Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/fffcd6-83e2-4c59-b0c6-b7daa647809b/1/eXi21zLDtDDME9Nr8C5-QBZx1IU.roa
File:                     eXi21zLDtDDME9Nr8C5-QBZx1IU.roa (raw, json)
Hash identifier:          gTrtDEBXp5DXLjrTLi5S4Vr7k9Z+7FLWGSVtKN2QpvE=
Subject key identifier:   79:78:B6:D7:32:C3:B4:30:CC:13:D3:6B:F0:2E:7E:40:16:71:D4:85
Certificate issuer:       /CN=a7d9c9db1e1f8860177bffdc58f0efcd99b96ace
Certificate serial:       018CC49323F9B3DFFC2F2546DA6DDDD9C2BC
Authority key identifier: A7:D9:C9:DB:1E:1F:88:60:17:7B:FF:DC:58:F0:EF:CD:99:B9:6A:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p9nJ2x4fiGAXe__cWPDvzZm5as4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/fffcd6-83e2-4c59-b0c6-b7daa647809b/1/eXi21zLDtDDME9Nr8C5-QBZx1IU.roa
Signing time:             Mon 01 Jan 2024 10:30:26 +0000
ROA not before:           Mon 01 Jan 2024 10:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13030
IP address blocks:        2001:67c:924::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/fffcd6-83e2-4c59-b0c6-b7daa647809b/1/p9nJ2x4fiGAXe__cWPDvzZm5as4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/fffcd6-83e2-4c59-b0c6-b7daa647809b/1/p9nJ2x4fiGAXe__cWPDvzZm5as4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p9nJ2x4fiGAXe__cWPDvzZm5as4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:23:f9:b3:df:fc:2f:25:46:da:6d:dd:d9:c2:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7d9c9db1e1f8860177bffdc58f0efcd99b96ace
        Validity
            Not Before: Jan  1 10:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7978b6d732c3b430cc13d36bf02e7e401671d485
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:c7:2f:db:15:d1:21:64:12:6e:8b:86:27:1a:
                    23:e5:60:ff:2d:c0:0f:f4:40:81:35:06:6c:da:e7:
                    f0:b8:d4:73:e7:e3:ba:de:40:26:77:1f:8c:9d:15:
                    8d:5a:9f:ae:c2:7b:2a:7a:58:6d:89:7d:04:40:4f:
                    18:b5:fd:0e:45:09:10:7f:4c:6d:94:f9:37:a8:db:
                    8f:14:33:03:b4:dc:44:aa:92:92:a7:4f:5b:ff:59:
                    43:f0:65:70:6b:31:db:f2:f2:3c:6e:59:23:8e:e5:
                    06:ab:d8:73:16:97:56:22:6b:56:78:87:5c:bb:1f:
                    1f:13:10:6f:3c:8f:77:0c:e7:f2:07:8b:8f:78:f1:
                    c1:dd:6e:7a:50:94:3b:94:bb:09:21:fc:c8:fa:3b:
                    79:34:dc:6d:a6:7d:1f:cf:43:49:1b:58:5f:be:eb:
                    b3:73:ba:ca:9a:58:0b:43:a0:aa:76:1f:cd:89:ac:
                    85:e9:32:0d:e0:55:de:22:d2:e0:d2:c1:66:80:07:
                    94:02:a9:67:f7:f4:f5:57:77:d0:9f:8c:94:14:05:
                    60:1a:7d:fa:84:6e:a3:d7:8b:fd:4c:36:57:66:31:
                    44:3f:da:5a:65:02:96:d0:7c:e1:22:78:c2:10:0b:
                    2e:2f:d4:37:0b:07:b7:f5:aa:ad:77:c2:57:f8:96:
                    72:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:78:B6:D7:32:C3:B4:30:CC:13:D3:6B:F0:2E:7E:40:16:71:D4:85
            X509v3 Authority Key Identifier:
