Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/0e5FrhtFSvwf9Or0P5CNsDhVExE.roa
File:                     0e5FrhtFSvwf9Or0P5CNsDhVExE.roa (raw, json)
Hash identifier:          DtBHsK998qSdk6IA7+B9gVFNFcL0oHlG4qr4PR56BGM=
Subject key identifier:   D1:EE:45:AE:1B:45:4A:FC:1F:F4:EA:F4:3F:90:8D:B0:38:55:13:11
Certificate issuer:       /CN=3026806a6b8dac68c2a32b65849229524fc33da7
Certificate serial:       018E3257E6A70FDF7F60E4944B3C4968B96F
Authority key identifier: 30:26:80:6A:6B:8D:AC:68:C2:A3:2B:65:84:92:29:52:4F:C3:3D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MCaAamuNrGjCoytlhJIpUk_DPac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/0e5FrhtFSvwf9Or0P5CNsDhVExE.roa
Signing time:             Tue 12 Mar 2024 11:06:45 +0000
ROA not before:           Tue 12 Mar 2024 11:06:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58299
IP address blocks:        2001:678:a00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/MCaAamuNrGjCoytlhJIpUk_DPac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/MCaAamuNrGjCoytlhJIpUk_DPac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MCaAamuNrGjCoytlhJIpUk_DPac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:32:57:e6:a7:0f:df:7f:60:e4:94:4b:3c:49:68:b9:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3026806a6b8dac68c2a32b65849229524fc33da7
        Validity
            Not Before: Mar 12 11:06:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1ee45ae1b454afc1ff4eaf43f908db038551311
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:0f:0e:84:f0:40:9b:da:c5:33:b2:4b:59:4d:
                    f1:fe:de:8e:d3:f6:8c:38:42:7c:11:2a:34:24:6f:
                    e5:43:15:c7:0b:87:95:75:56:cc:a3:8f:f7:8b:5b:
                    0f:e1:7b:59:ce:5f:b0:7d:d6:83:7f:56:91:27:8e:
                    8e:de:96:84:4e:e7:4b:51:69:e0:4b:10:51:13:18:
                    4b:00:0e:32:2e:b6:b1:fc:1a:ea:20:83:d2:ab:a8:
                    5c:b5:73:ea:1e:49:fb:5b:08:50:66:fe:cd:33:88:
                    03:51:71:73:80:80:42:af:9a:2f:88:84:22:ba:68:
                    a4:3d:89:fd:16:f6:65:de:ef:3f:43:d5:3f:66:25:
                    d3:35:8b:47:20:b0:25:c2:c4:dd:cf:30:1e:fe:39:
                    03:e3:23:fd:a9:36:74:d1:b1:9c:aa:40:3d:14:51:
                    5c:54:55:2e:5e:19:23:88:a4:1c:4c:e1:ef:90:cd:
                    67:c0:43:7f:ef:c5:e3:18:98:20:4f:37:ee:5b:83:
                    6c:d0:f5:7e:bd:90:71:da:31:81:59:eb:19:e2:6d:
                    cb:89:82:3e:c5:97:57:e9:8a:5e:72:29:26:e0:3b:
                    6d:a5:6e:78:16:a8:7c:95:5c:f6:f9:d2:97:32:14:
                    63:39:c3:cb:73:e0:db:a8:21:b0:eb:6c:c5:22:aa:
                    92:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:EE:45:AE:1B:45:4A:FC:1F:F4:EA:F4:3F:90:8D:B0:38:55:13:11
            X509v3 Authority Key Identifier:
