Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/734f48-6755-4fee-bd46-3764beeaa1b2/1/_3TQ1sf_dK2upzvbcZsbyf-lJUU.roa
File:                     _3TQ1sf_dK2upzvbcZsbyf-lJUU.roa (raw, json)
Hash identifier:          wsI6qE4ODGXlR2a9W7BG1rgY9yHZ6+7VdZ3cMvz00ZI=
Subject key identifier:   FF:74:D0:D6:C7:FF:74:AD:AE:A7:3B:DB:71:9B:1B:C9:FF:A5:25:45
Certificate issuer:       /CN=b3fddf701dd74ba99ac1f47b6767ef44f1a81077
Certificate serial:       018D529F2BC771DE764490C556AD54540179
Authority key identifier: B3:FD:DF:70:1D:D7:4B:A9:9A:C1:F4:7B:67:67:EF:44:F1:A8:10:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s_3fcB3XS6mawfR7Z2fvRPGoEHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/734f48-6755-4fee-bd46-3764beeaa1b2/1/_3TQ1sf_dK2upzvbcZsbyf-lJUU.roa
Signing time:             Mon 29 Jan 2024 00:29:39 +0000
ROA not before:           Mon 29 Jan 2024 00:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207341
IP address blocks:        2001:678:c64::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/734f48-6755-4fee-bd46-3764beeaa1b2/1/s_3fcB3XS6mawfR7Z2fvRPGoEHc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/734f48-6755-4fee-bd46-3764beeaa1b2/1/s_3fcB3XS6mawfR7Z2fvRPGoEHc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s_3fcB3XS6mawfR7Z2fvRPGoEHc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:52:9f:2b:c7:71:de:76:44:90:c5:56:ad:54:54:01:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3fddf701dd74ba99ac1f47b6767ef44f1a81077
        Validity
            Not Before: Jan 29 00:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff74d0d6c7ff74adaea73bdb719b1bc9ffa52545
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:12:ba:d7:83:bb:8f:06:49:6c:e4:1d:b1:8d:
                    e3:56:0a:5f:86:5a:30:69:b7:56:83:08:96:b8:a1:
                    e4:f1:01:a1:4b:b0:bd:cc:aa:a2:f5:54:c9:9e:c6:
                    33:08:9a:a2:bb:b6:8c:6f:fc:3d:90:43:c3:51:ae:
                    77:5e:1d:01:04:af:6a:b6:bd:5d:89:17:15:cc:21:
                    76:55:3d:58:4a:8a:c5:19:00:df:e7:48:04:12:43:
                    b1:30:fc:27:2b:85:80:90:8f:2e:78:c3:df:54:47:
                    29:6c:b4:e0:a0:09:14:cf:c0:ac:e0:be:1d:b2:8c:
                    c6:f2:77:73:bc:88:31:92:1b:f0:a5:67:c4:c8:0b:
                    e9:1c:bf:22:63:64:4e:8e:be:e0:86:99:a1:12:85:
                    0c:1f:f7:19:29:a1:c3:80:7b:8d:ba:f3:1f:64:d4:
                    f9:d1:52:09:a9:7f:df:9c:0a:f1:02:83:f8:67:72:
                    b4:22:80:37:bf:fc:bf:20:8a:b2:bf:76:00:da:55:
                    f6:94:5b:70:41:03:78:2d:f8:f9:59:d2:ec:76:19:
                    c0:a4:5d:ca:6a:37:a7:ff:ce:97:13:f4:f8:7f:99:
                    65:0b:4b:30:24:c6:d0:ba:5b:c0:0c:cf:0f:f9:40:
                    32:aa:5a:11:17:78:18:f0:31:de:b8:b4:3b:9d:47:
                    bf:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:74:D0:D6:C7:FF:74:AD:AE:A7:3B:DB:71:9B:1B:C9:FF:A5:25:45
            X509v3 Authority Key Identifier:
