Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/KAHUhwuOgy0Pt2NoBITLl1tm_Rc.roa
File:                     KAHUhwuOgy0Pt2NoBITLl1tm_Rc.roa (raw, json)
Hash identifier:          9gfeq8gYHAsOLFTVtfZDHsh7XdlOwWRuuvynl2qCiSg=
Subject key identifier:   28:01:D4:87:0B:8E:83:2D:0F:B7:63:68:04:84:CB:97:5B:66:FD:17
Certificate issuer:       /CN=c3d7cb333c50ff2126e26f22ecb791cf6fd95c21
Certificate serial:       018E4E512794867B11804505AE619A6B0FD4
Authority key identifier: C3:D7:CB:33:3C:50:FF:21:26:E2:6F:22:EC:B7:91:CF:6F:D9:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/KAHUhwuOgy0Pt2NoBITLl1tm_Rc.roa
Signing time:             Sun 17 Mar 2024 21:28:45 +0000
ROA not before:           Sun 17 Mar 2024 21:28:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     17160
IP address blocks:        2001:678:f3c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:4e:51:27:94:86:7b:11:80:45:05:ae:61:9a:6b:0f:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3d7cb333c50ff2126e26f22ecb791cf6fd95c21
        Validity
            Not Before: Mar 17 21:28:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2801d4870b8e832d0fb763680484cb975b66fd17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c4:20:4f:80:ef:5d:4e:92:d6:04:50:37:79:
                    e4:99:25:87:f7:6a:b3:76:c4:82:1b:0e:b1:e2:fb:
                    44:bf:c4:96:7a:1a:38:dc:be:a4:e0:b2:e1:4a:a6:
                    c9:8f:36:6e:ac:f7:70:0d:b3:e7:86:d4:d2:ee:45:
                    ce:88:56:4d:0c:1a:92:8d:df:11:0e:8e:c3:4f:df:
                    19:49:f2:42:d0:f3:ca:89:a4:b7:61:0e:66:05:d7:
                    1d:c0:e8:3c:33:4a:67:51:2d:c2:57:48:2c:1a:1b:
                    2d:60:eb:c3:aa:7f:cc:03:38:a6:e7:de:2e:93:db:
                    7f:3d:9a:f3:75:6e:27:58:73:4b:fe:71:30:bf:e6:
                    39:6c:a4:c3:1c:46:ad:ac:46:01:7e:47:0e:1f:53:
                    5e:7b:e6:c5:a8:f2:21:a7:fd:87:93:bc:2f:5c:de:
                    81:ea:70:7c:d8:2e:c1:3d:0e:93:5b:34:cc:2d:e1:
                    15:73:9d:50:a6:62:8a:41:18:84:2c:44:b0:de:63:
                    84:c2:75:ba:bb:4b:6d:3e:23:15:eb:12:a5:26:b8:
                    89:3c:52:6f:01:79:3d:65:94:91:b1:b9:f8:ad:28:
                    a7:dc:e9:b0:9c:4e:c0:c5:21:b3:2f:cb:0d:e6:42:
                    71:bd:ea:72:da:ba:c4:59:86:b6:58:ff:84:fd:6e:
                    75:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:01:D4:87:0B:8E:83:2D:0F:B7:63:68:04:84:CB:97:5B:66:FD:17
            X509v3 Authority Key Identifier:
                keyid:C3:D7:CB:33:3C:50:FF:21:26:E2:6F:22:EC:B7:91:CF:6F:D9:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/KAHUhwuOgy0Pt2NoBITLl1tm_Rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f3c::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:7f:d2:5c:9a:ba:fd:a3:4a:44:d6:3d:90:fa:58:0e:55:7d:
