Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/aa8e43-6df0-47ef-adc5-30bdd2fe05b1/1/4heLdJNsdjtJEdC40Xq874QpfOM.roa
File:                     4heLdJNsdjtJEdC40Xq874QpfOM.roa (raw, json)
Hash identifier:          D+TZ1sQ6s6nj8PiG0qxgMenI1Plj3aNRZSn7nme/PLc=
Subject key identifier:   E2:17:8B:74:93:6C:76:3B:49:11:D0:B8:D1:7A:BC:EF:84:29:7C:E3
Certificate issuer:       /CN=a82207fd50c45e96f2825ec772cf6b8dea3dfcb0
Certificate serial:       018E31C68CDECF527A0EAAC2ECFECC17457A
Authority key identifier: A8:22:07:FD:50:C4:5E:96:F2:82:5E:C7:72:CF:6B:8D:EA:3D:FC:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qCIH_VDEXpbygl7Hcs9rjeo9_LA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/aa8e43-6df0-47ef-adc5-30bdd2fe05b1/1/4heLdJNsdjtJEdC40Xq874QpfOM.roa
Signing time:             Tue 12 Mar 2024 08:27:59 +0000
ROA not before:           Tue 12 Mar 2024 08:27:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207886
IP address blocks:        2001:678:b70::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/aa8e43-6df0-47ef-adc5-30bdd2fe05b1/1/qCIH_VDEXpbygl7Hcs9rjeo9_LA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/aa8e43-6df0-47ef-adc5-30bdd2fe05b1/1/qCIH_VDEXpbygl7Hcs9rjeo9_LA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qCIH_VDEXpbygl7Hcs9rjeo9_LA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:31:c6:8c:de:cf:52:7a:0e:aa:c2:ec:fe:cc:17:45:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a82207fd50c45e96f2825ec772cf6b8dea3dfcb0
        Validity
            Not Before: Mar 12 08:27:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2178b74936c763b4911d0b8d17abcef84297ce3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:31:74:48:0d:02:c7:50:3a:5f:ad:62:3f:7b:
                    ef:68:24:02:57:54:f0:ce:04:2b:4a:24:ae:2d:2f:
                    1a:44:8e:fe:68:c6:02:3d:3e:35:a3:ae:d9:12:bc:
                    ae:ba:21:dc:7b:5c:02:6a:26:fd:7d:e3:24:7a:f4:
                    7a:0c:9d:4a:0f:e0:5c:0b:b5:3b:c0:07:97:d8:c6:
                    f4:15:6b:cb:a4:f9:e0:cd:d2:f5:fc:a7:7a:15:a7:
                    e3:6c:fe:c3:58:f7:ab:31:89:8f:c2:3e:68:bc:6e:
                    84:98:b1:0a:46:7a:d2:ff:28:c8:5d:28:ec:6c:01:
                    05:4b:91:40:47:e3:41:d7:a8:e2:03:d6:29:5e:d1:
                    cc:48:b1:57:71:28:83:5a:7a:58:ab:b2:b2:bd:6b:
                    14:7e:90:bc:bc:1c:1a:bc:80:d5:52:e4:9d:e7:74:
                    e6:65:e7:cc:9f:5e:b0:d9:f5:64:56:17:b3:a1:eb:
                    17:03:86:cf:c9:47:d1:f4:e1:ba:6f:09:0c:5c:a0:
                    e9:11:27:b2:69:f2:54:49:d2:30:e6:f4:d0:69:54:
                    87:b2:20:41:03:47:a1:91:88:b4:12:79:d7:bd:1f:
                    43:b0:5f:1f:73:a7:19:f8:60:2e:7b:fd:ab:2b:ec:
                    ab:8e:7d:c1:e3:80:c3:fb:3f:ab:b8:51:81:b4:72:
                    5d:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:17:8B:74:93:6C:76:3B:49:11:D0:B8:D1:7A:BC:EF:84:29:7C:E3
            X509v3 Authority Key Identifier:
                keyid:A8:22:07:FD:50:C4:5E:96:F2:82:5E:C7:72:CF:6B:8D:EA:3D:FC:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qCIH_VDEXpbygl7Hcs9rjeo9_LA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/aa8e43-6df0-47ef-adc5-30bdd2fe05b1/1/4heLdJNsdjtJEdC40Xq874QpfOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/aa8e43-6df0-47ef-adc5-30bdd2fe05b1/1/qCIH_VDEXpbygl7Hcs9rjeo9_LA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:b70::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:9c:61:0d:d1:9a:72:ba:dc:fc:b2:ae:58:18:d9:52:e2:39:
         b6:37:c7:dc:94:84:18:ba:d2:ea:eb:a0:74:e5:77:ce:1d:47:
         ac:b9:46:cb:80:18:7d:cc:1f:b3:a6:6a:b8:3d:75:11:74:43:
         07:a9:36:b7:32:97:35:6b:86:53:cc:88:39:47:f4:62:90:a2:
         0a:1e:34:c3:24:9d:ff:4e:e9:d8:73:de:9e:81:4f:da:4c:70:
         fc:68:61:a3:46:07:29:ae:0b:9e:d1:9b:64:96:50:f6:d5:f8:
         c5:d7:b2:56:72:9f:55:60:67:fc:d6:a4:a1:9e:c1:a0:55:3f:
         e3:41:82:b2:9f:7c:dd:f8:60:34:d3:ea:87:7b:12:61:a4:a5:
         3f:79:e8:3b:a3:e6:92:26:16:db:4b:54:78:cd:81:2e:2a:93:
         e2:53:4b:91:74:5c:b6:9a:5f:64:fb:a6:1e:de:1c:60:31:65:
         75:e2:d9:66:3e:19:b6:46:29:4a:2d:91:fd:b7:73:bc:8e:4e:
         cd:db:e3:2a:2c:2d:16:1b:53:49:9e:34:8a:e0:ca:a0:ca:0e:
         50:53:b0:50:db:14:7f:8c:d6:ea:86:e0:db:b0:a0:7a:37:1a:
         de:6c:6a:05:fa:6c:3d:a6:29:bc:25:48:cd:21:73:09:4d:a8:
         87:66:f3:a3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY4xxozez1J6DqrC7P7MF0V6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MjIwN2ZkNTBjNDVlOTZmMjgyNWVjNzcyY2Y2YjhkZWEz
ZGZjYjAwHhcNMjQwMzEyMDgyNzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjE3OGI3NDkzNmM3NjNiNDkxMWQwYjhkMTdhYmNlZjg0Mjk3Y2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzF0SA0Cx1A6X61iP3vvaCQCV1Tw
zgQrSiSuLS8aRI7+aMYCPT41o67ZEryuuiHce1wCaib9feMkevR6DJ1KD+BcC7U7
wAeX2Mb0FWvLpPngzdL1/Kd6FafjbP7DWPerMYmPwj5ovG6EmLEKRnrS/yjIXSjs
bAEFS5FAR+NB16jiA9YpXtHMSLFXcSiDWnpYq7KyvWsUfpC8vBwavIDVUuSd53Tm
ZefMn16w2fVkVhezoesXA4bPyUfR9OG6bwkMXKDpESeyafJUSdIw5vTQaVSHsiBB
A0ehkYi0EnnXvR9DsF8fc6cZ+GAue/2rK+yrjn3B44DD+z+ruFGBtHJdqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOIXi3STbHY7SRHQuNF6vO+EKXzjMB8GA1UdIwQY
MBaAFKgiB/1QxF6W8oJex3LPa43qPfywMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUNJSF9WREVYcGJ5Z2w3SGNzOXJqZW85X0xBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYThlNDMtNmRmMC00N2VmLWFkYzUt
MzBiZGQyZmUwNWIxLzEvNGhlTGRKTnNkanRKRWRDNDBYcTg3NFFwZk9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYThlNDMtNmRmMC00N2VmLWFkYzUtMzBiZGQyZmUwNWIx
LzEvcUNJSF9WREVYcGJ5Z2w3SGNzOXJqZW85X0xBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAtw
MA0GCSqGSIb3DQEBCwUAA4IBAQAznGEN0Zpyutz8sq5YGNlS4jm2N8fclIQYutLq
66B05XfOHUesuUbLgBh9zB+zpmq4PXURdEMHqTa3Mpc1a4ZTzIg5R/RikKIKHjTD
JJ3/TunYc96egU/aTHD8aGGjRgcprgue0ZtkllD21fjF17JWcp9VYGf81qShnsGg
VT/jQYKyn3zd+GA00+qHexJhpKU/eeg7o+aSJhbbS1R4zYEuKpPiU0uRdFy2ml9k
+6Ye3hxgMWV14tlmPhm2RilKLZH9t3O8jk7N2+MqLC0WG1NJnjSK4Mqgyg5QU7BQ
2xR/jNbqhuDbsKB6NxrebGoF+mw9pim8JUjNIXMJTaiHZvOj
-----END CERTIFICATE-----