Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/dprzEk2xoK4M7OTHgwIpEzpchNw.roa
File:                     dprzEk2xoK4M7OTHgwIpEzpchNw.roa (raw, json)
Hash identifier:          /kA3PdFdh59d+SmXKzkaF8IjJZ2Pt+HKn7JmdSM0J38=
Subject key identifier:   76:9A:F3:12:4D:B1:A0:AE:0C:EC:E4:C7:83:02:29:13:3A:5C:84:DC
Certificate issuer:       /CN=7803558ea6e5165b3876097af75bf1e92a142cf2
Certificate serial:       018E7BC58133E2DA65697C80FA0FC9AAF463
Authority key identifier: 78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/dprzEk2xoK4M7OTHgwIpEzpchNw.roa
Signing time:             Tue 26 Mar 2024 17:18:44 +0000
ROA not before:           Tue 26 Mar 2024 17:18:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211211
IP address blocks:        2a06:1301:4100::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7b:c5:81:33:e2:da:65:69:7c:80:fa:0f:c9:aa:f4:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7803558ea6e5165b3876097af75bf1e92a142cf2
        Validity
            Not Before: Mar 26 17:18:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=769af3124db1a0ae0cece4c7830229133a5c84dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e7:ce:aa:bd:90:0d:2a:8b:ab:92:fa:64:1b:
                    d1:7f:b4:bf:41:2d:30:5e:c4:66:70:86:d1:84:f6:
                    55:95:0e:1a:94:07:ab:e5:7e:cf:8a:37:03:70:1a:
                    15:22:bc:6a:88:e2:25:58:d7:a0:29:0a:93:dd:04:
                    0b:c0:d2:f6:44:03:4e:a4:22:03:b6:b3:f5:3a:e1:
                    90:8a:03:42:c1:42:9e:fc:4e:fe:6e:77:73:a3:5c:
                    86:96:34:e8:3b:69:4b:69:29:27:b0:5b:64:99:8e:
                    0f:d7:ad:be:fb:85:31:9e:e7:56:02:b0:49:70:c2:
                    36:4b:df:de:f0:f6:4f:89:a5:0f:86:08:50:e3:c2:
                    23:61:e7:00:8e:cd:49:de:71:d2:05:82:81:44:17:
                    4d:4a:f6:a6:7c:63:10:9e:8c:e6:fa:17:64:85:f1:
                    e0:4b:8b:0f:e0:16:7f:1d:1c:3a:ef:c8:b8:8e:85:
                    23:8f:06:a1:24:8d:1e:40:27:e3:37:1a:bf:92:a7:
                    08:32:64:8d:5b:26:db:1f:c6:dc:c1:7e:1c:26:b0:
                    df:c8:22:76:b6:0d:4f:c9:63:8a:7d:c6:ba:ee:41:
                    0b:0d:73:44:3f:bb:e8:ac:90:69:21:a3:de:bb:31:
                    e0:5e:7d:af:67:25:fa:10:a7:92:8c:01:80:70:da:
                    29:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:9A:F3:12:4D:B1:A0:AE:0C:EC:E4:C7:83:02:29:13:3A:5C:84:DC
            X509v3 Authority Key Identifier:
                keyid:78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/dprzEk2xoK4M7OTHgwIpEzpchNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:1301:4100::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:7f:67:d7:5c:00:b8:a8:5a:87:15:e4:71:e4:c9:1f:9a:71:
         e7:fe:1a:db:7c:8d:fa:56:56:9c:4e:fb:9c:54:05:54:71:f7:
         23:04:02:92:d0:d2:90:ce:38:3d:50:30:fb:9b:64:58:94:9b:
         45:fe:37:f8:a3:7d:8a:4f:8e:ba:5e:fb:49:83:ec:18:00:2d:
         a4:30:46:92:bf:13:fc:fc:35:8e:b2:fb:ac:de:39:cb:2c:3b:
         21:af:8d:ae:12:1d:7b:68:6d:f7:c1:20:e7:e8:6d:2c:e8:f0:
         ab:40:87:f4:d8:37:0e:79:8b:15:1e:4b:ec:5a:ee:78:57:31:
         c2:23:48:a5:3c:e4:fc:ac:09:2f:4d:a2:93:ea:98:ff:c5:d7:
         46:71:7d:35:b2:90:97:0a:a0:58:e7:6c:03:63:ee:35:1a:59:
         f5:07:ff:9f:2b:45:77:1c:3c:0b:ab:27:2b:41:d0:6b:5b:ca:
         2b:a4:aa:db:21:c6:8d:41:36:38:c9:34:ae:d0:ce:70:eb:3b:
         4b:35:69:f3:9e:f1:e2:97:84:27:f0:54:1c:e3:ac:08:b2:f0:
         c6:4a:cb:62:96:dc:87:3f:42:bf:12:1f:27:27:3c:b0:dd:d4:
         23:06:b2:9b:bd:34:f4:51:2c:c0:85:58:59:dc:33:97:6e:d5:
         53:11:8b:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY57xYEz4tplaXyA+g/JqvRjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MDM1NThlYTZlNTE2NWIzODc2MDk3YWY3NWJmMWU5MmEx
NDJjZjIwHhcNMjQwMzI2MTcxODQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjlhZjMxMjRkYjFhMGFlMGNlY2U0Yzc4MzAyMjkxMzNhNWM4NGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnufOqr2QDSqLq5L6ZBvRf7S/QS0w
XsRmcIbRhPZVlQ4alAer5X7PijcDcBoVIrxqiOIlWNegKQqT3QQLwNL2RANOpCID
trP1OuGQigNCwUKe/E7+bndzo1yGljToO2lLaSknsFtkmY4P162++4UxnudWArBJ
cMI2S9/e8PZPiaUPhghQ48IjYecAjs1J3nHSBYKBRBdNSvamfGMQnozm+hdkhfHg
S4sP4BZ/HRw678i4joUjjwahJI0eQCfjNxq/kqcIMmSNWybbH8bcwX4cJrDfyCJ2
tg1PyWOKfca67kELDXNEP7vorJBpIaPeuzHgXn2vZyX6EKeSjAGAcNopsQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHaa8xJNsaCuDOzkx4MCKRM6XITcMB8GA1UdIwQY
MBaAFHgDVY6m5RZbOHYJevdb8ekqFCzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEt
NmYxNjgzNGJjODQ3LzEvZHByekVrMnhvSzRNN09USGd3SXBFenBjaE53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEtNmYxNjgzNGJjODQ3
LzEvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgYTAUEA
MA0GCSqGSIb3DQEBCwUAA4IBAQAKf2fXXAC4qFqHFeRx5MkfmnHn/hrbfI36Vlac
TvucVAVUcfcjBAKS0NKQzjg9UDD7m2RYlJtF/jf4o32KT466XvtJg+wYAC2kMEaS
vxP8/DWOsvus3jnLLDshr42uEh17aG33wSDn6G0s6PCrQIf02DcOeYsVHkvsWu54
VzHCI0ilPOT8rAkvTaKT6pj/xddGcX01spCXCqBY52wDY+41Gln1B/+fK0V3HDwL
qycrQdBrW8orpKrbIcaNQTY4yTSu0M5w6ztLNWnznvHil4Qn8FQc46wIsvDGSsti
ltyHP0K/Eh8nJzyw3dQjBrKbvTT0USzAhVhZ3DOXbtVTEYuC
-----END CERTIFICATE-----