Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/NJcGzDc-1tr4lEc_lFGbEy3ldwo.roa
File:                     NJcGzDc-1tr4lEc_lFGbEy3ldwo.roa (raw, json)
Hash identifier:          tfX8Z9WgYOFZ8KWPccqoZNumOgMhz5FVqsfOSF5WIww=
Subject key identifier:   34:97:06:CC:37:3E:D6:DA:F8:94:47:3F:94:51:9B:13:2D:E5:77:0A
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       018F78AC8F67B960E7F6FDCFFB08DBD60DD0
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/NJcGzDc-1tr4lEc_lFGbEy3ldwo.roa
Signing time:             Tue 14 May 2024 19:55:25 +0000
ROA not before:           Tue 14 May 2024 19:55:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42375
IP address blocks:        2a09:6907::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:78:ac:8f:67:b9:60:e7:f6:fd:cf:fb:08:db:d6:0d:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: May 14 19:55:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=349706cc373ed6daf894473f94519b132de5770a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:26:86:4a:92:d4:41:bf:9a:87:61:b7:0c:d7:
                    11:7d:13:b6:25:5e:8d:c5:ad:a8:0f:c6:3e:4a:f4:
                    0d:57:b3:eb:b5:77:42:72:d2:cc:f4:32:6c:01:55:
                    4b:2c:d4:a4:c0:c7:d8:bc:40:b4:27:32:be:8d:b3:
                    76:ea:0a:48:14:57:af:4c:38:d4:40:7f:3e:02:f7:
                    1b:a5:51:73:96:43:3c:30:0d:3d:58:0e:ea:d6:b3:
                    92:b8:a3:cb:44:55:d3:48:dd:f2:af:12:4b:57:6c:
                    95:e9:dc:18:42:55:f4:02:35:30:6b:10:89:d9:66:
                    18:67:6c:46:5c:b6:a3:ad:4b:7e:a7:43:c8:29:eb:
                    89:2b:01:7d:03:5d:53:fc:66:fd:44:b4:f5:dc:5c:
                    07:77:8a:29:44:1b:97:4b:76:77:60:69:0a:a8:db:
                    46:e2:2b:ee:7d:94:bc:4d:36:1c:72:82:f3:93:cd:
                    2c:a0:1c:52:e9:1f:8e:b2:5a:37:4a:a3:13:88:90:
                    66:74:92:bf:b7:19:b1:df:07:38:45:b2:0d:1a:c7:
                    d2:61:2e:b5:0e:ce:91:32:82:86:8f:41:93:c5:e9:
                    ba:ee:cf:d7:38:b2:0e:db:d0:db:d9:f1:02:92:29:
                    5f:4b:2b:c5:f5:32:96:a6:6c:c7:86:f0:25:df:62:
                    ad:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:97:06:CC:37:3E:D6:DA:F8:94:47:3F:94:51:9B:13:2D:E5:77:0A
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/NJcGzDc-1tr4lEc_lFGbEy3ldwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6907::/32

    Signature Algorithm: sha256WithRSAEncryption
         36:97:9d:3f:62:51:52:c7:be:44:2c:d4:88:4f:d4:d6:0c:37:
         de:bb:b3:87:c8:a3:7c:28:45:47:ff:0b:d5:1c:39:3f:8e:73:
         6a:35:a7:b5:fa:db:fa:92:a8:3b:b0:d2:e1:b8:6e:b1:44:eb:
         e0:78:03:2c:82:35:78:be:17:88:ac:f8:9b:55:1c:12:39:87:
         33:09:fc:8e:c0:47:bd:99:39:77:48:c1:37:43:8a:64:ff:27:
         ed:99:88:bf:2b:41:00:5f:17:85:fb:f9:8d:0d:42:bc:33:93:
         f3:5e:58:2c:96:e2:fe:46:c7:84:c3:e1:1d:1c:79:0e:00:ef:
         4c:ed:db:c0:c4:07:81:37:92:c5:5f:3f:c9:8b:48:7a:a1:b5:
         89:f4:d0:95:24:64:17:e7:48:e5:66:66:06:ab:ed:9a:ea:d3:
         54:cb:75:0f:38:83:98:01:57:8c:77:37:20:a5:40:ba:7e:99:
         a7:0e:f6:4c:93:2d:3b:b2:b2:0c:bd:6d:c3:ad:70:83:ee:5d:
         90:70:48:e2:56:05:2c:c7:f1:2c:5b:7f:9b:a6:97:3f:41:dd:
         19:62:e1:28:9f:1c:31:8a:04:c5:01:79:0c:bb:e0:b7:c6:e7:
         a3:b4:85:a6:72:42:96:9b:36:92:f9:6a:ee:59:4b:73:3f:68:
         2a:c5:55:cf
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY94rI9nuWDn9v3P+wjb1g3QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjQwNTE0MTk1NTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDk3MDZjYzM3M2VkNmRhZjg5NDQ3M2Y5NDUxOWIxMzJkZTU3NzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3iaGSpLUQb+ah2G3DNcRfRO2JV6N
xa2oD8Y+SvQNV7PrtXdCctLM9DJsAVVLLNSkwMfYvEC0JzK+jbN26gpIFFevTDjU
QH8+AvcbpVFzlkM8MA09WA7q1rOSuKPLRFXTSN3yrxJLV2yV6dwYQlX0AjUwaxCJ
2WYYZ2xGXLajrUt+p0PIKeuJKwF9A11T/Gb9RLT13FwHd4opRBuXS3Z3YGkKqNtG
4ivufZS8TTYccoLzk80soBxS6R+Oslo3SqMTiJBmdJK/txmx3wc4RbINGsfSYS61
Ds6RMoKGj0GTxem67s/XOLIO29Db2fECkilfSyvF9TKWpmzHhvAl32KtQwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDSXBsw3Ptba+JRHP5RRmxMt5XcKMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvTkpjR3pEYy0xdHI0bEVjX2xGR2JFeTNsZHdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKglpBzAN
BgkqhkiG9w0BAQsFAAOCAQEANpedP2JRUse+RCzUiE/U1gw33ruzh8ijfChFR/8L
1Rw5P45zajWntfrb+pKoO7DS4bhusUTr4HgDLII1eL4XiKz4m1UcEjmHMwn8jsBH
vZk5d0jBN0OKZP8n7ZmIvytBAF8Xhfv5jQ1CvDOT815YLJbi/kbHhMPhHRx5DgDv
TO3bwMQHgTeSxV8/yYtIeqG1ifTQlSRkF+dI5WZmBqvtmurTVMt1DziDmAFXjHc3
IKVAun6Zpw72TJMtO7KyDL1tw61wg+5dkHBI4lYFLMfxLFt/m6aXP0HdGWLhKJ8c
MYoExQF5DLvgt8bno7SFpnJClps2kvlq7llLcz9oKsVVzw==
-----END CERTIFICATE-----