Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/TggVPDaH2G3YILeQIuc9Qwvnl9w.roa
File:                     TggVPDaH2G3YILeQIuc9Qwvnl9w.roa (raw, json)
Hash identifier:          Eoc17hEATULq2ABu44rlTaUJyZNXhapaEk8rMSw7Hoc=
Subject key identifier:   4E:08:15:3C:36:87:D8:6D:D8:20:B7:90:22:E7:3D:43:0B:E7:97:DC
Certificate issuer:       /CN=58a127453dfba17e10c347fa34bbebab14905a57
Certificate serial:       018CC2DAF602C3573662D30CD2851B4E9AFD
Authority key identifier: 58:A1:27:45:3D:FB:A1:7E:10:C3:47:FA:34:BB:EB:AB:14:90:5A:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WKEnRT37oX4Qw0f6NLvrqxSQWlc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/TggVPDaH2G3YILeQIuc9Qwvnl9w.roa
Signing time:             Mon 01 Jan 2024 02:29:38 +0000
ROA not before:           Mon 01 Jan 2024 02:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204723
IP address blocks:        2001:678:5d0::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/WKEnRT37oX4Qw0f6NLvrqxSQWlc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/WKEnRT37oX4Qw0f6NLvrqxSQWlc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WKEnRT37oX4Qw0f6NLvrqxSQWlc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f6:02:c3:57:36:62:d3:0c:d2:85:1b:4e:9a:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58a127453dfba17e10c347fa34bbebab14905a57
        Validity
            Not Before: Jan  1 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e08153c3687d86dd820b79022e73d430be797dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:02:c6:13:10:35:d4:ed:9a:ef:80:7d:83:0c:
                    72:02:e0:05:4d:3f:29:62:40:40:6f:fc:02:68:9b:
                    8c:e3:29:91:2c:8e:80:c4:96:e0:48:3c:f3:fd:0f:
                    0f:2a:b0:36:25:20:85:0b:79:29:97:00:a6:7f:41:
                    e4:67:07:a7:d6:96:d8:37:ac:72:0d:90:9a:2b:f4:
                    45:24:76:aa:89:3d:0f:98:8c:1d:00:71:c4:93:d0:
                    c6:30:d5:38:9c:3f:ef:5e:1b:13:d3:af:83:56:72:
                    44:d4:d5:0d:3e:b4:36:c6:9d:52:1b:85:03:b4:91:
                    62:d3:22:9d:d6:c3:62:50:90:de:76:12:f9:25:d8:
                    3d:3e:93:6c:3e:3b:ac:5a:77:5d:31:ef:cb:b4:2e:
                    0d:2d:4c:18:99:fc:60:d1:01:60:c8:40:c1:84:6c:
                    9e:96:f8:08:23:db:d3:46:f7:74:68:5d:bb:83:8e:
                    06:af:12:c7:5f:8e:68:0f:6d:cc:4f:6f:05:f4:54:
                    93:64:49:b3:8f:79:19:65:74:1b:b4:8c:b1:98:88:
                    cc:05:2d:5d:5e:af:cd:de:4d:58:2a:78:b0:4d:76:
                    5f:1a:d5:b0:c2:19:df:e0:0c:9d:f9:7b:27:8b:d5:
                    fe:dc:dc:a4:40:ef:09:24:7e:bb:71:f5:cd:5e:4a:
                    f4:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:08:15:3C:36:87:D8:6D:D8:20:B7:90:22:E7:3D:43:0B:E7:97:DC
            X509v3 Authority Key Identifier:
