Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/yd3RcCQj0qBdh16_l3V6BBufGTg.roa
File:                     yd3RcCQj0qBdh16_l3V6BBufGTg.roa (raw, json)
Hash identifier:          3NsqfeUQZ1n4u9Xbz83EcBmnAyuMCLmOL2Lv87WnAWM=
Subject key identifier:   C9:DD:D1:70:24:23:D2:A0:5D:87:5E:BF:97:75:7A:04:1B:9F:19:38
Certificate issuer:       /CN=a566d8337776c98746bd231e69e185db2a9a5be2
Certificate serial:       018CC34921EE93BB0BB6E434331430B3C3CD
Authority key identifier: A5:66:D8:33:77:76:C9:87:46:BD:23:1E:69:E1:85:DB:2A:9A:5B:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pWbYM3d2yYdGvSMeaeGF2yqaW-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/yd3RcCQj0qBdh16_l3V6BBufGTg.roa
Signing time:             Mon 01 Jan 2024 04:29:59 +0000
ROA not before:           Mon 01 Jan 2024 04:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208084
IP address blocks:        2a0e:3bc0:3::/48 maxlen: 48
                          2a0e:3bc0:4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/pWbYM3d2yYdGvSMeaeGF2yqaW-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/pWbYM3d2yYdGvSMeaeGF2yqaW-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pWbYM3d2yYdGvSMeaeGF2yqaW-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:21:ee:93:bb:0b:b6:e4:34:33:14:30:b3:c3:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a566d8337776c98746bd231e69e185db2a9a5be2
        Validity
            Not Before: Jan  1 04:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9ddd1702423d2a05d875ebf97757a041b9f1938
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:5c:41:4c:96:c0:91:30:df:19:cd:54:f9:59:
                    e7:4e:36:2e:fb:da:bf:34:45:d4:51:a9:47:4b:76:
                    11:7f:25:85:c5:29:34:37:60:40:25:f7:59:a5:43:
                    6e:c0:43:5c:be:13:66:45:5b:e9:a7:26:07:89:8f:
                    b0:f6:4c:b7:c1:8d:a2:96:e6:4a:34:a9:ba:a8:0c:
                    b0:98:79:f9:62:51:13:51:31:db:b4:ea:a7:6b:f0:
                    94:9e:f6:2e:6f:a9:11:9a:04:c4:61:ef:ec:a6:f9:
                    89:25:aa:3a:5b:6b:55:0a:63:5c:c7:10:78:bb:07:
                    40:42:90:b0:af:09:77:00:4a:d8:bc:f6:fd:d7:54:
                    c6:9c:d6:3f:61:a4:36:fe:c2:7f:ee:6f:dd:8b:b7:
                    23:c5:3e:0f:84:56:e1:b8:3f:70:1a:d4:a9:93:85:
                    4f:c8:8a:61:ab:ff:e1:9e:cd:31:21:c2:77:5a:9c:
                    af:41:e6:b9:be:26:e0:a0:57:fb:b8:48:8f:5d:83:
                    e5:00:f4:78:4e:81:fb:86:8c:b9:35:61:59:ba:ca:
                    9c:29:21:46:76:3c:3e:5c:dd:f1:7f:a6:a1:71:e5:
                    69:3b:7f:cc:6d:a8:a9:1a:bb:ce:ac:12:d1:27:d5:
                    7b:a4:5d:b2:9d:be:c6:1e:e9:24:bc:d7:48:a8:df:
                    11:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:DD:D1:70:24:23:D2:A0:5D:87:5E:BF:97:75:7A:04:1B:9F:19:38
            X509v3 Authority Key Identifier:
                keyid:A5:66:D8:33:77:76:C9:87:46:BD:23:1E:69:E1:85:DB:2A:9A:5B:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pWbYM3d2yYdGvSMeaeGF2yqaW-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/yd3RcCQj0qBdh16_l3V6BBufGTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/pWbYM3d2yYdGvSMeaeGF2yqaW-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:3bc0:3::-2a0e:3bc0:4:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         8b:e7:a2:6e:87:0d:3c:f7:08:0b:32:20:1c:3a:d1:3f:c2:54:
         97:1b:89:3c:02:f6:f3:65:8a:33:a8:c2:ca:31:99:56:14:0c:
         44:c2:53:48:f1:2e:17:20:8f:81:87:50:ef:5d:5d:25:8a:b9:
         a4:7f:d7:a7:bc:0e:81:ee:fc:d0:ad:ab:f6:be:bc:d0:33:3d:
         ae:ab:92:56:31:9a:ea:25:0e:1a:5a:39:4f:1f:2b:be:f6:9d:
         a5:d4:68:98:ee:0b:be:5b:d0:db:56:a2:92:f9:83:0c:ed:cf:
         a7:02:f2:e6:7f:6a:92:0b:15:dd:c8:d9:6c:98:8f:29:de:c1:
         22:13:28:f2:a9:6e:f8:8e:9c:47:9a:62:13:5a:9b:1b:af:47:
         b5:bc:06:9d:f7:47:b2:b2:64:5d:fc:e1:d9:45:8d:29:b8:84:
         db:fa:89:0b:d1:ae:03:cd:bf:dc:08:f5:b0:a7:65:cb:07:42:
         4c:36:db:d6:95:48:e9:70:ff:aa:9e:6f:0e:c7:5b:df:01:96:
         79:73:ed:ea:a1:3b:8d:60:f4:8d:79:ac:0a:b6:15:09:4a:60:
         db:18:ec:87:d0:b6:81:c1:f3:7f:f0:6b:6d:36:34:07:d5:ea:
         52:46:ff:cd:c7:e0:b0:78:1b:b9:da:eb:02:3d:59:d7:94:47:
         ed:5c:31:65
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzDSSHuk7sLtuQ0MxQws8PNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NjZkODMzNzc3NmM5ODc0NmJkMjMxZTY5ZTE4NWRiMmE5
YTViZTIwHhcNMjQwMTAxMDQyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWRkZDE3MDI0MjNkMmEwNWQ4NzVlYmY5Nzc1N2EwNDFiOWYxOTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1xBTJbAkTDfGc1U+VnnTjYu+9q/
NEXUUalHS3YRfyWFxSk0N2BAJfdZpUNuwENcvhNmRVvppyYHiY+w9ky3wY2iluZK
NKm6qAywmHn5YlETUTHbtOqna/CUnvYub6kRmgTEYe/spvmJJao6W2tVCmNcxxB4
uwdAQpCwrwl3AErYvPb911TGnNY/YaQ2/sJ/7m/di7cjxT4PhFbhuD9wGtSpk4VP
yIphq//hns0xIcJ3WpyvQea5vibgoFf7uEiPXYPlAPR4ToH7hoy5NWFZusqcKSFG
djw+XN3xf6ahceVpO3/MbaipGrvOrBLRJ9V7pF2ynb7GHukkvNdIqN8RZQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMnd0XAkI9KgXYdev5d1egQbnxk4MB8GA1UdIwQY
MBaAFKVm2DN3dsmHRr0jHmnhhdsqmlviMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFdiWU0zZDJ5WWRHdlNNZWFlR0YyeXFhVy1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8wMTY4YWMtMzQyYy00ZGQwLTkxYTgt
MWI3NTg2N2U4ZGZmLzEveWQzUmNDUWowcUJkaDE2X2wzVjZCQnVmR1RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8wMTY4YWMtMzQyYy00ZGQwLTkxYTgtMWI3NTg2N2U4ZGZm
LzEvcFdiWU0zZDJ5WWRHdlNNZWFlR0YyeXFhVy1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqDjvA
AAMDBwAqDjvAAAQwDQYJKoZIhvcNAQELBQADggEBAIvnom6HDTz3CAsyIBw60T/C
VJcbiTwC9vNlijOowsoxmVYUDETCU0jxLhcgj4GHUO9dXSWKuaR/16e8DoHu/NCt
q/a+vNAzPa6rklYxmuolDhpaOU8fK772naXUaJjuC75b0NtWopL5gwztz6cC8uZ/
apILFd3I2WyYjynewSITKPKpbviOnEeaYhNamxuvR7W8Bp33R7KyZF384dlFjSm4
hNv6iQvRrgPNv9wI9bCnZcsHQkw229aVSOlw/6qebw7HW98Blnlz7eqhO41g9I15
rAq2FQlKYNsY7IfQtoHB83/wa202NAfV6lJG/83H4LB4G7na6wI9WdeUR+1cMWU=
-----END CERTIFICATE-----