Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/13b0cd-5992-4561-9729-b30fe058d162/1/5_LdwwfS128iN7WKpU7NcD8SqBw.roa
File:                     5_LdwwfS128iN7WKpU7NcD8SqBw.roa (raw, json)
Hash identifier:          /qa7G7KvLrdTBFmTSOZV1CpPXInLPStPrUipjHK9zIg=
Subject key identifier:   E7:F2:DD:C3:07:D2:D7:6F:22:37:B5:8A:A5:4E:CD:70:3F:12:A8:1C
Certificate issuer:       /CN=92e0c2470eb0a69b4efa585b9cb2c067612b379e
Certificate serial:       018CCA9949578490FD9950DD9CE89E3714D9
Authority key identifier: 92:E0:C2:47:0E:B0:A6:9B:4E:FA:58:5B:9C:B2:C0:67:61:2B:37:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kuDCRw6wpptO-lhbnLLAZ2ErN54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/13b0cd-5992-4561-9729-b30fe058d162/1/5_LdwwfS128iN7WKpU7NcD8SqBw.roa
Signing time:             Tue 02 Jan 2024 14:34:52 +0000
ROA not before:           Tue 02 Jan 2024 14:34:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207411
IP address blocks:        2001:678:c38::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/13b0cd-5992-4561-9729-b30fe058d162/1/kuDCRw6wpptO-lhbnLLAZ2ErN54.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/13b0cd-5992-4561-9729-b30fe058d162/1/kuDCRw6wpptO-lhbnLLAZ2ErN54.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kuDCRw6wpptO-lhbnLLAZ2ErN54.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:49:57:84:90:fd:99:50:dd:9c:e8:9e:37:14:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92e0c2470eb0a69b4efa585b9cb2c067612b379e
        Validity
            Not Before: Jan  2 14:34:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7f2ddc307d2d76f2237b58aa54ecd703f12a81c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c5:24:e8:ed:c4:84:64:4d:bd:5a:c3:0f:99:
                    d9:0d:d7:92:08:87:62:b1:6b:32:cd:5a:32:cd:8e:
                    8b:b1:09:7a:ba:d9:87:33:21:25:9a:82:9f:15:44:
                    7e:ce:2e:ee:5c:16:8a:38:6a:c7:5e:1f:36:6a:0c:
                    c3:fe:9e:95:6e:2f:05:84:ff:c0:29:de:9a:56:af:
                    9b:1f:3b:01:fb:56:40:fb:be:c7:ed:19:b3:d2:8c:
                    d7:84:f3:fd:4e:7a:3a:7e:b4:86:e2:2c:54:7d:b3:
                    31:3c:fb:bf:b6:35:b8:3b:09:dd:f8:af:ff:f2:18:
                    b9:a3:54:21:0b:04:22:4c:25:d4:9b:46:95:cc:a1:
                    76:b1:f2:32:cc:a7:9b:7a:1b:bf:8b:5c:bd:28:37:
                    79:13:e6:f4:df:b8:7e:8a:07:33:b5:a3:25:d4:c1:
                    a0:28:bb:29:dd:ca:6a:7a:bd:67:14:d0:19:51:e3:
                    68:c3:ee:cf:01:21:16:22:3d:34:cb:b9:cb:8d:b1:
                    00:12:e0:53:d5:cc:89:dd:39:0d:8b:9d:d1:50:11:
                    65:bd:69:b2:10:b3:dc:ed:88:ec:38:8d:24:53:29:
                    24:6d:f1:cf:61:4a:71:a3:f3:78:5d:51:62:f1:b0:
                    9c:75:51:55:ae:e3:9e:e2:0c:18:95:ba:b3:a6:b2:
                    10:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:F2:DD:C3:07:D2:D7:6F:22:37:B5:8A:A5:4E:CD:70:3F:12:A8:1C
            X509v3 Authority Key Identifier:
