Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/91717c-eb77-4e83-8eaa-e123e4e303e1/1/DUB3U4Y6aRnZIOvYbbzAUn3P960.roa
File:                     DUB3U4Y6aRnZIOvYbbzAUn3P960.roa (raw, json)
Hash identifier:          pEODyvNtePn+f56n1kr4WUPaYtFcf3T1olJgR6yWFfI=
Subject key identifier:   0D:40:77:53:86:3A:69:19:D9:20:EB:D8:6D:BC:C0:52:7D:CF:F7:AD
Certificate issuer:       /CN=3a48fe0704e4ac95e3a70e95beb84425c316b9ad
Certificate serial:       018CC3494B48879972309B766677DCD51543
Authority key identifier: 3A:48:FE:07:04:E4:AC:95:E3:A7:0E:95:BE:B8:44:25:C3:16:B9:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Okj-BwTkrJXjpw6VvrhEJcMWua0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/91717c-eb77-4e83-8eaa-e123e4e303e1/1/DUB3U4Y6aRnZIOvYbbzAUn3P960.roa
Signing time:             Mon 01 Jan 2024 04:30:09 +0000
ROA not before:           Mon 01 Jan 2024 04:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12897
IP address blocks:        2001:678:804::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/91717c-eb77-4e83-8eaa-e123e4e303e1/1/Okj-BwTkrJXjpw6VvrhEJcMWua0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/91717c-eb77-4e83-8eaa-e123e4e303e1/1/Okj-BwTkrJXjpw6VvrhEJcMWua0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Okj-BwTkrJXjpw6VvrhEJcMWua0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:4b:48:87:99:72:30:9b:76:66:77:dc:d5:15:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a48fe0704e4ac95e3a70e95beb84425c316b9ad
        Validity
            Not Before: Jan  1 04:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d407753863a6919d920ebd86dbcc0527dcff7ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:d6:62:d2:2f:7b:45:cd:83:dc:b5:e6:4c:b6:
                    08:89:e4:a2:9c:ee:8b:47:e6:8f:25:02:b5:cd:5d:
                    22:d6:e2:88:cb:66:ce:5a:2e:a4:40:2e:e8:b7:de:
                    e2:1f:18:00:b5:c1:a4:91:7d:ba:da:a2:3c:c0:c8:
                    75:ab:fa:b4:d6:f5:50:14:09:a1:ef:79:4e:f7:35:
                    7e:ef:13:d4:34:23:66:9d:32:d8:04:85:c6:64:5b:
                    54:f8:fc:94:97:0b:85:43:38:05:6c:c3:15:4f:2c:
                    8d:b1:04:c2:f3:d2:8a:ff:0f:b6:07:ff:e8:11:5c:
                    31:64:3b:5e:e0:88:00:22:e7:ab:65:e9:c3:f1:1b:
                    a4:1d:a2:cc:22:13:4d:7b:5b:5a:b1:43:78:2e:b9:
                    a1:0e:1c:65:32:36:34:fb:e2:85:47:ea:1d:85:4b:
                    d0:e6:9b:72:67:27:05:1a:88:d6:6e:ee:e3:9e:d7:
                    fb:85:7c:ea:cb:fc:33:c7:cf:f1:cc:e6:df:83:55:
                    2a:77:d7:b3:d2:c8:31:4e:db:c3:36:2c:2e:93:6a:
                    63:b8:4b:fb:bd:07:51:63:15:9d:14:16:21:29:f3:
                    52:f9:50:d2:c2:1f:15:4b:f6:1e:32:23:fa:03:40:
                    b7:42:c3:3f:90:eb:fc:5d:9f:44:bc:9c:68:74:85:
                    42:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:40:77:53:86:3A:69:19:D9:20:EB:D8:6D:BC:C0:52:7D:CF:F7:AD
            X509v3 Authority Key Identifier:
                keyid:3A:48:FE:07:04:E4:AC:95:E3:A7:0E:95:BE:B8:44:25:C3:16:B9:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Okj-BwTkrJXjpw6VvrhEJcMWua0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/91717c-eb77-4e83-8eaa-e123e4e303e1/1/DUB3U4Y6aRnZIOvYbbzAUn3P960.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/91717c-eb77-4e83-8eaa-e123e4e303e1/1/Okj-BwTkrJXjpw6VvrhEJcMWua0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:804::/48

    Signature Algorithm: sha256WithRSAEncryption
         e1:3f:24:c9:4a:ad:02:45:4f:20:fa:aa:b6:73:56:aa:0b:e0:
         7e:3a:7a:66:9c:5c:3a:a8:23:ce:90:b8:aa:8a:5d:7a:79:c2:
         f8:c5:15:55:cb:d8:8e:57:02:9a:17:a7:93:87:f8:c6:8b:ae:
         4e:b9:a8:86:a3:86:8a:92:e6:62:dd:00:ca:be:f8:8a:6e:b2:
         0d:c7:8f:38:58:4f:be:ba:c3:16:e1:7a:3a:e6:98:92:ae:96:
         82:0a:17:e8:9d:f5:2d:53:21:72:06:79:21:cd:58:f1:f1:d3:
         30:3c:a7:7b:ab:72:8d:fd:0a:c5:0d:18:49:d6:8a:16:23:fc:
         59:e6:e7:40:ec:17:68:48:ce:b1:1f:42:13:0e:2f:f9:4d:c0:
         bf:20:a2:a1:f2:98:df:02:f7:0d:7a:72:35:16:7b:72:d2:14:
         72:a7:f9:68:1f:12:bf:8b:9c:4b:89:c5:06:58:7c:97:a7:98:
         dc:09:45:23:5a:1d:39:c0:a7:09:07:b2:43:4d:8a:68:13:a3:
         15:1f:aa:73:5d:61:9f:a5:bf:c1:d7:bc:d8:f9:83:74:9f:95:
         1a:bf:eb:8d:ad:7f:07:24:44:4d:7b:1f:c4:4d:95:fc:b4:90:
         1c:86:9e:1e:34:5d:2f:2a:8f:90:81:8e:0f:dd:b8:46:41:b4:
         4b:c1:6a:67
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSUtIh5lyMJt2Znfc1RVDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNDhmZTA3MDRlNGFjOTVlM2E3MGU5NWJlYjg0NDI1YzMx
NmI5YWQwHhcNMjQwMTAxMDQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDQwNzc1Mzg2M2E2OTE5ZDkyMGViZDg2ZGJjYzA1MjdkY2ZmN2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtZi0i97Rc2D3LXmTLYIieSinO6L
R+aPJQK1zV0i1uKIy2bOWi6kQC7ot97iHxgAtcGkkX262qI8wMh1q/q01vVQFAmh
73lO9zV+7xPUNCNmnTLYBIXGZFtU+PyUlwuFQzgFbMMVTyyNsQTC89KK/w+2B//o
EVwxZDte4IgAIuerZenD8RukHaLMIhNNe1tasUN4LrmhDhxlMjY0++KFR+odhUvQ
5ptyZycFGojWbu7jntf7hXzqy/wzx8/xzObfg1Uqd9ez0sgxTtvDNiwuk2pjuEv7
vQdRYxWdFBYhKfNS+VDSwh8VS/YeMiP6A0C3QsM/kOv8XZ9EvJxodIVCkwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA1Ad1OGOmkZ2SDr2G28wFJ9z/etMB8GA1UdIwQY
MBaAFDpI/gcE5KyV46cOlb64RCXDFrmtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2tqLUJ3VGtySlhqcHc2VnZyaEVKY01XdWEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS85MTcxN2MtZWI3Ny00ZTgzLThlYWEt
ZTEyM2U0ZTMwM2UxLzEvRFVCM1U0WTZhUm5aSU92WWJiekFVbjNQOTYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS85MTcxN2MtZWI3Ny00ZTgzLThlYWEtZTEyM2U0ZTMwM2Ux
LzEvT2tqLUJ3VGtySlhqcHc2VnZyaEVKY01XdWEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAgE
MA0GCSqGSIb3DQEBCwUAA4IBAQDhPyTJSq0CRU8g+qq2c1aqC+B+OnpmnFw6qCPO
kLiqil16ecL4xRVVy9iOVwKaF6eTh/jGi65OuaiGo4aKkuZi3QDKvviKbrINx484
WE++usMW4Xo65piSrpaCChfonfUtUyFyBnkhzVjx8dMwPKd7q3KN/QrFDRhJ1ooW
I/xZ5udA7BdoSM6xH0ITDi/5TcC/IKKh8pjfAvcNenI1Fnty0hRyp/loHxK/i5xL
icUGWHyXp5jcCUUjWh05wKcJB7JDTYpoE6MVH6pzXWGfpb/B17zY+YN0n5Uav+uN
rX8HJERNex/ETZX8tJAchp4eNF0vKo+QgY4P3bhGQbRLwWpn
-----END CERTIFICATE-----