Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/2854f2-82d7-42bd-acbc-d08a9cdec986/1/sud9Nej-UPHJ40kxlT8t88Fb8ko.roa
File:                     sud9Nej-UPHJ40kxlT8t88Fb8ko.roa (raw, json)
Hash identifier:          2Gc+TLEakCehx6lyDZM0RrxnvonEYC3tf21M3ggDTgk=
Subject key identifier:   B2:E7:7D:35:E8:FE:50:F1:C9:E3:49:31:95:3F:2D:F3:C1:5B:F2:4A
Certificate issuer:       /CN=9a620e691d95aaceb3262dbdfcb0ca5099ee2444
Certificate serial:       018CCA2A6389F97D3616F45DB95152A74641
Authority key identifier: 9A:62:0E:69:1D:95:AA:CE:B3:26:2D:BD:FC:B0:CA:50:99:EE:24:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mmIOaR2Vqs6zJi29_LDKUJnuJEQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/2854f2-82d7-42bd-acbc-d08a9cdec986/1/sud9Nej-UPHJ40kxlT8t88Fb8ko.roa
Signing time:             Tue 02 Jan 2024 12:33:44 +0000
ROA not before:           Tue 02 Jan 2024 12:33:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212717
IP address blocks:        2001:678:e24::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/2854f2-82d7-42bd-acbc-d08a9cdec986/1/mmIOaR2Vqs6zJi29_LDKUJnuJEQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/2854f2-82d7-42bd-acbc-d08a9cdec986/1/mmIOaR2Vqs6zJi29_LDKUJnuJEQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mmIOaR2Vqs6zJi29_LDKUJnuJEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:63:89:f9:7d:36:16:f4:5d:b9:51:52:a7:46:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a620e691d95aaceb3262dbdfcb0ca5099ee2444
        Validity
            Not Before: Jan  2 12:33:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2e77d35e8fe50f1c9e34931953f2df3c15bf24a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:bb:6f:ba:9a:c7:1c:cf:70:3e:f2:69:bf:4e:
                    00:a9:81:93:8c:08:6d:d3:57:d2:80:82:be:9b:ca:
                    f5:cb:c2:a8:7b:62:16:e6:c0:8e:d8:d5:06:54:99:
                    a8:a6:99:7d:a1:58:63:99:e5:b5:f9:25:98:c4:dc:
                    43:f8:c7:47:05:fe:bc:66:a3:77:a5:aa:d0:89:57:
                    4a:df:49:c2:f5:a0:8b:cb:f4:53:3f:76:78:84:a3:
                    ef:f6:d4:56:87:d8:bc:5d:79:d4:49:73:e3:bb:cb:
                    df:db:12:c5:d2:c7:c4:54:ac:94:a1:1c:d0:91:0e:
                    30:cf:6a:8c:54:a3:6d:0b:fe:63:28:0e:a3:db:43:
                    42:eb:bc:dd:86:82:8b:84:60:24:9a:f0:6d:b0:a4:
                    9b:bb:d3:83:34:a7:9b:ef:a0:4a:83:44:17:7a:50:
                    0c:c1:02:89:27:a0:00:bc:5f:48:5f:01:97:7a:04:
                    f8:9c:fc:7a:4d:3a:e3:06:50:17:3b:23:fa:8c:80:
                    19:8f:82:cf:7a:65:95:d5:3d:a5:82:01:ca:57:77:
                    3e:2b:16:00:af:2a:bf:9d:74:d6:47:2e:3a:ce:08:
                    46:3c:78:7a:bf:98:7a:6f:28:94:bd:c2:ac:8e:7c:
                    4a:27:99:44:49:5e:32:d3:94:c0:1e:e2:ec:dc:79:
                    f5:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:E7:7D:35:E8:FE:50:F1:C9:E3:49:31:95:3F:2D:F3:C1:5B:F2:4A
            X509v3 Authority Key Identifier:
