Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/bc57ff-ab1b-4651-95b4-ddd7bf93d356/1/R0-c7ZP6u4ftsAQLCNEgegIrRtQ.roa
File:                     R0-c7ZP6u4ftsAQLCNEgegIrRtQ.roa (raw, json)
Hash identifier:          2IIObZWFyajij8oN1qglUD9v8iZ4xgW/4p6Ncte+sZc=
Subject key identifier:   47:4F:9C:ED:93:FA:BB:87:ED:B0:04:0B:08:D1:20:7A:02:2B:46:D4
Certificate issuer:       /CN=e73df155c87a590ac1e538544cf3356e4fc81748
Certificate serial:       018CC42510D1F3097B5421B8B4BF9A84FBB2
Authority key identifier: E7:3D:F1:55:C8:7A:59:0A:C1:E5:38:54:4C:F3:35:6E:4F:C8:17:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5z3xVch6WQrB5ThUTPM1bk_IF0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/bc57ff-ab1b-4651-95b4-ddd7bf93d356/1/R0-c7ZP6u4ftsAQLCNEgegIrRtQ.roa
Signing time:             Mon 01 Jan 2024 08:30:12 +0000
ROA not before:           Mon 01 Jan 2024 08:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206384
IP address blocks:        2001:678:ce0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/bc57ff-ab1b-4651-95b4-ddd7bf93d356/1/5z3xVch6WQrB5ThUTPM1bk_IF0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/bc57ff-ab1b-4651-95b4-ddd7bf93d356/1/5z3xVch6WQrB5ThUTPM1bk_IF0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5z3xVch6WQrB5ThUTPM1bk_IF0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:03:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:10:d1:f3:09:7b:54:21:b8:b4:bf:9a:84:fb:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e73df155c87a590ac1e538544cf3356e4fc81748
        Validity
            Not Before: Jan  1 08:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=474f9ced93fabb87edb0040b08d1207a022b46d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:32:f9:47:cf:32:62:89:7a:e7:dc:11:8c:b3:
                    4a:69:21:c5:3c:58:af:de:b8:c3:9b:f8:d6:54:2a:
                    6c:b5:47:32:4c:55:c5:d0:90:a8:4c:d0:c4:cd:28:
                    e6:d6:e6:02:59:ba:91:04:cd:e9:65:cd:69:64:5d:
                    c0:7a:54:fa:5a:2b:4e:fc:e0:22:da:e1:fe:9f:08:
                    f7:0f:6c:14:2b:84:75:15:8e:18:64:30:11:e5:6b:
                    82:09:00:3c:b8:0e:60:97:76:3b:b9:45:fc:ec:83:
                    da:f6:3a:f0:81:f3:52:84:22:cd:14:8b:cc:99:a3:
                    2b:90:17:f4:46:71:ae:1f:0e:86:96:ea:c5:ce:c9:
                    97:a0:6a:4b:f2:bf:57:8a:66:97:5a:9f:ba:5b:69:
                    2e:8b:10:be:d1:42:fb:6c:2f:40:f7:0d:40:71:7c:
                    c0:4a:bd:0f:be:2d:25:6e:54:34:4d:b9:77:94:e1:
                    6e:58:27:78:fb:04:eb:23:b9:19:bc:25:a6:96:5b:
                    ba:55:25:0f:64:dd:67:ef:bf:09:1a:50:10:d2:5a:
                    ee:69:74:39:6e:b3:68:1b:ff:35:3d:2e:51:a8:14:
                    c1:4c:6c:75:ab:1c:e1:94:a2:2d:4b:2e:23:33:d0:
                    8d:57:47:b1:8c:62:f8:38:cc:58:ed:d9:69:6e:eb:
                    36:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:4F:9C:ED:93:FA:BB:87:ED:B0:04:0B:08:D1:20:7A:02:2B:46:D4
            X509v3 Authority Key Identifier:
                keyid:E7:3D:F1:55:C8:7A:59:0A:C1:E5:38:54:4C:F3:35:6E:4F:C8:17:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5z3xVch6WQrB5ThUTPM1bk_IF0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/bc57ff-ab1b-4651-95b4-ddd7bf93d356/1/R0-c7ZP6u4ftsAQLCNEgegIrRtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/bc57ff-ab1b-4651-95b4-ddd7bf93d356/1/5z3xVch6WQrB5ThUTPM1bk_IF0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:ce0::/48

    Signature Algorithm: sha256WithRSAEncryption
         d0:ff:dd:5d:0d:47:25:d0:01:50:a4:03:b9:22:6c:fe:99:80:
         c0:57:06:81:5e:52:23:e0:e6:86:7a:64:18:e3:34:42:23:30:
         89:3d:cd:59:46:04:3d:20:4f:26:3d:39:a9:bd:3b:34:fe:fc:
         30:c5:f1:04:a9:8f:8f:e4:17:d8:86:d8:d7:73:9a:4b:f0:db:
         81:29:ba:5b:35:59:6d:d1:09:c3:6f:29:93:54:03:76:64:d9:
         62:cc:46:77:0b:52:5b:d5:7f:79:d8:60:b7:37:0f:6c:3a:20:
         6f:b7:19:8e:a6:cb:53:74:27:d4:a2:05:d0:9d:8d:f5:a3:3c:
         1c:0b:7a:a5:78:4d:d8:65:a6:2b:e5:aa:e3:cc:5c:02:e0:d3:
         73:f5:f9:d6:72:2e:1a:03:33:a5:6a:8b:25:b6:ae:87:95:f3:
         ae:6d:0c:02:08:61:ab:36:f9:6b:bf:c4:7b:d3:5e:a3:25:b8:
         9f:02:d7:c8:a3:5f:a8:32:fb:09:83:20:d2:bc:a7:bd:4b:0e:
         6b:05:d4:84:18:b3:fc:2c:81:37:19:9a:1c:ba:50:5e:09:79:
         83:10:c0:0c:4d:ee:dc:49:97:04:f0:ac:16:df:40:e7:9e:71:
         aa:a3:ae:1a:0f:f7:5a:5e:a7:b3:6d:77:a0:ca:0d:d1:49:42:
         59:20:9a:15
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJRDR8wl7VCG4tL+ahPuyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3M2RmMTU1Yzg3YTU5MGFjMWU1Mzg1NDRjZjMzNTZlNGZj
ODE3NDgwHhcNMjQwMTAxMDgzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzRmOWNlZDkzZmFiYjg3ZWRiMDA0MGIwOGQxMjA3YTAyMmI0NmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzL5R88yYol659wRjLNKaSHFPFiv
3rjDm/jWVCpstUcyTFXF0JCoTNDEzSjm1uYCWbqRBM3pZc1pZF3AelT6WitO/OAi
2uH+nwj3D2wUK4R1FY4YZDAR5WuCCQA8uA5gl3Y7uUX87IPa9jrwgfNShCLNFIvM
maMrkBf0RnGuHw6GlurFzsmXoGpL8r9XimaXWp+6W2kuixC+0UL7bC9A9w1AcXzA
Sr0Pvi0lblQ0Tbl3lOFuWCd4+wTrI7kZvCWmllu6VSUPZN1n778JGlAQ0lruaXQ5
brNoG/81PS5RqBTBTGx1qxzhlKItSy4jM9CNV0exjGL4OMxY7dlpbus2IwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEdPnO2T+ruH7bAECwjRIHoCK0bUMB8GA1UdIwQY
MBaAFOc98VXIelkKweU4VEzzNW5PyBdIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXozeFZjaDZXUXJCNVRoVVRQTTFia19JRjBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9iYzU3ZmYtYWIxYi00NjUxLTk1YjQt
ZGRkN2JmOTNkMzU2LzEvUjAtYzdaUDZ1NGZ0c0FRTENORWdlZ0lyUnRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9iYzU3ZmYtYWIxYi00NjUxLTk1YjQtZGRkN2JmOTNkMzU2
LzEvNXozeFZjaDZXUXJCNVRoVVRQTTFia19JRjBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAzg
MA0GCSqGSIb3DQEBCwUAA4IBAQDQ/91dDUcl0AFQpAO5Imz+mYDAVwaBXlIj4OaG
emQY4zRCIzCJPc1ZRgQ9IE8mPTmpvTs0/vwwxfEEqY+P5BfYhtjXc5pL8NuBKbpb
NVlt0QnDbymTVAN2ZNlizEZ3C1Jb1X952GC3Nw9sOiBvtxmOpstTdCfUogXQnY31
ozwcC3qleE3YZaYr5arjzFwC4NNz9fnWci4aAzOlaosltq6HlfOubQwCCGGrNvlr
v8R7016jJbifAtfIo1+oMvsJgyDSvKe9Sw5rBdSEGLP8LIE3GZoculBeCXmDEMAM
Te7cSZcE8KwW30DnnnGqo64aD/daXqezbXegyg3RSUJZIJoV
-----END CERTIFICATE-----