Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/25812d-8cd7-4707-8bdb-cfa5042dc95c/1/Cjjz4fNuW_K5tJjNMWVPXeClJlc.roa
File:                     Cjjz4fNuW_K5tJjNMWVPXeClJlc.roa (raw, json)
Hash identifier:          eJnZtlz94DK+gCuiMjqWIeQHEzZgrgaEn0sNgB9bKBc=
Subject key identifier:   0A:38:F3:E1:F3:6E:5B:F2:B9:B4:98:CD:31:65:4F:5D:E0:A5:26:57
Certificate issuer:       /CN=76866be69f3770720a6dcc4792e680fc7f7321a1
Certificate serial:       018CC94CFA39B3CE204AC3CA11ED753C684C
Authority key identifier: 76:86:6B:E6:9F:37:70:72:0A:6D:CC:47:92:E6:80:FC:7F:73:21:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/doZr5p83cHIKbcxHkuaA_H9zIaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/25812d-8cd7-4707-8bdb-cfa5042dc95c/1/Cjjz4fNuW_K5tJjNMWVPXeClJlc.roa
Signing time:             Tue 02 Jan 2024 08:31:54 +0000
ROA not before:           Tue 02 Jan 2024 08:31:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200300
IP address blocks:        2001:678:7e8::/48 maxlen: 56

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/25812d-8cd7-4707-8bdb-cfa5042dc95c/1/doZr5p83cHIKbcxHkuaA_H9zIaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/25812d-8cd7-4707-8bdb-cfa5042dc95c/1/doZr5p83cHIKbcxHkuaA_H9zIaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/doZr5p83cHIKbcxHkuaA_H9zIaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:fa:39:b3:ce:20:4a:c3:ca:11:ed:75:3c:68:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76866be69f3770720a6dcc4792e680fc7f7321a1
        Validity
            Not Before: Jan  2 08:31:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a38f3e1f36e5bf2b9b498cd31654f5de0a52657
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c9:71:28:d1:64:9f:72:6a:04:07:ba:5a:d8:
                    3b:1d:68:26:d7:eb:49:d2:f0:d5:19:21:bc:f2:4a:
                    65:9f:6d:96:fd:84:ef:d7:05:ae:bd:3f:44:27:e4:
                    65:4f:2f:b6:1e:0a:a1:c4:1d:51:84:98:8d:c4:c9:
                    f5:c8:bb:58:d8:ca:93:d3:1a:35:11:86:8c:91:85:
                    04:aa:73:11:cf:fb:31:e2:46:b1:a8:6f:ad:d4:f8:
                    02:ba:85:ef:9f:42:63:44:0c:a3:75:96:55:b7:81:
                    41:30:aa:bf:4e:ed:09:0e:c0:3b:41:22:83:c2:55:
                    2c:d4:85:8e:25:e5:5a:c9:e9:8d:aa:81:4b:21:cf:
                    68:09:22:1a:a0:c8:60:ff:e5:85:02:c1:f5:14:e1:
                    5f:ec:f7:00:9c:c3:b0:c1:ef:61:d3:1f:3f:89:fb:
                    ff:9e:50:35:71:12:13:aa:cd:b7:e5:d8:3d:b7:ee:
                    e2:74:10:96:07:4c:2e:74:6f:2c:f3:d6:2c:23:ba:
                    8f:d5:91:48:0e:09:48:ea:f2:38:e6:2a:26:cb:40:
                    da:30:66:cc:ee:b1:51:1c:8d:a2:31:72:93:b6:25:
                    29:c5:10:c9:45:72:76:f2:f0:18:da:8c:18:32:19:
                    88:d1:47:82:cc:6f:68:ef:83:4a:66:5c:a9:9f:2b:
                    29:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:38:F3:E1:F3:6E:5B:F2:B9:B4:98:CD:31:65:4F:5D:E0:A5:26:57
            X509v3 Authority Key Identifier:
                keyid:76:86:6B:E6:9F:37:70:72:0A:6D:CC:47:92:E6:80:FC:7F:73:21:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/doZr5p83cHIKbcxHkuaA_H9zIaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/25812d-8cd7-4707-8bdb-cfa5042dc95c/1/Cjjz4fNuW_K5tJjNMWVPXeClJlc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/25812d-8cd7-4707-8bdb-cfa5042dc95c/1/doZr5p83cHIKbcxHkuaA_H9zIaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:7e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:27:a6:fd:aa:5a:a3:82:66:5a:85:5a:fe:6e:47:e2:49:24:
         f9:a9:5b:6e:9b:16:20:76:4f:b3:98:0d:c9:2b:a2:61:53:df:
         3a:b2:86:24:cc:21:1a:ec:db:c9:4b:35:59:13:8f:05:6b:b4:
         bb:6b:38:08:b7:43:36:85:cb:53:ee:50:e8:b2:ae:c3:31:fa:
         0f:e7:7e:bb:c0:4f:89:7f:68:5e:a3:3c:b7:8a:9a:de:3d:10:
         81:a9:d5:77:eb:75:eb:31:3f:63:ca:cb:99:87:d0:79:f5:15:
         54:01:16:6f:e0:f0:fb:d1:1c:54:2d:a3:19:3c:2d:cf:32:df:
         08:7a:44:cc:37:1a:ed:77:00:5e:eb:26:7c:fa:11:5a:28:fb:
         7c:74:3d:46:bd:5f:b2:25:b3:f0:1d:ec:ae:f7:4e:7c:05:e5:
         cb:c1:bd:0e:38:5b:8b:12:04:c6:9f:b8:ee:b9:41:77:c5:c8:
         76:57:c2:1b:8e:1a:8c:80:7a:76:f3:e6:ca:c5:7d:0f:06:e5:
         e0:08:c1:41:cc:8c:5d:10:9c:b5:61:83:43:9a:3a:a3:75:e5:
         35:b8:e0:4b:ae:44:c1:18:a7:76:e4:22:03:12:bd:bc:b0:6e:
         54:a2:ea:f5:9f:99:f2:70:f2:fd:51:90:ad:4d:ed:82:aa:af:
         98:13:5e:77
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTPo5s84gSsPKEe11PGhMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ODY2YmU2OWYzNzcwNzIwYTZkY2M0NzkyZTY4MGZjN2Y3
MzIxYTEwHhcNMjQwMTAyMDgzMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTM4ZjNlMWYzNmU1YmYyYjliNDk4Y2QzMTY1NGY1ZGUwYTUyNjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoslxKNFkn3JqBAe6Wtg7HWgm1+tJ
0vDVGSG88kpln22W/YTv1wWuvT9EJ+RlTy+2HgqhxB1RhJiNxMn1yLtY2MqT0xo1
EYaMkYUEqnMRz/sx4kaxqG+t1PgCuoXvn0JjRAyjdZZVt4FBMKq/Tu0JDsA7QSKD
wlUs1IWOJeVayemNqoFLIc9oCSIaoMhg/+WFAsH1FOFf7PcAnMOwwe9h0x8/ifv/
nlA1cRITqs235dg9t+7idBCWB0wudG8s89YsI7qP1ZFIDglI6vI45iomy0DaMGbM
7rFRHI2iMXKTtiUpxRDJRXJ28vAY2owYMhmI0UeCzG9o74NKZlypnyspBwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAo48+HzblvyubSYzTFlT13gpSZXMB8GA1UdIwQY
MBaAFHaGa+afN3ByCm3MR5LmgPx/cyGhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG9acjVwODNjSElLYmN4SGt1YUFfSDl6SWFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yNTgxMmQtOGNkNy00NzA3LThiZGIt
Y2ZhNTA0MmRjOTVjLzEvQ2pqejRmTnVXX0s1dEpqTk1XVlBYZUNsSmxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yNTgxMmQtOGNkNy00NzA3LThiZGItY2ZhNTA0MmRjOTVj
LzEvZG9acjVwODNjSElLYmN4SGt1YUFfSDl6SWFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAfo
MA0GCSqGSIb3DQEBCwUAA4IBAQCVJ6b9qlqjgmZahVr+bkfiSST5qVtumxYgdk+z
mA3JK6JhU986soYkzCEa7NvJSzVZE48Fa7S7azgIt0M2hctT7lDosq7DMfoP5367
wE+Jf2heozy3iprePRCBqdV363XrMT9jysuZh9B59RVUARZv4PD70RxULaMZPC3P
Mt8IekTMNxrtdwBe6yZ8+hFaKPt8dD1GvV+yJbPwHeyu9058BeXLwb0OOFuLEgTG
n7juuUF3xch2V8IbjhqMgHp28+bKxX0PBuXgCMFBzIxdEJy1YYNDmjqjdeU1uOBL
rkTBGKd25CIDEr28sG5Uour1n5nycPL9UZCtTe2Cqq+YE153
-----END CERTIFICATE-----