Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/354oOrTxGqiD1JL5ZfiivDGhM1c.roa
File:                     354oOrTxGqiD1JL5ZfiivDGhM1c.roa (raw, json)
Hash identifier:          n+BjKjSyIO7J94JEMuzqCX4kGMbFm1BLoupC22PAHss=
Subject key identifier:   DF:9E:28:3A:B4:F1:1A:A8:83:D4:92:F9:65:F8:A2:BC:31:A1:33:57
Certificate issuer:       /CN=7803558ea6e5165b3876097af75bf1e92a142cf2
Certificate serial:       018DD2110917E19F948CB7CB37BD951AD6DC
Authority key identifier: 78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/354oOrTxGqiD1JL5ZfiivDGhM1c.roa
Signing time:             Thu 22 Feb 2024 18:25:48 +0000
ROA not before:           Thu 22 Feb 2024 18:25:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50340
IP address blocks:        2a06:1301:4210::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d2:11:09:17:e1:9f:94:8c:b7:cb:37:bd:95:1a:d6:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7803558ea6e5165b3876097af75bf1e92a142cf2
        Validity
            Not Before: Feb 22 18:25:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df9e283ab4f11aa883d492f965f8a2bc31a13357
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:77:31:34:a4:49:90:46:e1:d2:dc:bc:f1:75:
                    54:63:ea:9b:cb:03:33:1c:0e:88:d6:9e:71:ac:ae:
                    ab:57:06:be:ee:9d:be:93:56:55:93:b6:68:3a:ba:
                    bc:29:79:ec:27:8e:e0:3c:71:31:31:bf:3e:83:fa:
                    da:66:ae:60:49:e6:df:91:8b:64:54:c6:79:22:21:
                    e7:c2:80:fe:d2:33:a1:03:4e:35:0b:71:52:a7:93:
                    96:2d:e2:51:9b:5e:93:83:bc:ef:6c:37:e0:6b:b2:
                    6d:af:ae:f2:99:96:7f:f2:4b:88:97:72:bc:cb:98:
                    9f:ee:7b:41:01:27:42:c4:4a:bf:02:08:c2:6a:35:
                    5e:0c:6c:10:ac:47:41:2e:6f:88:78:bf:09:7b:a8:
                    4f:25:c0:9e:b0:28:76:1c:85:8c:b6:78:d3:ae:42:
                    4d:eb:4c:e6:38:83:86:97:a9:64:4c:43:59:8d:24:
                    3d:2a:2a:eb:78:04:f4:2a:15:2d:48:ef:fd:2c:f6:
                    ef:d8:bd:80:6d:2a:da:0e:70:c5:a0:d6:8f:12:d1:
                    50:d8:b2:48:2a:b4:2e:95:e2:4d:10:4b:fd:9c:c9:
                    b0:7c:ae:6c:3c:0d:b5:a3:5b:30:57:d1:b8:c1:d7:
                    c3:01:2a:0a:36:63:43:f3:06:f4:91:2d:96:34:a4:
                    65:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:9E:28:3A:B4:F1:1A:A8:83:D4:92:F9:65:F8:A2:BC:31:A1:33:57
            X509v3 Authority Key Identifier:
                keyid:78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/354oOrTxGqiD1JL5ZfiivDGhM1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:1301:4210::/48

    Signature Algorithm: sha256WithRSAEncryption
         bc:56:50:d9:9c:84:f2:26:15:86:6d:e4:2d:0d:52:0b:2f:05:
         e1:b0:ff:f3:44:3c:d6:4b:eb:6c:06:16:98:19:99:06:20:ee:
         f4:74:3d:d2:af:d5:c1:c6:2b:77:c3:cd:00:c4:a7:77:cd:43:
         07:ca:2e:cb:22:cd:bc:8a:4a:a7:5b:c9:d2:3a:68:7e:14:09:
         c9:c4:ed:38:98:71:cd:53:73:15:bc:c9:68:bc:3e:2c:2c:24:
         2d:d5:84:54:84:3a:cb:c4:3a:cf:c1:a9:f8:90:fa:0e:8b:9f:
         dc:15:06:e2:dc:7d:2a:35:b4:b4:6d:8a:c3:35:70:33:d0:91:
         af:04:a2:86:f3:4c:5c:cb:43:9d:62:4d:57:04:4c:72:cd:19:
         7e:6d:3e:a8:d9:f2:f1:a7:b2:34:23:f4:6f:4f:b6:84:ec:33:
         79:0f:99:4e:89:b2:ac:7f:36:83:3d:2d:17:c6:6e:78:44:8f:
         06:cb:65:0d:87:3f:e8:f7:f1:b8:93:68:cb:a7:a1:bd:a2:f4:
         9a:9f:99:42:54:99:50:4c:b5:83:fd:be:4d:04:66:c8:c1:3c:
         0f:bf:7b:77:0b:10:a7:02:00:73:d8:2c:1c:6b:10:e6:f3:55:
         f4:17:30:6b:48:6f:dc:54:e6:20:1a:01:ff:8a:90:15:00:1d:
         17:df:6f:06
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY3SEQkX4Z+UjLfLN72VGtbcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MDM1NThlYTZlNTE2NWIzODc2MDk3YWY3NWJmMWU5MmEx
NDJjZjIwHhcNMjQwMjIyMTgyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjllMjgzYWI0ZjExYWE4ODNkNDkyZjk2NWY4YTJiYzMxYTEzMzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXcxNKRJkEbh0ty88XVUY+qbywMz
HA6I1p5xrK6rVwa+7p2+k1ZVk7ZoOrq8KXnsJ47gPHExMb8+g/raZq5gSebfkYtk
VMZ5IiHnwoD+0jOhA041C3FSp5OWLeJRm16Tg7zvbDfga7Jtr67ymZZ/8kuIl3K8
y5if7ntBASdCxEq/AgjCajVeDGwQrEdBLm+IeL8Je6hPJcCesCh2HIWMtnjTrkJN
60zmOIOGl6lkTENZjSQ9KirreAT0KhUtSO/9LPbv2L2AbSraDnDFoNaPEtFQ2LJI
KrQuleJNEEv9nMmwfK5sPA21o1swV9G4wdfDASoKNmND8wb0kS2WNKRllwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN+eKDq08Rqog9SS+WX4orwxoTNXMB8GA1UdIwQY
MBaAFHgDVY6m5RZbOHYJevdb8ekqFCzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEt
NmYxNjgzNGJjODQ3LzEvMzU0b09yVHhHcWlEMUpMNVpmaWl2REdoTTFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEtNmYxNjgzNGJjODQ3
LzEvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgYTAUIQ
MA0GCSqGSIb3DQEBCwUAA4IBAQC8VlDZnITyJhWGbeQtDVILLwXhsP/zRDzWS+ts
BhaYGZkGIO70dD3Sr9XBxit3w80AxKd3zUMHyi7LIs28ikqnW8nSOmh+FAnJxO04
mHHNU3MVvMlovD4sLCQt1YRUhDrLxDrPwan4kPoOi5/cFQbi3H0qNbS0bYrDNXAz
0JGvBKKG80xcy0OdYk1XBExyzRl+bT6o2fLxp7I0I/RvT7aE7DN5D5lOibKsfzaD
PS0Xxm54RI8Gy2UNhz/o9/G4k2jLp6G9ovSan5lCVJlQTLWD/b5NBGbIwTwPv3t3
CxCnAgBz2CwcaxDm81X0FzBrSG/cVOYgGgH/ipAVAB0X328G
-----END CERTIFICATE-----