Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/e85a41-b3ff-4fcd-80b2-4aabec0d30a3/1/vXjLRncvyNJJ_xlMr6_DUsnn5Hw.roa
File:                     vXjLRncvyNJJ_xlMr6_DUsnn5Hw.roa (raw, json)
Hash identifier:          3JzBnDR7XCTCWkPoIOh1YyVtu7gXSUa+tOBYVAqA5KM=
Subject key identifier:   BD:78:CB:46:77:2F:C8:D2:49:FF:19:4C:AF:AF:C3:52:C9:E7:E4:7C
Certificate issuer:       /CN=9fb79d298110b6fb319301ebc22bf180e7054796
Certificate serial:       018CC26D37F0FDEEC5D3BC173EAD0CD345C8
Authority key identifier: 9F:B7:9D:29:81:10:B6:FB:31:93:01:EB:C2:2B:F1:80:E7:05:47:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n7edKYEQtvsxkwHrwivxgOcFR5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/e85a41-b3ff-4fcd-80b2-4aabec0d30a3/1/vXjLRncvyNJJ_xlMr6_DUsnn5Hw.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8949
IP address blocks:        2001:67c:7bc::/48 maxlen: 48
                          2001:67c:560::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/e85a41-b3ff-4fcd-80b2-4aabec0d30a3/1/n7edKYEQtvsxkwHrwivxgOcFR5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/e85a41-b3ff-4fcd-80b2-4aabec0d30a3/1/n7edKYEQtvsxkwHrwivxgOcFR5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n7edKYEQtvsxkwHrwivxgOcFR5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:37:f0:fd:ee:c5:d3:bc:17:3e:ad:0c:d3:45:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fb79d298110b6fb319301ebc22bf180e7054796
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd78cb46772fc8d249ff194cafafc352c9e7e47c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:36:b5:3c:d1:f6:05:66:7c:88:5a:91:ab:28:
                    ce:00:b2:b8:06:b5:3f:f7:9b:6c:69:c6:be:b0:4f:
                    8e:9c:91:3a:dc:cb:e8:6c:85:93:d2:f2:19:36:ef:
                    92:31:2d:20:39:40:c0:b1:ae:e5:91:89:65:2e:ac:
                    1b:b5:95:ee:13:3a:ff:5b:43:c3:e5:d4:f5:a3:f8:
                    b4:09:62:30:62:8f:80:9d:73:6b:82:13:db:7d:75:
                    d1:f1:3c:10:7f:43:1f:a9:0e:f8:1a:65:ba:82:e1:
                    5d:20:c7:c5:1e:62:5a:35:ef:10:16:05:57:8f:22:
                    f1:83:0a:d3:6e:f3:2f:86:7e:66:66:b8:6e:1c:f6:
                    da:60:2e:e0:8a:ae:fd:ee:1f:f3:72:c9:3b:a1:d6:
                    9e:6c:69:04:96:2e:3c:6f:f3:7f:1f:49:50:f2:93:
                    e6:51:f9:fb:13:57:53:85:a1:67:5c:21:a0:ca:f7:
                    3a:7b:f5:57:be:db:03:26:07:a2:aa:b8:d3:10:94:
                    ae:cc:5f:68:01:c2:4e:ce:76:02:f1:e6:87:d8:4e:
                    d3:40:4b:af:d1:ca:ab:1d:df:ed:db:71:e1:a3:a4:
                    8c:71:8c:e9:84:c4:79:23:f2:4f:0e:ca:6c:60:3d:
                    eb:80:75:b7:91:00:20:d3:ff:03:6f:da:2d:c6:01:
                    4b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:78:CB:46:77:2F:C8:D2:49:FF:19:4C:AF:AF:C3:52:C9:E7:E4:7C
            X509v3 Authority Key Identifier:
                keyid:9F:B7:9D:29:81:10:B6:FB:31:93:01:EB:C2:2B:F1:80:E7:05:47:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n7edKYEQtvsxkwHrwivxgOcFR5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/e85a41-b3ff-4fcd-80b2-4aabec0d30a3/1/vXjLRncvyNJJ_xlMr6_DUsnn5Hw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/e85a41-b3ff-4fcd-80b2-4aabec0d30a3/1/n7edKYEQtvsxkwHrwivxgOcFR5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:560::/48
                  2001:67c:7bc::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:f5:51:0d:f1:83:23:ad:1b:11:59:1c:cf:d8:fb:ce:ca:1d:
         ca:f9:a8:6d:f7:02:68:76:e3:6e:d8:87:6a:f8:d8:76:05:0e:
         64:5f:1a:10:c5:52:05:6d:03:0d:ab:4c:42:f3:26:53:bb:7d:
         3b:c2:8a:7c:8e:ce:1a:46:2b:57:d6:b3:98:ac:eb:1c:31:34:
         74:bf:ce:98:c6:b8:de:a0:2f:3a:bc:03:c3:20:97:02:98:d5:
         b0:a4:47:ea:94:e9:c8:08:d4:aa:a8:69:d9:99:1e:63:39:99:
         cd:95:ee:e0:96:d8:0e:f6:b4:7b:10:c8:0f:fd:71:9e:77:72:
         2b:da:d9:87:8f:22:33:d3:f4:cb:80:c2:2c:46:57:3a:0b:16:
         04:a6:b5:05:63:c6:c0:26:bc:b9:50:a1:b2:ed:d7:07:35:33:
         a8:c4:ec:1c:40:72:e4:02:22:dc:0b:29:5b:d0:ab:32:6a:52:
         5d:34:92:fc:1a:85:66:ad:1b:8b:73:d6:75:dc:35:94:02:3d:
         25:93:a0:f8:4c:63:d3:10:06:0f:02:49:b0:fc:40:7f:51:25:
         2f:1a:44:77:0c:0a:67:3f:f2:4e:1f:65:1c:08:fd:1a:61:cd:
         20:74:00:0a:89:62:82:2d:53:20:ed:44:4b:5a:89:4c:ce:12:
         19:a6:9a:ae
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzCbTfw/e7F07wXPq0M00XIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYjc5ZDI5ODExMGI2ZmIzMTkzMDFlYmMyMmJmMTgwZTcw
NTQ3OTYwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDc4Y2I0Njc3MmZjOGQyNDlmZjE5NGNhZmFmYzM1MmM5ZTdlNDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDa1PNH2BWZ8iFqRqyjOALK4BrU/
95tsaca+sE+OnJE63MvobIWT0vIZNu+SMS0gOUDAsa7lkYllLqwbtZXuEzr/W0PD
5dT1o/i0CWIwYo+AnXNrghPbfXXR8TwQf0MfqQ74GmW6guFdIMfFHmJaNe8QFgVX
jyLxgwrTbvMvhn5mZrhuHPbaYC7giq797h/zcsk7odaebGkEli48b/N/H0lQ8pPm
Ufn7E1dThaFnXCGgyvc6e/VXvtsDJgeiqrjTEJSuzF9oAcJOznYC8eaH2E7TQEuv
0cqrHd/t23Hho6SMcYzphMR5I/JPDspsYD3rgHW3kQAg0/8Db9otxgFLywIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL14y0Z3L8jSSf8ZTK+vw1LJ5+R8MB8GA1UdIwQY
MBaAFJ+3nSmBELb7MZMB68Ir8YDnBUeWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjdlZEtZRVF0dnN4a3dIcndpdnhnT2NGUjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lODVhNDEtYjNmZi00ZmNkLTgwYjIt
NGFhYmVjMGQzMGEzLzEvdlhqTFJuY3Z5TkpKX3hsTXI2X0RVc25uNUh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lODVhNDEtYjNmZi00ZmNkLTgwYjItNGFhYmVjMGQzMGEz
LzEvbjdlZEtZRVF0dnN4a3dIcndpdnhnT2NGUjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGfAVg
AwcAIAEGfAe8MA0GCSqGSIb3DQEBCwUAA4IBAQAB9VEN8YMjrRsRWRzP2PvOyh3K
+aht9wJoduNu2Idq+Nh2BQ5kXxoQxVIFbQMNq0xC8yZTu307wop8js4aRitX1rOY
rOscMTR0v86YxrjeoC86vAPDIJcCmNWwpEfqlOnICNSqqGnZmR5jOZnNle7gltgO
9rR7EMgP/XGed3Ir2tmHjyIz0/TLgMIsRlc6CxYEprUFY8bAJry5UKGy7dcHNTOo
xOwcQHLkAiLcCylb0KsyalJdNJL8GoVmrRuLc9Z13DWUAj0lk6D4TGPTEAYPAkmw
/EB/USUvGkR3DApnP/JOH2UcCP0aYc0gdAAKiWKCLVMg7URLWolMzhIZppqu
-----END CERTIFICATE-----