                keyid:92:E0:C2:47:0E:B0:A6:9B:4E:FA:58:5B:9C:B2:C0:67:61:2B:37:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kuDCRw6wpptO-lhbnLLAZ2ErN54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/13b0cd-5992-4561-9729-b30fe058d162/1/5_LdwwfS128iN7WKpU7NcD8SqBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/13b0cd-5992-4561-9729-b30fe058d162/1/kuDCRw6wpptO-lhbnLLAZ2ErN54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:c38::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:11:d9:41:6d:e1:45:95:c5:93:d6:2c:48:05:a4:6e:b2:e4:
         ad:0e:a1:2c:a5:79:5d:8f:70:bc:a3:95:79:19:76:c5:5e:43:
         63:c9:fb:37:f6:10:46:8e:c0:d6:bb:69:a5:af:0c:d4:66:24:
         90:88:87:e2:2d:5f:17:10:55:23:e4:31:56:aa:c1:77:4d:50:
         da:e1:41:44:b7:b1:c6:21:b8:2b:d5:4d:5a:45:e4:46:a2:6f:
         61:71:bb:20:95:fa:68:73:9f:b2:54:c0:b2:25:5d:d2:57:e6:
         46:0c:b1:7f:6e:01:b8:f6:bc:12:38:24:ff:08:a5:ea:3e:7b:
         27:2e:92:50:41:14:8e:cc:5e:f1:9c:39:64:f0:f1:db:fc:d8:
         cd:0d:37:76:7c:5c:c3:bb:90:3a:d8:b4:0f:8d:ee:46:67:01:
         c0:89:04:7e:e6:47:98:9c:f0:8e:f7:03:43:fd:a6:43:44:eb:
         82:1b:a3:57:54:d8:9c:fd:0e:17:5f:29:91:c9:35:54:28:81:
         04:53:6d:b7:e0:b2:f8:77:d5:84:57:bb:72:31:99:05:a1:ff:
         7d:b2:2d:10:61:85:53:8f:78:ac:9d:41:0c:6c:30:33:45:22:
         a3:97:f2:f2:21:00:e5:9e:ce:a4:03:6f:3f:27:88:87:e5:f1:
         70:f6:9b:a9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKmUlXhJD9mVDdnOieNxTZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZTBjMjQ3MGViMGE2OWI0ZWZhNTg1YjljYjJjMDY3NjEy
YjM3OWUwHhcNMjQwMTAyMTQzNDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2YyZGRjMzA3ZDJkNzZmMjIzN2I1OGFhNTRlY2Q3MDNmMTJhODFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsUk6O3EhGRNvVrDD5nZDdeSCIdi
sWsyzVoyzY6LsQl6utmHMyElmoKfFUR+zi7uXBaKOGrHXh82agzD/p6Vbi8FhP/A
Kd6aVq+bHzsB+1ZA+77H7Rmz0ozXhPP9Tno6frSG4ixUfbMxPPu/tjW4Ownd+K//
8hi5o1QhCwQiTCXUm0aVzKF2sfIyzKebehu/i1y9KDd5E+b037h+igcztaMl1MGg
KLsp3cpqer1nFNAZUeNow+7PASEWIj00y7nLjbEAEuBT1cyJ3TkNi53RUBFlvWmy
ELPc7YjsOI0kUykkbfHPYUpxo/N4XVFi8bCcdVFVruOe4gwYlbqzprIQWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOfy3cMH0tdvIje1iqVOzXA/EqgcMB8GA1UdIwQY
MBaAFJLgwkcOsKabTvpYW5yywGdhKzeeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3VEQ1J3NndwcHRPLWxoYm5MTEFaMkVyTjU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xM2IwY2QtNTk5Mi00NTYxLTk3Mjkt
YjMwZmUwNThkMTYyLzEvNV9MZHd3ZlMxMjhpTjdXS3BVN05jRDhTcUJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xM2IwY2QtNTk5Mi00NTYxLTk3MjktYjMwZmUwNThkMTYy
LzEva3VEQ1J3NndwcHRPLWxoYm5MTEFaMkVyTjU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAw4
MA0GCSqGSIb3DQEBCwUAA4IBAQBrEdlBbeFFlcWT1ixIBaRusuStDqEspXldj3C8
o5V5GXbFXkNjyfs39hBGjsDWu2mlrwzUZiSQiIfiLV8XEFUj5DFWqsF3TVDa4UFE
t7HGIbgr1U1aReRGom9hcbsglfpoc5+yVMCyJV3SV+ZGDLF/bgG49rwSOCT/CKXq
PnsnLpJQQRSOzF7xnDlk8PHb/NjNDTd2fFzDu5A62LQPje5GZwHAiQR+5keYnPCO
9wND/aZDROuCG6NXVNic/Q4XXymRyTVUKIEEU2234LL4d9WEV7tyMZkFof99si0Q
YYVTj3isnUEMbDAzRSKjl/LyIQDlns6kA28/J4iH5fFw9pup
-----END CERTIFICATE-----