         27:37:7d:6e:ee:4f:fd:01:83:f0:25:f2:be:3c:c6:b6:1d:a9:
         2f:02:0e:ce:07:94:de:99:35:3b:98:31:00:dc:4f:5b:08:e9:
         e4:7f:37:50:85:5a:46:44:96:8e:4a:64:d0:87:6c:00:35:6b:
         ec:9e:dd:39:45:0b:57:a4:6c:d7:40:70:e6:46:a9:20:e1:66:
         68:3b:ed:d5:6b:7d:23:44:68:b6:46:8c:e8:3e:2d:29:a6:58:
         b7:a8:f7:87:bb:d3:15:10:2f:ee:f9:d5:1c:09:23:a5:a3:5e:
         7a:99:af:47:55:e1:41:36:89:1e:27:1e:1f:dd:c3:4e:55:1d:
         04:1c:0f:17:5a:45:30:c4:aa:36:52:3d:5d:8b:53:ac:4b:d3:
         ba:e3:99:6b:46:d5:5c:ca:c2:22:30:33:58:20:d9:ee:8a:11:
         dd:f8:d8:e3:a0:61:5d:24:61:bd:60:71:28:87:30:5a:c4:dc:
         27:33:bf:fc:27:e2:ef:2f:6e:3b:ac:19:b8:10:95:b2:56:20:
         5e:de:e4:ab:45:45:10:d8:56:99:ec:6e:c6:25:92:e3:45:f6:
         5f:71:fc:67:9b:3a:75:f1:98:2e:df:0a:28:24:be:4b:fd:ee:
         aa:03:10:41
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY5OUSeUhnsRgEUFrmGaaw/UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzZDdjYjMzM2M1MGZmMjEyNmUyNmYyMmVjYjc5MWNmNmZk
OTVjMjEwHhcNMjQwMzE3MjEyODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODAxZDQ4NzBiOGU4MzJkMGZiNzYzNjgwNDg0Y2I5NzViNjZmZDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcQgT4DvXU6S1gRQN3nkmSWH92qz
dsSCGw6x4vtEv8SWeho43L6k4LLhSqbJjzZurPdwDbPnhtTS7kXOiFZNDBqSjd8R
Do7DT98ZSfJC0PPKiaS3YQ5mBdcdwOg8M0pnUS3CV0gsGhstYOvDqn/MAzim594u
k9t/PZrzdW4nWHNL/nEwv+Y5bKTDHEatrEYBfkcOH1Nee+bFqPIhp/2Hk7wvXN6B
6nB82C7BPQ6TWzTMLeEVc51QpmKKQRiELESw3mOEwnW6u0ttPiMV6xKlJriJPFJv
AXk9ZZSRsbn4rSin3OmwnE7AxSGzL8sN5kJxvepy2rrEWYa2WP+E/W51oQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCgB1IcLjoMtD7djaASEy5dbZv0XMB8GA1UdIwQY
MBaAFMPXyzM8UP8hJuJvIuy3kc9v2VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzlmTE16eFFfeUVtNG04aTdMZVJ6Ml9aWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS83N2Y1NjktNmE1ZC00MjU4LThkZTkt
MWYwOWM4YjZhMDhkLzEvS0FIVWh3dU9neTBQdDJOb0JJVExsMXRtX1JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS83N2Y1NjktNmE1ZC00MjU4LThkZTktMWYwOWM4YjZhMDhk
LzEvdzlmTE16eFFfeUVtNG04aTdMZVJ6Ml9aWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA88
MA0GCSqGSIb3DQEBCwUAA4IBAQCMf9Jcmrr9o0pE1j2Q+lgOVX0nN31u7k/9AYPw
JfK+PMa2HakvAg7OB5TemTU7mDEA3E9bCOnkfzdQhVpGRJaOSmTQh2wANWvsnt05
RQtXpGzXQHDmRqkg4WZoO+3Va30jRGi2RozoPi0ppli3qPeHu9MVEC/u+dUcCSOl
o156ma9HVeFBNokeJx4f3cNOVR0EHA8XWkUwxKo2Uj1di1OsS9O645lrRtVcysIi
MDNYINnuihHd+NjjoGFdJGG9YHEohzBaxNwnM7/8J+LvL247rBm4EJWyViBe3uSr
RUUQ2FaZ7G7GJZLjRfZfcfxnmzp18Zgu3wooJL5L/e6qAxBB
-----END CERTIFICATE-----