Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/08385a-1e81-41f2-8b85-9c293f71a80a/1/pDdJwp4_mznV9ZGm09Q3q_dt4kI.roa
File:                     pDdJwp4_mznV9ZGm09Q3q_dt4kI.roa (raw, json)
Hash identifier:          vuVH7QHQdDXmlOb+YoiiUN7YA7PI2s6ybskSnhXXR64=
Subject key identifier:   A4:37:49:C2:9E:3F:9B:39:D5:F5:91:A6:D3:D4:37:AB:F7:6D:E2:42
Certificate issuer:       /CN=76335eb633f76942bbe99f129a1eb88a4d73fc7c
Certificate serial:       018CC26D86BAF458D3FB8F406B713C29E32A
Authority key identifier: 76:33:5E:B6:33:F7:69:42:BB:E9:9F:12:9A:1E:B8:8A:4D:73:FC:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/djNetjP3aUK76Z8Smh64ik1z_Hw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/08385a-1e81-41f2-8b85-9c293f71a80a/1/pDdJwp4_mznV9ZGm09Q3q_dt4kI.roa
Signing time:             Mon 01 Jan 2024 00:30:06 +0000
ROA not before:           Mon 01 Jan 2024 00:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207540
IP address blocks:        2001:678:bf0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/08385a-1e81-41f2-8b85-9c293f71a80a/1/djNetjP3aUK76Z8Smh64ik1z_Hw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/08385a-1e81-41f2-8b85-9c293f71a80a/1/djNetjP3aUK76Z8Smh64ik1z_Hw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/djNetjP3aUK76Z8Smh64ik1z_Hw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:86:ba:f4:58:d3:fb:8f:40:6b:71:3c:29:e3:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76335eb633f76942bbe99f129a1eb88a4d73fc7c
        Validity
            Not Before: Jan  1 00:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a43749c29e3f9b39d5f591a6d3d437abf76de242
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f2:f2:a4:d2:de:a9:66:e4:35:37:df:6f:be:
                    84:a3:83:e7:05:63:79:48:6a:a6:5f:5f:e6:01:60:
                    45:d9:f8:6a:9f:b9:31:36:0f:67:43:48:fd:70:10:
                    70:97:96:01:1e:4e:14:84:d8:59:1f:1d:3d:f3:cc:
                    90:63:ce:90:58:ca:9f:d7:6e:54:8a:0d:21:24:dd:
                    ad:9b:7d:1a:cc:5f:91:d5:31:93:40:51:e4:65:2e:
                    0c:e4:44:56:21:af:92:1b:ea:cf:97:bf:78:2c:a0:
                    01:8c:dc:23:b0:f6:3b:aa:f1:96:a6:aa:f2:06:47:
                    ba:65:e5:f2:17:ce:a3:06:f2:e5:12:82:f4:a1:34:
                    e0:7d:84:36:5e:f2:ef:c5:23:b9:31:66:23:01:c8:
                    0d:b0:60:2e:ad:1c:6b:e4:bb:3c:33:9a:2e:32:41:
                    76:b2:5b:55:6d:58:56:95:47:a2:f9:6a:5a:c5:4b:
                    85:bf:79:bc:66:d0:9c:67:5a:1e:69:bf:32:a0:11:
                    be:a6:ca:9d:dc:54:ae:05:6d:4d:7a:92:74:c5:2b:
                    5c:4a:46:b5:65:21:bb:63:cf:1f:75:28:75:0a:67:
                    17:f3:41:3d:42:a0:d7:6f:2e:6e:33:9b:e5:21:ed:
                    f3:6f:4b:d5:97:e3:b4:1e:4e:64:74:03:57:2f:d3:
                    a5:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:37:49:C2:9E:3F:9B:39:D5:F5:91:A6:D3:D4:37:AB:F7:6D:E2:42
            X509v3 Authority Key Identifier:
