Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/c5e557-8be5-4f39-9565-d99e086846b7/1/3SiH7vWZJYK98YucOjZuORXP91E.roa
File:                     3SiH7vWZJYK98YucOjZuORXP91E.roa (raw, json)
Hash identifier:          h3WWHDYmDWLuhrC94jdwYZ5tGZSBi31i8Hh1d2yfRt4=
Subject key identifier:   DD:28:87:EE:F5:99:25:82:BD:F1:8B:9C:3A:36:6E:39:15:CF:F7:51
Certificate issuer:       /CN=1b6de3c1b0c79ffb27822e0947fdc38e51fcc5ca
Certificate serial:       018CC64B54B661E4FF5217AD38F344F07104
Authority key identifier: 1B:6D:E3:C1:B0:C7:9F:FB:27:82:2E:09:47:FD:C3:8E:51:FC:C5:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G23jwbDHn_sngi4JR_3DjlH8xco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/c5e557-8be5-4f39-9565-d99e086846b7/1/3SiH7vWZJYK98YucOjZuORXP91E.roa
Signing time:             Mon 01 Jan 2024 18:31:14 +0000
ROA not before:           Mon 01 Jan 2024 18:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50169
IP address blocks:        2001:678:280::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/c5e557-8be5-4f39-9565-d99e086846b7/1/G23jwbDHn_sngi4JR_3DjlH8xco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/c5e557-8be5-4f39-9565-d99e086846b7/1/G23jwbDHn_sngi4JR_3DjlH8xco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G23jwbDHn_sngi4JR_3DjlH8xco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:54:b6:61:e4:ff:52:17:ad:38:f3:44:f0:71:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b6de3c1b0c79ffb27822e0947fdc38e51fcc5ca
        Validity
            Not Before: Jan  1 18:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd2887eef5992582bdf18b9c3a366e3915cff751
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:10:7a:13:c4:ec:0c:61:73:16:06:68:56:4f:
                    2d:00:e3:b2:cb:82:e0:71:83:67:f0:10:78:e1:b0:
                    ca:ec:40:ee:71:59:c7:f4:03:9a:a0:d0:7f:63:28:
                    c2:84:e3:41:b8:88:9a:0b:2a:39:c6:b5:86:ae:55:
                    f3:1c:91:d7:b8:de:c3:42:b8:b7:3b:7a:e8:2c:f1:
                    d8:7d:81:3f:17:6f:c8:9d:87:96:93:d4:76:27:d6:
                    22:40:70:93:27:15:da:77:2d:f9:5b:03:23:43:2f:
                    5e:bd:1e:02:14:64:50:31:43:73:c0:73:a6:1a:1e:
                    d0:97:da:b7:c5:18:77:eb:54:b9:c8:c7:c9:d8:21:
                    24:b3:0a:b9:28:1e:e3:a7:14:a2:3e:ff:2e:9f:c9:
                    9a:f9:3c:3f:a8:9a:72:8b:00:e0:d2:36:cb:d4:dd:
                    38:04:eb:99:8a:54:57:e9:19:e2:ca:73:87:3d:75:
                    5c:07:ab:c8:09:7c:88:ec:43:b2:4e:83:9e:8b:31:
                    21:df:89:00:3f:06:39:39:8d:51:1a:fd:ab:50:b0:
                    fd:f3:bb:71:d3:64:29:a7:24:76:b0:f2:c3:0b:e4:
                    7b:8f:e8:51:c4:c6:ab:88:91:ec:07:04:2b:3e:0f:
                    43:59:72:14:1d:51:f4:91:17:13:bc:af:fc:ce:7a:
                    dd:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:28:87:EE:F5:99:25:82:BD:F1:8B:9C:3A:36:6E:39:15:CF:F7:51
            X509v3 Authority Key Identifier:
                keyid:1B:6D:E3:C1:B0:C7:9F:FB:27:82:2E:09:47:FD:C3:8E:51:FC:C5:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G23jwbDHn_sngi4JR_3DjlH8xco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/c5e557-8be5-4f39-9565-d99e086846b7/1/3SiH7vWZJYK98YucOjZuORXP91E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/c5e557-8be5-4f39-9565-d99e086846b7/1/G23jwbDHn_sngi4JR_3DjlH8xco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:280::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:ba:97:18:d4:c7:b1:38:97:66:6b:33:37:67:3e:11:99:f2:
         48:2c:2a:53:33:43:c5:83:d1:5e:d1:48:1c:47:42:16:83:0e:
         7d:e6:04:5b:7c:4c:ad:ef:81:30:eb:4c:85:ab:ee:01:b3:36:
         ea:8d:e5:a7:17:dc:f0:85:29:0b:5d:40:ce:e8:1e:55:d4:3c:
         ba:89:6e:34:fe:33:08:bd:34:00:2c:d8:54:15:30:09:05:76:
         ad:15:81:d5:36:4f:79:b2:f3:7b:27:f9:ef:3e:29:9b:6b:a6:
         87:9b:5c:6b:91:25:53:92:c0:da:68:bc:15:bf:29:27:5f:db:
         df:4d:25:93:55:d8:1a:7a:96:45:cc:cc:c2:b5:5f:d0:20:7c:
         de:19:d9:aa:f4:ec:4d:ab:8b:7e:06:97:15:fd:4e:13:91:8b:
         c1:43:56:24:b1:7e:95:23:54:7b:22:97:35:90:0b:b1:9d:3f:
         5a:c2:8b:a6:65:a9:11:62:1c:54:aa:2c:ca:19:5b:82:cc:28:
         c9:49:f3:75:10:d1:c4:5a:e1:25:e1:94:15:90:d9:f4:1e:33:
         2b:97:3f:33:0d:87:e3:6a:37:1f:df:6a:53:75:17:c6:c1:ea:
         5a:8b:67:0b:d3:69:cd:aa:b5:b6:51:ce:1e:5e:c9:0b:12:b3:
         db:9b:cc:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGS1S2YeT/UhetOPNE8HEEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiNmRlM2MxYjBjNzlmZmIyNzgyMmUwOTQ3ZmRjMzhlNTFm
Y2M1Y2EwHhcNMjQwMTAxMTgzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDI4ODdlZWY1OTkyNTgyYmRmMThiOWMzYTM2NmUzOTE1Y2ZmNzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBB6E8TsDGFzFgZoVk8tAOOyy4Lg
cYNn8BB44bDK7EDucVnH9AOaoNB/YyjChONBuIiaCyo5xrWGrlXzHJHXuN7DQri3
O3roLPHYfYE/F2/InYeWk9R2J9YiQHCTJxXady35WwMjQy9evR4CFGRQMUNzwHOm
Gh7Ql9q3xRh361S5yMfJ2CEkswq5KB7jpxSiPv8un8ma+Tw/qJpyiwDg0jbL1N04
BOuZilRX6RniynOHPXVcB6vICXyI7EOyToOeizEh34kAPwY5OY1RGv2rULD987tx
02QppyR2sPLDC+R7j+hRxMariJHsBwQrPg9DWXIUHVH0kRcTvK/8znrdCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN0oh+71mSWCvfGLnDo2bjkVz/dRMB8GA1UdIwQY
MBaAFBtt48Gwx5/7J4IuCUf9w45R/MXKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzIzandiREhuX3NuZ2k0SlJfM0RqbEg4eGNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9jNWU1NTctOGJlNS00ZjM5LTk1NjUt
ZDk5ZTA4Njg0NmI3LzEvM1NpSDd2V1pKWUs5OFl1Y09qWnVPUlhQOTFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9jNWU1NTctOGJlNS00ZjM5LTk1NjUtZDk5ZTA4Njg0NmI3
LzEvRzIzandiREhuX3NuZ2k0SlJfM0RqbEg4eGNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAKA
MA0GCSqGSIb3DQEBCwUAA4IBAQBgupcY1MexOJdmazM3Zz4RmfJILCpTM0PFg9Fe
0UgcR0IWgw595gRbfEyt74Ew60yFq+4BszbqjeWnF9zwhSkLXUDO6B5V1Dy6iW40
/jMIvTQALNhUFTAJBXatFYHVNk95svN7J/nvPimba6aHm1xrkSVTksDaaLwVvykn
X9vfTSWTVdgaepZFzMzCtV/QIHzeGdmq9OxNq4t+BpcV/U4TkYvBQ1YksX6VI1R7
Ipc1kAuxnT9awoumZakRYhxUqizKGVuCzCjJSfN1ENHEWuEl4ZQVkNn0HjMrlz8z
DYfjajcf32pTdRfGwepai2cL02nNqrW2Uc4eXskLErPbm8yP
-----END CERTIFICATE-----