Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/5721b9-f931-4fc6-9c34-d717cf3cc155/1/O_3IQzCoOe9qMq0X9aDyNUXJWlU.roa
File:                     O_3IQzCoOe9qMq0X9aDyNUXJWlU.roa (raw, json)
Hash identifier:          gKS9Td4QupZ6kzIGjsbvw/27xPgyqo7OhkSItFRFAqU=
Subject key identifier:   3B:FD:C8:43:30:A8:39:EF:6A:32:AD:17:F5:A0:F2:35:45:C9:5A:55
Certificate issuer:       /CN=504073b8619efc07052b9edfb5ccb61b1f5ce781
Certificate serial:       018CC94E53809A97E54013829A75167BBCB1
Authority key identifier: 50:40:73:B8:61:9E:FC:07:05:2B:9E:DF:B5:CC:B6:1B:1F:5C:E7:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UEBzuGGe_AcFK57ftcy2Gx9c54E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/5721b9-f931-4fc6-9c34-d717cf3cc155/1/O_3IQzCoOe9qMq0X9aDyNUXJWlU.roa
Signing time:             Tue 02 Jan 2024 08:33:22 +0000
ROA not before:           Tue 02 Jan 2024 08:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209395
IP address blocks:        2001:678:a08::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/5721b9-f931-4fc6-9c34-d717cf3cc155/1/UEBzuGGe_AcFK57ftcy2Gx9c54E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/5721b9-f931-4fc6-9c34-d717cf3cc155/1/UEBzuGGe_AcFK57ftcy2Gx9c54E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UEBzuGGe_AcFK57ftcy2Gx9c54E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:53:80:9a:97:e5:40:13:82:9a:75:16:7b:bc:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=504073b8619efc07052b9edfb5ccb61b1f5ce781
        Validity
            Not Before: Jan  2 08:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bfdc84330a839ef6a32ad17f5a0f23545c95a55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:de:c3:8e:0d:88:86:11:40:f5:40:04:95:44:
                    19:86:e6:c9:69:41:f1:f4:c3:cb:bf:96:bd:09:62:
                    48:99:ce:1c:d8:0c:1c:fb:3f:09:45:34:03:61:5c:
                    85:42:9f:7e:f7:c1:cf:c7:ee:51:a3:03:78:8e:bc:
                    7e:99:40:09:f1:77:cd:6d:c9:d6:97:36:21:df:8b:
                    9f:39:17:c7:56:28:32:ce:c1:14:f3:66:c8:71:bb:
                    96:1d:69:0e:ed:03:70:42:16:67:54:5e:c3:d8:02:
                    e7:1b:7f:6e:b4:17:ec:45:a9:58:d9:4c:8c:df:6c:
                    6b:42:a8:a4:03:4d:5a:03:2c:e6:9c:68:ed:a7:84:
                    35:41:18:b8:6a:9b:2f:c7:ff:66:d3:ae:59:ca:c0:
                    94:2f:9c:40:2c:15:51:1f:b5:8e:10:42:1c:b0:5f:
                    54:8c:2d:ba:7a:ac:c2:17:83:19:8b:c4:be:b4:36:
                    1a:44:f3:16:88:30:3b:cd:df:35:39:21:fd:0c:61:
                    60:ef:62:6a:78:df:d4:da:72:99:8e:38:25:0c:05:
                    53:d2:0d:ed:00:21:f3:23:c3:a1:84:6c:de:62:38:
                    a2:f3:75:9a:50:94:bf:a9:07:8e:1e:06:99:fb:a0:
                    71:4d:16:1c:97:f8:fe:5b:62:90:10:6b:b3:55:9f:
                    f5:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:FD:C8:43:30:A8:39:EF:6A:32:AD:17:F5:A0:F2:35:45:C9:5A:55
            X509v3 Authority Key Identifier:
