Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/9KuTUwuYY8EW7s3-S2mLG4TE9LU.roa
File:                     9KuTUwuYY8EW7s3-S2mLG4TE9LU.roa (raw, json)
Hash identifier:          chsECT7Pns91FQ7cIeyINwZMYtxmSgRPck7DCz2HjTA=
Subject key identifier:   F4:AB:93:53:0B:98:63:C1:16:EE:CD:FE:4B:69:8B:1B:84:C4:F4:B5
Certificate issuer:       /CN=c3d7cb333c50ff2126e26f22ecb791cf6fd95c21
Certificate serial:       018CC4245CA80F8D3051322D5BDF1FDA9649
Authority key identifier: C3:D7:CB:33:3C:50:FF:21:26:E2:6F:22:EC:B7:91:CF:6F:D9:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/9KuTUwuYY8EW7s3-S2mLG4TE9LU.roa
Signing time:             Mon 01 Jan 2024 08:29:26 +0000
ROA not before:           Mon 01 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211640
IP address blocks:        2001:678:f3c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 15:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5c:a8:0f:8d:30:51:32:2d:5b:df:1f:da:96:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3d7cb333c50ff2126e26f22ecb791cf6fd95c21
        Validity
            Not Before: Jan  1 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4ab93530b9863c116eecdfe4b698b1b84c4f4b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c0:24:88:bb:09:b6:36:76:40:8e:65:ae:c6:
                    65:46:47:16:35:62:a5:e4:2b:79:c5:e7:b9:26:6f:
                    fd:78:e7:61:5d:c9:49:b5:fb:88:df:4a:9c:a9:09:
                    ba:af:4c:33:49:9d:3d:45:2f:ec:a1:30:b6:95:a9:
                    71:44:0d:17:ed:f1:e7:c3:01:47:8f:c1:bb:5b:5e:
                    f2:b6:d3:2f:89:68:2d:83:35:c1:d5:0c:48:45:0c:
                    1f:17:dc:d3:cd:a0:23:53:b8:a1:f7:fc:c9:23:31:
                    44:a9:ce:e4:f6:3d:69:2a:12:a4:cc:25:12:8b:21:
                    87:ab:2c:95:e5:87:ed:07:f8:1e:4c:21:8c:b7:7a:
                    8f:65:0b:de:e5:42:d3:ec:50:bb:cd:16:c5:99:e3:
                    66:a8:6f:52:e9:04:0e:95:af:6c:d7:57:f4:a3:d8:
                    e8:3b:c6:f1:08:09:a5:13:8a:6e:b5:de:f8:2d:86:
                    3e:dc:a6:0e:3b:1a:38:2f:a6:6f:9e:ba:0f:06:02:
                    46:83:99:39:ff:ae:95:91:32:96:39:a8:33:20:50:
                    88:e0:1e:d8:54:c4:5e:ca:ca:ec:7f:8f:14:e6:dd:
                    b2:4a:8e:d3:c2:b7:37:af:91:d1:14:2d:16:0e:59:
                    59:1c:0e:6e:60:ac:af:8c:b5:81:29:6d:3a:83:1b:
                    4c:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:AB:93:53:0B:98:63:C1:16:EE:CD:FE:4B:69:8B:1B:84:C4:F4:B5
            X509v3 Authority Key Identifier:
                keyid:C3:D7:CB:33:3C:50:FF:21:26:E2:6F:22:EC:B7:91:CF:6F:D9:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/9KuTUwuYY8EW7s3-S2mLG4TE9LU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f3c::/48

