Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/4bc864-718c-4217-ab5f-98fcb3a8bc9e/1/7v94aVuLChYVQNyyx-DT7cbdlps.roa
File:                     7v94aVuLChYVQNyyx-DT7cbdlps.roa (raw, json)
Hash identifier:          aErmPHsYNway5tpGEtbR61iYO0j2Z4AEXAkajFXhcec=
Subject key identifier:   EE:FF:78:69:5B:8B:0A:16:15:40:DC:B2:C7:E0:D3:ED:C6:DD:96:9B
Certificate issuer:       /CN=ce9798a8da9999ddf53a3c8d38f36f17ecd45432
Certificate serial:       018CCA2B6846D6EB8294BEB2A62CC2F3CEEB
Authority key identifier: CE:97:98:A8:DA:99:99:DD:F5:3A:3C:8D:38:F3:6F:17:EC:D4:54:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zpeYqNqZmd31OjyNOPNvF-zUVDI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/4bc864-718c-4217-ab5f-98fcb3a8bc9e/1/7v94aVuLChYVQNyyx-DT7cbdlps.roa
Signing time:             Tue 02 Jan 2024 12:34:51 +0000
ROA not before:           Tue 02 Jan 2024 12:34:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57483
IP address blocks:        2001:678:f5c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/4bc864-718c-4217-ab5f-98fcb3a8bc9e/1/zpeYqNqZmd31OjyNOPNvF-zUVDI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/4bc864-718c-4217-ab5f-98fcb3a8bc9e/1/zpeYqNqZmd31OjyNOPNvF-zUVDI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zpeYqNqZmd31OjyNOPNvF-zUVDI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:68:46:d6:eb:82:94:be:b2:a6:2c:c2:f3:ce:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce9798a8da9999ddf53a3c8d38f36f17ecd45432
        Validity
            Not Before: Jan  2 12:34:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eeff78695b8b0a161540dcb2c7e0d3edc6dd969b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:11:35:6d:93:17:9a:9b:c9:c3:5b:2e:a4:0f:
                    d3:9a:06:e2:ac:a4:40:52:1b:f7:0f:fc:19:0f:e0:
                    95:61:72:c4:c7:3d:62:61:ed:68:f5:22:e0:42:43:
                    f0:12:bb:b6:c3:37:6c:50:d8:60:ce:23:b9:8f:68:
                    09:ab:f0:e0:bb:25:1d:0b:85:1d:86:72:74:53:bd:
                    97:a0:ae:89:e7:96:eb:13:0f:ae:e2:0f:f7:32:4c:
                    b8:97:7f:2a:df:ba:c4:33:20:4b:1d:10:27:10:23:
                    38:c0:73:4c:11:e4:c6:15:2c:d7:fb:06:ef:f8:ff:
                    5e:b9:b8:98:d6:26:c9:d6:28:d7:75:ca:64:6c:36:
                    ba:77:1a:e8:22:4f:b3:22:16:a0:4a:72:99:92:b8:
                    7a:7e:fb:43:23:e6:c5:b9:52:5a:05:58:04:66:67:
                    f5:80:a7:f8:20:9b:fd:ba:97:ff:47:51:95:21:0c:
                    29:d1:7e:06:7b:02:4d:95:ad:3d:a7:bc:15:bd:eb:
                    05:03:05:df:2a:9c:f7:dc:19:eb:50:70:37:ac:d5:
                    47:d0:34:88:09:cd:98:b3:f7:a6:fc:73:94:9c:a5:
                    fb:aa:c9:eb:00:fe:15:d4:d2:77:18:84:24:d9:f9:
                    66:f0:e0:3c:79:e3:99:cb:15:65:b4:f5:9b:39:f0:
                    e4:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:FF:78:69:5B:8B:0A:16:15:40:DC:B2:C7:E0:D3:ED:C6:DD:96:9B
            X509v3 Authority Key Identifier:
                keyid:CE:97:98:A8:DA:99:99:DD:F5:3A:3C:8D:38:F3:6F:17:EC:D4:54:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zpeYqNqZmd31OjyNOPNvF-zUVDI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/4bc864-718c-4217-ab5f-98fcb3a8bc9e/1/7v94aVuLChYVQNyyx-DT7cbdlps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/4bc864-718c-4217-ab5f-98fcb3a8bc9e/1/zpeYqNqZmd31OjyNOPNvF-zUVDI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f5c::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:1c:4a:9f:87:eb:0a:c3:22:f6:6b:ce:dc:df:44:7c:88:c0:
         1f:1e:6b:9b:59:c2:46:cf:f9:e1:6a:42:9e:95:f6:33:53:33:
         b0:6f:dc:1f:90:cc:75:e3:1b:92:4d:0d:cf:ef:cf:a7:3f:00:
         56:62:6a:48:f3:de:68:37:d8:76:b4:d6:c5:9a:e1:0c:37:0f:
         1d:a1:36:60:5b:52:d2:64:2c:b0:23:cc:06:23:44:9e:9e:87:
         83:e5:77:1d:3b:40:c3:69:2b:e9:2e:fe:85:d6:2f:08:c9:1b:
         01:32:db:05:0d:32:32:66:c6:8e:0f:77:b3:25:a1:06:63:ed:
         36:5d:d5:a6:80:18:63:1b:19:6a:68:37:c3:ff:b3:51:6c:b0:
         d0:51:fe:aa:e3:37:de:69:8b:57:c4:a7:fe:23:cf:5e:e7:be:
         de:3b:38:5a:0a:d4:d4:3d:d0:bd:bd:15:dd:fa:8b:dc:2d:a8:
         52:4f:ca:88:e1:b6:3b:06:6d:87:8a:00:60:ac:53:5f:c3:a2:
         b2:40:16:d6:be:bb:06:27:08:c5:97:9d:62:95:b9:46:7c:39:
         d9:04:b1:01:9d:af:fa:f8:2e:f3:95:01:19:45:98:99:8c:c1:
         0c:ee:34:c7:12:5d:a2:03:27:f1:8f:45:e7:c1:d0:26:79:88:
         db:f8:31:6c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKK2hG1uuClL6ypizC887rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlOTc5OGE4ZGE5OTk5ZGRmNTNhM2M4ZDM4ZjM2ZjE3ZWNk
NDU0MzIwHhcNMjQwMTAyMTIzNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWZmNzg2OTViOGIwYTE2MTU0MGRjYjJjN2UwZDNlZGM2ZGQ5NjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRE1bZMXmpvJw1supA/TmgbirKRA
Uhv3D/wZD+CVYXLExz1iYe1o9SLgQkPwEru2wzdsUNhgziO5j2gJq/DguyUdC4Ud
hnJ0U72XoK6J55brEw+u4g/3Mky4l38q37rEMyBLHRAnECM4wHNMEeTGFSzX+wbv
+P9eubiY1ibJ1ijXdcpkbDa6dxroIk+zIhagSnKZkrh6fvtDI+bFuVJaBVgEZmf1
gKf4IJv9upf/R1GVIQwp0X4GewJNla09p7wVvesFAwXfKpz33BnrUHA3rNVH0DSI
Cc2Ys/em/HOUnKX7qsnrAP4V1NJ3GIQk2flm8OA8eeOZyxVltPWbOfDkqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO7/eGlbiwoWFUDcssfg0+3G3ZabMB8GA1UdIwQY
MBaAFM6XmKjamZnd9To8jTjzbxfs1FQyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenBlWXFOcVptZDMxT2p5Tk9QTnZGLXpVVkRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC80YmM4NjQtNzE4Yy00MjE3LWFiNWYt
OThmY2IzYThiYzllLzEvN3Y5NGFWdUxDaFlWUU55eXgtRFQ3Y2JkbHBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC80YmM4NjQtNzE4Yy00MjE3LWFiNWYtOThmY2IzYThiYzll
LzEvenBlWXFOcVptZDMxT2p5Tk9QTnZGLXpVVkRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA9c
MA0GCSqGSIb3DQEBCwUAA4IBAQBoHEqfh+sKwyL2a87c30R8iMAfHmubWcJGz/nh
akKelfYzUzOwb9wfkMx14xuSTQ3P78+nPwBWYmpI895oN9h2tNbFmuEMNw8doTZg
W1LSZCywI8wGI0SenoeD5XcdO0DDaSvpLv6F1i8IyRsBMtsFDTIyZsaOD3ezJaEG
Y+02XdWmgBhjGxlqaDfD/7NRbLDQUf6q4zfeaYtXxKf+I89e577eOzhaCtTUPdC9
vRXd+ovcLahST8qI4bY7Bm2HigBgrFNfw6KyQBbWvrsGJwjFl51ilblGfDnZBLEB
na/6+C7zlQEZRZiZjMEM7jTHEl2iAyfxj0XnwdAmeYjb+DFs
-----END CERTIFICATE-----