                keyid:76:33:5E:B6:33:F7:69:42:BB:E9:9F:12:9A:1E:B8:8A:4D:73:FC:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/djNetjP3aUK76Z8Smh64ik1z_Hw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/08385a-1e81-41f2-8b85-9c293f71a80a/1/pDdJwp4_mznV9ZGm09Q3q_dt4kI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/08385a-1e81-41f2-8b85-9c293f71a80a/1/djNetjP3aUK76Z8Smh64ik1z_Hw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:bf0::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:a1:b9:05:e2:84:08:3a:d4:77:6f:2a:0d:03:1e:8e:ef:fa:
         05:60:4a:9c:95:bc:52:1f:1b:3d:aa:4e:22:e4:45:59:d3:35:
         72:a7:23:11:10:39:58:08:5c:ee:9c:c0:78:cb:ec:25:bb:3a:
         0b:cd:f7:20:27:dc:06:8c:72:07:61:de:53:ff:81:08:db:18:
         04:a0:cb:2d:f8:0e:85:de:6b:2f:a3:e0:80:31:88:40:d6:9b:
         2c:7b:50:98:18:ca:6f:ad:60:b7:ca:16:68:b9:4a:7d:21:93:
         36:54:e4:59:d8:86:9b:16:cc:c0:42:ce:20:16:1f:43:7d:fb:
         54:e6:d5:24:b9:92:b4:fb:6c:3b:51:67:04:76:0b:d1:9f:ff:
         38:f5:f1:72:2c:ec:db:6f:2e:3f:4d:83:24:ba:2e:47:65:69:
         0a:4d:c0:e6:de:84:a5:94:dd:30:7e:d8:91:d6:ed:1b:5c:fd:
         8e:41:60:fd:71:9a:e2:44:8b:8e:f9:d1:9b:73:85:37:ad:3d:
         4e:75:83:6f:c9:d2:6d:ee:e0:38:78:79:4e:f6:0c:a3:5e:71:
         2e:a5:c5:f8:c2:89:bd:ef:9c:67:32:bc:3b:80:c6:d3:62:ff:
         6f:00:61:26:5e:8a:cb:95:94:70:2d:50:91:8d:e8:53:05:ec:
         d3:02:3e:90
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbYa69FjT+49Aa3E8KeMqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2MzM1ZWI2MzNmNzY5NDJiYmU5OWYxMjlhMWViODhhNGQ3
M2ZjN2MwHhcNMjQwMTAxMDAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDM3NDljMjllM2Y5YjM5ZDVmNTkxYTZkM2Q0MzdhYmY3NmRlMjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPLypNLeqWbkNTffb76Eo4PnBWN5
SGqmX1/mAWBF2fhqn7kxNg9nQ0j9cBBwl5YBHk4UhNhZHx0988yQY86QWMqf125U
ig0hJN2tm30azF+R1TGTQFHkZS4M5ERWIa+SG+rPl794LKABjNwjsPY7qvGWpqry
Bke6ZeXyF86jBvLlEoL0oTTgfYQ2XvLvxSO5MWYjAcgNsGAurRxr5Ls8M5ouMkF2
sltVbVhWlUei+WpaxUuFv3m8ZtCcZ1oeab8yoBG+psqd3FSuBW1NepJ0xStcSka1
ZSG7Y88fdSh1CmcX80E9QqDXby5uM5vlIe3zb0vVl+O0Hk5kdANXL9Ol3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKQ3ScKeP5s51fWRptPUN6v3beJCMB8GA1UdIwQY
MBaAFHYzXrYz92lCu+mfEpoeuIpNc/x8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGpOZXRqUDNhVUs3Nlo4U21oNjRpazF6X0h3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wODM4NWEtMWU4MS00MWYyLThiODUt
OWMyOTNmNzFhODBhLzEvcERkSndwNF9tem5WOVpHbTA5UTNxX2R0NGtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wODM4NWEtMWU4MS00MWYyLThiODUtOWMyOTNmNzFhODBh
LzEvZGpOZXRqUDNhVUs3Nlo4U21oNjRpazF6X0h3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAvw
MA0GCSqGSIb3DQEBCwUAA4IBAQAGobkF4oQIOtR3byoNAx6O7/oFYEqclbxSHxs9
qk4i5EVZ0zVypyMREDlYCFzunMB4y+wluzoLzfcgJ9wGjHIHYd5T/4EI2xgEoMst
+A6F3msvo+CAMYhA1psse1CYGMpvrWC3yhZouUp9IZM2VORZ2IabFszAQs4gFh9D
fftU5tUkuZK0+2w7UWcEdgvRn/849fFyLOzbby4/TYMkui5HZWkKTcDm3oSllN0w
ftiR1u0bXP2OQWD9cZriRIuO+dGbc4U3rT1OdYNvydJt7uA4eHlO9gyjXnEupcX4
wom975xnMrw7gMbTYv9vAGEmXorLlZRwLVCRjehTBezTAj6Q
-----END CERTIFICATE-----