                keyid:30:26:80:6A:6B:8D:AC:68:C2:A3:2B:65:84:92:29:52:4F:C3:3D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MCaAamuNrGjCoytlhJIpUk_DPac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/0e5FrhtFSvwf9Or0P5CNsDhVExE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/MCaAamuNrGjCoytlhJIpUk_DPac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:a00::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:ed:fd:c0:a7:31:4e:5c:8d:7e:07:5c:fc:83:bb:28:04:b4:
         1a:57:0d:9e:bc:7e:28:a8:e0:26:6d:44:2b:0a:f4:13:eb:dc:
         ee:fd:15:e4:cd:2b:10:db:77:2b:a9:01:60:02:98:c6:6b:fe:
         43:6e:53:aa:0c:26:cf:4e:33:5f:95:c9:09:0d:6a:da:c0:98:
         4d:0a:20:27:d0:3b:79:f3:44:29:c7:86:18:aa:e3:5a:51:01:
         7c:17:c6:69:ae:fc:d3:12:a1:36:c2:93:50:2f:5e:35:02:8b:
         00:36:8a:31:48:72:47:b2:34:50:5e:cf:79:23:e0:eb:64:54:
         34:6d:49:e4:6a:2f:88:75:52:cd:af:9d:5a:d1:80:54:cf:ff:
         db:ef:6d:6c:e6:a8:7d:91:5c:67:ac:b2:cc:25:90:ee:7d:ad:
         3d:cf:6e:ce:83:9a:3b:95:c9:0d:bd:de:7b:6c:ce:16:f8:1c:
         c8:7b:74:13:1d:37:02:a0:09:a7:71:69:ec:6a:46:ac:b4:40:
         29:57:ef:33:40:78:33:d6:a7:92:80:f6:88:97:fb:d3:2d:ad:
         c8:6d:5d:23:b8:33:a1:86:86:30:72:d5:26:78:6a:66:11:05:
         4c:e6:a7:1b:87:b8:6e:b7:78:ef:3b:3c:7c:aa:87:9a:e4:03:
         8f:63:90:26
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY4yV+anD99/YOSUSzxJaLlvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMjY4MDZhNmI4ZGFjNjhjMmEzMmI2NTg0OTIyOTUyNGZj
MzNkYTcwHhcNMjQwMzEyMTEwNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWVlNDVhZTFiNDU0YWZjMWZmNGVhZjQzZjkwOGRiMDM4NTUxMzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhg8OhPBAm9rFM7JLWU3x/t6O0/aM
OEJ8ESo0JG/lQxXHC4eVdVbMo4/3i1sP4XtZzl+wfdaDf1aRJ46O3paETudLUWng
SxBRExhLAA4yLrax/BrqIIPSq6hctXPqHkn7WwhQZv7NM4gDUXFzgIBCr5oviIQi
umikPYn9FvZl3u8/Q9U/ZiXTNYtHILAlwsTdzzAe/jkD4yP9qTZ00bGcqkA9FFFc
VFUuXhkjiKQcTOHvkM1nwEN/78XjGJggTzfuW4Ns0PV+vZBx2jGBWesZ4m3LiYI+
xZdX6Ypecikm4DttpW54Fqh8lVz2+dKXMhRjOcPLc+DbqCGw62zFIqqStwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNHuRa4bRUr8H/Tq9D+QjbA4VRMRMB8GA1UdIwQY
MBaAFDAmgGprjaxowqMrZYSSKVJPwz2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUNhQWFtdU5yR2pDb3l0bGhKSXBVa19EUGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi85ZGNhMGUtYTQxYi00OTcyLWJiYjUt
MDhlMmIxMDE3OTI3LzEvMGU1RnJodEZTdndmOU9yMFA1Q05zRGhWRXhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi85ZGNhMGUtYTQxYi00OTcyLWJiYjUtMDhlMmIxMDE3OTI3
LzEvTUNhQWFtdU5yR2pDb3l0bGhKSXBVa19EUGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAoA
MA0GCSqGSIb3DQEBCwUAA4IBAQBr7f3ApzFOXI1+B1z8g7soBLQaVw2evH4oqOAm
bUQrCvQT69zu/RXkzSsQ23crqQFgApjGa/5DblOqDCbPTjNflckJDWrawJhNCiAn
0Dt580Qpx4YYquNaUQF8F8ZprvzTEqE2wpNQL141AosANooxSHJHsjRQXs95I+Dr
ZFQ0bUnkai+IdVLNr51a0YBUz//b721s5qh9kVxnrLLMJZDufa09z27Og5o7lckN
vd57bM4W+BzIe3QTHTcCoAmncWnsakastEApV+8zQHgz1qeSgPaIl/vTLa3IbV0j
uDOhhoYwctUmeGpmEQVM5qcbh7hut3jvOzx8qoea5AOPY5Am
-----END CERTIFICATE-----