Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/aN3JMob9x8buefczcd05phYOlf0.roa
File:                     aN3JMob9x8buefczcd05phYOlf0.roa (raw, json)
Hash identifier:          kUfCg+wtP+nkX+Rd8xSjjjG2invmTEBDJcMX9x0Xlbk=
Subject key identifier:   68:DD:C9:32:86:FD:C7:C6:EE:79:F7:33:71:DD:39:A6:16:0E:95:FD
Certificate issuer:       /CN=76f311ef1581a00e437cd704b6281ac8621afc56
Certificate serial:       018CC4931DC95BEB2806647DFD87571F12F5
Authority key identifier: 76:F3:11:EF:15:81:A0:0E:43:7C:D7:04:B6:28:1A:C8:62:1A:FC:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dvMR7xWBoA5DfNcEtigayGIa_FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/aN3JMob9x8buefczcd05phYOlf0.roa
Signing time:             Mon 01 Jan 2024 10:30:24 +0000
ROA not before:           Mon 01 Jan 2024 10:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49078
IP address blocks:        2a04:7140:21::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/dvMR7xWBoA5DfNcEtigayGIa_FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/dvMR7xWBoA5DfNcEtigayGIa_FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dvMR7xWBoA5DfNcEtigayGIa_FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:1d:c9:5b:eb:28:06:64:7d:fd:87:57:1f:12:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76f311ef1581a00e437cd704b6281ac8621afc56
        Validity
            Not Before: Jan  1 10:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68ddc93286fdc7c6ee79f73371dd39a6160e95fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:4c:0a:e6:60:dd:2f:6e:14:3b:04:f9:e4:b6:
                    c8:86:ad:f1:c1:cf:28:d2:f1:68:1e:12:88:b1:80:
                    6a:22:24:bb:d5:b8:c6:35:a2:59:bc:12:10:7f:cc:
                    63:11:03:e4:11:f9:10:4d:f2:44:29:95:13:ea:b8:
                    9f:1f:c0:a2:31:26:d6:db:ca:58:51:60:01:e7:ea:
                    3b:1c:88:0c:31:3c:cc:9e:3f:84:84:fb:a7:d6:10:
                    76:d0:af:e8:7e:1a:12:77:87:88:c1:dc:bc:e7:c2:
                    34:7a:aa:f4:7f:d5:95:3a:06:85:bb:ad:3c:57:a3:
                    5c:0b:3a:76:37:57:38:ce:7c:23:0f:f3:01:be:0d:
                    ba:e6:c3:3c:db:21:69:37:31:dd:8e:ae:20:bd:6d:
                    7c:08:6d:b0:74:ba:e7:b7:33:ef:42:14:b6:e5:14:
                    7e:8c:f5:f9:4e:29:58:f4:4f:6b:4b:a8:3b:ed:7f:
                    b2:6f:05:d6:83:b5:a2:d0:7f:e7:95:18:60:e9:de:
                    4e:c7:47:1e:da:f4:44:ee:c5:1c:79:ee:b6:2d:44:
                    57:7d:c3:da:51:14:d3:7a:8a:1c:4d:fd:32:2d:95:
                    73:73:03:e6:2e:3f:aa:0c:18:f2:b4:46:8d:6e:30:
                    2e:a7:a6:45:02:82:d9:c6:a4:bf:86:55:50:5c:e9:
                    3f:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:DD:C9:32:86:FD:C7:C6:EE:79:F7:33:71:DD:39:A6:16:0E:95:FD
            X509v3 Authority Key Identifier:
                keyid:76:F3:11:EF:15:81:A0:0E:43:7C:D7:04:B6:28:1A:C8:62:1A:FC:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dvMR7xWBoA5DfNcEtigayGIa_FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/aN3JMob9x8buefczcd05phYOlf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/dvMR7xWBoA5DfNcEtigayGIa_FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:7140:21::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:df:48:c3:b1:94:b9:4e:2f:5d:24:46:9f:0a:d3:1e:78:48:
         ac:ca:06:cf:9e:8b:e6:d7:17:d4:c1:f4:35:fa:f2:72:bc:52:
         a3:72:71:96:5d:e8:f4:71:e8:39:78:04:8f:88:56:60:81:f9:
         0b:05:7a:a6:53:5e:91:0b:6a:69:fe:b0:6a:ba:ea:33:ab:55:
         4a:24:0f:06:f4:bf:58:24:e4:3c:cf:0c:b7:13:a3:20:e5:cd:
         78:41:b4:2e:fd:2b:0c:9f:d7:e8:6f:6f:81:13:8d:e8:b6:6f:
         a4:de:e5:c7:1a:77:3a:2a:8a:21:4f:16:16:9f:35:a9:5b:51:
         2f:cf:67:f9:43:fc:a6:c9:e9:56:d1:19:b3:f5:a9:0f:ef:4b:
         85:0a:d9:82:b4:04:af:8f:e2:db:52:b9:3d:36:cc:c4:ea:1f:
         05:02:05:23:37:9d:ce:4c:b0:de:d1:af:64:db:11:e1:fa:4e:
         84:4a:e4:a5:6c:76:c9:a3:43:fc:8d:08:cf:56:70:0e:73:78:
         af:d7:7a:69:4f:6e:0e:cc:e4:bc:a3:1b:d2:5f:a8:63:d7:dc:
         8f:e0:17:ab:d5:5a:7c:89:4b:d4:a4:18:89:36:1f:1e:63:2d:
         92:36:fd:f6:c4:13:80:18:e9:f3:7b:a2:d2:db:2b:36:86:3c:
         58:d9:46:a0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkx3JW+soBmR9/YdXHxL1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZjMxMWVmMTU4MWEwMGU0MzdjZDcwNGI2MjgxYWM4NjIx
YWZjNTYwHhcNMjQwMTAxMTAzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGRkYzkzMjg2ZmRjN2M2ZWU3OWY3MzM3MWRkMzlhNjE2MGU5NWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEwK5mDdL24UOwT55LbIhq3xwc8o
0vFoHhKIsYBqIiS71bjGNaJZvBIQf8xjEQPkEfkQTfJEKZUT6rifH8CiMSbW28pY
UWAB5+o7HIgMMTzMnj+EhPun1hB20K/ofhoSd4eIwdy858I0eqr0f9WVOgaFu608
V6NcCzp2N1c4znwjD/MBvg265sM82yFpNzHdjq4gvW18CG2wdLrntzPvQhS25RR+
jPX5TilY9E9rS6g77X+ybwXWg7Wi0H/nlRhg6d5Ox0ce2vRE7sUcee62LURXfcPa
URTTeoocTf0yLZVzcwPmLj+qDBjytEaNbjAup6ZFAoLZxqS/hlVQXOk/qQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGjdyTKG/cfG7nn3M3HdOaYWDpX9MB8GA1UdIwQY
MBaAFHbzEe8VgaAOQ3zXBLYoGshiGvxWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHZNUjd4V0JvQTVEZk5jRXRpZ2F5R0lhX0ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81MjUyMjQtNzhlYS00OWU0LTk3NDkt
MTY5NDMxMjk2YzU5LzEvYU4zSk1vYjl4OGJ1ZWZjemNkMDVwaFlPbGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81MjUyMjQtNzhlYS00OWU0LTk3NDktMTY5NDMxMjk2YzU5
LzEvZHZNUjd4V0JvQTVEZk5jRXRpZ2F5R0lhX0ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgRxQAAh
MA0GCSqGSIb3DQEBCwUAA4IBAQBN30jDsZS5Ti9dJEafCtMeeEisygbPnovm1xfU
wfQ1+vJyvFKjcnGWXej0ceg5eASPiFZggfkLBXqmU16RC2pp/rBquuozq1VKJA8G
9L9YJOQ8zwy3E6Mg5c14QbQu/SsMn9fob2+BE43otm+k3uXHGnc6KoohTxYWnzWp
W1Evz2f5Q/ymyelW0Rmz9akP70uFCtmCtASvj+LbUrk9NszE6h8FAgUjN53OTLDe
0a9k2xHh+k6ESuSlbHbJo0P8jQjPVnAOc3iv13ppT24OzOS8oxvSX6hj19yP4Ber
1Vp8iUvUpBiJNh8eYy2SNv32xBOAGOnze6LS2ys2hjxY2Uag
-----END CERTIFICATE-----