                keyid:50:40:73:B8:61:9E:FC:07:05:2B:9E:DF:B5:CC:B6:1B:1F:5C:E7:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UEBzuGGe_AcFK57ftcy2Gx9c54E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/5721b9-f931-4fc6-9c34-d717cf3cc155/1/O_3IQzCoOe9qMq0X9aDyNUXJWlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/5721b9-f931-4fc6-9c34-d717cf3cc155/1/UEBzuGGe_AcFK57ftcy2Gx9c54E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:a08::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:74:f7:eb:b0:29:32:e2:ab:6b:ad:cd:cb:cc:54:78:fd:1a:
         79:30:0d:11:b1:3d:41:8b:22:74:45:89:a8:c6:2f:8e:f6:83:
         28:45:43:0e:71:9d:e1:09:de:05:5e:e8:6e:39:dc:af:c3:c1:
         0e:23:4d:ac:6d:55:7b:f7:8e:0b:31:81:ba:b5:d8:7b:05:97:
         4b:6f:86:39:ec:1f:e0:8f:e6:d3:ce:6a:86:a1:c9:e4:e2:75:
         fb:6d:6f:d1:4f:1b:42:af:02:e5:49:a3:1c:0f:f9:40:fb:19:
         c8:d4:c2:8c:f0:c8:8f:4e:39:50:8e:5d:64:2c:ff:53:cc:43:
         c3:63:c3:66:4d:ce:2a:2d:3b:0e:ae:56:3c:96:2d:57:11:80:
         17:43:34:53:1b:49:7b:68:4b:39:ee:9b:16:1b:87:be:d7:79:
         33:41:48:ca:50:3b:55:b6:ad:19:2d:c3:69:92:37:d6:6f:20:
         87:12:34:80:8f:2f:a8:5a:bb:70:60:f3:14:fb:42:82:0f:90:
         8f:e6:53:a8:7a:2a:cc:38:21:40:a5:10:db:ac:2b:c7:01:8e:
         7c:99:80:fe:8d:94:c5:1d:d5:a9:ef:fe:9b:a5:2e:1f:00:ae:
         fe:da:7f:6d:38:e2:9e:18:c4:f3:75:37:10:e1:4e:37:41:64:
         8c:c5:a7:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTlOAmpflQBOCmnUWe7yxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNDA3M2I4NjE5ZWZjMDcwNTJiOWVkZmI1Y2NiNjFiMWY1
Y2U3ODEwHhcNMjQwMTAyMDgzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmZkYzg0MzMwYTgzOWVmNmEzMmFkMTdmNWEwZjIzNTQ1Yzk1YTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk97Djg2IhhFA9UAElUQZhubJaUHx
9MPLv5a9CWJImc4c2Awc+z8JRTQDYVyFQp9+98HPx+5RowN4jrx+mUAJ8XfNbcnW
lzYh34ufORfHVigyzsEU82bIcbuWHWkO7QNwQhZnVF7D2ALnG39utBfsRalY2UyM
32xrQqikA01aAyzmnGjtp4Q1QRi4apsvx/9m065ZysCUL5xALBVRH7WOEEIcsF9U
jC26eqzCF4MZi8S+tDYaRPMWiDA7zd81OSH9DGFg72JqeN/U2nKZjjglDAVT0g3t
ACHzI8OhhGzeYjii83WaUJS/qQeOHgaZ+6BxTRYcl/j+W2KQEGuzVZ/1IwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDv9yEMwqDnvajKtF/Wg8jVFyVpVMB8GA1UdIwQY
MBaAFFBAc7hhnvwHBSue37XMthsfXOeBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUVCenVHR2VfQWNGSzU3ZnRjeTJHeDljNTRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC81NzIxYjktZjkzMS00ZmM2LTljMzQt
ZDcxN2NmM2NjMTU1LzEvT18zSVF6Q29PZTlxTXEwWDlhRHlOVVhKV2xVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC81NzIxYjktZjkzMS00ZmM2LTljMzQtZDcxN2NmM2NjMTU1
LzEvVUVCenVHR2VfQWNGSzU3ZnRjeTJHeDljNTRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAoI
MA0GCSqGSIb3DQEBCwUAA4IBAQA0dPfrsCky4qtrrc3LzFR4/Rp5MA0RsT1BiyJ0
RYmoxi+O9oMoRUMOcZ3hCd4FXuhuOdyvw8EOI02sbVV7944LMYG6tdh7BZdLb4Y5
7B/gj+bTzmqGocnk4nX7bW/RTxtCrwLlSaMcD/lA+xnI1MKM8MiPTjlQjl1kLP9T
zEPDY8NmTc4qLTsOrlY8li1XEYAXQzRTG0l7aEs57psWG4e+13kzQUjKUDtVtq0Z
LcNpkjfWbyCHEjSAjy+oWrtwYPMU+0KCD5CP5lOoeirMOCFApRDbrCvHAY58mYD+
jZTFHdWp7/6bpS4fAK7+2n9tOOKeGMTzdTcQ4U43QWSMxac9
-----END CERTIFICATE-----