Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/CtQpBf2QjtarivsDhYA7kQUivHA.roa
File:                     CtQpBf2QjtarivsDhYA7kQUivHA.roa (raw, json)
Hash identifier:          GirDtlfxsTI9vwUiIGup2lf+yaRXJD1PCLKWugVqJjw=
Subject key identifier:   0A:D4:29:05:FD:90:8E:D6:AB:8A:FB:03:85:80:3B:91:05:22:BC:70
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       018CC5DC0875430BE853F525BD0E5AC050E8
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/CtQpBf2QjtarivsDhYA7kQUivHA.roa
Signing time:             Mon 01 Jan 2024 16:29:40 +0000
ROA not before:           Mon 01 Jan 2024 16:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44592
IP address blocks:        2a05:b0c6:5c1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:08:75:43:0b:e8:53:f5:25:bd:0e:5a:c0:50:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Jan  1 16:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ad42905fd908ed6ab8afb0385803b910522bc70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:65:11:86:af:0e:37:59:0f:6d:47:01:b8:7b:
                    58:4e:ca:0f:da:c7:66:b1:7b:45:16:16:e1:ee:b5:
                    75:90:c7:a8:3b:fc:5b:eb:cc:e7:65:81:d9:38:4d:
                    52:c5:4d:90:6c:a5:3d:95:78:7c:31:50:f9:8e:04:
                    43:fb:3b:f8:e8:2f:13:ed:04:c9:57:81:6f:92:84:
                    a3:82:6c:9b:47:83:5d:d2:f7:b5:e5:1f:2a:64:db:
                    1e:65:7c:c3:24:a7:6a:5f:ab:92:37:bd:62:75:4f:
                    92:21:dd:77:b0:1b:00:c6:fc:59:dd:19:47:4e:d9:
                    cb:31:ad:bf:07:16:a8:42:72:0f:01:53:78:5a:f7:
                    51:de:74:85:3c:e2:42:2a:47:63:1b:81:66:13:fc:
                    cb:bf:63:d5:b9:72:cd:c9:f1:f1:34:94:c9:fc:73:
                    ec:40:22:02:2d:6f:a1:57:15:c7:8c:ba:e3:b2:ab:
                    f9:7a:ef:95:9b:24:1a:45:b3:a3:62:a2:a6:c4:d0:
                    25:a5:93:dc:90:d3:60:a1:17:2b:01:ab:e6:95:c5:
                    bd:3f:4e:1f:12:ff:92:fc:e4:82:76:a8:6d:39:42:
                    8d:b4:6f:51:9c:f3:a0:7d:c3:b7:04:b1:64:02:e2:
                    25:7c:48:4f:b4:2c:3f:c1:1d:b7:52:8e:ed:d9:54:
                    08:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:D4:29:05:FD:90:8E:D6:AB:8A:FB:03:85:80:3B:91:05:22:BC:70
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/CtQpBf2QjtarivsDhYA7kQUivHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b0c6:5c1::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:dc:7b:c0:fe:2b:73:96:d1:d2:78:e9:4b:e6:da:db:1b:1e:
         08:ce:0a:31:78:e7:23:9e:26:a3:3d:31:be:6d:28:a0:cd:21:
         de:a5:e6:cf:43:a5:3d:f7:b8:3e:d3:32:12:3c:5a:ae:bd:de:
         9e:a0:c1:6d:42:33:bd:2b:2b:d3:6d:08:7f:e0:9d:e2:9b:11:
         d3:cb:14:ea:c0:2c:98:0f:72:34:00:e0:a8:fa:bc:22:31:03:
         97:96:49:fe:db:69:24:df:a2:f6:b8:f2:b2:32:f1:b8:83:a7:
         19:8f:21:a6:2e:40:ee:0d:48:e2:34:85:a8:6a:41:7b:ab:e3:
         bd:a8:d9:a4:ee:42:c2:8c:97:7e:12:fc:1d:d5:54:98:57:90:
         3f:e6:0e:c8:64:88:f9:35:8d:53:2e:cd:f3:19:00:62:40:a5:
         8d:c0:53:90:f0:74:8c:ff:f7:98:55:97:1e:c7:83:b1:5a:7a:
         8e:4f:7e:c5:99:b0:55:ef:32:2e:f9:ee:c1:de:20:10:9d:3b:
         9b:54:68:f7:0b:94:5f:19:a2:7f:19:0b:4b:0e:4f:7e:93:3a:
         aa:67:49:a5:42:82:27:fc:be:ea:5a:ac:3b:84:1e:a0:cd:f5:
         99:19:68:ad:12:b2:20:7c:96:5b:8d:ef:35:1a:f3:e7:4f:2b:
         94:12:8f:15
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3Ah1QwvoU/UlvQ5awFDoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjQwMTAxMTYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWQ0MjkwNWZkOTA4ZWQ2YWI4YWZiMDM4NTgwM2I5MTA1MjJiYzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmURhq8ON1kPbUcBuHtYTsoP2sdm
sXtFFhbh7rV1kMeoO/xb68znZYHZOE1SxU2QbKU9lXh8MVD5jgRD+zv46C8T7QTJ
V4FvkoSjgmybR4Nd0ve15R8qZNseZXzDJKdqX6uSN71idU+SId13sBsAxvxZ3RlH
TtnLMa2/BxaoQnIPAVN4WvdR3nSFPOJCKkdjG4FmE/zLv2PVuXLNyfHxNJTJ/HPs
QCICLW+hVxXHjLrjsqv5eu+VmyQaRbOjYqKmxNAlpZPckNNgoRcrAavmlcW9P04f
Ev+S/OSCdqhtOUKNtG9RnPOgfcO3BLFkAuIlfEhPtCw/wR23Uo7t2VQIzQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFArUKQX9kI7Wq4r7A4WAO5EFIrxwMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvQ3RRcEJmMlFqdGFyaXZzRGhZQTdrUVVpdkhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWwxgXB
MA0GCSqGSIb3DQEBCwUAA4IBAQCR3HvA/itzltHSeOlL5trbGx4IzgoxeOcjniaj
PTG+bSigzSHepebPQ6U997g+0zISPFquvd6eoMFtQjO9KyvTbQh/4J3imxHTyxTq
wCyYD3I0AOCo+rwiMQOXlkn+22kk36L2uPKyMvG4g6cZjyGmLkDuDUjiNIWoakF7
q+O9qNmk7kLCjJd+Evwd1VSYV5A/5g7IZIj5NY1TLs3zGQBiQKWNwFOQ8HSM//eY
VZcex4OxWnqOT37FmbBV7zIu+e7B3iAQnTubVGj3C5RfGaJ/GQtLDk9+kzqqZ0ml
QoIn/L7qWqw7hB6gzfWZGWitErIgfJZbje81GvPnTyuUEo8V
-----END CERTIFICATE-----