                keyid:A7:D9:C9:DB:1E:1F:88:60:17:7B:FF:DC:58:F0:EF:CD:99:B9:6A:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p9nJ2x4fiGAXe__cWPDvzZm5as4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/fffcd6-83e2-4c59-b0c6-b7daa647809b/1/eXi21zLDtDDME9Nr8C5-QBZx1IU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/fffcd6-83e2-4c59-b0c6-b7daa647809b/1/p9nJ2x4fiGAXe__cWPDvzZm5as4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:924::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:e0:4c:c8:12:00:da:42:bd:69:23:21:b8:13:d3:64:f5:88:
         36:4f:5a:ca:6e:9f:6b:de:34:83:04:59:5e:4e:7a:f4:27:f7:
         7e:fe:59:8d:a0:5b:ad:e1:81:13:e3:49:04:c8:36:4b:69:31:
         1a:c1:37:e2:f6:95:3d:bf:26:6c:63:b7:c7:c1:0e:aa:14:c2:
         67:c1:a0:56:73:58:50:42:cb:2b:a8:0b:1f:25:5f:5e:b1:5b:
         d1:45:3a:48:43:ea:e2:09:f7:81:a4:d2:15:f9:2b:f1:e7:f0:
         55:59:5c:18:8b:a3:76:91:f3:0e:ab:df:f3:ef:96:17:a2:0f:
         1f:31:7f:d1:35:d3:a0:42:a9:45:15:66:c3:d0:12:94:00:5a:
         9b:e5:58:93:30:97:19:ff:15:37:5b:48:c8:36:1a:dc:2e:b2:
         a7:4b:59:72:be:cf:e5:85:a2:a9:8a:44:66:53:13:2b:f9:0d:
         0d:59:05:df:19:59:d7:b1:29:13:5e:3b:7d:6f:59:a4:aa:82:
         61:4e:51:72:70:c4:1e:6e:e7:38:27:b0:05:a0:95:22:0f:d3:
         90:aa:ee:1f:18:d4:d1:64:6b:35:6e:e4:fb:8a:5e:a1:ee:62:
         e9:fd:f0:21:ea:f7:3b:f8:e9:a6:1d:5d:e9:9e:bb:fb:4b:05:
         a7:ce:07:2e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkyP5s9/8LyVG2m3d2cK8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZDljOWRiMWUxZjg4NjAxNzdiZmZkYzU4ZjBlZmNkOTli
OTZhY2UwHhcNMjQwMTAxMTAzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTc4YjZkNzMyYzNiNDMwY2MxM2QzNmJmMDJlN2U0MDE2NzFkNDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ccv2xXRIWQSbouGJxoj5WD/LcAP
9ECBNQZs2ufwuNRz5+O63kAmdx+MnRWNWp+uwnsqelhtiX0EQE8Ytf0ORQkQf0xt
lPk3qNuPFDMDtNxEqpKSp09b/1lD8GVwazHb8vI8blkjjuUGq9hzFpdWImtWeIdc
ux8fExBvPI93DOfyB4uPePHB3W56UJQ7lLsJIfzI+jt5NNxtpn0fz0NJG1hfvuuz
c7rKmlgLQ6Cqdh/NiayF6TIN4FXeItLg0sFmgAeUAqln9/T1V3fQn4yUFAVgGn36
hG6j14v9TDZXZjFEP9paZQKW0HzhInjCEAsuL9Q3Cwe39aqtd8JX+JZyBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHl4ttcyw7QwzBPTa/AufkAWcdSFMB8GA1UdIwQY
MBaAFKfZydseH4hgF3v/3Fjw782ZuWrOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDluSjJ4NGZpR0FYZV9fY1dQRHZ6Wm01YXM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9mZmZjZDYtODNlMi00YzU5LWIwYzYt
YjdkYWE2NDc4MDliLzEvZVhpMjF6TER0RERNRTlOcjhDNS1RQlp4MUlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9mZmZjZDYtODNlMi00YzU5LWIwYzYtYjdkYWE2NDc4MDli
LzEvcDluSjJ4NGZpR0FYZV9fY1dQRHZ6Wm01YXM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAkk
MA0GCSqGSIb3DQEBCwUAA4IBAQAe4EzIEgDaQr1pIyG4E9Nk9Yg2T1rKbp9r3jSD
BFleTnr0J/d+/lmNoFut4YET40kEyDZLaTEawTfi9pU9vyZsY7fHwQ6qFMJnwaBW
c1hQQssrqAsfJV9esVvRRTpIQ+riCfeBpNIV+Svx5/BVWVwYi6N2kfMOq9/z75YX
og8fMX/RNdOgQqlFFWbD0BKUAFqb5ViTMJcZ/xU3W0jINhrcLrKnS1lyvs/lhaKp
ikRmUxMr+Q0NWQXfGVnXsSkTXjt9b1mkqoJhTlFycMQebuc4J7AFoJUiD9OQqu4f
GNTRZGs1buT7il6h7mLp/fAh6vc7+OmmHV3pnrv7SwWnzgcu
-----END CERTIFICATE-----