Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0631a7-416c-41be-8e45-78c37c0b0d97/1/0yNQh4iIvYfrSEz4uh07F_au4NE.roa
File:                     0yNQh4iIvYfrSEz4uh07F_au4NE.roa (raw, json)
Hash identifier:          PF8rByTCzn3q5ALqjsc32rwPxThE9WSkvLmcjKBkvTM=
Subject key identifier:   D3:23:50:87:88:88:BD:87:EB:48:4C:F8:BA:1D:3B:17:F6:AE:E0:D1
Certificate issuer:       /CN=2643923e773eb270492aecc8da15c2e5ca57c2ca
Certificate serial:       018CC3B71A80F86199F991C69803203E7159
Authority key identifier: 26:43:92:3E:77:3E:B2:70:49:2A:EC:C8:DA:15:C2:E5:CA:57:C2:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JkOSPnc-snBJKuzI2hXC5cpXwso.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/0631a7-416c-41be-8e45-78c37c0b0d97/1/0yNQh4iIvYfrSEz4uh07F_au4NE.roa
Signing time:             Mon 01 Jan 2024 06:30:06 +0000
ROA not before:           Mon 01 Jan 2024 06:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208505
IP address blocks:        2001:678:ac4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/0631a7-416c-41be-8e45-78c37c0b0d97/1/JkOSPnc-snBJKuzI2hXC5cpXwso.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/0631a7-416c-41be-8e45-78c37c0b0d97/1/JkOSPnc-snBJKuzI2hXC5cpXwso.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JkOSPnc-snBJKuzI2hXC5cpXwso.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1a:80:f8:61:99:f9:91:c6:98:03:20:3e:71:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2643923e773eb270492aecc8da15c2e5ca57c2ca
        Validity
            Not Before: Jan  1 06:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d32350878888bd87eb484cf8ba1d3b17f6aee0d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:76:b4:0a:75:50:22:1e:ba:c5:27:60:94:85:
                    d1:45:84:47:4c:14:7a:5f:f0:7a:f3:2d:d9:a1:34:
                    0c:1c:b1:65:29:15:06:d5:40:14:52:00:04:b7:96:
                    ba:85:81:eb:17:3f:2c:f3:fc:e8:b3:f7:2b:4b:60:
                    8e:a3:eb:61:42:fd:3c:dd:39:fa:f7:ce:24:69:0e:
                    a8:2b:d8:db:c9:2b:c9:67:ec:41:2a:df:ec:9b:92:
                    e3:c0:35:9a:d9:e4:72:34:86:4e:e3:d4:f2:36:6e:
                    7e:b3:5e:ec:8f:c2:60:13:68:60:50:fb:31:0f:1c:
                    d4:b1:2e:7c:1c:54:6d:0e:9a:2c:9f:21:d0:ed:81:
                    38:37:06:e9:69:b4:f7:51:2d:ea:7e:b2:f8:f4:19:
                    8e:8d:d5:fb:85:2b:86:b3:35:02:ac:a5:85:68:b0:
                    85:e3:62:57:4e:f0:35:93:39:98:ca:dd:2e:8d:06:
                    d0:8b:37:83:5e:70:38:ad:f9:5d:27:1c:e3:00:00:
                    cc:be:53:aa:8c:e9:bf:c1:fb:f4:2b:fb:fc:a1:03:
                    0e:05:3f:5d:f6:41:d5:a7:b0:ff:d9:4b:aa:9f:e0:
                    a7:0d:6e:46:f7:14:e1:9d:34:11:3c:4e:d8:10:68:
                    e3:3e:45:f7:7a:51:8d:b5:5c:2b:66:ae:2b:a0:7e:
                    52:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:23:50:87:88:88:BD:87:EB:48:4C:F8:BA:1D:3B:17:F6:AE:E0:D1
            X509v3 Authority Key Identifier:
                keyid:26:43:92:3E:77:3E:B2:70:49:2A:EC:C8:DA:15:C2:E5:CA:57:C2:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JkOSPnc-snBJKuzI2hXC5cpXwso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0631a7-416c-41be-8e45-78c37c0b0d97/1/0yNQh4iIvYfrSEz4uh07F_au4NE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0631a7-416c-41be-8e45-78c37c0b0d97/1/JkOSPnc-snBJKuzI2hXC5cpXwso.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:ac4::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:ad:25:9f:5a:56:9c:2a:80:09:10:57:7f:32:a7:49:16:63:
         fc:1b:5b:00:6a:79:5d:7e:6f:f2:7d:d7:05:b2:90:41:ef:44:
         81:29:78:b0:18:1e:2d:ba:cd:48:dc:7c:ce:db:a6:57:5a:b0:
         76:19:a4:10:18:be:bf:d1:22:9f:a1:4f:0d:7e:a6:af:5a:a9:
         bb:3b:df:1d:4a:db:47:f4:00:fb:7d:8a:2d:27:65:d2:3d:b2:
         97:4f:bc:80:97:72:44:78:a9:cd:27:3c:70:b3:cd:75:f1:15:
         69:ee:25:7b:22:dc:36:44:4b:bb:0d:09:c8:10:36:0b:bd:f4:
         00:e2:91:82:d0:b9:2b:ab:ca:17:0f:0f:2f:64:47:25:1b:5d:
         6d:44:c2:46:91:9e:27:99:f4:b6:8f:37:ac:17:66:23:25:1a:
         e9:8f:27:d7:0c:b8:60:5a:f9:7e:d3:a4:37:f7:e7:7c:9c:e3:
         2c:2d:0b:fb:f7:59:b2:21:9e:2a:ec:9f:0e:68:a1:4a:fa:1c:
         1c:21:5e:02:8a:5c:13:8c:c6:52:ab:87:23:d2:4c:86:d5:ee:
         d5:53:92:5b:47:70:1a:56:50:54:c6:a2:f4:1b:08:61:d0:36:
         14:e5:47:a6:79:1a:b6:37:72:36:f9:ea:8e:08:10:78:04:d7:
         aa:9e:b6:9f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtxqA+GGZ+ZHGmAMgPnFZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NDM5MjNlNzczZWIyNzA0OTJhZWNjOGRhMTVjMmU1Y2E1
N2MyY2EwHhcNMjQwMTAxMDYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzIzNTA4Nzg4ODhiZDg3ZWI0ODRjZjhiYTFkM2IxN2Y2YWVlMGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlna0CnVQIh66xSdglIXRRYRHTBR6
X/B68y3ZoTQMHLFlKRUG1UAUUgAEt5a6hYHrFz8s8/zos/crS2COo+thQv083Tn6
984kaQ6oK9jbySvJZ+xBKt/sm5LjwDWa2eRyNIZO49TyNm5+s17sj8JgE2hgUPsx
DxzUsS58HFRtDposnyHQ7YE4NwbpabT3US3qfrL49BmOjdX7hSuGszUCrKWFaLCF
42JXTvA1kzmYyt0ujQbQizeDXnA4rfldJxzjAADMvlOqjOm/wfv0K/v8oQMOBT9d
9kHVp7D/2Uuqn+CnDW5G9xThnTQRPE7YEGjjPkX3elGNtVwrZq4roH5SeQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNMjUIeIiL2H60hM+LodOxf2ruDRMB8GA1UdIwQY
MBaAFCZDkj53PrJwSSrsyNoVwuXKV8LKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmtPU1BuYy1zbkJKS3V6STJoWEM1Y3BYd3NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wNjMxYTctNDE2Yy00MWJlLThlNDUt
NzhjMzdjMGIwZDk3LzEvMHlOUWg0aUl2WWZyU0V6NHVoMDdGX2F1NE5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wNjMxYTctNDE2Yy00MWJlLThlNDUtNzhjMzdjMGIwZDk3
LzEvSmtPU1BuYy1zbkJKS3V6STJoWEM1Y3BYd3NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeArE
MA0GCSqGSIb3DQEBCwUAA4IBAQAYrSWfWlacKoAJEFd/MqdJFmP8G1sAanldfm/y
fdcFspBB70SBKXiwGB4tus1I3HzO26ZXWrB2GaQQGL6/0SKfoU8NfqavWqm7O98d
SttH9AD7fYotJ2XSPbKXT7yAl3JEeKnNJzxws8118RVp7iV7Itw2REu7DQnIEDYL
vfQA4pGC0Lkrq8oXDw8vZEclG11tRMJGkZ4nmfS2jzesF2YjJRrpjyfXDLhgWvl+
06Q39+d8nOMsLQv791myIZ4q7J8OaKFK+hwcIV4CilwTjMZSq4cj0kyG1e7VU5Jb
R3AaVlBUxqL0Gwhh0DYU5UemeRq2N3I2+eqOCBB4BNeqnraf
-----END CERTIFICATE-----