Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/77f977-015b-4caf-893f-0504e111a3b8/1/48ElfRTbLV66wOGgWE9803_8Ass.roa
File:                     48ElfRTbLV66wOGgWE9803_8Ass.roa (raw, json)
Hash identifier:          GX4oC/2T7+8n/Wt7W4AEuhkJNcLnE9I/ir7Jh0gdkho=
Subject key identifier:   E3:C1:25:7D:14:DB:2D:5E:BA:C0:E1:A0:58:4F:7C:D3:7F:FC:02:CB
Certificate issuer:       /CN=29375c9c00b1529d551ee7e28c6070ab43a2fe76
Certificate serial:       018DFA2645F44FF19BCF0C920EB1250D03FD
Authority key identifier: 29:37:5C:9C:00:B1:52:9D:55:1E:E7:E2:8C:60:70:AB:43:A2:FE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KTdcnACxUp1VHufijGBwq0Oi_nY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/77f977-015b-4caf-893f-0504e111a3b8/1/48ElfRTbLV66wOGgWE9803_8Ass.roa
Signing time:             Fri 01 Mar 2024 13:13:48 +0000
ROA not before:           Fri 01 Mar 2024 13:13:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29014
IP address blocks:        2001:67c:2e78::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/77f977-015b-4caf-893f-0504e111a3b8/1/KTdcnACxUp1VHufijGBwq0Oi_nY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/77f977-015b-4caf-893f-0504e111a3b8/1/KTdcnACxUp1VHufijGBwq0Oi_nY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KTdcnACxUp1VHufijGBwq0Oi_nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:fa:26:45:f4:4f:f1:9b:cf:0c:92:0e:b1:25:0d:03:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29375c9c00b1529d551ee7e28c6070ab43a2fe76
        Validity
            Not Before: Mar  1 13:13:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3c1257d14db2d5ebac0e1a0584f7cd37ffc02cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:58:c1:58:c6:ef:e9:4c:91:94:57:e3:4e:e8:
                    e4:04:03:42:aa:33:7c:0d:24:fe:47:74:67:5f:28:
                    ad:14:76:27:89:91:5a:79:40:55:62:b2:46:77:85:
                    c9:b7:d6:d0:ae:4e:3e:98:4d:84:04:69:f5:c8:56:
                    cf:02:f1:d9:9e:b0:eb:57:02:af:17:40:02:fa:27:
                    56:fa:92:4f:8d:8a:ea:54:8b:43:4d:ad:3b:6a:bb:
                    12:ea:82:76:bb:86:c7:c7:6f:ca:67:11:d7:22:26:
                    bc:43:7c:b7:94:d4:6b:09:29:99:d9:15:94:be:43:
                    b3:2a:ff:b5:e4:56:66:57:af:54:32:d8:5c:21:0d:
                    e0:7e:5a:dc:36:4b:9a:3a:7a:52:b3:2e:d2:7b:d1:
                    c3:f5:e1:74:1a:64:25:46:4a:8d:7b:28:52:24:33:
                    ec:36:6e:75:5f:b7:db:c6:8f:ae:06:b6:58:6a:30:
                    b3:da:df:81:30:c2:9a:e6:45:cd:a3:4a:16:e2:6b:
                    78:f3:81:13:d9:dd:09:f0:e9:40:fd:52:d8:2f:31:
                    56:6b:7c:57:d9:7c:bd:ae:34:73:3f:fa:a0:41:3e:
                    c2:7b:4a:90:b4:e9:cc:19:7d:38:2f:67:52:97:ac:
                    71:ad:b2:9b:7a:b1:6c:5e:9a:80:87:0a:be:4f:ea:
                    37:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:C1:25:7D:14:DB:2D:5E:BA:C0:E1:A0:58:4F:7C:D3:7F:FC:02:CB
            X509v3 Authority Key Identifier:
                keyid:29:37:5C:9C:00:B1:52:9D:55:1E:E7:E2:8C:60:70:AB:43:A2:FE:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KTdcnACxUp1VHufijGBwq0Oi_nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/77f977-015b-4caf-893f-0504e111a3b8/1/48ElfRTbLV66wOGgWE9803_8Ass.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/77f977-015b-4caf-893f-0504e111a3b8/1/KTdcnACxUp1VHufijGBwq0Oi_nY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2e78::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:3e:a5:f6:39:5d:5a:2c:d1:d3:28:ca:8c:46:e8:3f:cf:fb:
         e8:97:aa:37:6e:f8:c2:0d:e9:68:bd:91:4c:b9:4a:da:4f:82:
         05:f4:af:ac:f2:c1:01:8c:6f:56:1a:62:38:6d:10:73:f1:8c:
         c4:bf:61:f8:bb:e3:8c:96:10:96:74:f9:fa:28:10:e5:c8:bf:
         fe:40:a1:b4:20:c9:17:ef:0f:a1:be:a3:c6:57:ac:59:64:50:
         d9:94:09:b8:9a:2b:1c:75:73:16:b2:f1:e7:75:1d:c1:fa:da:
         22:c9:1a:dc:ba:85:fa:69:45:c8:16:31:ae:61:5c:99:69:5d:
         cf:ef:2c:bc:0b:26:92:dd:39:14:e0:36:56:88:7b:ec:9c:a8:
         78:1e:55:73:5a:c8:36:10:52:ee:63:ff:3e:3b:20:77:1b:34:
         93:4f:4c:ac:3e:96:e9:20:90:2b:7f:4a:3e:e9:8d:09:d9:67:
         42:93:4a:0e:49:4e:e1:64:75:1e:17:aa:5d:58:73:1d:b9:ac:
         17:be:0e:95:a8:4b:5e:37:80:bc:9a:84:37:31:ec:cf:d7:2b:
         65:b3:e9:98:56:41:0d:9b:d6:53:5b:17:d0:9b:3d:a9:fe:c3:
         5b:53:b1:6f:fb:f1:7b:dd:ab:5a:fe:e5:43:e0:8c:b7:ef:7a:
         28:75:f3:c1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY36JkX0T/GbzwySDrElDQP9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5Mzc1YzljMDBiMTUyOWQ1NTFlZTdlMjhjNjA3MGFiNDNh
MmZlNzYwHhcNMjQwMzAxMTMxMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2MxMjU3ZDE0ZGIyZDVlYmFjMGUxYTA1ODRmN2NkMzdmZmMwMmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFjBWMbv6UyRlFfjTujkBANCqjN8
DST+R3RnXyitFHYniZFaeUBVYrJGd4XJt9bQrk4+mE2EBGn1yFbPAvHZnrDrVwKv
F0AC+idW+pJPjYrqVItDTa07arsS6oJ2u4bHx2/KZxHXIia8Q3y3lNRrCSmZ2RWU
vkOzKv+15FZmV69UMthcIQ3gflrcNkuaOnpSsy7Se9HD9eF0GmQlRkqNeyhSJDPs
Nm51X7fbxo+uBrZYajCz2t+BMMKa5kXNo0oW4mt484ET2d0J8OlA/VLYLzFWa3xX
2Xy9rjRzP/qgQT7Ce0qQtOnMGX04L2dSl6xxrbKberFsXpqAhwq+T+o3gwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOPBJX0U2y1eusDhoFhPfNN//ALLMB8GA1UdIwQY
MBaAFCk3XJwAsVKdVR7n4oxgcKtDov52MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1RkY25BQ3hVcDFWSHVmaWpHQndxME9pX25ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy83N2Y5NzctMDE1Yi00Y2FmLTg5M2Yt
MDUwNGUxMTFhM2I4LzEvNDhFbGZSVGJMVjY2d09HZ1dFOTgwM184QXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy83N2Y5NzctMDE1Yi00Y2FmLTg5M2YtMDUwNGUxMTFhM2I4
LzEvS1RkY25BQ3hVcDFWSHVmaWpHQndxME9pX25ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC54
MA0GCSqGSIb3DQEBCwUAA4IBAQAoPqX2OV1aLNHTKMqMRug/z/vol6o3bvjCDelo
vZFMuUraT4IF9K+s8sEBjG9WGmI4bRBz8YzEv2H4u+OMlhCWdPn6KBDlyL/+QKG0
IMkX7w+hvqPGV6xZZFDZlAm4miscdXMWsvHndR3B+toiyRrcuoX6aUXIFjGuYVyZ
aV3P7yy8CyaS3TkU4DZWiHvsnKh4HlVzWsg2EFLuY/8+OyB3GzSTT0ysPpbpIJAr
f0o+6Y0J2WdCk0oOSU7hZHUeF6pdWHMduawXvg6VqEteN4C8moQ3MezP1ytls+mY
VkENm9ZTWxfQmz2p/sNbU7Fv+/F73ata/uVD4Iy373oodfPB
-----END CERTIFICATE-----