                keyid:9A:62:0E:69:1D:95:AA:CE:B3:26:2D:BD:FC:B0:CA:50:99:EE:24:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mmIOaR2Vqs6zJi29_LDKUJnuJEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/2854f2-82d7-42bd-acbc-d08a9cdec986/1/sud9Nej-UPHJ40kxlT8t88Fb8ko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/2854f2-82d7-42bd-acbc-d08a9cdec986/1/mmIOaR2Vqs6zJi29_LDKUJnuJEQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:e24::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:c8:f0:59:b9:fd:82:58:4e:3c:f5:6c:a0:40:4f:34:32:99:
         24:5d:cc:66:3a:0a:1c:28:13:9c:04:d5:e8:c7:4d:f9:c6:81:
         2c:12:d9:43:52:21:14:5d:48:39:53:c0:d7:07:e1:7d:d0:eb:
         dc:9d:5e:73:7e:2d:ea:c2:d7:16:4d:6e:fd:40:32:36:7a:d4:
         fb:69:6d:9e:f3:33:2b:b2:f6:cf:7e:ba:69:da:68:dd:9c:5a:
         ba:08:69:14:66:86:e8:d4:aa:79:49:b8:24:a5:15:24:0f:75:
         ef:d3:d9:bf:33:f6:17:8a:67:3c:9a:64:a2:bb:6e:ef:d6:89:
         6a:79:ef:77:54:a8:6a:22:ce:a9:a1:14:5f:c2:15:5d:11:80:
         f0:a7:c7:17:9a:fd:99:b6:af:a4:77:6c:cd:85:c1:46:fb:64:
         7c:41:7e:7d:be:4f:30:38:3b:8d:58:98:17:80:62:a2:af:06:
         7c:f3:35:6f:d0:0f:a5:d0:a2:d3:d9:85:92:4a:e4:0b:b2:ac:
         be:1f:01:91:84:3c:48:41:9e:f6:ae:ca:4c:9a:90:8b:4e:2d:
         36:ea:bb:be:0b:6e:a1:c5:f4:db:bc:39:ca:9f:f5:99:3c:ae:
         fe:e0:3f:42:43:45:8d:6f:03:f8:94:48:66:4b:7e:f3:02:4a:
         a3:c2:fd:17
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKmOJ+X02FvRduVFSp0ZBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNjIwZTY5MWQ5NWFhY2ViMzI2MmRiZGZjYjBjYTUwOTll
ZTI0NDQwHhcNMjQwMTAyMTIzMzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmU3N2QzNWU4ZmU1MGYxYzllMzQ5MzE5NTNmMmRmM2MxNWJmMjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2rtvuprHHM9wPvJpv04AqYGTjAht
01fSgIK+m8r1y8Koe2IW5sCO2NUGVJmoppl9oVhjmeW1+SWYxNxD+MdHBf68ZqN3
parQiVdK30nC9aCLy/RTP3Z4hKPv9tRWh9i8XXnUSXPju8vf2xLF0sfEVKyUoRzQ
kQ4wz2qMVKNtC/5jKA6j20NC67zdhoKLhGAkmvBtsKSbu9ODNKeb76BKg0QXelAM
wQKJJ6AAvF9IXwGXegT4nPx6TTrjBlAXOyP6jIAZj4LPemWV1T2lggHKV3c+KxYA
ryq/nXTWRy46zghGPHh6v5h6byiUvcKsjnxKJ5lESV4y05TAHuLs3Hn1LQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLLnfTXo/lDxyeNJMZU/LfPBW/JKMB8GA1UdIwQY
MBaAFJpiDmkdlarOsyYtvfywylCZ7iREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbW1JT2FSMlZxczZ6SmkyOV9MREtVSm51SkVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8yODU0ZjItODJkNy00MmJkLWFjYmMt
ZDA4YTljZGVjOTg2LzEvc3VkOU5lai1VUEhKNDBreGxUOHQ4OEZiOGtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8yODU0ZjItODJkNy00MmJkLWFjYmMtZDA4YTljZGVjOTg2
LzEvbW1JT2FSMlZxczZ6SmkyOV9MREtVSm51SkVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA4k
MA0GCSqGSIb3DQEBCwUAA4IBAQCayPBZuf2CWE489WygQE80MpkkXcxmOgocKBOc
BNXox035xoEsEtlDUiEUXUg5U8DXB+F90OvcnV5zfi3qwtcWTW79QDI2etT7aW2e
8zMrsvbPfrpp2mjdnFq6CGkUZobo1Kp5SbgkpRUkD3Xv09m/M/YXimc8mmSiu27v
1olqee93VKhqIs6poRRfwhVdEYDwp8cXmv2Ztq+kd2zNhcFG+2R8QX59vk8wODuN
WJgXgGKirwZ88zVv0A+l0KLT2YWSSuQLsqy+HwGRhDxIQZ72rspMmpCLTi026ru+
C26hxfTbvDnKn/WZPK7+4D9CQ0WNbwP4lEhmS37zAkqjwv0X
-----END CERTIFICATE-----