Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/e7576a-4363-4984-b4c7-b1f29cccce55/1/E3fRvWTwNBNYscXng4_G1ZUEbek.roa
File:                     E3fRvWTwNBNYscXng4_G1ZUEbek.roa (raw, json)
Hash identifier:          c/Mn1b0SAaRloGSHT/Alt0QtElnG20hTq0ToOnugRHw=
Subject key identifier:   13:77:D1:BD:64:F0:34:13:58:B1:C5:E7:83:8F:C6:D5:95:04:6D:E9
Certificate issuer:       /CN=20f6e53b697ad263b4ba4ea49814366a883b54ad
Certificate serial:       018CC72650060F3D2FF077498F2D4DEEEDE2
Authority key identifier: 20:F6:E5:3B:69:7A:D2:63:B4:BA:4E:A4:98:14:36:6A:88:3B:54:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IPblO2l60mO0uk6kmBQ2aog7VK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/e7576a-4363-4984-b4c7-b1f29cccce55/1/E3fRvWTwNBNYscXng4_G1ZUEbek.roa
Signing time:             Mon 01 Jan 2024 22:30:26 +0000
ROA not before:           Mon 01 Jan 2024 22:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208727
IP address blocks:        2001:678:a8c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/e7576a-4363-4984-b4c7-b1f29cccce55/1/IPblO2l60mO0uk6kmBQ2aog7VK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/e7576a-4363-4984-b4c7-b1f29cccce55/1/IPblO2l60mO0uk6kmBQ2aog7VK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IPblO2l60mO0uk6kmBQ2aog7VK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:50:06:0f:3d:2f:f0:77:49:8f:2d:4d:ee:ed:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20f6e53b697ad263b4ba4ea49814366a883b54ad
        Validity
            Not Before: Jan  1 22:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1377d1bd64f0341358b1c5e7838fc6d595046de9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:01:c2:d6:61:51:94:67:9f:2d:b0:c1:5c:ff:
                    9d:eb:39:e2:b3:6e:ed:0a:1f:16:18:36:fb:cf:0f:
                    e7:b3:7f:f4:ca:d3:f6:01:91:ac:86:be:78:21:56:
                    dd:88:c4:8a:2f:ab:58:2b:c3:ab:69:2c:60:fa:7c:
                    a3:dc:13:22:9e:4c:b5:8a:ca:65:04:1c:8a:cb:73:
                    a9:e4:23:83:3c:8c:15:46:60:b9:70:e1:2c:1f:6a:
                    5e:e5:44:68:60:35:15:54:28:f4:21:0e:63:4f:51:
                    3f:f9:7d:23:fa:03:4d:3c:d2:ac:4f:cb:1a:26:ec:
                    46:14:0d:f2:37:d2:2f:2a:4b:c0:7b:d1:e5:80:4c:
                    b3:16:2e:c4:62:3a:8f:bf:1d:7e:45:df:8d:2c:5a:
                    1f:d4:46:6c:87:fd:65:a7:f9:a7:31:2e:b7:e9:83:
                    35:ad:4c:d2:7f:f9:0b:ce:fd:ce:d1:e9:ee:7b:ad:
                    2e:5b:7b:1a:73:47:c3:50:fa:10:ff:5f:0e:83:a0:
                    c2:f0:db:d7:06:91:53:dd:66:06:bf:2a:0f:f1:db:
                    b7:38:f8:0c:0b:27:fa:f6:4a:78:b9:fa:31:53:6d:
                    e3:b6:c5:24:3e:e3:a9:35:f3:6d:1b:d0:7c:24:fc:
                    33:9a:51:7e:bb:51:b5:f9:31:8b:50:d6:e7:bb:e4:
                    e6:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:77:D1:BD:64:F0:34:13:58:B1:C5:E7:83:8F:C6:D5:95:04:6D:E9
            X509v3 Authority Key Identifier:
                keyid:20:F6:E5:3B:69:7A:D2:63:B4:BA:4E:A4:98:14:36:6A:88:3B:54:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IPblO2l60mO0uk6kmBQ2aog7VK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/e7576a-4363-4984-b4c7-b1f29cccce55/1/E3fRvWTwNBNYscXng4_G1ZUEbek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/e7576a-4363-4984-b4c7-b1f29cccce55/1/IPblO2l60mO0uk6kmBQ2aog7VK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:a8c::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:d0:cf:25:b9:e1:3e:db:6f:03:7b:2c:e0:7e:28:e8:92:a4:
         2b:63:14:73:ad:ba:15:d7:11:09:ec:d8:e3:70:e7:c6:c1:f1:
         ab:6e:77:0e:45:68:9e:f1:03:91:89:31:17:a0:73:e4:07:e4:
         ad:82:38:43:14:fc:04:89:74:dc:b3:73:f0:d9:77:b6:ca:30:
         94:1c:50:36:6f:60:b8:3f:13:48:e1:bf:71:4b:60:c5:0d:89:
         60:2d:c4:05:4b:e4:cd:5e:cf:5f:ee:cd:e0:40:3f:ec:bf:24:
         0d:f7:8b:f1:27:d0:c9:8b:57:ca:c3:db:f4:9d:f0:5e:49:8e:
         4a:d0:e3:0e:f9:2b:74:b9:e1:f7:5d:c0:26:e2:f5:1c:7c:85:
         e6:45:c9:fa:39:f2:95:ae:29:70:41:c8:c3:3a:e7:0e:86:b2:
         b3:ef:72:56:03:2b:57:f8:bc:3d:0c:b2:f9:79:97:26:c7:70:
         ea:10:b4:74:05:f6:34:d3:ff:c2:8c:1f:cd:82:08:66:f7:88:
         7f:2f:bc:95:6d:dd:4e:6f:f7:ac:28:22:b6:8f:bd:6b:29:94:
         b4:d7:dd:a9:4d:be:1a:f3:76:73:7f:4e:1f:1f:f7:2e:8d:0f:
         5b:d3:29:b1:a3:ef:f6:11:bf:eb:bb:28:c1:e0:d2:69:4a:d9:
         7b:6d:49:89
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJlAGDz0v8HdJjy1N7u3iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZjZlNTNiNjk3YWQyNjNiNGJhNGVhNDk4MTQzNjZhODgz
YjU0YWQwHhcNMjQwMTAxMjIzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzc3ZDFiZDY0ZjAzNDEzNThiMWM1ZTc4MzhmYzZkNTk1MDQ2ZGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlAHC1mFRlGefLbDBXP+d6znis27t
Ch8WGDb7zw/ns3/0ytP2AZGshr54IVbdiMSKL6tYK8OraSxg+nyj3BMinky1ispl
BByKy3Op5CODPIwVRmC5cOEsH2pe5URoYDUVVCj0IQ5jT1E/+X0j+gNNPNKsT8sa
JuxGFA3yN9IvKkvAe9HlgEyzFi7EYjqPvx1+Rd+NLFof1EZsh/1lp/mnMS636YM1
rUzSf/kLzv3O0enue60uW3sac0fDUPoQ/18Og6DC8NvXBpFT3WYGvyoP8du3OPgM
Cyf69kp4ufoxU23jtsUkPuOpNfNtG9B8JPwzmlF+u1G1+TGLUNbnu+TmUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBN30b1k8DQTWLHF54OPxtWVBG3pMB8GA1UdIwQY
MBaAFCD25TtpetJjtLpOpJgUNmqIO1StMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVBibE8ybDYwbU8wdWs2a21CUTJhb2c3VkswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9lNzU3NmEtNDM2My00OTg0LWI0Yzct
YjFmMjljY2NjZTU1LzEvRTNmUnZXVHdOQk5Zc2NYbmc0X0cxWlVFYmVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9lNzU3NmEtNDM2My00OTg0LWI0YzctYjFmMjljY2NjZTU1
LzEvSVBibE8ybDYwbU8wdWs2a21CUTJhb2c3VkswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAqM
MA0GCSqGSIb3DQEBCwUAA4IBAQAo0M8lueE+228DeyzgfijokqQrYxRzrboV1xEJ
7NjjcOfGwfGrbncORWie8QORiTEXoHPkB+StgjhDFPwEiXTcs3Pw2Xe2yjCUHFA2
b2C4PxNI4b9xS2DFDYlgLcQFS+TNXs9f7s3gQD/svyQN94vxJ9DJi1fKw9v0nfBe
SY5K0OMO+St0ueH3XcAm4vUcfIXmRcn6OfKVrilwQcjDOucOhrKz73JWAytX+Lw9
DLL5eZcmx3DqELR0BfY00//CjB/Ngghm94h/L7yVbd1Ob/esKCK2j71rKZS0192p
Tb4a83Zzf04fH/cujQ9b0ymxo+/2Eb/ruyjB4NJpStl7bUmJ
-----END CERTIFICATE-----