Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/3D7rJFyhnPBQv7KbLuLvgJxN48U.roa
File:                     3D7rJFyhnPBQv7KbLuLvgJxN48U.roa (raw, json)
Hash identifier:          eFSTwFQuCpY+9JuTu481CDzZ+JcTAWphQkHvsTWt1qU=
Subject key identifier:   DC:3E:EB:24:5C:A1:9C:F0:50:BF:B2:9B:2E:E2:EF:80:9C:4D:E3:C5
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       018CC5DCFB76ABBB16E5734E1286F75E5B6D
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/3D7rJFyhnPBQv7KbLuLvgJxN48U.roa
Signing time:             Mon 01 Jan 2024 16:30:43 +0000
ROA not before:           Mon 01 Jan 2024 16:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212360
IP address blocks:        2a0f:607:1054::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:fb:76:ab:bb:16:e5:73:4e:12:86:f7:5e:5b:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 16:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc3eeb245ca19cf050bfb29b2ee2ef809c4de3c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:61:cb:3d:7d:5c:0a:21:97:5e:ea:b1:68:40:
                    ff:b4:ca:55:93:ef:d1:e3:5b:13:e2:81:47:f1:09:
                    50:89:42:e8:6f:8d:85:1c:28:c1:cc:40:40:ba:0a:
                    fe:f4:0a:4f:79:27:b6:0d:d9:9a:00:fb:97:1e:69:
                    13:56:8b:63:e1:09:ba:d2:bb:3e:f2:b3:45:1f:7f:
                    93:27:af:e3:d5:be:e5:8b:d3:c6:f4:2c:6f:1d:7e:
                    7d:cb:ea:c0:18:ac:d6:20:6a:e9:ee:9c:04:82:61:
                    9e:c2:c0:51:d4:c5:88:05:08:26:16:87:02:2e:81:
                    b1:ff:fa:5b:57:19:1f:49:e4:7c:06:6b:1a:85:10:
                    88:88:6f:d7:9d:42:5d:b8:e0:a3:7d:65:77:71:b0:
                    0e:74:d4:e8:e6:66:77:12:1b:f0:ce:0e:c1:c6:98:
                    1c:b8:52:52:34:9b:48:2d:f1:bd:b7:c8:e7:cd:5a:
                    f4:ea:2f:b1:1d:e5:c9:1a:9b:61:c4:94:59:27:13:
                    87:af:1c:e0:61:52:c9:70:5b:4d:f0:ca:56:b1:16:
                    e8:cc:a0:74:a0:5b:88:bc:a9:c9:e9:75:cc:7e:34:
                    99:5b:17:aa:f2:58:17:df:1e:a3:f3:bb:a2:e5:cc:
                    13:47:10:cf:74:b0:82:50:2a:b1:5e:8d:7d:96:d0:
                    69:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:3E:EB:24:5C:A1:9C:F0:50:BF:B2:9B:2E:E2:EF:80:9C:4D:E3:C5
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/3D7rJFyhnPBQv7KbLuLvgJxN48U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1054::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:61:84:be:09:46:fb:a7:03:18:38:45:85:4f:f9:f5:ba:d2:
         46:83:2e:b0:fc:e9:c1:fb:2c:59:41:45:fd:c3:d1:1f:93:d2:
         8c:c0:cd:77:94:d7:d1:0b:7e:e8:0e:50:e2:f8:49:04:a3:ea:
         0f:e6:4b:c4:87:76:bc:e0:db:ef:4e:8b:e7:98:34:17:2f:ac:
         62:9d:38:7f:1e:45:40:71:61:d0:7e:88:6f:fb:e4:24:a0:b0:
         de:ea:15:37:83:cd:11:93:40:1e:14:ac:d9:75:a3:e3:ef:95:
         e6:05:93:ff:ad:f5:e4:55:4c:06:9c:4e:90:08:c2:b2:4a:93:
         78:af:8e:06:36:65:07:55:03:af:fc:a7:b3:85:60:76:89:08:
         95:5c:6a:8b:fd:89:04:18:c4:c7:2e:62:47:ee:88:e8:22:9b:
         29:79:d2:dd:85:88:7e:2b:dd:bb:86:90:94:6f:bf:98:64:15:
         8f:f8:f4:40:d3:ef:00:4c:9b:9d:f8:4c:a3:fd:06:c0:61:82:
         31:1b:d8:f8:71:63:53:7b:7d:b7:fc:a5:5f:aa:41:30:98:b1:
         5f:f7:80:83:c5:ab:77:03:3b:ec:4b:cb:28:ed:85:d3:bd:f0:
         90:8d:24:3d:88:73:fb:7e:e5:d2:5d:fe:d9:96:f0:3c:47:ff:
         8a:e7:36:7a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3Pt2q7sW5XNOEob3XlttMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjQwMTAxMTYzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzNlZWIyNDVjYTE5Y2YwNTBiZmIyOWIyZWUyZWY4MDljNGRlM2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGHLPX1cCiGXXuqxaED/tMpVk+/R
41sT4oFH8QlQiULob42FHCjBzEBAugr+9ApPeSe2DdmaAPuXHmkTVotj4Qm60rs+
8rNFH3+TJ6/j1b7li9PG9CxvHX59y+rAGKzWIGrp7pwEgmGewsBR1MWIBQgmFocC
LoGx//pbVxkfSeR8BmsahRCIiG/XnUJduOCjfWV3cbAOdNTo5mZ3Ehvwzg7Bxpgc
uFJSNJtILfG9t8jnzVr06i+xHeXJGpthxJRZJxOHrxzgYVLJcFtN8MpWsRbozKB0
oFuIvKnJ6XXMfjSZWxeq8lgX3x6j87ui5cwTRxDPdLCCUCqxXo19ltBp+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNw+6yRcoZzwUL+ymy7i74CcTePFMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvM0Q3ckpGeWhuUEJRdjdLYkx1THZnSnhONDhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg8GBxBU
MA0GCSqGSIb3DQEBCwUAA4IBAQCsYYS+CUb7pwMYOEWFT/n1utJGgy6w/OnB+yxZ
QUX9w9Efk9KMwM13lNfRC37oDlDi+EkEo+oP5kvEh3a84NvvTovnmDQXL6xinTh/
HkVAcWHQfohv++QkoLDe6hU3g80Rk0AeFKzZdaPj75XmBZP/rfXkVUwGnE6QCMKy
SpN4r44GNmUHVQOv/KezhWB2iQiVXGqL/YkEGMTHLmJH7ojoIpspedLdhYh+K927
hpCUb7+YZBWP+PRA0+8ATJud+Eyj/QbAYYIxG9j4cWNTe323/KVfqkEwmLFf94CD
xat3AzvsS8so7YXTvfCQjSQ9iHP7fuXSXf7ZlvA8R/+K5zZ6
-----END CERTIFICATE-----