Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/0f2da9-f3d5-4ab4-babe-79d91ef827ce/1/3tE4zvO6gSzyLMFF4MXXoASLpA4.roa
File:                     3tE4zvO6gSzyLMFF4MXXoASLpA4.roa (raw, json)
Hash identifier:          3E9RDxc5PYhWnlQIdofpIArxZ74CR9sxdpQ9kRbZ6aQ=
Subject key identifier:   DE:D1:38:CE:F3:BA:81:2C:F2:2C:C1:45:E0:C5:D7:A0:04:8B:A4:0E
Certificate issuer:       /CN=0a35575b9947ace25ce87774c82775f18977fd19
Certificate serial:       018CC725A96042DB4BFDF34D25B4B5E0B50E
Authority key identifier: 0A:35:57:5B:99:47:AC:E2:5C:E8:77:74:C8:27:75:F1:89:77:FD:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CjVXW5lHrOJc6Hd0yCd18Yl3_Rk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/0f2da9-f3d5-4ab4-babe-79d91ef827ce/1/3tE4zvO6gSzyLMFF4MXXoASLpA4.roa
Signing time:             Mon 01 Jan 2024 22:29:43 +0000
ROA not before:           Mon 01 Jan 2024 22:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     766
IP address blocks:        2001:678:508::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/0f2da9-f3d5-4ab4-babe-79d91ef827ce/1/CjVXW5lHrOJc6Hd0yCd18Yl3_Rk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/0f2da9-f3d5-4ab4-babe-79d91ef827ce/1/CjVXW5lHrOJc6Hd0yCd18Yl3_Rk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CjVXW5lHrOJc6Hd0yCd18Yl3_Rk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:a9:60:42:db:4b:fd:f3:4d:25:b4:b5:e0:b5:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a35575b9947ace25ce87774c82775f18977fd19
        Validity
            Not Before: Jan  1 22:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ded138cef3ba812cf22cc145e0c5d7a0048ba40e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4c:79:70:e8:5f:1c:f5:8c:25:e9:ce:3c:b8:
                    f6:a1:9a:07:f4:ed:45:25:e9:7c:c3:c9:f2:04:7e:
                    a5:45:19:c9:30:34:ac:55:7d:f4:6f:29:b8:00:c4:
                    7a:20:09:3e:da:c0:31:83:32:f7:97:37:87:b7:48:
                    c7:04:11:7c:b0:be:ea:eb:48:64:be:02:d4:78:ec:
                    98:83:7c:8b:aa:be:5d:29:ae:84:f7:e9:f8:53:02:
                    54:95:ee:2a:93:90:c4:39:bb:71:c3:ba:1e:bc:2f:
                    4f:0b:b8:29:9f:03:36:96:98:ad:3c:5d:9d:26:6a:
                    28:c0:13:1d:c2:41:91:5c:b4:b7:09:02:8c:dd:13:
                    01:60:a0:99:72:41:47:cf:84:4c:78:38:9b:42:5f:
                    58:62:eb:d7:be:fc:57:a8:7d:f7:75:fc:8c:2c:ac:
                    77:26:ff:5f:9e:5d:cc:f0:a7:00:6a:d6:05:e3:2d:
                    2f:69:37:46:95:c0:ba:af:65:2e:77:f9:99:79:fd:
                    2a:db:02:60:17:bb:3b:21:8f:6c:75:86:c8:f7:b6:
                    7f:8b:7a:82:e1:78:69:0b:39:4b:70:c1:07:5d:c4:
                    e9:7b:64:77:9a:a9:9d:b4:97:77:01:34:56:9f:21:
                    ff:79:32:1e:57:25:3f:49:b0:9a:7a:64:3b:39:38:
                    d5:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:D1:38:CE:F3:BA:81:2C:F2:2C:C1:45:E0:C5:D7:A0:04:8B:A4:0E
            X509v3 Authority Key Identifier:
                keyid:0A:35:57:5B:99:47:AC:E2:5C:E8:77:74:C8:27:75:F1:89:77:FD:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjVXW5lHrOJc6Hd0yCd18Yl3_Rk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/0f2da9-f3d5-4ab4-babe-79d91ef827ce/1/3tE4zvO6gSzyLMFF4MXXoASLpA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/0f2da9-f3d5-4ab4-babe-79d91ef827ce/1/CjVXW5lHrOJc6Hd0yCd18Yl3_Rk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:508::/48

    Signature Algorithm: sha256WithRSAEncryption
         b5:63:7d:be:2a:4a:46:a8:7b:d2:a6:78:fd:51:58:c1:7b:ff:
         d0:43:89:ac:b8:0e:d1:0a:86:ac:68:29:ba:c4:96:01:9c:37:
         64:45:1f:39:3b:ea:5a:b5:0d:5b:00:c3:49:66:2f:b7:ae:22:
         77:cf:c2:e1:2e:58:38:39:76:4f:3d:1c:a4:58:63:84:42:97:
         78:f5:5e:52:a0:a4:4a:4e:a8:00:ed:c6:13:75:3a:d8:b3:fc:
         60:aa:1b:fc:41:55:14:08:cb:01:4d:b4:1a:03:d4:4f:df:f5:
         b8:3a:b6:78:52:49:23:40:52:a3:2f:f1:11:10:50:7a:7f:78:
         c3:6a:fa:72:d1:90:62:73:80:90:99:03:0a:f9:06:df:b9:fb:
         05:ef:54:da:de:82:bf:9f:61:ac:66:84:9e:19:0c:d8:11:62:
         14:96:0e:6f:60:57:65:d2:8c:46:07:d5:87:73:fc:ac:49:ec:
         e9:7c:47:60:ee:9e:3e:d4:29:8b:0c:8d:a7:3c:83:71:1f:b1:
         d6:1f:fa:13:02:30:82:ae:00:83:e6:15:c2:c8:64:27:ca:af:
         38:8c:a3:5d:97:40:d3:e2:c0:b7:a7:b7:cd:c9:8b:3c:c4:39:
         42:3a:3c:33:b5:2d:7f:a0:6f:0c:e4:d9:84:2c:ef:1c:c5:07:
         61:f1:68:8e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJalgQttL/fNNJbS14LUOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzU1NzViOTk0N2FjZTI1Y2U4Nzc3NGM4Mjc3NWYxODk3
N2ZkMTkwHhcNMjQwMTAxMjIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWQxMzhjZWYzYmE4MTJjZjIyY2MxNDVlMGM1ZDdhMDA0OGJhNDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEx5cOhfHPWMJenOPLj2oZoH9O1F
Jel8w8nyBH6lRRnJMDSsVX30bym4AMR6IAk+2sAxgzL3lzeHt0jHBBF8sL7q60hk
vgLUeOyYg3yLqr5dKa6E9+n4UwJUle4qk5DEObtxw7oevC9PC7gpnwM2lpitPF2d
JmoowBMdwkGRXLS3CQKM3RMBYKCZckFHz4RMeDibQl9YYuvXvvxXqH33dfyMLKx3
Jv9fnl3M8KcAatYF4y0vaTdGlcC6r2Uud/mZef0q2wJgF7s7IY9sdYbI97Z/i3qC
4XhpCzlLcMEHXcTpe2R3mqmdtJd3ATRWnyH/eTIeVyU/SbCaemQ7OTjV5QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN7ROM7zuoEs8izBReDF16AEi6QOMB8GA1UdIwQY
MBaAFAo1V1uZR6ziXOh3dMgndfGJd/0ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2pWWFc1bEhyT0pjNkhkMHlDZDE4WWwzX1JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8wZjJkYTktZjNkNS00YWI0LWJhYmUt
NzlkOTFlZjgyN2NlLzEvM3RFNHp2TzZnU3p5TE1GRjRNWFhvQVNMcEE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8wZjJkYTktZjNkNS00YWI0LWJhYmUtNzlkOTFlZjgyN2Nl
LzEvQ2pWWFc1bEhyT0pjNkhkMHlDZDE4WWwzX1JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAUI
MA0GCSqGSIb3DQEBCwUAA4IBAQC1Y32+KkpGqHvSpnj9UVjBe//QQ4msuA7RCoas
aCm6xJYBnDdkRR85O+patQ1bAMNJZi+3riJ3z8LhLlg4OXZPPRykWGOEQpd49V5S
oKRKTqgA7cYTdTrYs/xgqhv8QVUUCMsBTbQaA9RP3/W4OrZ4UkkjQFKjL/EREFB6
f3jDavpy0ZBic4CQmQMK+QbfufsF71Ta3oK/n2GsZoSeGQzYEWIUlg5vYFdl0oxG
B9WHc/ysSezpfEdg7p4+1CmLDI2nPINxH7HWH/oTAjCCrgCD5hXCyGQnyq84jKNd
l0DT4sC3p7fNyYs8xDlCOjwztS1/oG8M5NmELO8cxQdh8WiO
-----END CERTIFICATE-----