Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/5721b9-f931-4fc6-9c34-d717cf3cc155/1/eOXX6anmVjHxNXtons_vw3KeuA8.roa
File:                     eOXX6anmVjHxNXtons_vw3KeuA8.roa (raw, json)
Hash identifier:          ozwo3oJ4DP5qxoGHSEqN1WJduRiAwoy1y3JXzzvi3Cw=
Subject key identifier:   78:E5:D7:E9:A9:E6:56:31:F1:35:7B:68:9E:CF:EF:C3:72:9E:B8:0F
Certificate issuer:       /CN=504073b8619efc07052b9edfb5ccb61b1f5ce781
Certificate serial:       0191768A54C36A6FB95B25B069B7C09C7849
Authority key identifier: 50:40:73:B8:61:9E:FC:07:05:2B:9E:DF:B5:CC:B6:1B:1F:5C:E7:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UEBzuGGe_AcFK57ftcy2Gx9c54E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/5721b9-f931-4fc6-9c34-d717cf3cc155/1/eOXX6anmVjHxNXtons_vw3KeuA8.roa
Signing time:             Wed 21 Aug 2024 20:04:22 +0000
ROA not before:           Wed 21 Aug 2024 20:04:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209395
IP address blocks:        2001:678:a08::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/5721b9-f931-4fc6-9c34-d717cf3cc155/1/UEBzuGGe_AcFK57ftcy2Gx9c54E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/5721b9-f931-4fc6-9c34-d717cf3cc155/1/UEBzuGGe_AcFK57ftcy2Gx9c54E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UEBzuGGe_AcFK57ftcy2Gx9c54E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 08:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:76:8a:54:c3:6a:6f:b9:5b:25:b0:69:b7:c0:9c:78:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=504073b8619efc07052b9edfb5ccb61b1f5ce781
        Validity
            Not Before: Aug 21 20:04:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78e5d7e9a9e65631f1357b689ecfefc3729eb80f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:48:79:14:33:ff:1e:5d:a9:af:d3:f5:3e:af:
                    16:7a:2d:fe:5b:a5:d6:57:5a:d8:fc:61:07:4c:e9:
                    67:0a:07:ba:4d:2b:67:77:d8:b8:38:3f:10:f1:c1:
                    ad:21:45:6e:99:c3:98:6c:f5:7f:1e:6e:84:d2:8a:
                    a0:d3:ed:a1:c2:53:de:7d:3d:48:f0:4e:51:8d:1e:
                    95:59:eb:ba:83:e9:e5:40:7f:8a:48:d2:2e:f0:90:
                    4b:b6:c1:9c:6a:54:77:89:30:30:1b:91:d4:41:48:
                    be:68:2b:0b:47:85:ce:9a:78:38:b4:ba:3e:ee:99:
                    82:42:72:a6:2a:c0:fb:5f:07:68:53:a1:84:cf:7d:
                    c6:59:65:84:51:06:a1:54:1a:2a:86:9f:55:ce:6f:
                    38:62:af:69:b5:53:6f:22:fc:c8:17:d8:46:04:c9:
                    4b:3f:fa:8e:df:44:f2:b3:8e:7f:ea:48:00:27:ea:
                    5d:76:ff:f7:86:92:fe:76:89:bd:0a:d7:91:c5:fd:
                    4f:2d:ef:36:1b:c3:74:41:1e:f7:60:df:6c:2b:6e:
                    fb:09:6a:7d:61:57:2d:6b:85:b2:51:b5:da:ba:db:
                    36:20:1b:93:21:43:31:56:96:fe:a7:d0:60:be:01:
                    c4:f5:61:70:bb:68:93:6c:62:a8:d9:a9:b8:99:df:
                    dd:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:E5:D7:E9:A9:E6:56:31:F1:35:7B:68:9E:CF:EF:C3:72:9E:B8:0F
            X509v3 Authority Key Identifier:
