Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/PffA6g3RgEZ7uR3duANkbB8kYVQ.roa
File:                     PffA6g3RgEZ7uR3duANkbB8kYVQ.roa (raw, json)
Hash identifier:          uYbiSTbdByAzcQ4UTNupPNeKGQfQfuLxI/gwFRdSuvU=
Subject key identifier:   3D:F7:C0:EA:0D:D1:80:46:7B:B9:1D:DD:B8:03:64:6C:1F:24:61:54
Certificate issuer:       /CN=40f75d327761b90c0899638f430eb614c87c3106
Certificate serial:       018CC34965AEBD7007A4A3E961089735B12D
Authority key identifier: 40:F7:5D:32:77:61:B9:0C:08:99:63:8F:43:0E:B6:14:C8:7C:31:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QPddMndhuQwImWOPQw62FMh8MQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/PffA6g3RgEZ7uR3duANkbB8kYVQ.roa
Signing time:             Mon 01 Jan 2024 04:30:16 +0000
ROA not before:           Mon 01 Jan 2024 04:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        2001:678:2cc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/QPddMndhuQwImWOPQw62FMh8MQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/QPddMndhuQwImWOPQw62FMh8MQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QPddMndhuQwImWOPQw62FMh8MQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:65:ae:bd:70:07:a4:a3:e9:61:08:97:35:b1:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40f75d327761b90c0899638f430eb614c87c3106
        Validity
            Not Before: Jan  1 04:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3df7c0ea0dd180467bb91dddb803646c1f246154
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7b:1b:9b:52:8c:0d:7a:01:a9:94:ae:5b:6d:
                    bd:0d:22:d5:41:c7:c6:3d:50:25:3a:fb:d7:e4:4b:
                    06:55:c2:60:74:7a:ff:74:c2:74:19:e5:58:98:1a:
                    8d:b6:19:62:d3:69:18:a2:25:02:33:d0:c4:8c:d8:
                    b0:e1:dd:ca:da:b3:83:b8:23:16:91:24:6c:d4:83:
                    e7:96:80:a4:f6:f3:24:c9:eb:c5:46:31:a8:50:ef:
                    28:40:64:c3:5b:21:41:ec:23:dc:80:0e:49:71:2a:
                    77:2b:20:fa:9a:c6:48:82:55:9e:a7:4e:d3:4b:16:
                    91:af:84:56:68:dc:ed:98:f8:46:1a:cd:78:59:95:
                    e7:e5:64:86:36:1f:3a:2c:73:bc:64:2f:c6:e8:49:
                    ea:d0:72:b8:23:1a:29:80:4e:cc:10:2a:f4:5f:ea:
                    5c:b8:33:dd:94:5a:67:d1:ed:a4:a4:1f:de:cc:88:
                    e5:b8:22:07:71:51:7e:8d:9a:1f:75:ea:c1:4a:1f:
                    e7:96:15:cf:05:c5:f8:f8:6d:18:d6:1d:3d:af:c7:
                    a3:6e:94:45:73:49:1e:94:9f:ae:7f:f1:ae:44:00:
                    36:04:72:35:bf:ce:59:0b:d0:9d:06:19:95:f9:d1:
                    58:b1:88:6f:6d:a4:bb:0c:db:e1:01:3f:24:94:d2:
                    9d:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:F7:C0:EA:0D:D1:80:46:7B:B9:1D:DD:B8:03:64:6C:1F:24:61:54
            X509v3 Authority Key Identifier:
                keyid:40:F7:5D:32:77:61:B9:0C:08:99:63:8F:43:0E:B6:14:C8:7C:31:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QPddMndhuQwImWOPQw62FMh8MQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/PffA6g3RgEZ7uR3duANkbB8kYVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/QPddMndhuQwImWOPQw62FMh8MQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:2cc::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:e2:78:8b:8d:c5:0c:c1:c8:fc:60:2b:3c:e4:5c:90:d2:a3:
         39:f8:f7:30:f9:02:24:4e:7c:af:aa:52:4e:34:be:3b:54:96:
         23:eb:bf:7b:a2:00:d6:60:b4:fa:70:b8:e9:1a:18:72:4a:e8:
         7a:37:2e:a1:c5:8b:19:77:02:4a:42:1c:01:17:5a:46:89:0f:
         68:82:de:5d:2f:a3:19:06:70:63:fa:06:9f:34:e3:c6:d2:0c:
         2e:d1:92:ed:06:bb:99:60:ef:08:3c:67:d4:96:00:c9:8e:69:
         6a:ac:70:b2:74:2e:c9:78:45:cc:5b:a1:76:35:71:87:8d:01:
         6c:8b:d0:27:0c:16:f2:77:84:80:6a:a1:fc:26:34:27:21:b3:
         cc:e2:0f:d0:74:29:aa:05:ee:ee:5d:14:a1:bb:ba:90:35:79:
         5e:64:1d:cd:fb:67:f7:fe:4b:a4:11:5f:d1:b8:55:0a:8f:e4:
         96:67:6d:23:d1:d0:89:2b:8f:4e:f4:29:14:46:44:50:a6:90:
         2f:22:cb:e7:1a:7b:6a:31:e9:2f:e1:3b:2c:d1:f3:8a:3e:7a:
         2f:44:b8:2b:c7:d2:35:14:7e:dc:18:ca:4d:fd:d1:9c:4d:b2:
         40:73:54:23:ea:85:bc:f4:9a:2b:4f:c0:23:be:fd:e6:aa:a8:
         dd:40:4b:38
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSWWuvXAHpKPpYQiXNbEtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZjc1ZDMyNzc2MWI5MGMwODk5NjM4ZjQzMGViNjE0Yzg3
YzMxMDYwHhcNMjQwMTAxMDQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGY3YzBlYTBkZDE4MDQ2N2JiOTFkZGRiODAzNjQ2YzFmMjQ2MTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3sbm1KMDXoBqZSuW229DSLVQcfG
PVAlOvvX5EsGVcJgdHr/dMJ0GeVYmBqNthli02kYoiUCM9DEjNiw4d3K2rODuCMW
kSRs1IPnloCk9vMkyevFRjGoUO8oQGTDWyFB7CPcgA5JcSp3KyD6msZIglWep07T
SxaRr4RWaNztmPhGGs14WZXn5WSGNh86LHO8ZC/G6Enq0HK4IxopgE7MECr0X+pc
uDPdlFpn0e2kpB/ezIjluCIHcVF+jZofderBSh/nlhXPBcX4+G0Y1h09r8ejbpRF
c0kelJ+uf/GuRAA2BHI1v85ZC9CdBhmV+dFYsYhvbaS7DNvhAT8klNKdiQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD33wOoN0YBGe7kd3bgDZGwfJGFUMB8GA1UdIwQY
MBaAFED3XTJ3YbkMCJljj0MOthTIfDEGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVBkZE1uZGh1UXdJbVdPUFF3NjJGTWg4TVFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS82ZTVmNGMtMmVhZS00OGEwLTg1NTAt
MjlhYzQ1ZTJlY2ZmLzEvUGZmQTZnM1JnRVo3dVIzZHVBTmtiQjhrWVZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS82ZTVmNGMtMmVhZS00OGEwLTg1NTAtMjlhYzQ1ZTJlY2Zm
LzEvUVBkZE1uZGh1UXdJbVdPUFF3NjJGTWg4TVFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeALM
MA0GCSqGSIb3DQEBCwUAA4IBAQAK4niLjcUMwcj8YCs85FyQ0qM5+Pcw+QIkTnyv
qlJONL47VJYj6797ogDWYLT6cLjpGhhySuh6Ny6hxYsZdwJKQhwBF1pGiQ9ogt5d
L6MZBnBj+gafNOPG0gwu0ZLtBruZYO8IPGfUlgDJjmlqrHCydC7JeEXMW6F2NXGH
jQFsi9AnDBbyd4SAaqH8JjQnIbPM4g/QdCmqBe7uXRShu7qQNXleZB3N+2f3/kuk
EV/RuFUKj+SWZ20j0dCJK49O9CkURkRQppAvIsvnGntqMekv4Tss0fOKPnovRLgr
x9I1FH7cGMpN/dGcTbJAc1Qj6oW89JorT8Ajvv3mqqjdQEs4
-----END CERTIFICATE-----