qz9qn7qL3H9bMB8GA1UdIwQY
MBaAFOa7S56N9tZk78t3tBBBXINKYXeCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXJ0TG5vMzIxbVR2eTNlMEVFRmNnMHBoZDRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC81Y2EwN2EtYjI0Mi00MTQ0LWEyNjQt
N2Q1NDdlYzg0MTE0LzEvYzVqRHlmMlQ3Y21tVGpsRFAycWZ1b3ZjZjFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC81Y2EwN2EtYjI0Mi00MTQ0LWEyNjQtN2Q1NDdlYzg0MTE0
LzEvNXJ0TG5vMzIxbVR2eTNlMEVFRmNnMHBoZDRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAO0
MA0GCSqGSIb3DQEBCwUAA4IBAQBJtqYTs9TtQ5iJDXDYNDwRuKuujHrTbr6AtgkP
XDnQ8kFGKkcWJLr3QIt8b90HnYqwelVX/K0n+jzPwLU2lDH519apo8IfAHL3sSJv
+vHSfA1XuS6qXWvUqkc7fnpYPAN8WROGXSVFzt0gjFRicifuOxU5Sy0p/4M3fJzh
T/mgMH6rm3h8J+IrmH9TpvBOvijL1VT+2evtIxOVW0/5SfnrIByROW9wbCtvJzNo
abJLuoCb98edfd76M3xT7cRtP5brrtxph7v+DDDM+q9N8Qrc3F+BZL4uformQijx
K1l5FDgvpGnxzFTTRfpAKbaecdJUJyuVtv0mfEdtBAlSQfpF
-----END CERTIFICATE-----