Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/Ruy-Y3NwLq7r7y8_DRf89h24aRQ.roa
File:                     Ruy-Y3NwLq7r7y8_DRf89h24aRQ.roa (raw, json)
Hash identifier:          PHCzXjhr7s7ei0XC4RaUEdF5TXQLtmbP55bOAjYaVKU=
Subject key identifier:   46:EC:BE:63:73:70:2E:AE:EB:EF:2F:3F:0D:17:FC:F6:1D:B8:69:14
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       019160F1784A644FD698D89E2377DFFE9480
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/Ruy-Y3NwLq7r7y8_DRf89h24aRQ.roa
Signing time:             Sat 17 Aug 2024 15:25:23 +0000
ROA not before:           Sat 17 Aug 2024 15:25:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400818
IP address blocks:        2a05:b0c7:1800::/39 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Nov 2024 14:00:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:60:f1:78:4a:64:4f:d6:98:d8:9e:23:77:df:fe:94:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Aug 17 15:25:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46ecbe6373702eaeebef2f3f0d17fcf61db86914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c6:a5:54:95:ea:6c:4c:8b:a1:db:c6:87:3e:
                    6c:5c:3b:35:38:7d:36:d8:09:58:c6:e5:eb:7f:e1:
                    72:3c:de:b1:a4:00:94:d7:ec:a0:7e:7c:ee:e0:82:
                    d9:71:c6:23:d5:75:24:cf:ab:84:6f:f0:7c:c4:c1:
                    cc:04:a3:ad:ec:ff:76:64:42:e3:4b:9a:55:d7:3e:
                    34:93:29:2f:64:02:e8:f6:f5:f2:d4:6f:62:7e:ee:
                    27:1b:6f:39:cd:75:2e:69:63:25:b8:01:84:0f:73:
                    9f:eb:a7:61:2b:7b:08:22:d6:d2:80:c8:c9:63:ad:
                    5e:27:63:67:60:2e:b9:e4:18:14:ec:22:3e:71:21:
                    9b:78:24:59:25:47:e4:27:9d:83:85:8f:7a:52:0b:
                    2c:3f:21:d1:f4:15:82:42:79:9d:60:2c:89:aa:1a:
                    8d:14:5e:0e:1b:63:91:3c:37:c7:20:b0:42:2d:9a:
                    49:0f:5b:49:90:ba:31:8c:19:61:e7:e7:00:0d:1a:
                    fa:b3:70:38:f7:65:10:55:e2:55:6e:72:b2:88:15:
                    79:68:e2:e3:59:eb:f5:f8:48:14:ad:64:a1:fa:91:
                    59:ca:51:35:51:73:eb:c2:25:4c:9a:5b:47:c5:75:
                    73:1a:60:4e:7c:bb:13:6c:d4:dc:42:6a:5c:aa:14:
                    a4:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:EC:BE:63:73:70:2E:AE:EB:EF:2F:3F:0D:17:FC:F6:1D:B8:69:14
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/Ruy-Y3NwLq7r7y8_DRf89h24aRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b0c7:1800::/39

    Signature Algorithm: sha256WithRSAEncryption
         4f:12:93:13:7e:68:9b:7a:c6:24:09:fc:19:d4:56:1d:8f:c4:
         4a:27:b2:54:68:5d:5a:10:c5:df:d2:50:ad:2b:00:1d:f1:d3:
         88:d4:17:41:33:f6:27:c8:36:68:1b:ab:05:23:e4:02:a9:eb:
         81:6f:b5:a8:a3:8d:fa:dd:e9:16:a6:91:b7:00:4d:0a:8d:3a:
         e3:38:20:20:a4:01:0f:13:70:d3:8e:75:ec:09:e0:7d:30:ea:
         36:97:e9:a2:b3:23:c7:50:df:80:ae:7d:fa:da:6f:36:92:1d:
         df:2c:d9:d4:dd:10:6f:11:73:60:9b:49:7f:bc:61:87:5e:65:
         60:89:d3:1c:cb:7b:3b:b2:21:10:8d:ac:f9:bd:77:2b:1d:2d:
         0e:9a:f9:39:f5:fe:a7:fe:20:2e:6b:0b:e4:6a:d6:85:28:f3:
         66:d3:9e:c0:03:dc:2d:53:7f:bb:22:36:c3:98:9f:d3:8d:9e:
         78:f0:7f:6c:68:f4:0c:92:ba:6e:69:6e:30:e6:f1:bc:f7:8f:
         46:99:b8:50:0f:df:f1:ec:e0:ae:55:3c:89:b6:14:5b:4e:37:
         f1:62:46:81:46:69:9b:5e:1d:3e:71:c1:b5:ee:2d:ff:af:a7:
         45:7f:35:dd:a1:f1:95:d9:8e:43:0f:53:be:99:97:64:2b:d2:
         01:59:5e:64
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZFg8XhKZE/WmNieI3ff/pSAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjQwODE3MTUyNTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmVjYmU2MzczNzAyZWFlZWJlZjJmM2YwZDE3ZmNmNjFkYjg2OTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMalVJXqbEyLodvGhz5sXDs1OH02
2AlYxuXrf+FyPN6xpACU1+ygfnzu4ILZccYj1XUkz6uEb/B8xMHMBKOt7P92ZELj
S5pV1z40kykvZALo9vXy1G9ifu4nG285zXUuaWMluAGED3Of66dhK3sIItbSgMjJ
Y61eJ2NnYC655BgU7CI+cSGbeCRZJUfkJ52DhY96UgssPyHR9BWCQnmdYCyJqhqN
FF4OG2ORPDfHILBCLZpJD1tJkLoxjBlh5+cADRr6s3A492UQVeJVbnKyiBV5aOLj
Wev1+EgUrWSh+pFZylE1UXPrwiVMmltHxXVzGmBOfLsTbNTcQmpcqhSk9wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEbsvmNzcC6u6+8vPw0X/PYduGkUMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvUnV5LVkzTndMcTdyN3k4X0RSZjg5aDI0YVJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYBKgWwxxgw
DQYJKoZIhvcNAQELBQADggEBAE8SkxN+aJt6xiQJ/BnUVh2PxEonslRoXVoQxd/S
UK0rAB3x04jUF0Ez9ifINmgbqwUj5AKp64Fvtaijjfrd6RamkbcATQqNOuM4ICCk
AQ8TcNOOdewJ4H0w6jaX6aKzI8dQ34CuffrabzaSHd8s2dTdEG8Rc2CbSX+8YYde
ZWCJ0xzLezuyIRCNrPm9dysdLQ6a+Tn1/qf+IC5rC+Rq1oUo82bTnsAD3C1Tf7si
NsOYn9ONnnjwf2xo9AySum5pbjDm8bz3j0aZuFAP3/Hs4K5VPIm2FFtON/FiRoFG
aZteHT5xwbXuLf+vp0V/Nd2h8ZXZjkMPU76Zl2Qr0gFZXmQ=
-----END CERTIFICATE-----