Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/555bc9-4e19-4828-8eba-61ffb6506644/1/Rzr4ZskSOZBD1VYHgEulNUKYkqw.roa
File:                     Rzr4ZskSOZBD1VYHgEulNUKYkqw.roa (raw, json)
Hash identifier:          D9kFslPZhEeCf8rvBLe3Z9ATJx9zucUl+oDTHk03w+E=
Subject key identifier:   47:3A:F8:66:C9:12:39:90:43:D5:56:07:80:4B:A5:35:42:98:92:AC
Certificate issuer:       /CN=359c7243bef2dc775ae67692889d5d26c1b2d148
Certificate serial:       018CC5000CF5D45EFF17E44C2836B68DFBC4
Authority key identifier: 35:9C:72:43:BE:F2:DC:77:5A:E6:76:92:88:9D:5D:26:C1:B2:D1:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZxyQ77y3Hda5naSiJ1dJsGy0Ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/555bc9-4e19-4828-8eba-61ffb6506644/1/Rzr4ZskSOZBD1VYHgEulNUKYkqw.roa
Signing time:             Mon 01 Jan 2024 12:29:24 +0000
ROA not before:           Mon 01 Jan 2024 12:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2643
IP address blocks:        2001:678:7d8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/555bc9-4e19-4828-8eba-61ffb6506644/1/NZxyQ77y3Hda5naSiJ1dJsGy0Ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/555bc9-4e19-4828-8eba-61ffb6506644/1/NZxyQ77y3Hda5naSiJ1dJsGy0Ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZxyQ77y3Hda5naSiJ1dJsGy0Ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0c:f5:d4:5e:ff:17:e4:4c:28:36:b6:8d:fb:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359c7243bef2dc775ae67692889d5d26c1b2d148
        Validity
            Not Before: Jan  1 12:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=473af866c912399043d55607804ba535429892ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:4b:85:5d:bf:42:dd:f6:e0:e6:9c:72:65:da:
                    13:a1:6f:9e:14:85:23:8b:56:11:84:e7:e7:16:00:
                    73:e0:67:58:11:6d:69:0a:88:76:0c:4e:ab:72:97:
                    ea:6d:ed:49:46:f7:34:5a:92:ff:28:2f:f4:4d:2c:
                    46:84:fa:da:7c:17:31:0e:be:5e:4f:f7:52:7f:ca:
                    9f:50:63:29:57:af:01:42:42:6e:38:6d:3a:31:7e:
                    a6:af:6d:e2:3f:03:fc:2b:f4:f4:c8:fc:8b:c3:e4:
                    66:9a:a7:0a:3a:35:e5:64:be:03:0b:21:0a:9a:6a:
                    0a:dc:8e:cb:6f:80:83:cb:4e:77:31:9d:a5:15:b2:
                    b3:4e:21:d2:18:ad:fe:e4:19:e1:16:8a:e8:e4:05:
                    77:66:61:79:30:e1:1e:53:b3:42:4d:27:ab:45:d6:
                    33:14:90:26:e0:a0:a9:4d:d4:d6:0d:f4:52:a0:bd:
                    56:8c:9c:34:dc:94:90:a7:a9:05:77:a7:0f:bb:fb:
                    90:21:62:6c:e3:9f:1c:9b:36:45:89:2e:06:c3:88:
                    82:0a:f5:33:f2:d9:62:a7:bf:ac:90:81:8f:ff:d0:
                    28:6f:b9:41:87:06:7b:6b:a3:45:d9:f5:bd:e4:d0:
                    c6:9f:9a:9c:6d:29:e3:44:22:ba:8d:44:d4:85:fa:
                    d0:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:3A:F8:66:C9:12:39:90:43:D5:56:07:80:4B:A5:35:42:98:92:AC
            X509v3 Authority Key Identifier:
