Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/d2e137-cebb-4794-9ace-1b5de5b76062/1/H7ZarTI9x30LTio2uaInw4l0cbU.roa
File:                     H7ZarTI9x30LTio2uaInw4l0cbU.roa (raw, json)
Hash identifier:          FUVM7vZBSUp2Z9wOg1NUZK9yE+BZSDKZPAUy162MtTQ=
Subject key identifier:   1F:B6:5A:AD:32:3D:C7:7D:0B:4E:2A:36:B9:A2:27:C3:89:74:71:B5
Certificate issuer:       /CN=4aca04586a85ed12e9cda834dfdfa119c1a58975
Certificate serial:       018D694B4214E9DEEF1F03B60F626C6EEEC8
Authority key identifier: 4A:CA:04:58:6A:85:ED:12:E9:CD:A8:34:DF:DF:A1:19:C1:A5:89:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SsoEWGqF7RLpzag039-hGcGliXU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/d2e137-cebb-4794-9ace-1b5de5b76062/1/H7ZarTI9x30LTio2uaInw4l0cbU.roa
Signing time:             Fri 02 Feb 2024 10:09:16 +0000
ROA not before:           Fri 02 Feb 2024 10:09:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9145
IP address blocks:        2001:678:c4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/d2e137-cebb-4794-9ace-1b5de5b76062/1/SsoEWGqF7RLpzag039-hGcGliXU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/d2e137-cebb-4794-9ace-1b5de5b76062/1/SsoEWGqF7RLpzag039-hGcGliXU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SsoEWGqF7RLpzag039-hGcGliXU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:4b:42:14:e9:de:ef:1f:03:b6:0f:62:6c:6e:ee:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4aca04586a85ed12e9cda834dfdfa119c1a58975
        Validity
            Not Before: Feb  2 10:09:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fb65aad323dc77d0b4e2a36b9a227c3897471b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a9:a5:c6:f4:c1:7e:38:8b:9d:ba:72:dc:6b:
                    2d:17:aa:04:b3:4d:33:77:e5:db:88:44:4e:34:c0:
                    3d:ee:7c:9a:d8:2b:b7:45:fd:25:c8:db:13:42:12:
                    4c:c9:d5:13:76:18:7c:53:10:a1:30:71:06:c6:b3:
                    a9:4c:57:e8:09:9f:b2:76:54:d6:a3:a7:2f:1b:f8:
                    cb:e8:5c:2d:69:f6:ab:75:ea:cb:df:d7:6c:32:fc:
                    d6:2a:3a:13:11:c0:ad:4f:1d:cd:36:6e:63:a3:f9:
                    ac:56:1d:8d:68:45:a7:a4:eb:74:c4:23:3c:70:a6:
                    e3:81:ec:82:67:d6:56:f0:bd:bd:32:22:d6:b0:53:
                    38:d7:5b:cd:fe:96:2a:58:e6:bf:13:e1:10:92:45:
                    73:6b:0a:b1:b3:d0:b8:5b:0b:9c:9b:71:6d:73:78:
                    e4:c9:3d:aa:41:21:96:52:db:b6:35:3b:eb:78:8e:
                    17:0c:99:4a:a1:32:b8:05:d9:2c:36:bc:4c:0f:67:
                    78:d4:b5:1a:04:51:1f:40:4e:25:31:a0:0f:08:02:
                    5e:42:f8:08:59:d6:ee:c3:f9:19:ed:93:a3:b1:9c:
                    1c:44:94:4f:68:48:21:29:f4:00:62:5d:e4:48:bd:
                    18:cb:22:0c:05:be:7c:5c:fa:db:22:91:96:8b:72:
                    1b:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:B6:5A:AD:32:3D:C7:7D:0B:4E:2A:36:B9:A2:27:C3:89:74:71:B5
            X509v3 Authority Key Identifier:
                keyid:4A:CA:04:58:6A:85:ED:12:E9:CD:A8:34:DF:DF:A1:19:C1:A5:89:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SsoEWGqF7RLpzag039-hGcGliXU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/d2e137-cebb-4794-9ace-1b5de5b76062/1/H7ZarTI9x30LTio2uaInw4l0cbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/d2e137-cebb-4794-9ace-1b5de5b76062/1/SsoEWGqF7RLpzag039-hGcGliXU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:c4::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:e6:f5:f3:cd:29:7e:12:7f:6f:13:7f:16:fe:cf:4f:31:c3:
         51:f5:51:33:43:0b:3f:f9:02:15:c5:7d:e8:79:31:83:28:ab:
         cf:dd:25:8f:d7:fd:be:82:ef:ca:91:52:93:71:6d:41:68:bb:
         d8:6f:97:5d:5c:7e:e7:06:78:d4:14:3e:a9:5b:ff:04:b8:ad:
         88:b0:d0:7f:e1:45:09:ac:8a:60:3d:74:0d:90:6b:d6:8e:8e:
         f8:58:c7:e0:c3:55:41:b1:c1:37:bc:eb:40:c3:9a:f6:5c:a9:
         57:81:7b:27:cd:bc:a6:64:3f:ea:79:4f:37:ee:95:dd:15:a7:
         2b:21:65:8b:38:52:c8:dc:8a:19:b8:6b:52:50:53:bd:9f:52:
         e9:5b:bd:d3:48:b0:f3:42:7e:2a:ad:89:d1:e4:07:7f:88:c2:
         e8:25:5b:7d:99:df:3c:5a:8c:a4:2b:e7:cf:c0:a2:79:54:e5:
         4c:79:7a:65:4d:00:ab:b9:1b:14:6a:4c:15:e1:ae:d2:98:a6:
         c2:dd:b3:82:3f:a4:63:df:48:e4:88:ac:c2:9a:5c:c8:d9:7d:
         70:5f:71:68:84:cf:98:12:e7:f7:0d:36:00:41:b5:ee:51:48:
         6c:ec:f9:ab:d9:73:d5:f7:9b:60:a7:7b:12:dd:41:ba:db:a4:
         73:79:33:5c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1pS0IU6d7vHwO2D2Jsbu7IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhY2EwNDU4NmE4NWVkMTJlOWNkYTgzNGRmZGZhMTE5YzFh
NTg5NzUwHhcNMjQwMjAyMTAwOTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmI2NWFhZDMyM2RjNzdkMGI0ZTJhMzZiOWEyMjdjMzg5NzQ3MWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqmlxvTBfjiLnbpy3GstF6oEs00z
d+XbiERONMA97nya2Cu3Rf0lyNsTQhJMydUTdhh8UxChMHEGxrOpTFfoCZ+ydlTW
o6cvG/jL6FwtafarderL39dsMvzWKjoTEcCtTx3NNm5jo/msVh2NaEWnpOt0xCM8
cKbjgeyCZ9ZW8L29MiLWsFM411vN/pYqWOa/E+EQkkVzawqxs9C4Wwucm3Ftc3jk
yT2qQSGWUtu2NTvreI4XDJlKoTK4BdksNrxMD2d41LUaBFEfQE4lMaAPCAJeQvgI
Wdbuw/kZ7ZOjsZwcRJRPaEghKfQAYl3kSL0YyyIMBb58XPrbIpGWi3IbtQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB+2Wq0yPcd9C04qNrmiJ8OJdHG1MB8GA1UdIwQY
MBaAFErKBFhqhe0S6c2oNN/foRnBpYl1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3NvRVdHcUY3UkxwemFnMDM5LWhHY0dsaVhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9kMmUxMzctY2ViYi00Nzk0LTlhY2Ut
MWI1ZGU1Yjc2MDYyLzEvSDdaYXJUSTl4MzBMVGlvMnVhSW53NGwwY2JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9kMmUxMzctY2ViYi00Nzk0LTlhY2UtMWI1ZGU1Yjc2MDYy
LzEvU3NvRVdHcUY3UkxwemFnMDM5LWhHY0dsaVhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeADE
MA0GCSqGSIb3DQEBCwUAA4IBAQAh5vXzzSl+En9vE38W/s9PMcNR9VEzQws/+QIV
xX3oeTGDKKvP3SWP1/2+gu/KkVKTcW1BaLvYb5ddXH7nBnjUFD6pW/8EuK2IsNB/
4UUJrIpgPXQNkGvWjo74WMfgw1VBscE3vOtAw5r2XKlXgXsnzbymZD/qeU837pXd
FacrIWWLOFLI3IoZuGtSUFO9n1LpW73TSLDzQn4qrYnR5Ad/iMLoJVt9md88Woyk
K+fPwKJ5VOVMeXplTQCruRsUakwV4a7SmKbC3bOCP6Rj30jkiKzCmlzI2X1wX3Fo
hM+YEuf3DTYAQbXuUUhs7Pmr2XPV95tgp3sS3UG626RzeTNc
-----END CERTIFICATE-----