                keyid:B3:FD:DF:70:1D:D7:4B:A9:9A:C1:F4:7B:67:67:EF:44:F1:A8:10:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s_3fcB3XS6mawfR7Z2fvRPGoEHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/734f48-6755-4fee-bd46-3764beeaa1b2/1/_3TQ1sf_dK2upzvbcZsbyf-lJUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/734f48-6755-4fee-bd46-3764beeaa1b2/1/s_3fcB3XS6mawfR7Z2fvRPGoEHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:c64::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:33:e6:3a:7e:e7:b0:24:04:0b:88:51:69:dc:ac:91:d5:d7:
         09:49:ec:ab:ec:10:9e:4a:5a:9b:dd:ca:2a:88:01:d4:91:2d:
         03:b7:88:e7:94:93:1b:7d:24:24:aa:97:72:c6:8f:0f:73:09:
         66:43:07:eb:3c:f4:ab:5a:75:89:13:92:b1:9c:4d:ee:6c:87:
         b0:b5:2d:a4:c7:80:49:bc:4e:31:62:5c:c8:45:c6:0a:57:88:
         b5:0a:e5:44:77:cf:60:70:bb:06:78:66:c5:d9:dd:4e:db:73:
         1d:ac:a5:35:22:d2:6e:92:3b:d7:72:96:86:50:00:51:e2:dd:
         cc:88:d0:a0:e5:28:42:e3:56:ca:2f:ef:a8:22:d0:0c:c3:16:
         79:ad:7a:0c:d3:cd:6f:bc:38:a3:41:27:c3:e0:24:49:fe:62:
         a7:66:07:4c:34:a9:c4:79:24:25:94:65:1d:b5:d7:b9:15:39:
         34:c3:8d:af:b2:9d:87:a2:1c:20:2d:ea:c5:9b:20:fb:50:dc:
         c0:a2:b8:2e:d0:9a:32:79:98:e9:d5:f8:71:80:7b:5e:90:a5:
         bd:0a:4d:5c:ce:d3:c0:49:1c:31:bd:b1:55:f5:18:55:36:b9:
         9d:f0:21:6a:14:46:79:bb:fa:ce:61:25:2d:6b:d4:14:ad:05:
         6b:c3:b0:99
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1SnyvHcd52RJDFVq1UVAF5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZmRkZjcwMWRkNzRiYTk5YWMxZjQ3YjY3NjdlZjQ0ZjFh
ODEwNzcwHhcNMjQwMTI5MDAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjc0ZDBkNmM3ZmY3NGFkYWVhNzNiZGI3MTliMWJjOWZmYTUyNTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRK614O7jwZJbOQdsY3jVgpfhlow
abdWgwiWuKHk8QGhS7C9zKqi9VTJnsYzCJqiu7aMb/w9kEPDUa53Xh0BBK9qtr1d
iRcVzCF2VT1YSorFGQDf50gEEkOxMPwnK4WAkI8ueMPfVEcpbLTgoAkUz8Cs4L4d
sozG8ndzvIgxkhvwpWfEyAvpHL8iY2ROjr7ghpmhEoUMH/cZKaHDgHuNuvMfZNT5
0VIJqX/fnArxAoP4Z3K0IoA3v/y/IIqyv3YA2lX2lFtwQQN4Lfj5WdLsdhnApF3K
ajen/86XE/T4f5llC0swJMbQulvADM8P+UAyqloRF3gY8DHeuLQ7nUe/JwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP900NbH/3Strqc723GbG8n/pSVFMB8GA1UdIwQY
MBaAFLP933Ad10upmsH0e2dn70TxqBB3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc18zZmNCM1hTNm1hd2ZSN1oyZnZSUEdvRUhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83MzRmNDgtNjc1NS00ZmVlLWJkNDYt
Mzc2NGJlZWFhMWIyLzEvXzNUUTFzZl9kSzJ1cHp2YmNac2J5Zi1sSlVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83MzRmNDgtNjc1NS00ZmVlLWJkNDYtMzc2NGJlZWFhMWIy
LzEvc18zZmNCM1hTNm1hd2ZSN1oyZnZSUEdvRUhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAxk
MA0GCSqGSIb3DQEBCwUAA4IBAQBpM+Y6fuewJAQLiFFp3KyR1dcJSeyr7BCeSlqb
3coqiAHUkS0Dt4jnlJMbfSQkqpdyxo8PcwlmQwfrPPSrWnWJE5KxnE3ubIewtS2k
x4BJvE4xYlzIRcYKV4i1CuVEd89gcLsGeGbF2d1O23MdrKU1ItJukjvXcpaGUABR
4t3MiNCg5ShC41bKL++oItAMwxZ5rXoM081vvDijQSfD4CRJ/mKnZgdMNKnEeSQl
lGUdtde5FTk0w42vsp2HohwgLerFmyD7UNzAorgu0JoyeZjp1fhxgHtekKW9Ck1c
ztPASRwxvbFV9RhVNrmd8CFqFEZ5u/rOYSUta9QUrQVrw7CZ
-----END CERTIFICATE-----