Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a3009-8f2e-420c-9bdf-be74908186f0/1/pU3narhAMburvDgJ3DQBpodY-QM.roa
File:                     pU3narhAMburvDgJ3DQBpodY-QM.roa (raw, json)
Hash identifier:          4KpT4dX22LEg95vBBkB3sNul9flJzyzHVXA5rJ1BotE=
Subject key identifier:   A5:4D:E7:6A:B8:40:31:BB:AB:BC:38:09:DC:34:01:A6:87:58:F9:03
Certificate issuer:       /CN=1db93b83bafad7bfd94f676c021baab5187007f0
Certificate serial:       018CC6B79AB9E7DFEA50CCE033A558BA287F
Authority key identifier: 1D:B9:3B:83:BA:FA:D7:BF:D9:4F:67:6C:02:1B:AA:B5:18:70:07:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hbk7g7r617_ZT2dsAhuqtRhwB_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7a3009-8f2e-420c-9bdf-be74908186f0/1/pU3narhAMburvDgJ3DQBpodY-QM.roa
Signing time:             Mon 01 Jan 2024 20:29:30 +0000
ROA not before:           Mon 01 Jan 2024 20:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29014
IP address blocks:        2001:678:df0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/7a3009-8f2e-420c-9bdf-be74908186f0/1/Hbk7g7r617_ZT2dsAhuqtRhwB_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/7a3009-8f2e-420c-9bdf-be74908186f0/1/Hbk7g7r617_ZT2dsAhuqtRhwB_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hbk7g7r617_ZT2dsAhuqtRhwB_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:9a:b9:e7:df:ea:50:cc:e0:33:a5:58:ba:28:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1db93b83bafad7bfd94f676c021baab5187007f0
        Validity
            Not Before: Jan  1 20:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a54de76ab84031bbabbc3809dc3401a68758f903
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:46:9c:3d:a1:49:99:4f:36:c1:3c:31:61:10:
                    0d:ae:2d:73:bd:6c:59:e3:03:4f:4b:e6:76:cc:97:
                    9f:19:7c:35:18:67:aa:f3:2f:92:c4:48:f0:2e:e6:
                    97:3a:ac:08:1b:09:b4:68:ad:48:ec:d4:57:b1:16:
                    84:73:c7:50:08:be:aa:15:34:46:e4:5d:ea:57:2e:
                    a9:98:ac:aa:7f:9e:95:3f:8c:69:70:cf:b9:d0:c5:
                    d1:b8:ef:0e:ee:e0:dc:34:97:a3:b8:c0:fa:74:e7:
                    66:2b:27:46:71:cc:9c:42:dc:4c:3a:73:11:55:d5:
                    c8:29:10:e7:42:e9:ef:b2:8e:3a:a1:4b:9d:30:19:
                    a4:79:e0:bb:c3:7b:23:22:d4:e8:21:07:c8:d1:63:
                    b4:61:2b:d4:a8:a7:15:62:0f:c1:6b:3a:06:87:2f:
                    6c:f2:18:9f:30:1b:87:92:5a:55:59:42:88:db:62:
                    81:58:30:15:4f:6a:2d:4c:ea:5f:e4:17:7d:a3:91:
                    ae:7b:5f:40:5b:9e:66:5a:6b:1b:8a:12:fe:6d:fb:
                    93:67:6f:03:fb:f0:31:65:87:78:b0:01:3f:ec:69:
                    fc:d7:5d:03:eb:4d:01:ab:14:60:27:aa:cf:bc:0f:
                    07:f0:ce:cc:f9:6c:47:34:e1:a9:2f:d8:c5:85:d7:
                    73:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:4D:E7:6A:B8:40:31:BB:AB:BC:38:09:DC:34:01:A6:87:58:F9:03
            X509v3 Authority Key Identifier:
                keyid:1D:B9:3B:83:BA:FA:D7:BF:D9:4F:67:6C:02:1B:AA:B5:18:70:07:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hbk7g7r617_ZT2dsAhuqtRhwB_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a3009-8f2e-420c-9bdf-be74908186f0/1/pU3narhAMburvDgJ3DQBpodY-QM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a3009-8f2e-420c-9bdf-be74908186f0/1/Hbk7g7r617_ZT2dsAhuqtRhwB_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:df0::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:a9:7a:c4:c6:0b:16:0c:16:82:b0:cb:15:66:f9:ac:4f:f3:
         83:e2:81:44:1e:0a:dd:74:7e:b8:97:e6:f6:8f:0a:34:b8:82:
         16:5f:6a:a6:7d:7b:43:42:91:27:0a:40:d3:85:64:f3:43:55:
         bc:8e:5e:ca:ec:50:f1:2b:14:74:64:37:ce:47:c1:ad:e4:ae:
         74:0c:24:19:69:82:39:31:fe:d0:fe:fe:72:93:de:dd:28:09:
         6f:7e:78:b1:e1:c2:45:da:9c:d7:6e:a7:5a:20:8a:f3:e4:f4:
         c5:c3:e1:48:73:44:e1:b6:6f:8d:ab:90:9b:18:d4:ae:77:6f:
         23:5f:d5:66:55:f9:78:31:a5:9c:0a:6a:b5:76:96:16:17:f7:
         43:79:95:35:3e:f7:d2:65:91:f2:e4:1d:3e:9e:7a:51:38:47:
         d0:b3:e4:31:3a:ed:73:49:02:15:0e:30:77:b4:62:7b:c5:43:
         93:1d:c3:46:66:b9:75:00:b5:17:3e:5f:09:80:78:84:85:a5:
         79:c8:fc:65:c4:38:cd:49:3b:3a:8a:8e:62:8b:e7:28:87:d6:
         69:42:c0:ce:a6:e8:74:05:43:7e:cf:f8:b2:ad:cf:9a:a0:e6:
         2a:24:c0:f2:6b:85:f6:32:c5:e7:7f:fe:2f:d1:c0:d4:0e:b9:
         55:ed:57:04
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGt5q559/qUMzgM6VYuih/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYjkzYjgzYmFmYWQ3YmZkOTRmNjc2YzAyMWJhYWI1MTg3
MDA3ZjAwHhcNMjQwMTAxMjAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTRkZTc2YWI4NDAzMWJiYWJiYzM4MDlkYzM0MDFhNjg3NThmOTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEacPaFJmU82wTwxYRANri1zvWxZ
4wNPS+Z2zJefGXw1GGeq8y+SxEjwLuaXOqwIGwm0aK1I7NRXsRaEc8dQCL6qFTRG
5F3qVy6pmKyqf56VP4xpcM+50MXRuO8O7uDcNJejuMD6dOdmKydGccycQtxMOnMR
VdXIKRDnQunvso46oUudMBmkeeC7w3sjItToIQfI0WO0YSvUqKcVYg/BazoGhy9s
8hifMBuHklpVWUKI22KBWDAVT2otTOpf5Bd9o5Gue19AW55mWmsbihL+bfuTZ28D
+/AxZYd4sAE/7Gn8110D600BqxRgJ6rPvA8H8M7M+WxHNOGpL9jFhddzVwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKVN52q4QDG7q7w4Cdw0AaaHWPkDMB8GA1UdIwQY
MBaAFB25O4O6+te/2U9nbAIbqrUYcAfwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGJrN2c3cjYxN19aVDJkc0FodXF0Umh3Ql9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83YTMwMDktOGYyZS00MjBjLTliZGYt
YmU3NDkwODE4NmYwLzEvcFUzbmFyaEFNYnVydkRnSjNEUUJwb2RZLVFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83YTMwMDktOGYyZS00MjBjLTliZGYtYmU3NDkwODE4NmYw
LzEvSGJrN2c3cjYxN19aVDJkc0FodXF0Umh3Ql9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA3w
MA0GCSqGSIb3DQEBCwUAA4IBAQAUqXrExgsWDBaCsMsVZvmsT/OD4oFEHgrddH64
l+b2jwo0uIIWX2qmfXtDQpEnCkDThWTzQ1W8jl7K7FDxKxR0ZDfOR8Gt5K50DCQZ
aYI5Mf7Q/v5yk97dKAlvfnix4cJF2pzXbqdaIIrz5PTFw+FIc0Thtm+Nq5CbGNSu
d28jX9VmVfl4MaWcCmq1dpYWF/dDeZU1PvfSZZHy5B0+nnpROEfQs+QxOu1zSQIV
DjB3tGJ7xUOTHcNGZrl1ALUXPl8JgHiEhaV5yPxlxDjNSTs6io5ii+coh9ZpQsDO
puh0BUN+z/iyrc+aoOYqJMDya4X2MsXnf/4v0cDUDrlV7VcE
-----END CERTIFICATE-----