Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/7da79d-60f4-47a8-813a-99957df4997e/1/FoQRgM8BnpzoZHF8ZymmbE_DzuI.roa
File:                     FoQRgM8BnpzoZHF8ZymmbE_DzuI.roa (raw, json)
Hash identifier:          VtgFeGz98uhmpWtZ/9J00fC8b236yzM8nS+m1C/NI6A=
Subject key identifier:   16:84:11:80:CF:01:9E:9C:E8:64:71:7C:67:29:A6:6C:4F:C3:CE:E2
Certificate issuer:       /CN=1e8c77336d66f7b0238e6c184c64fa4f24d09f01
Certificate serial:       018CC26CFCEEBD6881108D4532FDF3FB0AF3
Authority key identifier: 1E:8C:77:33:6D:66:F7:B0:23:8E:6C:18:4C:64:FA:4F:24:D0:9F:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hox3M21m97AjjmwYTGT6TyTQnwE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/7da79d-60f4-47a8-813a-99957df4997e/1/FoQRgM8BnpzoZHF8ZymmbE_DzuI.roa
Signing time:             Mon 01 Jan 2024 00:29:31 +0000
ROA not before:           Mon 01 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44973
IP address blocks:        2001:678:59c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/7da79d-60f4-47a8-813a-99957df4997e/1/Hox3M21m97AjjmwYTGT6TyTQnwE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/7da79d-60f4-47a8-813a-99957df4997e/1/Hox3M21m97AjjmwYTGT6TyTQnwE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hox3M21m97AjjmwYTGT6TyTQnwE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:fc:ee:bd:68:81:10:8d:45:32:fd:f3:fb:0a:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e8c77336d66f7b0238e6c184c64fa4f24d09f01
        Validity
            Not Before: Jan  1 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16841180cf019e9ce864717c6729a66c4fc3cee2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d7:41:22:1d:b7:ff:5e:12:6a:bf:eb:0b:04:
                    d4:b0:88:6e:f2:e3:3b:ee:89:81:ab:fb:63:e7:ab:
                    c9:a6:5a:ce:c4:c3:5b:cf:6d:49:7a:60:ad:00:95:
                    da:06:b4:27:00:d3:02:18:23:d3:09:3d:4d:2e:d4:
                    3e:55:04:51:bf:09:cc:7f:47:53:2c:82:aa:74:58:
                    54:75:94:b9:65:f1:81:68:92:8e:33:58:f8:6e:72:
                    62:18:e3:65:25:60:e0:07:ac:25:1a:f8:76:b1:e1:
                    36:49:78:69:ca:ae:9f:b4:d7:9c:b5:78:18:a8:5e:
                    22:e0:43:62:fa:14:40:af:79:e5:0a:1a:72:1d:3d:
                    d1:ba:a9:ef:36:a3:f9:dc:51:9d:88:43:f0:4c:d3:
                    7a:63:96:c2:5a:93:76:dc:83:1d:4f:71:67:0b:2b:
                    50:8a:cd:83:20:59:7d:a6:5f:eb:07:58:3f:34:fe:
                    68:2e:bd:1f:d9:7c:e5:f9:8a:7d:de:2d:2a:ce:7a:
                    9e:f7:8b:01:19:05:ba:cf:ba:3c:64:f2:c9:f0:94:
                    9e:bd:9c:0c:21:aa:a8:5b:70:dd:21:90:96:82:57:
                    d7:28:02:dc:e4:3f:83:7c:e3:a7:1d:b0:92:bb:a8:
                    df:2b:b5:f0:8d:ca:25:ac:27:dd:2d:98:d5:06:bf:
                    43:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:84:11:80:CF:01:9E:9C:E8:64:71:7C:67:29:A6:6C:4F:C3:CE:E2
            X509v3 Authority Key Identifier:
                keyid:1E:8C:77:33:6D:66:F7:B0:23:8E:6C:18:4C:64:FA:4F:24:D0:9F:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hox3M21m97AjjmwYTGT6TyTQnwE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/7da79d-60f4-47a8-813a-99957df4997e/1/FoQRgM8BnpzoZHF8ZymmbE_DzuI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/7da79d-60f4-47a8-813a-99957df4997e/1/Hox3M21m97AjjmwYTGT6TyTQnwE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:59c::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:4a:c2:2f:b0:52:6a:e4:de:78:19:37:ae:e0:5c:75:69:b8:
         5c:7e:a3:07:f5:54:b6:9c:a1:ed:84:91:27:df:92:6f:be:fd:
         34:65:1b:90:f8:ac:79:40:bb:11:27:2b:e0:b0:71:b8:e2:e4:
         14:70:bb:c5:ea:13:0d:d9:2a:6d:9e:f2:e9:ed:7c:11:fb:a2:
         e1:c4:fe:8d:c6:0d:fa:18:ef:d0:cf:90:bf:17:36:65:49:4a:
         63:cb:97:17:4a:be:dd:49:82:a9:fa:79:ba:b4:00:54:20:23:
         a0:f2:45:3c:ed:d5:3f:2a:86:fd:2c:86:18:78:e0:20:6c:e5:
         2d:0a:a5:aa:9f:5d:e5:ef:ca:9c:b0:83:0f:bc:78:cf:bb:eb:
         0b:29:74:05:d6:26:3f:75:1b:c1:f6:4e:0b:26:60:ab:e2:1c:
         ce:64:6a:cb:d1:ef:f8:e2:fa:ac:ca:1f:3c:28:c6:79:18:9d:
         f7:09:b8:2c:a5:3f:42:29:ba:b2:22:71:01:94:f5:9f:48:fb:
         46:aa:58:67:65:7b:a4:8e:1b:61:5c:29:b3:48:1f:21:58:4c:
         80:1c:6b:a5:d5:d9:d1:61:41:5c:42:5a:c6:04:02:82:eb:2d:
         1e:e8:0a:8d:86:a0:f4:56:8f:2f:1c:c0:f7:b3:ee:41:3e:a0:
         c4:74:7e:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbPzuvWiBEI1FMv3z+wrzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOGM3NzMzNmQ2NmY3YjAyMzhlNmMxODRjNjRmYTRmMjRk
MDlmMDEwHhcNMjQwMTAxMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjg0MTE4MGNmMDE5ZTljZTg2NDcxN2M2NzI5YTY2YzRmYzNjZWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNdBIh23/14Sar/rCwTUsIhu8uM7
7omBq/tj56vJplrOxMNbz21JemCtAJXaBrQnANMCGCPTCT1NLtQ+VQRRvwnMf0dT
LIKqdFhUdZS5ZfGBaJKOM1j4bnJiGONlJWDgB6wlGvh2seE2SXhpyq6ftNectXgY
qF4i4ENi+hRAr3nlChpyHT3RuqnvNqP53FGdiEPwTNN6Y5bCWpN23IMdT3FnCytQ
is2DIFl9pl/rB1g/NP5oLr0f2Xzl+Yp93i0qznqe94sBGQW6z7o8ZPLJ8JSevZwM
IaqoW3DdIZCWglfXKALc5D+DfOOnHbCSu6jfK7XwjcolrCfdLZjVBr9DNwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBaEEYDPAZ6c6GRxfGcppmxPw87iMB8GA1UdIwQY
MBaAFB6MdzNtZvewI45sGExk+k8k0J8BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG94M00yMW05N0Fqam13WVRHVDZUeVRRbndFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC83ZGE3OWQtNjBmNC00N2E4LTgxM2Et
OTk5NTdkZjQ5OTdlLzEvRm9RUmdNOEJucHpvWkhGOFp5bW1iRV9EenVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC83ZGE3OWQtNjBmNC00N2E4LTgxM2EtOTk5NTdkZjQ5OTdl
LzEvSG94M00yMW05N0Fqam13WVRHVDZUeVRRbndFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAWc
MA0GCSqGSIb3DQEBCwUAA4IBAQAdSsIvsFJq5N54GTeu4Fx1abhcfqMH9VS2nKHt
hJEn35Jvvv00ZRuQ+Kx5QLsRJyvgsHG44uQUcLvF6hMN2SptnvLp7XwR+6LhxP6N
xg36GO/Qz5C/FzZlSUpjy5cXSr7dSYKp+nm6tABUICOg8kU87dU/Kob9LIYYeOAg
bOUtCqWqn13l78qcsIMPvHjPu+sLKXQF1iY/dRvB9k4LJmCr4hzOZGrL0e/44vqs
yh88KMZ5GJ33CbgspT9CKbqyInEBlPWfSPtGqlhnZXukjhthXCmzSB8hWEyAHGul
1dnRYUFcQlrGBAKC6y0e6AqNhqD0Vo8vHMD3s+5BPqDEdH48
-----END CERTIFICATE-----