Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/01f997-f027-4a3a-8552-e6dfba1df230/1/3D0NYkfS4WU1Yvt9q-lSepQXBHk.roa
File:                     3D0NYkfS4WU1Yvt9q-lSepQXBHk.roa (raw, json)
Hash identifier:          qwXmLougtuKjUKnbAJzPrX4+YntC36HY7RyUd1Qs8/Y=
Subject key identifier:   DC:3D:0D:62:47:D2:E1:65:35:62:FB:7D:AB:E9:52:7A:94:17:04:79
Certificate issuer:       /CN=ab7773aa1c71a02265146ba336ccc2e58deadb88
Certificate serial:       018CC26D2FDFB5920FCD522F952AF31CBA8D
Authority key identifier: AB:77:73:AA:1C:71:A0:22:65:14:6B:A3:36:CC:C2:E5:8D:EA:DB:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q3dzqhxxoCJlFGujNszC5Y3q24g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/01f997-f027-4a3a-8552-e6dfba1df230/1/3D0NYkfS4WU1Yvt9q-lSepQXBHk.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202928
IP address blocks:        2001:678:18c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/01f997-f027-4a3a-8552-e6dfba1df230/1/q3dzqhxxoCJlFGujNszC5Y3q24g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/01f997-f027-4a3a-8552-e6dfba1df230/1/q3dzqhxxoCJlFGujNszC5Y3q24g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q3dzqhxxoCJlFGujNszC5Y3q24g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2f:df:b5:92:0f:cd:52:2f:95:2a:f3:1c:ba:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab7773aa1c71a02265146ba336ccc2e58deadb88
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc3d0d6247d2e1653562fb7dabe9527a94170479
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:45:fe:53:4e:d7:b7:f1:60:df:a7:ff:71:0a:
                    c2:d7:83:b0:05:70:b3:fb:68:c3:12:1f:1a:be:a3:
                    21:17:90:cb:42:e7:ac:07:91:5d:17:32:c8:af:10:
                    1c:ae:e8:b9:d7:09:22:b8:4d:00:ca:96:c7:65:2d:
                    28:a2:c9:19:9f:64:c2:73:b0:21:77:2f:15:3c:42:
                    e1:10:2a:32:ab:87:37:cd:94:ac:81:57:c4:2a:b5:
                    8c:f8:d6:9a:fc:b5:d9:3f:e4:d7:db:4e:39:05:1b:
                    09:4a:8e:fc:81:95:39:db:97:fd:6a:5d:32:06:00:
                    a0:e8:ef:b3:70:c0:20:10:63:87:a1:ba:98:ae:b3:
                    a5:8c:52:89:ce:01:0b:4d:95:ba:56:eb:9b:7a:99:
                    53:19:77:91:bc:88:3c:32:74:0f:8d:96:70:0c:f1:
                    5a:4e:9c:4b:43:ba:c7:c9:79:4f:f9:7d:e1:63:c0:
                    ea:92:94:6e:8d:e9:63:f6:fb:34:9d:14:82:ee:87:
                    b8:b7:8d:36:42:63:19:04:3a:1e:1c:c8:5a:ac:d2:
                    6e:a6:56:22:fd:cc:14:c5:39:18:f8:93:7f:aa:3a:
                    dc:79:4a:e2:d1:da:e1:f8:05:10:1c:a5:d0:96:13:
                    db:49:5f:e4:5e:89:9f:b1:4e:71:c8:04:68:ac:ba:
                    6a:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:3D:0D:62:47:D2:E1:65:35:62:FB:7D:AB:E9:52:7A:94:17:04:79
            X509v3 Authority Key Identifier:
