Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/347d71-ff78-4b3a-a5db-4de9345c83bf/1/N29YBUgoWK5IqmEk39b5MdooHAQ.roa
File:                     N29YBUgoWK5IqmEk39b5MdooHAQ.roa (raw, json)
Hash identifier:          6TXc9bnNxh7VWLJsvRC7K/A2k8f7y1M6GUN0L0K7yq8=
Subject key identifier:   37:6F:58:05:48:28:58:AE:48:AA:61:24:DF:D6:F9:31:DA:28:1C:04
Certificate issuer:       /CN=dd8ae4d9ad863dda1401b490c28cff82d998e3b5
Certificate serial:       01934B1C5C5127BD2915D1F2108881F98310
Authority key identifier: DD:8A:E4:D9:AD:86:3D:DA:14:01:B4:90:C2:8C:FF:82:D9:98:E3:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Yrk2a2GPdoUAbSQwoz_gtmY47U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/347d71-ff78-4b3a-a5db-4de9345c83bf/1/N29YBUgoWK5IqmEk39b5MdooHAQ.roa
Signing time:             Wed 20 Nov 2024 19:46:09 +0000
ROA not before:           Wed 20 Nov 2024 19:46:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215230
IP address blocks:        2001:678:a30::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/347d71-ff78-4b3a-a5db-4de9345c83bf/1/3Yrk2a2GPdoUAbSQwoz_gtmY47U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/347d71-ff78-4b3a-a5db-4de9345c83bf/1/3Yrk2a2GPdoUAbSQwoz_gtmY47U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Yrk2a2GPdoUAbSQwoz_gtmY47U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4b:1c:5c:51:27:bd:29:15:d1:f2:10:88:81:f9:83:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd8ae4d9ad863dda1401b490c28cff82d998e3b5
        Validity
            Not Before: Nov 20 19:46:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=376f5805482858ae48aa6124dfd6f931da281c04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:4c:aa:2c:fd:ce:71:3e:af:98:6f:e6:66:ab:
                    e8:05:b1:bc:19:60:2c:4f:56:a1:3b:19:3d:f0:13:
                    5a:a6:0e:b8:7f:2e:57:a2:d4:61:25:91:a4:6e:1d:
                    4d:b4:06:8a:62:27:f2:e1:95:1b:d5:58:0a:1b:55:
                    e0:3f:6e:6b:af:11:d1:bc:7d:58:8e:20:00:05:71:
                    a0:1d:e7:46:c2:cc:e5:5a:a7:7e:a3:6f:ad:5e:93:
                    04:71:83:ca:ce:4f:cf:54:6b:75:75:df:ee:51:1f:
                    7f:dd:d3:b2:97:5e:5c:dc:80:ec:16:75:23:dc:b9:
                    b9:e0:3f:bd:ea:95:f4:4b:9f:11:8c:09:a0:79:ee:
                    75:c9:dd:e2:be:ac:63:a4:ff:13:8d:ee:ad:d8:36:
                    6b:69:67:dc:59:40:5c:6b:ef:69:dc:23:67:6f:50:
                    43:13:63:29:57:48:84:5f:35:1f:8a:ed:19:c6:dd:
                    9b:b2:72:56:8d:d7:9e:98:f7:b4:eb:8b:d7:c8:3d:
                    d7:dd:9d:dc:43:f7:dc:1a:f5:7f:70:ff:a0:ab:ec:
                    fe:77:71:50:a4:86:92:9f:9c:99:8c:d5:68:7b:55:
                    b2:c8:87:08:a7:63:da:b8:a0:77:27:cc:66:49:68:
                    7f:02:60:89:b1:f6:ac:55:64:81:01:61:31:f3:6a:
                    4a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:6F:58:05:48:28:58:AE:48:AA:61:24:DF:D6:F9:31:DA:28:1C:04
            X509v3 Authority Key Identifier:
                keyid:DD:8A:E4:D9:AD:86:3D:DA:14:01:B4:90:C2:8C:FF:82:D9:98:E3:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Yrk2a2GPdoUAbSQwoz_gtmY47U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/347d71-ff78-4b3a-a5db-4de9345c83bf/1/N29YBUgoWK5IqmEk39b5MdooHAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/347d71-ff78-4b3a-a5db-4de9345c83bf/1/3Yrk2a2GPdoUAbSQwoz_gtmY47U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:a30::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:d4:42:5e:6b:ab:25:06:3a:d6:35:75:0a:f0:52:24:fd:8b:
         7c:e5:ea:77:2c:51:0b:88:be:a9:39:66:f5:69:27:e1:17:f9:
         49:14:40:34:e8:35:2f:ef:04:1c:36:8f:42:bd:b8:6d:bb:87:
         f1:9b:42:69:a5:77:ff:b8:6a:c5:46:c9:df:f8:af:ac:03:77:
         7a:e1:c8:57:78:f4:b0:b6:37:bb:ca:05:ee:a5:19:40:d5:68:
         5e:dd:88:de:bc:b3:68:a4:96:be:ca:06:aa:fb:5c:2e:c5:74:
         ab:c9:f3:49:f7:69:4d:af:0c:ae:91:8d:fb:a8:1d:1a:e7:0c:
         c8:e5:78:df:8b:45:c3:d2:47:9f:66:16:45:d3:24:73:c6:a4:
         4b:8e:ba:54:f4:05:c9:3e:c5:a7:8a:82:e8:f0:4f:45:ea:94:
         c3:15:18:ed:b7:ff:05:3e:8a:b5:32:30:6c:ae:53:fc:7e:4c:
         44:2e:89:74:a9:44:e6:50:f9:87:ea:d1:24:41:b2:96:55:69:
         df:cc:1b:0c:b9:f6:a7:77:20:1f:62:c7:39:10:df:ad:6e:d1:
         54:7e:3e:22:07:79:87:40:66:a9:91:a5:33:68:13:26:14:64:
         6a:ea:e9:9e:c5:d6:58:28:91:28:42:18:58:4f:53:af:1c:8a:
         11:c2:08:2f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZNLHFxRJ70pFdHyEIiB+YMQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkOGFlNGQ5YWQ4NjNkZGExNDAxYjQ5MGMyOGNmZjgyZDk5
OGUzYjUwHhcNMjQxMTIwMTk0NjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzZmNTgwNTQ4Mjg1OGFlNDhhYTYxMjRkZmQ2ZjkzMWRhMjgxYzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0yqLP3OcT6vmG/mZqvoBbG8GWAs
T1ahOxk98BNapg64fy5XotRhJZGkbh1NtAaKYify4ZUb1VgKG1XgP25rrxHRvH1Y
jiAABXGgHedGwszlWqd+o2+tXpMEcYPKzk/PVGt1dd/uUR9/3dOyl15c3IDsFnUj
3Lm54D+96pX0S58RjAmgee51yd3ivqxjpP8Tje6t2DZraWfcWUBca+9p3CNnb1BD
E2MpV0iEXzUfiu0Zxt2bsnJWjdeemPe064vXyD3X3Z3cQ/fcGvV/cP+gq+z+d3FQ
pIaSn5yZjNVoe1WyyIcIp2PauKB3J8xmSWh/AmCJsfasVWSBAWEx82pKoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDdvWAVIKFiuSKphJN/W+THaKBwEMB8GA1UdIwQY
MBaAFN2K5Nmthj3aFAG0kMKM/4LZmOO1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1lyazJhMkdQZG9VQWJTUXdvel9ndG1ZNDdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8zNDdkNzEtZmY3OC00YjNhLWE1ZGIt
NGRlOTM0NWM4M2JmLzEvTjI5WUJVZ29XSzVJcW1FazM5YjVNZG9vSEFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8zNDdkNzEtZmY3OC00YjNhLWE1ZGItNGRlOTM0NWM4M2Jm
LzEvM1lyazJhMkdQZG9VQWJTUXdvel9ndG1ZNDdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAow
MA0GCSqGSIb3DQEBCwUAA4IBAQBU1EJea6slBjrWNXUK8FIk/Yt85ep3LFELiL6p
OWb1aSfhF/lJFEA06DUv7wQcNo9Cvbhtu4fxm0JppXf/uGrFRsnf+K+sA3d64chX
ePSwtje7ygXupRlA1Whe3YjevLNopJa+ygaq+1wuxXSryfNJ92lNrwyukY37qB0a
5wzI5Xjfi0XD0kefZhZF0yRzxqRLjrpU9AXJPsWnioLo8E9F6pTDFRjtt/8FPoq1
MjBsrlP8fkxELol0qUTmUPmH6tEkQbKWVWnfzBsMufandyAfYsc5EN+tbtFUfj4i
B3mHQGapkaUzaBMmFGRq6umexdZYKJEoQhhYT1OvHIoRwggv
-----END CERTIFICATE-----