Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/0pZdrwiUbu96CHzscHdakkRwuPw.roa
File:                     0pZdrwiUbu96CHzscHdakkRwuPw.roa (raw, json)
Hash identifier:          5EJQWcCSWrqeeYPTfj8eMpVbPmALGYhAq0+GLxC5ySU=
Subject key identifier:   D2:96:5D:AF:08:94:6E:EF:7A:08:7C:EC:70:77:5A:92:44:70:B8:FC
Certificate issuer:       /CN=3545a7200164912041bb931efb1feac123b43a18
Certificate serial:       018CC9BB91F52D6B9405FFAF482944B9BF45
Authority key identifier: 35:45:A7:20:01:64:91:20:41:BB:93:1E:FB:1F:EA:C1:23:B4:3A:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/0pZdrwiUbu96CHzscHdakkRwuPw.roa
Signing time:             Tue 02 Jan 2024 10:32:42 +0000
ROA not before:           Tue 02 Jan 2024 10:32:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9186
IP address blocks:        2a09:58c0:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:91:f5:2d:6b:94:05:ff:af:48:29:44:b9:bf:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3545a7200164912041bb931efb1feac123b43a18
        Validity
            Not Before: Jan  2 10:32:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2965daf08946eef7a087cec70775a924470b8fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:7c:e7:6a:d5:68:57:8a:b3:6b:e4:6d:36:5a:
                    a5:4c:74:11:b4:81:e4:4e:82:16:90:82:85:ca:dc:
                    24:f0:40:6d:61:95:8a:df:37:b6:f3:7b:e3:dd:53:
                    b2:d3:cb:1d:ca:08:8d:93:25:59:c5:f7:d0:78:4f:
                    bd:7b:15:2e:79:17:ad:d6:0c:3a:7f:f2:0c:07:e8:
                    3c:a1:75:1f:bd:9a:67:8d:a7:d9:d9:b5:45:b6:61:
                    57:a3:d0:67:c0:64:23:3b:77:67:7a:fb:9d:98:aa:
                    d0:67:0c:29:45:90:4b:32:01:6a:39:e1:32:ca:9c:
                    ec:c9:3e:cf:6b:5b:8d:17:ca:71:1f:c9:90:84:d8:
                    c4:5c:ee:12:e7:45:56:7f:21:22:3f:ef:02:21:46:
                    9d:76:3e:69:90:af:e9:69:c8:78:1a:03:5c:ca:44:
                    03:a6:85:e4:3e:26:d3:12:29:c8:51:35:b5:d4:c3:
                    06:f3:fb:36:81:c0:b6:be:1c:d0:1f:64:f7:77:0d:
                    58:63:d8:be:54:ec:a5:c4:0c:df:08:9e:0a:18:c2:
                    a1:0c:f5:c4:8b:de:30:98:40:77:5c:b7:ba:9e:0f:
                    15:1f:50:3c:18:c8:4b:d9:d4:44:34:ce:65:5f:f2:
                    19:c1:9f:59:f4:fd:4c:c5:43:38:41:ef:d0:87:02:
                    90:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:96:5D:AF:08:94:6E:EF:7A:08:7C:EC:70:77:5A:92:44:70:B8:FC
            X509v3 Authority Key Identifier:
                keyid:35:45:A7:20:01:64:91:20:41:BB:93:1E:FB:1F:EA:C1:23:B4:3A:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/0pZdrwiUbu96CHzscHdakkRwuPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:58c0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:dd:7e:08:c3:39:57:0b:95:a2:a9:36:36:5e:a0:bb:15:21:
         ce:be:2d:d5:9a:9c:2f:04:d0:7a:22:a5:8c:c0:bd:8d:f9:80:
         db:81:b4:e8:8a:77:89:0c:d5:b1:5c:13:ac:8f:ad:9e:cc:26:
         9f:d4:8b:f2:e7:36:f5:3e:5b:f3:74:e7:41:f0:af:ef:d0:1f:
         cb:b0:e1:06:06:55:c4:cc:14:07:82:62:ac:cc:10:eb:83:24:
         38:05:9c:26:d9:d8:c1:78:19:7a:ea:39:13:5c:ca:39:d4:b9:
         11:f2:20:d9:c6:30:36:c8:bf:b0:ff:28:98:ce:c9:56:d2:a2:
         4d:1e:e1:60:4f:4a:34:12:0b:96:b9:a2:1b:a8:bb:68:56:0b:
         d2:1d:26:65:8d:1c:4e:2e:41:00:8d:ad:10:78:de:5a:37:45:
         62:69:c0:d3:5c:50:3a:27:38:9d:b6:e8:37:ae:07:7e:70:15:
         61:b2:6a:d7:4f:ac:ae:f5:4d:35:ec:8e:f3:a3:93:9b:93:3a:
         5a:9e:f0:4e:4a:59:81:2f:0b:46:33:b6:07:94:59:bc:7a:e3:
         f6:c6:99:8c:ee:38:44:a3:be:d9:49:e9:b2:7b:45:6d:92:0d:
         f3:0e:21:23:f3:24:e4:62:83:de:e2:7b:b9:1d:de:4e:ec:52:
         42:3e:c5:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJu5H1LWuUBf+vSClEub9FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NDVhNzIwMDE2NDkxMjA0MWJiOTMxZWZiMWZlYWMxMjNi
NDNhMTgwHhcNMjQwMTAyMTAzMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjk2NWRhZjA4OTQ2ZWVmN2EwODdjZWM3MDc3NWE5MjQ0NzBiOGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3znatVoV4qza+RtNlqlTHQRtIHk
ToIWkIKFytwk8EBtYZWK3ze283vj3VOy08sdygiNkyVZxffQeE+9exUueRet1gw6
f/IMB+g8oXUfvZpnjafZ2bVFtmFXo9BnwGQjO3dnevudmKrQZwwpRZBLMgFqOeEy
ypzsyT7Pa1uNF8pxH8mQhNjEXO4S50VWfyEiP+8CIUaddj5pkK/pach4GgNcykQD
poXkPibTEinIUTW11MMG8/s2gcC2vhzQH2T3dw1YY9i+VOylxAzfCJ4KGMKhDPXE
i94wmEB3XLe6ng8VH1A8GMhL2dRENM5lX/IZwZ9Z9P1MxUM4Qe/QhwKQfwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNKWXa8IlG7vegh87HB3WpJEcLj8MB8GA1UdIwQY
MBaAFDVFpyABZJEgQbuTHvsf6sEjtDoYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlVXbklBRmtrU0JCdTVNZS14X3F3U08wT2hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy81OWM0YjgtODdmNC00ZjJmLWE0NDkt
YWFiYjA2MmU0MGRiLzEvMHBaZHJ3aVVidTk2Q0h6c2NIZGFra1J3dVB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy81OWM0YjgtODdmNC00ZjJmLWE0NDktYWFiYjA2MmU0MGRi
LzEvTlVXbklBRmtrU0JCdTVNZS14X3F3U08wT2hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKglYwAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQB93X4IwzlXC5WiqTY2XqC7FSHOvi3VmpwvBNB6
IqWMwL2N+YDbgbToineJDNWxXBOsj62ezCaf1Ivy5zb1PlvzdOdB8K/v0B/LsOEG
BlXEzBQHgmKszBDrgyQ4BZwm2djBeBl66jkTXMo51LkR8iDZxjA2yL+w/yiYzslW
0qJNHuFgT0o0EguWuaIbqLtoVgvSHSZljRxOLkEAja0QeN5aN0ViacDTXFA6Jzid
tug3rgd+cBVhsmrXT6yu9U017I7zo5ObkzpanvBOSlmBLwtGM7YHlFm8euP2xpmM
7jhEo77ZSemye0Vtkg3zDiEj8yTkYoPe4nu5Hd5O7FJCPsWb
-----END CERTIFICATE-----