                keyid:AB:77:73:AA:1C:71:A0:22:65:14:6B:A3:36:CC:C2:E5:8D:EA:DB:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3dzqhxxoCJlFGujNszC5Y3q24g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/01f997-f027-4a3a-8552-e6dfba1df230/1/3D0NYkfS4WU1Yvt9q-lSepQXBHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/01f997-f027-4a3a-8552-e6dfba1df230/1/q3dzqhxxoCJlFGujNszC5Y3q24g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:18c::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:a3:3b:96:54:98:d8:e8:89:df:b2:d7:9f:76:51:62:f2:0b:
         85:80:95:7e:e3:1e:1f:49:d8:90:81:7e:37:38:fb:ed:69:7a:
         44:7e:b6:15:32:7d:2a:e7:68:fc:a2:c1:9a:34:1f:09:9d:e9:
         7e:59:d2:26:3f:f1:84:d2:08:42:2f:f3:5a:3e:c5:59:4b:b4:
         b1:8b:ce:9a:df:12:12:fd:56:43:f4:33:57:d3:fd:b2:5a:60:
         6e:68:b3:a7:26:48:c4:8e:cd:1a:25:36:c8:83:30:6f:14:c5:
         4d:61:f7:76:c1:71:bb:1a:f0:07:bc:b4:09:2b:47:47:ca:e5:
         67:0c:1e:4d:20:a4:34:c6:e1:7b:4e:e5:b7:8f:ab:e8:cf:0b:
         36:be:90:f5:76:a8:e2:cb:36:b5:4b:a3:36:8e:f7:2e:4e:da:
         f3:85:0f:61:e9:43:29:01:05:8d:2c:f3:4d:d4:d6:e7:85:28:
         87:91:1b:f6:82:b2:02:85:a3:60:2e:de:f2:07:b6:52:99:5b:
         da:1b:39:70:6e:2a:d1:cf:b4:84:ef:0d:fa:2a:3c:df:1b:4d:
         fd:f0:78:85:49:44:63:4e:f9:39:4c:6f:bb:74:b6:26:f2:a1:
         9b:99:9a:c5:45:72:5a:85:34:7f:4b:c1:1b:12:eb:e1:30:6e:
         10:76:e8:63
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbS/ftZIPzVIvlSrzHLqNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzc3M2FhMWM3MWEwMjI2NTE0NmJhMzM2Y2NjMmU1OGRl
YWRiODgwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzNkMGQ2MjQ3ZDJlMTY1MzU2MmZiN2RhYmU5NTI3YTk0MTcwNDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkX+U07Xt/Fg36f/cQrC14OwBXCz
+2jDEh8avqMhF5DLQuesB5FdFzLIrxAcrui51wkiuE0AypbHZS0ooskZn2TCc7Ah
dy8VPELhECoyq4c3zZSsgVfEKrWM+Naa/LXZP+TX2045BRsJSo78gZU525f9al0y
BgCg6O+zcMAgEGOHobqYrrOljFKJzgELTZW6VuubeplTGXeRvIg8MnQPjZZwDPFa
TpxLQ7rHyXlP+X3hY8DqkpRujelj9vs0nRSC7oe4t402QmMZBDoeHMharNJuplYi
/cwUxTkY+JN/qjrceUri0drh+AUQHKXQlhPbSV/kXomfsU5xyARorLpq6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNw9DWJH0uFlNWL7favpUnqUFwR5MB8GA1UdIwQY
MBaAFKt3c6occaAiZRRrozbMwuWN6tuIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNkenFoeHhvQ0psRkd1ak5zekM1WTNxMjRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8wMWY5OTctZjAyNy00YTNhLTg1NTIt
ZTZkZmJhMWRmMjMwLzEvM0QwTllrZlM0V1UxWXZ0OXEtbFNlcFFYQkhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8wMWY5OTctZjAyNy00YTNhLTg1NTItZTZkZmJhMWRmMjMw
LzEvcTNkenFoeHhvQ0psRkd1ak5zekM1WTNxMjRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAGM
MA0GCSqGSIb3DQEBCwUAA4IBAQBhozuWVJjY6InfstefdlFi8guFgJV+4x4fSdiQ
gX43OPvtaXpEfrYVMn0q52j8osGaNB8Jnel+WdImP/GE0ghCL/NaPsVZS7Sxi86a
3xIS/VZD9DNX0/2yWmBuaLOnJkjEjs0aJTbIgzBvFMVNYfd2wXG7GvAHvLQJK0dH
yuVnDB5NIKQ0xuF7TuW3j6vozws2vpD1dqjiyza1S6M2jvcuTtrzhQ9h6UMpAQWN
LPNN1NbnhSiHkRv2grIChaNgLt7yB7ZSmVvaGzlwbirRz7SE7w36KjzfG0398HiF
SURjTvk5TG+7dLYm8qGbmZrFRXJahTR/S8EbEuvhMG4Qduhj
-----END CERTIFICATE-----