Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/3ac44b-565a-4286-a40c-d7e01ac02a75/1/w4feffnYpdqXBlrFgpL9HcggfQ0.roa
File:                     w4feffnYpdqXBlrFgpL9HcggfQ0.roa (raw, json)
Hash identifier:          QQGk520hyAh7kFq4HgfL7o31R/B8K1rn8CDnByNRfQs=
Subject key identifier:   C3:87:DE:7D:F9:D8:A5:DA:97:06:5A:C5:82:92:FD:1D:C8:20:7D:0D
Certificate issuer:       /CN=44814ea7e83b4019bfd5797eba989da06dd90e33
Certificate serial:       018CCA2A458BC3C0E55051F86B3FDC87FDAC
Authority key identifier: 44:81:4E:A7:E8:3B:40:19:BF:D5:79:7E:BA:98:9D:A0:6D:D9:0E:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RIFOp-g7QBm_1Xl-upidoG3ZDjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/3ac44b-565a-4286-a40c-d7e01ac02a75/1/w4feffnYpdqXBlrFgpL9HcggfQ0.roa
Signing time:             Tue 02 Jan 2024 12:33:37 +0000
ROA not before:           Tue 02 Jan 2024 12:33:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208733
IP address blocks:        2001:678:3b8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/3ac44b-565a-4286-a40c-d7e01ac02a75/1/RIFOp-g7QBm_1Xl-upidoG3ZDjM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/3ac44b-565a-4286-a40c-d7e01ac02a75/1/RIFOp-g7QBm_1Xl-upidoG3ZDjM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RIFOp-g7QBm_1Xl-upidoG3ZDjM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:45:8b:c3:c0:e5:50:51:f8:6b:3f:dc:87:fd:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44814ea7e83b4019bfd5797eba989da06dd90e33
        Validity
            Not Before: Jan  2 12:33:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c387de7df9d8a5da97065ac58292fd1dc8207d0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f2:cd:41:f1:c8:61:14:0c:7a:9f:27:fd:81:
                    e7:74:40:f7:9d:23:d8:75:fb:3e:b6:dc:a8:81:0b:
                    74:08:c7:fe:05:01:98:ea:7b:94:d2:99:af:a8:44:
                    6b:43:d5:24:56:a5:ad:e3:7f:b3:d1:4d:6d:0b:57:
                    7b:27:e0:e4:b9:c2:4a:a8:32:57:46:8f:56:74:48:
                    9f:9b:05:cc:c0:3a:b4:23:93:93:1e:ef:c4:31:7e:
                    ee:40:2a:9c:ab:c1:87:ba:05:e4:73:8d:a8:78:68:
                    1c:74:32:93:a8:fd:8c:a4:0f:ea:8f:c2:a9:40:92:
                    a6:87:d5:70:b2:2e:29:88:55:84:4b:de:5b:30:3b:
                    93:8f:1a:56:fa:8a:72:04:6d:91:5f:72:2b:d7:a3:
                    9a:5f:d2:15:fd:fa:11:7b:c5:f1:78:aa:15:fa:38:
                    37:e8:f4:68:57:80:18:2e:0f:df:9b:10:ce:b7:fb:
                    b7:76:3a:fc:f1:6b:66:12:37:65:91:6b:c1:e6:6b:
                    9e:6e:f6:99:80:fb:b4:7b:66:8c:b9:33:02:8f:c6:
                    f0:a1:80:89:cc:42:58:0b:99:44:be:ac:a6:f4:50:
                    92:42:13:82:1e:38:4a:50:6c:a1:3e:9a:57:3d:96:
                    f7:ed:08:65:18:d9:9f:27:1e:91:a3:b4:23:15:4c:
                    79:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:87:DE:7D:F9:D8:A5:DA:97:06:5A:C5:82:92:FD:1D:C8:20:7D:0D
            X509v3 Authority Key Identifier:
                keyid:44:81:4E:A7:E8:3B:40:19:BF:D5:79:7E:BA:98:9D:A0:6D:D9:0E:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RIFOp-g7QBm_1Xl-upidoG3ZDjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/3ac44b-565a-4286-a40c-d7e01ac02a75/1/w4feffnYpdqXBlrFgpL9HcggfQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/3ac44b-565a-4286-a40c-d7e01ac02a75/1/RIFOp-g7QBm_1Xl-upidoG3ZDjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:3b8::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:f4:b6:44:c6:4e:ef:61:2e:68:d0:da:8f:df:88:e0:11:1b:
         b4:19:ae:d2:0a:a3:06:63:a0:f6:45:40:fe:e0:f9:1d:03:e9:
         84:65:25:b4:17:b7:bb:d4:e5:5d:62:18:78:b7:47:3b:fb:d3:
         00:b3:4a:ed:d6:45:8f:c0:3e:8e:1e:dd:1f:68:77:4d:09:80:
         b6:56:1c:d1:ed:cf:db:3f:d1:c3:42:64:d7:41:d3:34:d7:21:
         b7:ba:2c:e1:55:f1:cc:52:04:95:76:fb:06:7b:fb:70:65:c3:
         6a:aa:2a:e9:d7:2d:43:62:9d:d9:b1:70:0d:f9:a8:a6:6d:8a:
         ae:b7:5d:03:80:e9:ca:60:8e:75:11:5d:74:8a:21:83:67:25:
         a0:84:6a:b3:69:d7:21:0a:20:7a:5c:e2:69:02:2c:d8:fd:36:
         69:bf:8f:c5:1c:9a:c4:06:c4:21:04:04:05:e9:53:db:df:52:
         d1:f8:67:20:0e:06:37:90:4f:58:4f:6a:11:c1:78:ab:5e:87:
         8f:2f:5b:f5:1a:f5:fa:87:49:0e:f8:5f:8d:81:c1:be:28:23:
         af:97:31:72:27:1b:3d:8c:c2:d9:26:02:f1:b3:d9:b6:92:3b:
         18:6a:a3:07:f1:5c:3f:5f:84:d6:fb:47:12:01:5e:5c:02:77:
         5e:05:44:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKkWLw8DlUFH4az/ch/2sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ODE0ZWE3ZTgzYjQwMTliZmQ1Nzk3ZWJhOTg5ZGEwNmRk
OTBlMzMwHhcNMjQwMTAyMTIzMzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzg3ZGU3ZGY5ZDhhNWRhOTcwNjVhYzU4MjkyZmQxZGM4MjA3ZDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfLNQfHIYRQMep8n/YHndED3nSPY
dfs+ttyogQt0CMf+BQGY6nuU0pmvqERrQ9UkVqWt43+z0U1tC1d7J+DkucJKqDJX
Ro9WdEifmwXMwDq0I5OTHu/EMX7uQCqcq8GHugXkc42oeGgcdDKTqP2MpA/qj8Kp
QJKmh9Vwsi4piFWES95bMDuTjxpW+opyBG2RX3Ir16OaX9IV/foRe8XxeKoV+jg3
6PRoV4AYLg/fmxDOt/u3djr88WtmEjdlkWvB5muebvaZgPu0e2aMuTMCj8bwoYCJ
zEJYC5lEvqym9FCSQhOCHjhKUGyhPppXPZb37QhlGNmfJx6Ro7QjFUx5UwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMOH3n352KXalwZaxYKS/R3IIH0NMB8GA1UdIwQY
MBaAFESBTqfoO0AZv9V5frqYnaBt2Q4zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUklGT3AtZzdRQm1fMVhsLXVwaWRvRzNaRGpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8zYWM0NGItNTY1YS00Mjg2LWE0MGMt
ZDdlMDFhYzAyYTc1LzEvdzRmZWZmbllwZHFYQmxyRmdwTDlIY2dnZlEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8zYWM0NGItNTY1YS00Mjg2LWE0MGMtZDdlMDFhYzAyYTc1
LzEvUklGT3AtZzdRQm1fMVhsLXVwaWRvRzNaRGpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAO4
MA0GCSqGSIb3DQEBCwUAA4IBAQCK9LZExk7vYS5o0NqP34jgERu0Ga7SCqMGY6D2
RUD+4PkdA+mEZSW0F7e71OVdYhh4t0c7+9MAs0rt1kWPwD6OHt0faHdNCYC2VhzR
7c/bP9HDQmTXQdM01yG3uizhVfHMUgSVdvsGe/twZcNqqirp1y1DYp3ZsXAN+aim
bYqut10DgOnKYI51EV10iiGDZyWghGqzadchCiB6XOJpAizY/TZpv4/FHJrEBsQh
BAQF6VPb31LR+GcgDgY3kE9YT2oRwXirXoePL1v1GvX6h0kO+F+NgcG+KCOvlzFy
Jxs9jMLZJgLxs9m2kjsYaqMH8Vw/X4TW+0cSAV5cAndeBUQ8
-----END CERTIFICATE-----