Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/PdTq_d240Q4b9VyA91GZrXLlEcs.roa
File:                     PdTq_d240Q4b9VyA91GZrXLlEcs.roa (raw, json)
Hash identifier:          68SijHWZs8juRq8uxp9wk3VCWe/NX12WeC2JWmndbB8=
Subject key identifier:   3D:D4:EA:FD:DD:B8:D1:0E:1B:F5:5C:80:F7:51:99:AD:72:E5:11:CB
Certificate issuer:       /CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
Certificate serial:       018D9E9773D817B3100149778D1797D14A1C
Authority key identifier: 87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/PdTq_d240Q4b9VyA91GZrXLlEcs.roa
Signing time:             Mon 12 Feb 2024 18:32:22 +0000
ROA not before:           Mon 12 Feb 2024 18:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2a00:4080::/29 maxlen: 29
                          2a04:1bc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9e:97:73:d8:17:b3:10:01:49:77:8d:17:97:d1:4a:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
        Validity
            Not Before: Feb 12 18:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3dd4eafdddb8d10e1bf55c80f75199ad72e511cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:00:15:7a:bb:93:6e:ba:33:52:44:81:d1:7a:
                    1a:d0:bb:2a:20:12:72:a8:89:7b:60:87:ca:7a:17:
                    78:13:03:11:0c:af:ba:5e:09:94:59:80:3a:73:d4:
                    8b:20:c1:7b:ae:1a:c7:be:52:dd:b1:12:27:2c:e8:
                    77:96:76:f3:06:3f:0b:1a:f9:cb:76:bd:18:5a:eb:
                    da:5f:0f:73:76:92:f8:48:4b:65:2c:c5:16:b3:61:
                    1c:2f:55:fe:1f:55:73:0d:eb:e4:d9:f3:77:c0:7f:
                    c5:c6:6e:dd:aa:e5:73:be:b7:b5:34:a2:7b:5e:9b:
                    23:a8:e6:b3:83:d6:1f:d7:1a:8b:94:32:a5:9b:5a:
                    a2:fc:7a:c9:b0:98:c2:70:30:d1:2d:43:3d:df:37:
                    2f:af:8b:3d:73:4a:af:10:72:61:ba:9e:34:f8:d8:
                    5c:9e:2f:69:ed:e6:41:2e:34:8b:2b:7b:66:9d:0f:
                    a6:24:74:9b:d5:07:f6:77:85:6f:12:1a:c7:40:b9:
                    e6:7d:5d:2b:c4:c6:a4:8d:6b:53:3d:10:13:ee:86:
                    ff:64:e2:f0:79:7d:cf:fb:88:f3:0b:f7:5b:27:62:
                    52:60:18:d3:e8:28:61:c4:6d:0a:a6:54:41:58:8f:
                    28:dd:00:26:b1:66:62:5c:cc:92:cb:65:96:5d:55:
                    fb:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:D4:EA:FD:DD:B8:D1:0E:1B:F5:5C:80:F7:51:99:AD:72:E5:11:CB
            X509v3 Authority Key Identifier:
                keyid:87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/PdTq_d240Q4b9VyA91GZrXLlEcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:4080::/29
                  2a04:1bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         96:5c:4c:3e:bd:03:b0:8d:79:d4:c8:31:6e:f0:2c:64:a6:6c:
         34:94:b4:56:31:f8:ce:16:ec:7f:54:6c:35:23:cb:be:31:18:
         f9:2d:e2:eb:e7:f7:e9:ac:26:5b:a8:82:43:bf:e9:3f:37:90:
         e0:5d:c1:a9:e1:4a:5f:d6:51:44:ce:af:90:bd:50:62:7f:5e:
         9c:e3:d8:9a:fa:80:a7:ac:1f:91:8a:f7:6e:4d:b3:ff:08:75:
         88:0a:af:85:44:02:65:6f:7d:6f:72:10:67:bd:bc:b0:a8:4c:
         c2:b8:70:e7:b9:5e:1b:1f:1a:53:0e:b5:05:0d:cb:39:eb:cc:
         bc:13:14:29:ca:34:2e:58:73:7a:b5:aa:1b:4b:fb:92:ac:26:
         65:60:0f:a8:2f:5a:4f:24:e1:a8:77:c8:62:38:c3:0c:34:da:
         d3:e6:ff:2e:2f:4d:58:d6:db:4f:e3:19:42:07:dd:23:5c:b9:
         cb:9a:ab:d4:3b:bd:dd:7a:14:9c:c5:9e:d6:81:b2:a3:49:5b:
         68:b6:61:70:ca:ea:84:6d:e9:58:74:d1:93:47:61:0f:96:8f:
         cb:90:d1:6e:01:0c:95:5c:8d:f8:a8:58:9c:8c:37:53:91:d5:
         eb:99:23:f5:9e:c6:af:38:75:8b:b5:e2:ae:09:fc:61:79:9a:
         a3:3d:53:b3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY2el3PYF7MQAUl3jReX0UocMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NzhhZDgxNjhlMDljZjkyZDRlMDQ5ODI1N2Y4ZTljZWFi
ZjA2OTIwHhcNMjQwMjEyMTgzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGQ0ZWFmZGRkYjhkMTBlMWJmNTVjODBmNzUxOTlhZDcyZTUxMWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkAAVeruTbrozUkSB0Xoa0LsqIBJy
qIl7YIfKehd4EwMRDK+6XgmUWYA6c9SLIMF7rhrHvlLdsRInLOh3lnbzBj8LGvnL
dr0YWuvaXw9zdpL4SEtlLMUWs2EcL1X+H1VzDevk2fN3wH/Fxm7dquVzvre1NKJ7
XpsjqOazg9Yf1xqLlDKlm1qi/HrJsJjCcDDRLUM93zcvr4s9c0qvEHJhup40+Nhc
ni9p7eZBLjSLK3tmnQ+mJHSb1Qf2d4VvEhrHQLnmfV0rxMakjWtTPRAT7ob/ZOLw
eX3P+4jzC/dbJ2JSYBjT6ChhxG0KplRBWI8o3QAmsWZiXMySy2WWXVX7OwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFD3U6v3duNEOG/VcgPdRma1y5RHLMB8GA1UdIwQY
MBaAFId4rYFo4Jz5LU4EmCV/jpzqvwaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAt
YWE5ZDY5MTgxMWU3LzEvUGRUcV9kMjQwUTRiOVZ5QTkxR1pyWExsRWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAtYWE5ZDY5MTgxMWU3
LzEvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgBAgAMF
AyoEG8AwDQYJKoZIhvcNAQELBQADggEBAJZcTD69A7CNedTIMW7wLGSmbDSUtFYx
+M4W7H9UbDUjy74xGPkt4uvn9+msJluogkO/6T83kOBdwanhSl/WUUTOr5C9UGJ/
Xpzj2Jr6gKesH5GK925Ns/8IdYgKr4VEAmVvfW9yEGe9vLCoTMK4cOe5XhsfGlMO
tQUNyznrzLwTFCnKNC5Yc3q1qhtL+5KsJmVgD6gvWk8k4ah3yGI4www02tPm/y4v
TVjW20/jGUIH3SNcucuaq9Q7vd16FJzFntaBsqNJW2i2YXDK6oRt6Vh00ZNHYQ+W
j8uQ0W4BDJVcjfioWJyMN1OR1euZI/Wexq84dYu14q4J/GF5mqM9U7M=
-----END CERTIFICATE-----