Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/627d4a-1e07-4e0c-89fd-fca2453434c9/1/XNOnrNwCbkK-fWlgVFmlh4qqJHo.roa
File:                     XNOnrNwCbkK-fWlgVFmlh4qqJHo.roa (raw, json)
Hash identifier:          3QWYSInu38r/5/KTKjAC8sguJHur37e5F5m4udIiWR4=
Subject key identifier:   5C:D3:A7:AC:DC:02:6E:42:BE:7D:69:60:54:59:A5:87:8A:AA:24:7A
Certificate issuer:       /CN=f786c277f6ca808afdca05673f4b6c2573974e3e
Certificate serial:       018CC56DF34EAB85FC8A62A09CB0DF43315F
Authority key identifier: F7:86:C2:77:F6:CA:80:8A:FD:CA:05:67:3F:4B:6C:25:73:97:4E:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/94bCd_bKgIr9ygVnP0tsJXOXTj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/627d4a-1e07-4e0c-89fd-fca2453434c9/1/XNOnrNwCbkK-fWlgVFmlh4qqJHo.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34087
IP address blocks:        2001:678:464::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/627d4a-1e07-4e0c-89fd-fca2453434c9/1/94bCd_bKgIr9ygVnP0tsJXOXTj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/627d4a-1e07-4e0c-89fd-fca2453434c9/1/94bCd_bKgIr9ygVnP0tsJXOXTj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/94bCd_bKgIr9ygVnP0tsJXOXTj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f3:4e:ab:85:fc:8a:62:a0:9c:b0:df:43:31:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f786c277f6ca808afdca05673f4b6c2573974e3e
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5cd3a7acdc026e42be7d69605459a5878aaa247a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:4b:10:23:d7:c3:4b:c5:29:81:f3:20:76:d2:
                    df:60:0f:75:c1:ae:e3:19:8c:25:a8:35:52:bb:d6:
                    ab:a9:dc:4f:73:25:60:82:78:c8:e7:dc:b4:9c:ec:
                    b3:d4:90:2b:9c:6e:fd:42:54:2d:3e:b2:a8:8b:13:
                    a9:b3:6a:b3:5f:2c:88:a7:b3:11:9c:72:63:f5:b2:
                    37:b1:9c:e7:41:7e:c9:c8:89:0f:cd:52:b4:4a:44:
                    93:5b:95:ce:7a:19:dc:08:48:b1:cc:de:61:e8:75:
                    34:3a:7c:b6:5d:4f:88:be:83:c0:45:84:00:2d:46:
                    ba:ee:62:77:10:8e:7c:47:05:c7:86:0d:6e:ae:62:
                    b7:d6:4b:ac:3f:ed:5e:81:84:ae:4d:18:4f:c7:b7:
                    15:c2:e3:91:3a:09:3a:65:a1:d5:7d:ca:85:b9:bc:
                    e8:8b:f2:f8:7e:7e:6e:a0:40:c6:f8:5a:7e:97:73:
                    ec:cf:91:4d:00:67:85:25:82:13:1b:58:ad:8e:60:
                    3d:63:b5:72:eb:a9:ce:f3:4f:df:b3:17:33:fb:39:
                    bb:54:e9:0d:94:c4:5d:dc:b4:10:a0:57:61:9d:eb:
                    6e:bc:f2:21:b5:20:dc:bb:7a:e7:8b:e0:d6:7a:4d:
                    6d:b5:fc:83:89:08:1f:b6:24:c7:68:c3:16:84:a1:
                    61:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:D3:A7:AC:DC:02:6E:42:BE:7D:69:60:54:59:A5:87:8A:AA:24:7A
            X509v3 Authority Key Identifier:
                keyid:F7:86:C2:77:F6:CA:80:8A:FD:CA:05:67:3F:4B:6C:25:73:97:4E:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/94bCd_bKgIr9ygVnP0tsJXOXTj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/627d4a-1e07-4e0c-89fd-fca2453434c9/1/XNOnrNwCbkK-fWlgVFmlh4qqJHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/627d4a-1e07-4e0c-89fd-fca2453434c9/1/94bCd_bKgIr9ygVnP0tsJXOXTj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:464::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:f9:7a:3f:62:cb:6e:ed:f5:1a:5e:ce:56:af:69:6c:63:80:
         3c:d7:8a:4c:da:1e:b9:58:5d:58:6f:e8:79:76:e4:9e:19:31:
         68:8b:7c:48:1e:4f:a2:c9:e5:1f:4b:57:3b:a3:b2:ab:96:49:
         1e:44:4b:77:f6:ac:e1:e9:29:c0:92:61:ec:36:fb:6f:9b:ce:
         83:4d:08:df:1b:4d:73:90:a3:d5:89:68:66:e4:f7:a2:67:22:
         31:25:55:d0:73:22:ba:7e:bd:9d:d8:af:c4:15:ed:79:42:cd:
         44:1d:2f:1e:fa:ce:50:01:42:fb:09:be:ad:61:b5:02:a5:ff:
         2e:b1:70:37:72:26:4f:f6:3d:5a:bf:f9:89:8c:96:19:a1:c7:
         cb:c5:3f:76:ef:d8:e5:ee:8d:96:60:6d:80:0a:09:94:5b:db:
         e7:2d:3d:66:94:4c:82:9a:a9:28:2d:84:4c:76:a7:aa:32:bc:
         12:55:d9:79:4e:f4:9a:bc:d6:77:00:34:7e:be:8f:e2:68:ae:
         7b:88:b4:03:19:66:07:a6:f9:27:e1:d5:1b:72:9b:09:70:e7:
         0c:31:aa:da:8c:9d:83:53:21:2b:3c:4f:17:0c:9c:69:13:65:
         b4:9e:4a:24:33:c8:b4:fb:57:a0:f1:a7:90:3c:f9:99:b9:24:
         b7:f9:a9:fc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbfNOq4X8imKgnLDfQzFfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3ODZjMjc3ZjZjYTgwOGFmZGNhMDU2NzNmNGI2YzI1NzM5
NzRlM2UwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2QzYTdhY2RjMDI2ZTQyYmU3ZDY5NjA1NDU5YTU4NzhhYWEyNDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz0sQI9fDS8UpgfMgdtLfYA91wa7j
GYwlqDVSu9arqdxPcyVggnjI59y0nOyz1JArnG79QlQtPrKoixOps2qzXyyIp7MR
nHJj9bI3sZznQX7JyIkPzVK0SkSTW5XOehncCEixzN5h6HU0Ony2XU+IvoPARYQA
LUa67mJ3EI58RwXHhg1urmK31kusP+1egYSuTRhPx7cVwuOROgk6ZaHVfcqFubzo
i/L4fn5uoEDG+Fp+l3Psz5FNAGeFJYITG1itjmA9Y7Vy66nO80/fsxcz+zm7VOkN
lMRd3LQQoFdhnetuvPIhtSDcu3rni+DWek1ttfyDiQgftiTHaMMWhKFhNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFzTp6zcAm5Cvn1pYFRZpYeKqiR6MB8GA1UdIwQY
MBaAFPeGwnf2yoCK/coFZz9LbCVzl04+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTRiQ2RfYktnSXI5eWdWblAwdHNKWE9YVGo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy82MjdkNGEtMWUwNy00ZTBjLTg5ZmQt
ZmNhMjQ1MzQzNGM5LzEvWE5PbnJOd0Nia0stZldsZ1ZGbWxoNHFxSkhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy82MjdkNGEtMWUwNy00ZTBjLTg5ZmQtZmNhMjQ1MzQzNGM5
LzEvOTRiQ2RfYktnSXI5eWdWblAwdHNKWE9YVGo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeARk
MA0GCSqGSIb3DQEBCwUAA4IBAQBB+Xo/Ystu7fUaXs5Wr2lsY4A814pM2h65WF1Y
b+h5duSeGTFoi3xIHk+iyeUfS1c7o7KrlkkeREt39qzh6SnAkmHsNvtvm86DTQjf
G01zkKPViWhm5PeiZyIxJVXQcyK6fr2d2K/EFe15Qs1EHS8e+s5QAUL7Cb6tYbUC
pf8usXA3ciZP9j1av/mJjJYZocfLxT9279jl7o2WYG2ACgmUW9vnLT1mlEyCmqko
LYRMdqeqMrwSVdl5TvSavNZ3ADR+vo/iaK57iLQDGWYHpvkn4dUbcpsJcOcMMara
jJ2DUyErPE8XDJxpE2W0nkokM8i0+1eg8aeQPPmZuSS3+an8
-----END CERTIFICATE-----