    Signature Algorithm: sha256WithRSAEncryption
         9f:55:fe:fa:dc:07:8f:49:d5:86:f2:48:7d:50:7a:3f:3d:b4:
         f2:df:39:f6:fc:fb:85:cd:43:e7:89:de:b1:7b:d0:c6:e1:be:
         79:f9:44:fe:3c:a8:8e:9f:36:43:4e:b0:31:ca:af:b6:c6:ff:
         b7:dc:2d:9f:c7:d0:85:3e:d9:38:1e:cc:ee:cf:52:21:26:e3:
         09:27:36:af:7d:48:50:84:52:fe:c8:da:2e:71:3f:67:88:b6:
         08:36:af:61:3e:7b:bc:2b:fd:15:f1:ea:be:7b:9a:38:3b:c0:
         b3:44:70:1d:c5:9a:38:28:16:ba:05:56:03:06:a9:1f:fb:4c:
         80:df:88:39:d7:4d:8f:ab:6b:5a:db:1e:10:76:3e:3b:3f:e5:
         55:54:dc:93:fa:5a:11:1f:01:e7:d0:70:51:0d:ec:53:20:11:
         17:40:f8:93:6c:24:3c:94:f0:5b:ef:ed:2a:15:6e:4d:92:8f:
         4c:60:35:a6:8e:9e:52:0f:42:59:74:5e:8d:7f:97:8f:03:81:
         ce:b9:ce:69:f0:11:de:87:3b:c6:1a:26:ec:16:fd:2d:0c:0d:
         6d:d7:8e:a7:47:e5:9e:f5:b3:be:33:d0:6e:a8:07:b8:76:08:
         8d:56:e7:51:30:aa:32:be:fc:02:1c:fd:2f:81:09:4e:99:d8:
         ee:6d:0a:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJFyoD40wUTItW98f2pZJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzZDdjYjMzM2M1MGZmMjEyNmUyNmYyMmVjYjc5MWNmNmZk
OTVjMjEwHhcNMjQwMTAxMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGFiOTM1MzBiOTg2M2MxMTZlZWNkZmU0YjY5OGIxYjg0YzRmNGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8AkiLsJtjZ2QI5lrsZlRkcWNWKl
5Ct5xee5Jm/9eOdhXclJtfuI30qcqQm6r0wzSZ09RS/soTC2lalxRA0X7fHnwwFH
j8G7W17yttMviWgtgzXB1QxIRQwfF9zTzaAjU7ih9/zJIzFEqc7k9j1pKhKkzCUS
iyGHqyyV5YftB/geTCGMt3qPZQve5ULT7FC7zRbFmeNmqG9S6QQOla9s11f0o9jo
O8bxCAmlE4putd74LYY+3KYOOxo4L6ZvnroPBgJGg5k5/66VkTKWOagzIFCI4B7Y
VMReysrsf48U5t2ySo7Twrc3r5HRFC0WDllZHA5uYKyvjLWBKW06gxtMgQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPSrk1MLmGPBFu7N/ktpixuExPS1MB8GA1UdIwQY
MBaAFMPXyzM8UP8hJuJvIuy3kc9v2VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzlmTE16eFFfeUVtNG04aTdMZVJ6Ml9aWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS83N2Y1NjktNmE1ZC00MjU4LThkZTkt
MWYwOWM4YjZhMDhkLzEvOUt1VFV3dVlZOEVXN3MzLVMybUxHNFRFOUxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS83N2Y1NjktNmE1ZC00MjU4LThkZTktMWYwOWM4YjZhMDhk
LzEvdzlmTE16eFFfeUVtNG04aTdMZVJ6Ml9aWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA88
MA0GCSqGSIb3DQEBCwUAA4IBAQCfVf763AePSdWG8kh9UHo/PbTy3zn2/PuFzUPn
id6xe9DG4b55+UT+PKiOnzZDTrAxyq+2xv+33C2fx9CFPtk4Hszuz1IhJuMJJzav
fUhQhFL+yNoucT9niLYINq9hPnu8K/0V8eq+e5o4O8CzRHAdxZo4KBa6BVYDBqkf
+0yA34g5102Pq2ta2x4Qdj47P+VVVNyT+loRHwHn0HBRDexTIBEXQPiTbCQ8lPBb
7+0qFW5Nko9MYDWmjp5SD0JZdF6Nf5ePA4HOuc5p8BHehzvGGibsFv0tDA1t146n
R+We9bO+M9BuqAe4dgiNVudRMKoyvvwCHP0vgQlOmdjubQqW
-----END CERTIFICATE-----