                keyid:58:A1:27:45:3D:FB:A1:7E:10:C3:47:FA:34:BB:EB:AB:14:90:5A:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WKEnRT37oX4Qw0f6NLvrqxSQWlc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/TggVPDaH2G3YILeQIuc9Qwvnl9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/WKEnRT37oX4Qw0f6NLvrqxSQWlc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:5d0::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:45:14:3c:3e:ed:a6:65:bc:d0:3c:c9:bd:73:39:04:d4:6a:
         68:36:3a:76:e4:30:44:76:89:96:6b:7d:80:72:59:dc:aa:b7:
         6d:b6:98:c4:44:de:27:23:94:f7:05:3c:6a:0b:bb:b8:e9:81:
         df:da:72:e7:11:a8:7d:52:0f:93:a8:e4:32:fa:31:8a:88:05:
         45:2c:4d:89:26:c9:60:74:43:e4:af:9b:b8:0d:98:50:9b:8c:
         31:a7:36:41:5f:e3:5c:86:9d:13:26:dd:52:3c:cd:28:2b:61:
         2a:9e:4b:97:94:14:2f:e2:6b:88:85:17:00:02:b4:6e:8e:a1:
         67:8e:b0:4e:4f:a9:0d:12:3a:b7:0e:9f:3a:3e:ad:f3:2b:cb:
         e8:c6:0a:c9:74:32:fc:6b:07:cb:8e:a9:38:af:b5:40:63:4d:
         14:72:a3:cd:aa:6d:aa:6a:41:ad:56:46:6c:bd:4d:ff:20:94:
         95:97:38:5a:ea:5f:5c:8c:bc:44:b3:f4:b6:e9:40:99:84:2e:
         b8:45:39:c7:5e:ee:a5:95:33:d6:42:a4:e2:9b:e4:d9:e9:95:
         cf:52:c4:42:ab:51:a1:79:53:7f:39:ba:92:28:18:59:b2:7f:
         43:c7:6d:b8:df:2e:57:12:8c:4c:7b:07:07:9c:68:11:d9:22:
         ce:81:6a:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2vYCw1c2YtMM0oUbTpr9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YTEyNzQ1M2RmYmExN2UxMGMzNDdmYTM0YmJlYmFiMTQ5
MDVhNTcwHhcNMjQwMTAxMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTA4MTUzYzM2ODdkODZkZDgyMGI3OTAyMmU3M2Q0MzBiZTc5N2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwLGExA11O2a74B9gwxyAuAFTT8p
YkBAb/wCaJuM4ymRLI6AxJbgSDzz/Q8PKrA2JSCFC3kplwCmf0HkZwen1pbYN6xy
DZCaK/RFJHaqiT0PmIwdAHHEk9DGMNU4nD/vXhsT06+DVnJE1NUNPrQ2xp1SG4UD
tJFi0yKd1sNiUJDedhL5Jdg9PpNsPjusWnddMe/LtC4NLUwYmfxg0QFgyEDBhGye
lvgII9vTRvd0aF27g44GrxLHX45oD23MT28F9FSTZEmzj3kZZXQbtIyxmIjMBS1d
Xq/N3k1YKniwTXZfGtWwwhnf4Ayd+Xsni9X+3NykQO8JJH67cfXNXkr0KQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE4IFTw2h9ht2CC3kCLnPUML55fcMB8GA1UdIwQY
MBaAFFihJ0U9+6F+EMNH+jS766sUkFpXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0tFblJUMzdvWDRRdzBmNk5MdnJxeFNRV2xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9mMWRmZTMtMjYwOS00NmI4LWIwM2Yt
ZGE5NjAxOWQ0YzIwLzEvVGdnVlBEYUgyRzNZSUxlUUl1YzlRd3ZubDl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9mMWRmZTMtMjYwOS00NmI4LWIwM2YtZGE5NjAxOWQ0YzIw
LzEvV0tFblJUMzdvWDRRdzBmNk5MdnJxeFNRV2xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAXQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB1RRQ8Pu2mZbzQPMm9czkE1GpoNjp25DBEdomW
a32AclncqrdttpjERN4nI5T3BTxqC7u46YHf2nLnEah9Ug+TqOQy+jGKiAVFLE2J
JslgdEPkr5u4DZhQm4wxpzZBX+Nchp0TJt1SPM0oK2EqnkuXlBQv4muIhRcAArRu
jqFnjrBOT6kNEjq3Dp86Pq3zK8voxgrJdDL8awfLjqk4r7VAY00UcqPNqm2qakGt
VkZsvU3/IJSVlzha6l9cjLxEs/S26UCZhC64RTnHXu6llTPWQqTim+TZ6ZXPUsRC
q1GheVN/ObqSKBhZsn9Dx2243y5XEoxMewcHnGgR2SLOgWrv
-----END CERTIFICATE-----