Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/0dbf3d-98d2-4ec4-8b80-076dd6bd124a/1/RHqZ2p2T4toErX7nhStKuG0SzY0.roa
File:                     RHqZ2p2T4toErX7nhStKuG0SzY0.roa (raw, json)
Hash identifier:          hJNmAng5Lg1JdWoHzxkSR8VlON9e4ShuiXk9Ft2Wq+M=
Subject key identifier:   44:7A:99:DA:9D:93:E2:DA:04:AD:7E:E7:85:2B:4A:B8:6D:12:CD:8D
Certificate issuer:       /CN=e4fb640946d8cfaefe5648948702ad6034a0e8b9
Certificate serial:       018CC2DB0F66E31FC47A90C3722CC5478DE8
Authority key identifier: E4:FB:64:09:46:D8:CF:AE:FE:56:48:94:87:02:AD:60:34:A0:E8:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5PtkCUbYz67-VkiUhwKtYDSg6Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/0dbf3d-98d2-4ec4-8b80-076dd6bd124a/1/RHqZ2p2T4toErX7nhStKuG0SzY0.roa
Signing time:             Mon 01 Jan 2024 02:29:45 +0000
ROA not before:           Mon 01 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213003
IP address blocks:        2001:678:d7c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/0dbf3d-98d2-4ec4-8b80-076dd6bd124a/1/5PtkCUbYz67-VkiUhwKtYDSg6Lk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/0dbf3d-98d2-4ec4-8b80-076dd6bd124a/1/5PtkCUbYz67-VkiUhwKtYDSg6Lk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5PtkCUbYz67-VkiUhwKtYDSg6Lk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:0f:66:e3:1f:c4:7a:90:c3:72:2c:c5:47:8d:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4fb640946d8cfaefe5648948702ad6034a0e8b9
        Validity
            Not Before: Jan  1 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=447a99da9d93e2da04ad7ee7852b4ab86d12cd8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:5a:29:c1:5a:13:a5:8a:8f:ee:f4:74:d7:46:
                    e4:86:23:9f:7b:a8:be:27:2c:7d:22:51:be:12:79:
                    86:40:ff:fc:c6:ef:d9:fb:33:aa:ab:cb:9e:3d:01:
                    91:84:15:c1:e8:e7:1f:d4:9b:91:03:a3:2a:70:1e:
                    a0:25:dd:eb:d1:97:da:ed:b6:95:e4:22:73:8b:c7:
                    63:be:77:62:43:35:d5:37:4d:77:5c:6f:39:5b:14:
                    a5:81:21:d7:40:26:9b:35:1e:54:06:19:3e:0b:be:
                    dc:51:8d:05:fa:64:c0:58:0a:f8:a0:bb:24:8e:ff:
                    dc:e1:37:e8:3c:4b:37:65:9a:b1:40:fc:b2:9f:a1:
                    03:90:82:fc:e1:1c:5b:4d:f8:ea:5c:b7:60:fa:2d:
                    9d:07:95:0c:7f:9a:6f:f3:47:f3:31:0a:cd:ef:19:
                    ba:4e:ef:3c:e0:6d:97:ef:47:ae:c8:95:e0:a6:8b:
                    9a:a1:06:df:c4:09:d4:71:93:1e:6a:f4:6b:a4:df:
                    52:c0:b4:e4:f6:71:4c:ff:ee:27:e2:4f:ae:2f:b8:
                    94:e1:42:ca:44:f1:ca:26:b9:2f:eb:25:eb:67:06:
                    4f:33:ee:e6:dc:5f:5e:5f:ef:b8:72:07:a3:5e:bd:
                    6c:95:6a:45:a7:f6:14:1f:b0:89:d1:c7:e2:b4:fb:
                    38:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:7A:99:DA:9D:93:E2:DA:04:AD:7E:E7:85:2B:4A:B8:6D:12:CD:8D
            X509v3 Authority Key Identifier:
                keyid:E4:FB:64:09:46:D8:CF:AE:FE:56:48:94:87:02:AD:60:34:A0:E8:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5PtkCUbYz67-VkiUhwKtYDSg6Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/0dbf3d-98d2-4ec4-8b80-076dd6bd124a/1/RHqZ2p2T4toErX7nhStKuG0SzY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/0dbf3d-98d2-4ec4-8b80-076dd6bd124a/1/5PtkCUbYz67-VkiUhwKtYDSg6Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d7c::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:e5:5b:74:0c:0c:bd:ad:4a:85:f8:a6:69:a0:1a:ec:ec:30:
         07:df:4a:bf:83:a6:fb:14:16:1b:44:e1:5c:c9:ee:c1:86:4c:
         59:08:95:a8:c2:5f:1b:af:37:81:f4:7b:d4:90:aa:4b:a0:17:
         d6:35:07:af:a5:b2:7c:b8:01:3f:e0:9c:2f:0f:ff:65:41:f8:
         d1:c2:4f:0c:dd:f2:05:fa:c4:ac:5b:e8:d8:4e:c1:e9:bd:29:
         c3:c7:69:cb:d7:4d:9d:98:7c:aa:3f:4c:f5:bf:be:f9:ef:c1:
         42:8a:b5:96:7d:fe:04:05:d9:01:6e:4a:b6:0a:f4:5c:04:99:
         23:29:4c:eb:5d:bd:f8:81:80:53:2e:24:97:99:79:3d:8f:3f:
         29:82:0f:ca:4b:c5:68:c4:0e:ce:f2:20:bd:1e:39:f2:c9:37:
         6e:e7:3f:ba:c9:d3:09:05:84:f7:2e:89:32:fc:c6:c6:f4:43:
         93:c2:c2:e9:24:88:6d:68:97:9c:ec:05:4f:29:2d:ef:2b:30:
         cd:ae:96:15:b9:d9:23:57:d9:5d:00:ae:c3:15:bb:7a:3f:16:
         12:cf:93:6e:19:9d:fd:cf:7c:f7:2d:42:31:4b:8c:1e:15:57:
         d5:db:ca:e8:e8:6c:95:aa:50:fd:b1:1e:91:be:0b:cc:1b:37:
         27:74:a8:6b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2w9m4x/EepDDcizFR43oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0ZmI2NDA5NDZkOGNmYWVmZTU2NDg5NDg3MDJhZDYwMzRh
MGU4YjkwHhcNMjQwMTAxMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDdhOTlkYTlkOTNlMmRhMDRhZDdlZTc4NTJiNGFiODZkMTJjZDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1opwVoTpYqP7vR010bkhiOfe6i+
Jyx9IlG+EnmGQP/8xu/Z+zOqq8uePQGRhBXB6Ocf1JuRA6MqcB6gJd3r0Zfa7baV
5CJzi8djvndiQzXVN013XG85WxSlgSHXQCabNR5UBhk+C77cUY0F+mTAWAr4oLsk
jv/c4TfoPEs3ZZqxQPyyn6EDkIL84RxbTfjqXLdg+i2dB5UMf5pv80fzMQrN7xm6
Tu884G2X70euyJXgpouaoQbfxAnUcZMeavRrpN9SwLTk9nFM/+4n4k+uL7iU4ULK
RPHKJrkv6yXrZwZPM+7m3F9eX++4cgejXr1slWpFp/YUH7CJ0cfitPs4qwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFER6mdqdk+LaBK1+54UrSrhtEs2NMB8GA1UdIwQY
MBaAFOT7ZAlG2M+u/lZIlIcCrWA0oOi5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVB0a0NVYll6NjctVmtpVWh3S3RZRFNnNkxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8wZGJmM2QtOThkMi00ZWM0LThiODAt
MDc2ZGQ2YmQxMjRhLzEvUkhxWjJwMlQ0dG9Fclg3bmhTdEt1RzBTelkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8wZGJmM2QtOThkMi00ZWM0LThiODAtMDc2ZGQ2YmQxMjRh
LzEvNVB0a0NVYll6NjctVmtpVWh3S3RZRFNnNkxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA18
MA0GCSqGSIb3DQEBCwUAA4IBAQCZ5Vt0DAy9rUqF+KZpoBrs7DAH30q/g6b7FBYb
ROFcye7BhkxZCJWowl8brzeB9HvUkKpLoBfWNQevpbJ8uAE/4JwvD/9lQfjRwk8M
3fIF+sSsW+jYTsHpvSnDx2nL102dmHyqP0z1v77578FCirWWff4EBdkBbkq2CvRc
BJkjKUzrXb34gYBTLiSXmXk9jz8pgg/KS8VoxA7O8iC9HjnyyTdu5z+6ydMJBYT3
Loky/MbG9EOTwsLpJIhtaJec7AVPKS3vKzDNrpYVudkjV9ldAK7DFbt6PxYSz5Nu
GZ39z3z3LUIxS4weFVfV28ro6GyVqlD9sR6RvgvMGzcndKhr
-----END CERTIFICATE-----