                keyid:50:40:73:B8:61:9E:FC:07:05:2B:9E:DF:B5:CC:B6:1B:1F:5C:E7:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UEBzuGGe_AcFK57ftcy2Gx9c54E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/5721b9-f931-4fc6-9c34-d717cf3cc155/1/eOXX6anmVjHxNXtons_vw3KeuA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/5721b9-f931-4fc6-9c34-d717cf3cc155/1/UEBzuGGe_AcFK57ftcy2Gx9c54E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:a08::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:c7:60:19:c5:53:cb:54:5d:6c:15:62:4f:cc:bc:be:1b:4f:
         4b:9e:dd:61:78:07:01:c6:8b:9f:20:f0:2b:9c:f7:a6:25:f6:
         81:39:e7:92:4e:5c:ad:c5:90:5a:fe:7b:02:82:0e:11:12:f9:
         04:59:42:47:70:9b:18:d5:f2:6b:00:05:34:8d:54:36:dc:61:
         c6:f3:4d:2f:cd:8b:17:0e:87:e5:20:0c:e4:d9:04:8b:1b:7b:
         fe:3d:d9:ed:be:a5:05:a8:54:2b:dc:4f:ea:2c:2c:82:29:70:
         93:6d:47:7f:a6:01:56:2a:13:de:77:0a:20:ec:1c:c7:81:51:
         c7:f1:7a:dd:75:3c:4a:ba:52:e4:6a:69:f7:b0:9a:19:d9:36:
         bb:47:bb:da:27:5c:0e:97:e8:c6:12:da:98:79:dc:da:5d:43:
         bc:37:5f:e1:b7:65:f8:77:26:bd:53:bb:ce:65:17:22:98:41:
         e9:a0:cf:25:5d:d5:a7:4f:ba:25:4b:1d:ef:92:9c:44:ea:b5:
         8f:8e:53:ca:c2:7f:19:50:60:ff:39:86:f0:5b:9d:27:ea:f0:
         e1:f9:60:66:80:26:f9:ae:83:2a:dc:de:1a:13:a8:6c:53:cb:
         75:4f:90:ee:23:1c:2a:c6:0e:e1:f6:9a:c4:f4:96:42:7e:26:
         55:e0:0a:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZF2ilTDam+5WyWwabfAnHhJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNDA3M2I4NjE5ZWZjMDcwNTJiOWVkZmI1Y2NiNjFiMWY1
Y2U3ODEwHhcNMjQwODIxMjAwNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGU1ZDdlOWE5ZTY1NjMxZjEzNTdiNjg5ZWNmZWZjMzcyOWViODBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUh5FDP/Hl2pr9P1Pq8Wei3+W6XW
V1rY/GEHTOlnCge6TStnd9i4OD8Q8cGtIUVumcOYbPV/Hm6E0oqg0+2hwlPefT1I
8E5RjR6VWeu6g+nlQH+KSNIu8JBLtsGcalR3iTAwG5HUQUi+aCsLR4XOmng4tLo+
7pmCQnKmKsD7XwdoU6GEz33GWWWEUQahVBoqhp9Vzm84Yq9ptVNvIvzIF9hGBMlL
P/qO30Tys45/6kgAJ+pddv/3hpL+dom9CteRxf1PLe82G8N0QR73YN9sK277CWp9
YVcta4WyUbXauts2IBuTIUMxVpb+p9BgvgHE9WFwu2iTbGKo2am4md/dRQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHjl1+mp5lYx8TV7aJ7P78NynrgPMB8GA1UdIwQY
MBaAFFBAc7hhnvwHBSue37XMthsfXOeBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUVCenVHR2VfQWNGSzU3ZnRjeTJHeDljNTRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC81NzIxYjktZjkzMS00ZmM2LTljMzQt
ZDcxN2NmM2NjMTU1LzEvZU9YWDZhbm1Wakh4Tlh0b25zX3Z3M0tldUE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC81NzIxYjktZjkzMS00ZmM2LTljMzQtZDcxN2NmM2NjMTU1
LzEvVUVCenVHR2VfQWNGSzU3ZnRjeTJHeDljNTRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAoI
MA0GCSqGSIb3DQEBCwUAA4IBAQCRx2AZxVPLVF1sFWJPzLy+G09Lnt1heAcBxouf
IPArnPemJfaBOeeSTlytxZBa/nsCgg4REvkEWUJHcJsY1fJrAAU0jVQ23GHG800v
zYsXDoflIAzk2QSLG3v+PdntvqUFqFQr3E/qLCyCKXCTbUd/pgFWKhPedwog7BzH
gVHH8XrddTxKulLkamn3sJoZ2Ta7R7vaJ1wOl+jGEtqYedzaXUO8N1/ht2X4dya9
U7vOZRcimEHpoM8lXdWnT7olSx3vkpxE6rWPjlPKwn8ZUGD/OYbwW50n6vDh+WBm
gCb5roMq3N4aE6hsU8t1T5DuIxwqxg7h9prE9JZCfiZV4AoL
-----END CERTIFICATE-----