                keyid:35:9C:72:43:BE:F2:DC:77:5A:E6:76:92:88:9D:5D:26:C1:B2:D1:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZxyQ77y3Hda5naSiJ1dJsGy0Ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/555bc9-4e19-4828-8eba-61ffb6506644/1/Rzr4ZskSOZBD1VYHgEulNUKYkqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/555bc9-4e19-4828-8eba-61ffb6506644/1/NZxyQ77y3Hda5naSiJ1dJsGy0Ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:7d8::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:17:7e:23:b5:83:27:bc:47:69:5d:0d:91:cb:35:9b:5a:e8:
         e5:e6:bf:b4:59:fb:c8:0f:a5:65:69:4d:1b:ef:fd:e9:71:fb:
         ea:3c:5a:a2:ce:69:57:1e:e6:bc:35:c7:78:48:cb:e7:8f:c5:
         f5:09:0c:b7:36:c8:43:06:e5:ae:f3:57:2a:36:71:d4:3d:d3:
         53:29:a6:da:aa:17:3a:ea:56:12:4f:ee:a0:56:fc:e3:c5:4e:
         af:74:f5:23:27:c4:51:96:4b:27:4a:e4:6f:e7:de:55:d9:10:
         1c:0f:ca:b8:ff:c6:0c:e7:32:7e:ca:1d:12:51:10:b8:4c:3a:
         d1:50:bb:c1:4f:21:b0:69:f7:8a:b0:90:48:05:72:4d:ae:fc:
         c3:85:54:67:a3:f4:64:5a:86:22:ad:e9:c0:d8:92:77:d2:aa:
         41:e7:f3:1f:b1:5a:ec:19:58:ba:c6:97:78:a7:eb:9b:43:10:
         21:e4:0f:9a:b3:08:c0:e7:50:a1:aa:11:e1:ce:67:04:6b:78:
         e4:2c:e2:b5:a5:e3:37:0f:d8:c1:f2:81:55:cb:fa:c1:74:0c:
         f5:52:be:35:e5:5a:2d:0b:c0:81:7f:8d:56:4c:d9:d8:3e:78:
         fe:cf:da:38:6a:46:77:e6:fd:d1:5b:09:73:5e:b4:01:bd:10:
         04:8d:7c:ec
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAAz11F7/F+RMKDa2jfvEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWM3MjQzYmVmMmRjNzc1YWU2NzY5Mjg4OWQ1ZDI2YzFi
MmQxNDgwHhcNMjQwMTAxMTIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzNhZjg2NmM5MTIzOTkwNDNkNTU2MDc4MDRiYTUzNTQyOTg5MmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0uFXb9C3fbg5pxyZdoToW+eFIUj
i1YRhOfnFgBz4GdYEW1pCoh2DE6rcpfqbe1JRvc0WpL/KC/0TSxGhPrafBcxDr5e
T/dSf8qfUGMpV68BQkJuOG06MX6mr23iPwP8K/T0yPyLw+RmmqcKOjXlZL4DCyEK
mmoK3I7Lb4CDy053MZ2lFbKzTiHSGK3+5BnhForo5AV3ZmF5MOEeU7NCTSerRdYz
FJAm4KCpTdTWDfRSoL1WjJw03JSQp6kFd6cPu/uQIWJs458cmzZFiS4Gw4iCCvUz
8tlip7+skIGP/9Aob7lBhwZ7a6NF2fW95NDGn5qcbSnjRCK6jUTUhfrQiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEc6+GbJEjmQQ9VWB4BLpTVCmJKsMB8GA1UdIwQY
MBaAFDWcckO+8tx3WuZ2koidXSbBstFIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlp4eVE3N3kzSGRhNW5hU2lKMWRKc0d5MFVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi81NTViYzktNGUxOS00ODI4LThlYmEt
NjFmZmI2NTA2NjQ0LzEvUnpyNFpza1NPWkJEMVZZSGdFdWxOVUtZa3F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi81NTViYzktNGUxOS00ODI4LThlYmEtNjFmZmI2NTA2NjQ0
LzEvTlp4eVE3N3kzSGRhNW5hU2lKMWRKc0d5MFVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAfY
MA0GCSqGSIb3DQEBCwUAA4IBAQCCF34jtYMnvEdpXQ2RyzWbWujl5r+0WfvID6Vl
aU0b7/3pcfvqPFqizmlXHua8Ncd4SMvnj8X1CQy3NshDBuWu81cqNnHUPdNTKaba
qhc66lYST+6gVvzjxU6vdPUjJ8RRlksnSuRv595V2RAcD8q4/8YM5zJ+yh0SURC4
TDrRULvBTyGwafeKsJBIBXJNrvzDhVRno/RkWoYirenA2JJ30qpB5/MfsVrsGVi6
xpd4p+ubQxAh5A+aswjA51ChqhHhzmcEa3jkLOK1peM3D9jB8oFVy/rBdAz1Ur41
5VotC8CBf41WTNnYPnj+z9o4akZ35v3RWwlzXrQBvRAEjXzs
-----END CERTIFICATE-----